Merge pull request #202931 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md

@@ -3,13 +3,13 @@ title: Configure managed identities on an Azure VM using PowerShell - Azure AD
 description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM using PowerShell.
 services: active-directory
 author: barclayn
-manager: karenhoran
+manager: rkarlin
 ms.service: active-directory
 ms.subservice: msi
 ms.topic: quickstart
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 01/11/2022
+ms.date: 06/24/2022
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ms.custom: devx-track-azurepowershell, mode-api
@@ -35,7 +35,7 @@ In this article, using PowerShell, you learn how to perform the following manage
 
 ## System-assigned managed identity
 
-In this section, you will learn how to enable and disable the system-assigned managed identity using Azure PowerShell.
+In this section, you'll learn how to enable and disable the system-assigned managed identity using Azure PowerShell.
 
 ### Enable system-assigned managed identity during creation of an Azure VM
 
@@ -129,7 +129,7 @@ To assign a user-assigned identity to a VM, your account needs the [Virtual Mach
 
 To assign a user-assigned identity to a VM, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) and [Managed Identity Operator](../../role-based-access-control/built-in-roles.md#managed-identity-operator) role assignments. No other Azure AD directory role assignments are required.
 
-1. Create a user-assigned managed identity using the [New-AzUserAssignedIdentity](/powershell/module/az.managedserviceidentity/new-azuserassignedidentity) cmdlet.  Note the `Id` in the output because you will need this in the next step.
+1. Create a user-assigned managed identity using the [New-AzUserAssignedIdentity](/powershell/module/az.managedserviceidentity/new-azuserassignedidentity) cmdlet.  Note the `Id` in the output because you'll need this information in the next step.
 
    > [!IMPORTANT]
    > Creating user-assigned managed identities only supports alphanumeric, underscore and hyphen (0-9 or a-z or A-Z, \_ or -) characters. Additionally, name should be limited from 3 to 128 character length for the assignment to VM/VMSS to work properly. For more information, see [FAQs and known issues](known-issues.md)
@@ -157,7 +157,7 @@ If your VM has multiple user-assigned managed identities, you can remove all but
 $vm = Get-AzVm -ResourceGroupName myResourceGroup -Name myVm
 Update-AzVm -ResourceGroupName myResourceGroup -VirtualMachine $vm -IdentityType UserAssigned -IdentityID <USER ASSIGNED IDENTITY NAME>
 ```
-If your VM does not have a system-assigned managed identity and you want to remove all user-assigned managed identities from it, use the following command:
+If your VM doesn't have a system-assigned managed identity and you want to remove all user-assigned managed identities from it, use the following command:
 
 ```azurepowershell-interactive
 $vm = Get-AzVm -ResourceGroupName myResourceGroup -Name myVm

articles/active-directory/verifiable-credentials/whats-new.md

@@ -6,7 +6,7 @@ manager: rkarlin
 ms.service: decentralized-identity
 ms.subservice: verifiable-credentials
 ms.topic: reference
-ms.date: 06/24/2022
+ms.date: 06/27/2022
 ms.custom: references_regions
 ms.author: barclayn
 
@@ -22,11 +22,22 @@ This article lists the latest features, improvements, and changes in the Microso
 
