Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -3735,54 +3735,79 @@
     },
     {
       "source_path_from_root": "/articles/app-service/containers/app-service-linux-faq.md",
-      "redirect_url": "/azure/app-service/faq-app-service-linux",
+      "redirect_url": "/troubleshoot/azure/general/faqs-app-service-linux",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service-web/app-service-linux-faq.md",
-      "redirect_url": "/azure/app-service/faq-app-service-linux",
+      "redirect_url": "/troubleshoot/azure/general/faqs-app-service-linux",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-web-availability-performance-application-issues-faq.md",
-      "redirect_url": "/azure/app-service/faq-availability-performance-application-issues",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-performance-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service-web/app-service-web-availability-performance-application-issues-faq.md",
-      "redirect_url": "/azure/app-service/faq-availability-performance-application-issues",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-performance-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-web-configuration-and-management-faq.md",
-      "redirect_url": "/azure/app-service/faq-configuration-and-management",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-configuration-and-management-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service-web/app-service-web-configuration-and-management-faq.md",
-      "redirect_url": "/azure/app-service/faq-configuration-and-management",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-configuration-and-management-faqs",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/app-service/faq-app-service-linux.yml",
+      "redirect_url": "/troubleshoot/azure/general/faqs-app-service-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/faq-availability-performance-application-issues.yml",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-performance-faqs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/faq-configuration-and-management.yml",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-configuration-and-management-faqs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/faq-deployment.yml",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-deployment-faqs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/faq-open-source-technologies.yml",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-open-source-technologies-faqs",
+      "redirect_document_id": false
+    },                    
     {
       "source_path_from_root": "/articles/app-service/app-service-web-deployment-faq.md",
-      "redirect_url": "/azure/app-service/faq-deployment",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-deployment-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service-web/app-service-web-deployment-faq.md",
-      "redirect_url": "/azure/app-service/faq-deployment",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-deployment-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-web-open-source-technologies-faq.md",
-      "redirect_url": "/azure/app-service/faq-open-source-technologies",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-open-source-technologies-faqs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service-web/app-service-web-open-source-technologies-faq.md",
-      "redirect_url": "/azure/app-service/faq-open-source-technologies",
+      "redirect_url": "/troubleshoot/azure/general/web-apps-open-source-technologies-faqs",
       "redirect_document_id": false
-    },
+    }, 
     {
       "source_path_from_root": "/articles/app-service/web-sites-backup.md",
       "redirect_url": "/azure/app-service/manage-backup",

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/02/2021
+ms.date: 03/22/2022
 
 ms.author: justinha
 author: justinha
@@ -16,14 +16,14 @@ ms.collection: M365-identity-device-management
 ---
 # Features and licenses for Azure AD Multi-Factor Authentication
 
-To protect user accounts in your organization, multi-factor authentication should be used. This feature is especially important for accounts that have privileged access to resources. Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) global administrators for no extra cost. If you want to upgrade the features for your admins or extend multi-factor authentication to the rest of your users, you can purchase Azure AD Multi-Factor Authentication in several ways.
+To protect user accounts in your organization, multi-factor authentication should be used. This feature is especially important for accounts that have privileged access to resources. Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) users and global administrators for no extra cost. If you want to upgrade the features for your admins or extend multi-factor authentication to the rest of your users with more authentication methods and greater control, you can purchase Azure AD Multi-Factor Authentication in several ways.
 
 > [!IMPORTANT]
 > This article details the different ways that Azure AD Multi-Factor Authentication can be licensed and used. For specific details about pricing and billing, see the [Azure AD pricing page](https://www.microsoft.com/en-us/security/business/identity-access-management/azure-ad-pricing).
 
 ## Available versions of Azure AD Multi-Factor Authentication
 
-Azure AD Multi-Factor Authentication can be used, and licensed, in a few different ways depending on your organization's needs. You may already be entitled to use Azure AD Multi-Factor Authentication depending on the Azure AD, EMS, or Microsoft 365 license you currently have. For example, the first 50,000 monthly active users in Azure AD External Identities can use MFA and other Premium P1 or P2 features for free. For more information, see [Azure Active Directory External Identities pricing](https://azure.microsoft.com/pricing/details/active-directory/external-identities/).
+Azure AD Multi-Factor Authentication can be used, and licensed, in a few different ways depending on your organization's needs. All tenants are entitled to basic multifactor authentication features via Security Defaults. You may already be entitled to use advanced Azure AD Multi-Factor Authentication depending on the Azure AD, EMS, or Microsoft 365 license you currently have. For example, the first 50,000 monthly active users in Azure AD External Identities can use MFA and other Premium P1 or P2 features for free. For more information, see [Azure Active Directory External Identities pricing](https://azure.microsoft.com/pricing/details/active-directory/external-identities/).
 
