Merge branch 'acs-hub-update' of https://github.com/sroons/azure-docs-pr-sroons-fork into acs-hub-update

Author: sroons

.openpublishing.redirection.azure-monitor.json

@@ -5,6 +5,16 @@
             "redirect_url": "/azure/azure-monitor/getting-started",
             "redirect_document_id": false
          },
+         {
+            "source_path_from_root": "/articles/azure-monitor/monitor-reference.md",
+            "redirect_url": "/azure/azure-monitor/data-sources",
+            "redirect_document_id": false
+         },
+         {
+            "source_path_from_root": "/articles/azure-monitor/observability-data.md",
+            "redirect_url": "/azure/azure-monitor/overview",
+            "redirect_document_id": false
+         },
          {
             "source_path_from_root": "/articles/azure-monitor/change/change-analysis-query.md",
             "redirect_url": "/azure/azure-monitor/change/change-analysis-visualizations",
@@ -25,6 +35,26 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript-react-plugin.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-framework-extensions",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript-react-native-plugin.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-framework-extensions",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript-angular-plugin.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-framework-extensions",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript-click-analytics-plugin.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-feature-extensions",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/java-in-process-agent-redirect.md",
             "redirect_url": "/azure/azure-monitor/app/opentelemetry-enable",

articles/active-directory-b2c/enable-authentication-react-spa-app.md

@@ -80,7 +80,7 @@ The sample code is made up of the following components. Add these components fro
 - [src/pages/Hello.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/6-AdvancedScenarios/1-call-api-obo/SPA/src/pages/Hello.jsx) - Demonstrate how to call a protected resource with OAuth2 bearer token.
   - It uses the [useMsal](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/hooks.md) hook that returns the PublicClientApplication instance.
   - With PublicClientApplication instance, it acquires an access token to call the REST API.
-  - Invokes the [callApiWithToken](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/fetch.js) function to fetch the data from the REST API and renders the result using the **DataDisplay** component.
+  - Invokes the [callApiWithToken](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/4-Deployment/2-deploy-static/App/src/fetch.js) function to fetch the data from the REST API and renders the result using the **DataDisplay** component.
 
 - [src/components/NavigationBar.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/NavigationBar.jsx) - The app top navigation bar with the sign-in, sign-out, edit profile and call REST API reset buttons.
   - It uses the [AuthenticatedTemplate](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/getting-started.md#authenticatedtemplate-and-unauthenticatedtemplate) and UnauthenticatedTemplate, which only render their children if a user is authenticated or unauthenticated, respectively.
@@ -94,7 +94,7 @@ The sample code is made up of the following components. Add these components fro
 
 - [src/styles/App.css](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/styles/App.css) and [src/styles/index.css](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/styles/index.css) - CSS styling files for the app.
 
-- [src/fetch.js](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/fetch.js) - Fetches HTTP requests to the REST API. 
+- [src/fetch.js](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/4-Deployment/2-deploy-static/App/src/fetch.js) - Fetches HTTP requests to the REST API. 
 
 ## Step 4: Configure your React app
 

articles/active-directory-b2c/json-transformations.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/07/2022
+ms.date: 02/14/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -409,6 +409,104 @@ In the following example, the claims transformation extracts the following claim
   - **active**: true
   - **birthDate**: 2005-09-23T00:00:00Z
 
+
+## GetClaimsFromJsonArrayV2
+
+Get a list of specified elements from a string collection JSON elements. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation/json#getclaimsfromjsonarrayv2) of this claims transformation.
+
+| Element | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | jsonSourceClaim | stringCollection | The string collection claim with the JSON payloads. This claim is used by the claims transformation to get the claims. |
+| InputParameter | errorOnMissingClaims | boolean | Specifies whether to throw an error if one of the claims is missing. |
+| InputParameter | includeEmptyClaims | string | Specify whether to include empty claims. |
+| InputParameter | jsonSourceKeyName | string | Element key name |
+| InputParameter | jsonSourceValueName | string | Element value name |
+| OutputClaim | Collection | string, int, boolean, and datetime |List of claims to extract. The name of the claim should be equal to the one specified in _jsonSourceClaim_ input claim. |
+
+### Example of GetClaimsFromJsonArrayV2
+
+In the following example, the claims transformation extracts the following claims: email (string), displayName (string), membershipNum (int), active (boolean) and  birthDate (datetime) from the JSON data.
+
+```xml
+<ClaimsTransformation Id="GetClaimsFromJson" TransformationMethod="GetClaimsFromJsonArrayV2">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="jsonSourceClaim" TransformationClaimType="jsonSource" />
+  </InputClaims>
+  <InputParameters>
+    <InputParameter Id="errorOnMissingClaims" DataType="boolean" Value="false" />
+    <InputParameter Id="includeEmptyClaims" DataType="boolean" Value="false" />
+    <InputParameter Id="jsonSourceKeyName" DataType="string" Value="key" />
+    <InputParameter Id="jsonSourceValueName" DataType="string" Value="value" />
+  </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="email" />
+    <OutputClaim ClaimTypeReferenceId="displayName" />
+    <OutputClaim ClaimTypeReferenceId="membershipID" />
+    <OutputClaim ClaimTypeReferenceId="active" />
+    <OutputClaim ClaimTypeReferenceId="birthDate" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+- Input claims:
+  - **jsonSourceClaim[0]** (string collection first element):
+      
+      ```json
+        {
+          "key": "email",
+          "value": "[email protected]"
+        }
+      ```
+
+  - **jsonSourceClaim[1]** (string collection second element):
+
+      ```json
+        {
+          "key": "displayName",
+          "value": "Someone"
+        }
+      ```
+
+  - **jsonSourceClaim[2]** (string collection third element):
+  
+      ```json
+        {
+          "key": "membershipID",
+          "value": 6353399
+        }
+      ```
+
+  - **jsonSourceClaim[3]** (string collection fourth element):
+
+      ```json
+        {
+          "key": "active",
+          "value": true
+        }
+      ```
+
+  - **jsonSourceClaim[4]** (string collection fifth element):
+    
+      ```json
+        {
+          "key": "birthDate",
+          "value": "2005-09-23T00:00:00Z"
+        }
+      ```
+
+- Input parameters:
+  - **errorOnMissingClaims**: false
+  - **includeEmptyClaims**: false
+  - **jsonSourceKeyName**: key
+  - **jsonSourceValueName**: value
+- Output claims:
+  - **email**: "[email protected]"
+  - **displayName**: "Someone"
+  - **membershipID**: 6353399
+  - **active**: true
+  - **birthDate**: 2005-09-23T00:00:00Z
+
+
 ## GetNumericClaimFromJson
 