 ## June 2022
 
-In June, we introduced a set of new preview features:
-- Web as a new, default, trust system that users' can choose when [onboarding](verifiable-credentials-configure-tenant.md#set-up-verifiable-credentials) a tenant. Web means your tenant uses [did:web](https://w3c-ccg.github.io/did-method-web/) as its trust system. ION is still available.
-- [Quickstarts](how-to-use-quickstart.md) as a new way to create Managed Credentials. Managed Credentials no longer use of Azure Storage to store the Display & Rules JSON definitions. You need to migrate your Azure Storage based credentials to become Managed Credentials and we'll provide instructions shortly.
-- Managed Credential [Quickstart for Verifiable Credentials of type VerifiedEmployee](how-to-use-quickstart-verifiedemployee.md) with directory based claims from your tenant.
-- Updated documentation that describes the different ways to use the [Quickstarts](how-to-use-quickstart.md) and a [Rules and Display definition model](rules-and-display-definitions-model.md).  
+- We are adding support for the [did:web](https://w3c-ccg.github.io/did-method-web/) method. Any new tenant that starts using the Verifiable Credentials Service after June 14, 2022 will have Web as a new, default, trust system when [onboarding](verifiable-credentials-configure-tenant.md#set-up-verifiable-credentials). VC Administrators can still choose to use ION when setting a tenant. If you want to use did:web instead of ION or viceversa, you will need to [reconfigure your tenant](verifiable-credentials-faq.md?#how-do-i-reset-the-azure-ad-verifiable-credentials-service).
+- We are rolling out several features to improve the overall experience of creating verifiable credentials in the Entra Verified ID platform:
+  - Introducing Managed Credentials, Managed Credentials are verifiable credentials that no longer use of Azure Storage to store the [display & rules JSON definitions](rules-and-display-definitions-model.md). Their display and rule definitions are different from earlier versions.
+  - Create Managed Credentials using the [new quickstart experience](how-to-use-quickstart.md).
+  - Administrators can create a Verified Employee Managed Credential using the [new quick start](how-to-use-quickstart-verifiedemployee.md). The Verified Employee is a verifiable credential of type verifiedEmployee that is based on a pre-defined set of claims from your tenant's Azure Active Directory.
+
+>[!IMPORTANT]
+> You need to migrate your Azure Storage based credentials to become Managed Credentials. We'll soon provide migration instructions.
+
+- We made the following updates to our docs:
+  - (new) [Current supported open standards for Microsoft Entra Verified ID](verifiable-credentials-standards.md).
+  - (new) [How to create verifiable credentials for ID token hint](how-to-use-quickstart.md).
+  - (new) [How to create verifiable credentials for ID token](how-to-use-quickstart-idtoken.md).
+  - (new) [How to create verifiable credentials for self-asserted claims](how-to-use-quickstart-selfissued.md). 
+  - (new) [Rules and Display definition model specification](rules-and-display-definitions-model.md).
+  - (new) [Creating an Azure AD tenant for development](how-to-create-a-free-developer-account.md).
 
 ## May 2022
 

articles/automation/automation-hrw-run-runbooks.md

@@ -86,8 +86,8 @@ There are two ways to use the Managed Identities in Hybrid Runbook Worker script
 
 1. Use the system-assigned Managed Identity for the Automation account:
 
-    1. [Configure](/enable-managed-identity-for-automation.md#enable-a-system-assigned-managed-identity-for-an-azure-automation-account) a System-assigned Managed Identity for the Automation account.
-    1. Grant this identity the [required permissions](/enable-managed-identity-for-automation.md#assign-role-to-a-system-assigned-managed-identity) within the Subscription to perform its task.
+    1. [Configure](enable-managed-identity-for-automation.md#enable-a-system-assigned-managed-identity-for-an-azure-automation-account) a System-assigned Managed Identity for the Automation account.
+    1. Grant this identity the [required permissions](enable-managed-identity-for-automation.md#assign-role-to-a-system-assigned-managed-identity) within the Subscription to perform its task.
     1. Update the runbook to use the [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet with the `Identity` parameter to authenticate to Azure resources. This configuration reduces the need to use a Run As account and perform the associated account management.
 
         ```powershell
@@ -116,8 +116,8 @@ There are two ways to use the Managed Identities in Hybrid Runbook Worker script
     
     # [VM's system-assigned managed identity](#tab/sa-mi)
    
-    1. [Configure](/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm) a System Managed Identity for the VM.
-    1. Grant this identity the [required permissions](/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm#grant-your-vm-access-to-a-resource-group-in-resource-manager) within the subscription to perform its tasks.
+    1. [Configure](/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vmss#enable-system-assigned-managed-identity-on-an-existing-vm) a System Managed Identity for the VM.
+    1. Grant this identity the [required permissions](../active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm.md#grant-your-vm-access-to-a-resource-group-in-resource-manager) within the subscription to perform its tasks.
     1. Update the runbook to use the [Connect-Az-Account](/powershell/module/az.accounts/connect-azaccount) cmdlet with the `Identity` parameter to authenticate to Azure resources. This configuration reduces the need to use a Run As Account and perform the associated account management.
 
     ```powershell
@@ -137,8 +137,8 @@ There are two ways to use the Managed Identities in Hybrid Runbook Worker script
      
     # [VM's user-assigned managed identity](#tab/ua-mi)
 
-    1. [Configure](/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#user-assigned-managed-identity) a User Managed Identity for the VM.
-    1. Grant this identity the [required permissions](/active-directory/managed-identities-azure-resources/howto-assign-access-portal) within the Subscription to perform its tasks.
+    1. [Configure](/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vmss#user-assigned-managed-identity) a User Managed Identity for the VM.
+    1. Grant this identity the [required permissions](/azure/active-directory/managed-identities-azure-resources/howto-assign-access-portal) within the Subscription to perform its tasks.
     1. Update the runbook to use the [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet with the `Identity ` and `AccountID` parameters to authenticate to Azure resources. This configuration reduces the need to use a Run As account and perform the associated account management.
 
     ```powershell