 The following table details the different ways to get Azure AD Multi-Factor Authentication and some of the features and use cases for each.
 

articles/active-directory/authentication/feature-availability.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/28/2022
+ms.date: 03/22/2022
 
 ms.author: justinha
 author: justinha
@@ -25,59 +25,51 @@ This following tables list Azure AD feature availability in Azure Government.
 
 |Service     | Feature | Availability |
 |:------|---------|:------------:|
-|**Authentication, single sign-on, and MFA**|||
-||Cloud authentication (Pass-through authentication, password hash synchronization) | ✅ |
+|**Authentication, single sign-on, and MFA**|Cloud authentication (Pass-through authentication, password hash synchronization) | ✅ |
 || Federated authentication (Active Directory Federation Services or federation with other identity providers) | ✅ |
 || Single sign-on (SSO) unlimited | ✅ | 
 || Multifactor authentication (MFA) | Hardware OATH tokens are not available. Instead, use Conditional Access policies with named locations to establish when multifactor authentication should and should not be required based off the user's current IP address. Microsoft Authenticator only shows GUID and not UPN for compliance reasons. | 
 || Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations) | ✅ | 
 || Service-level agreement | ✅ | 
-|**Applications access**|||
-|| SaaS apps with modern authentication (Azure AD application gallery apps, SAML, and OAUTH 2.0) | ✅ | 
+|**Applications access**|SaaS apps with modern authentication (Azure AD application gallery apps, SAML, and OAUTH 2.0) | ✅ | 
 || Group assignment to applications | ✅ | 
 || Cloud app discovery (Microsoft Cloud App Security) | ✅ | 
 || Application Proxy for on-premises, header-based, and Integrated Windows Authentication | ✅ | 
 || Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication) | ✅ | 
-|**Authorization and Conditional Access**|||
-|| Role-based access control (RBAC) | ✅ | 
+|**Authorization and Conditional Access**|Role-based access control (RBAC) | ✅ | 
 || Conditional Access  | ✅ | 
 || SharePoint limited access | ✅ | 
 || Session lifetime management | ✅ | 
 || Identity Protection (vulnerabilities and risky accounts) | See [Identity protection](#identity-protection) below. | 
 || Identity Protection (risk events investigation, SIEM connectivity) | See [Identity protection](#identity-protection) below. | 
-|**Administration and hybrid identity**|||
-|| User and group management | ✅ | 
+|**Administration and hybrid identity**|User and group management | ✅ | 
 || Advanced group management (Dynamic groups, naming policies, expiration, default classification) | ✅ | 
 || Directory synchronization—Azure AD Connect (sync and cloud sync) | ✅ | 
 || Azure AD Connect Health reporting | ✅ | 
 || Delegated administration—built-in roles  | ✅ | 
 || Global password protection and management – cloud-only users | ✅ | 
 || Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory | ✅ | 
 || Microsoft Identity Manager user client access license (CAL) | ✅ | 
-|**End-user self-service**|||
-|| Application launch portal (My Apps) | ✅ | 
+|**End-user self-service**|Application launch portal (My Apps) | ✅ | 
 || User application collections in My Apps | ✅ |
 || Self-service account management portal (My Account) | ✅ |
 || Self-service password change for cloud users | ✅ |
 || Self-service password reset/change/unlock with on-premises write-back | ✅ |
 || Self-service sign-in activity search and reporting | ✅ |
 || Self-service group management (My Groups) | ✅ |
 || Self-service entitlement management (My Access) | ✅ |
-|**Identity governance**|||
-|| Automated user provisioning to apps | ✅ |
+|**Identity governance**|Automated user provisioning to apps | ✅ |
 || Automated group provisioning to apps | ✅ |
 || HR-driven provisioning | Partial. See [HR-provisioning apps](#hr-provisioning-apps). |
 || Terms of use attestation | ✅ |
 || Access certifications and reviews | ✅ |
 || Entitlement management | ✅ |
 || Privileged Identity Management (PIM), just-in-time access |  ✅ |
-|**Event logging and reporting**|||
-|| Basic security and usage reports | ✅ |
+|**Event logging and reporting**|Basic security and usage reports | ✅ |
 || Advanced security and usage reports | ✅ |
 || Identity Protection: vulnerabilities and risky accounts | ✅ |
 || Identity Protection: risk events investigation, SIEM connectivity | ✅ |
-|**Frontline workers**|||
-|| SMS sign-in | Feature not available. |
+|**Frontline workers**|SMS sign-in | Feature not available. |
 || Shared device sign-out | Enterprise state roaming for Windows 10 devices is not available. |
 || Delegated user management portal (My Staff) | Feature not available. |
 

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/28/2022
+ms.date: 03/22/2022
 
 ms.author: justinha
 author: mjsantani
@@ -101,7 +101,7 @@ The following table lists **authenticationMethodsRegistrationCampaign** properti
 | Name | Possible values | Description |
 |------|-----------------|-------------|
 | state | "enabled"<br>"disabled"<br>"default" | Allows you to enable or disable the feature.<br>Default value is used when the configuration hasn't been explicitly set and will use Azure AD default value for this setting. Currently maps to disabled.<br>Change states to either enabled or disabled as needed.  |
-| snoozeDurationInDays | Range: 0 – 14 | Defines after how many days the user will see the nudge again.<br>If the value is 0, the user is nudged during every MFA attempt.<br>Default: 1 day |
+| snoozeDurationInDays | Range: 0 – 14 | Defines the number of days before the user is nudged again.<br>If the value is 0, the user is nudged during every MFA attempt.<br>Default: 1 day |
 | includeTargets | N/A | Allows you to include different users and groups that you want the feature to target. |
 | excludeTargets | N/A | Allows you to exclude different users and groups that you want omitted from the feature. If a user is in a group that is excluded and a group that is included, the user will be excluded from the feature.|
 

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/11/2022
+ms.date: 03/22/2022
 
 ms.author: justinha
 author: justinha
@@ -24,7 +24,7 @@ The following Azure AD Multi-Factor Authentication settings are available in the
 
 | Feature | Description |
 | ------- | ----------- |
-| [Account lockout](#account-lockout) | Temporarily lock accounts from using Azure AD Multi-Factor Authentication if there are too many denied authentication attempts in a row. This feature applies only to users who enter a PIN to authenticate. (MFA Server) |
+| [Account lockout](#account-lockout) | Temporarily lock accounts from using Azure AD Multi-Factor Authentication if there are too many denied authentication attempts in a row. This feature applies only to users who enter a PIN to authenticate. (MFA Server only) |
 | [Block/unblock users](#block-and-unblock-users) | Block specific users from being able to receive Azure AD Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they're blocked or until they're manually unblocked. |
 | [Fraud alert](#fraud-alert) | Configure settings that allow users to report fraudulent verification requests. |
 | [Notifications](#notifications) | Enable notifications of events from MFA Server. |

articles/active-directory/conditional-access/media/workload-identity/conditional-access-workload-identity-risk-policy.png

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 03/04/2022
+ms.date: 03/22/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -51,7 +51,7 @@ Create a location based Conditional Access policy that applies to service princi
 1. Under **Cloud apps or actions**, select **All cloud apps**. The policy will apply only when a service principal requests a token.
 1. Under **Conditions** > **Locations**, include **Any location** and exclude **Selected locations** where you want to allow access.
 1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
-1. Your policy can be saved in **Report-only** mode, allowing administrators to estimate the effects, or policy is enforced by turning policy **On**.
+1. Set **Enable policy** to **On**.
 1. Select **Create** to complete your policy.
 
 ### Create a risk-based Conditional Access policy
@@ -73,9 +73,13 @@ Create a location based Conditional Access policy that applies to service princi
    1. Select the levels of risk where you want this policy to trigger.
    1. Select **Done**.
 1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
-1. Your policy can be saved in **Report-only** mode, allowing administrators to estimate the effects, or policy is enforced by turning policy **On**.
+1. Set **Enable policy** to **On**.
 1. Select **Create** to complete your policy.
 
+#### Report-only mode
+
+Saving your policy in Report-only mode won't allow administrators to estimate the effects because we don't currently log this risk information in sign-in logs.
+
 ## Roll back
 
 If you wish to roll back this feature, you can delete or disable any created policies.

articles/active-directory/conditional-access/workload-identity.md

@@ -79,7 +79,7 @@ To see the status and stage of a multi-stage access review:
 1. Once you are on the results page, under **Status** it will tell you which stage the multi-stage review is in. The next stage of the review won't become active until the duration specified during the access review setup has passed. 
 
 1. If a decision has been made, but the review duration for this stage has not expired yet, you can select **Stop current stage** button on the results page. This will trigger the next stage of review.
- 
+
 ## Retrieve the results
 
 To view the results for a review, click the **Results** page. To view just a user's access, in the Search box, type the display name or user principal name of a user whose access was reviewed.
@@ -117,6 +117,9 @@ Manually or automatically applying results doesn't have an effect on a group tha
 On review creation, the creator can choose between two options for denied guest users in an access review. 
  - Denied guest users can have their access to the resource removed. This is the default.
  - The denied guest user can be blocked from signing in for 30 days, then deleted from the tenant. During the 30-day period the guest user is able to be restored access to the tenant by an administrator. After the 30-day period is completed, if the guest user has not had access to the resource granted to them again, they will be removed from the tenant permanently. In addition, using the Azure Active Directory portal, a Global Administrator can explicitly [permanently delete a recently deleted user](../fundamentals/active-directory-users-restore.md) before that time period is reached. Once a user has been permanently deleted, the data about that guest user will be removed from active access reviews. Audit information about deleted users remains in the audit log.
+ 
+### Actions taken on denied B2B direct connect users
+Denied B2B direct connect users and teams will lose access to all shared channels in the Team.
 
 ## Next steps