 Gets a specified numeric (long) element from a JSON data. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation/json#getnumericclaimfromjson) of this claims transformation.

articles/active-directory/authentication/concept-authentication-oath-tokens.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/18/2023
+ms.date: 02/13/2023
 
 ms.author: justinha
 author: justinha
@@ -32,6 +32,9 @@ Some OATH TOTP hardware tokens are programmable, meaning they don't come with a
 
 Azure AD supports the use of OATH-TOTP SHA-1 tokens that refresh codes every 30 or 60 seconds. Customers can purchase these tokens from the vendor of their choice. Hardware OATH tokens are available for users with an Azure AD Premium P1 or P2 license.  
 
+>[!IMPORTANT]
+>The preview is only supported in Azure Global and Azure Government clouds.
+
 OATH TOTP hardware tokens typically come with a secret key, or seed, pre-programmed in the token. These keys must be input into Azure AD as described in the following steps. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret key can only contain the characters *a-z* or *A-Z* and digits *2-7*, and must be encoded in *Base32*.
 
 Programmable OATH TOTP hardware tokens that can be reseeded can also be set up with Azure AD in the software token setup flow.
@@ -50,16 +53,17 @@ [email protected],1234567,2234567abcdef2234567abcdef,60,Contoso,HardwareKey
 > [!NOTE]
 > Make sure you include the header row in your CSV file. 
 
-Once properly formatted as a CSV file, a Global Administrator can then sign in to the Azure portal, navigate to **Azure Active Directory** > **Security** > **Multifactor authentication** > **OATH tokens**, and upload the resulting CSV file.
+Once properly formatted as a CSV file, a global administrator can then sign in to the Azure portal, navigate to **Azure Active Directory** > **Security** > **Multifactor authentication** > **OATH tokens**, and upload the resulting CSV file.
 
 Depending on the size of the CSV file, it may take a few minutes to process. Select the **Refresh** button to get the current status. If there are any errors in the file, you can download a CSV file that lists any errors for you to resolve. The field names in the downloaded CSV file are different than the uploaded version.  
 
 Once any errors have been addressed, the administrator then can activate each key by selecting **Activate** for the token and entering the OTP displayed on the token. You can activate a maximum of 200 OATH tokens every 5 minutes. 
 
-Users may have a combination of up to five OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time. Hardware OATH tokens cannot be assigned to guest users in the resource tenant.
+Users may have a combination of up to five OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time. Hardware OATH tokens cannot be assigned to guest users in the resource tenant. 
 
->[!IMPORTANT]
->The preview is only supported in Azure Global and Azure Government clouds.
+.[!IMPORTANT]
+>Make sure to only assign each token to a single user.
+>In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
 
 
 ## Determine OATH token registration type in mysecurityinfo 

articles/active-directory/authentication/howto-authentication-temporary-access-pass.md

@@ -206,7 +206,7 @@ Keep these limitations in mind:
 - Users in scope for Self Service Password Reset (SSPR) registration policy *or* [Identity Protection Multi-factor authentication registration policy](../identity-protection/howto-identity-protection-configure-mfa-policy.md) will be required to register authentication methods after they've signed in with a Temporary Access Pass. 
 Users in scope for these policies will get redirected to the [Interrupt mode of the combined registration](concept-registration-mfa-sspr-combined.md#combined-registration-modes). This experience doesn't currently support FIDO2 and Phone Sign-in registration. 
 - A Temporary Access Pass can't be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter.
-- After a Temporary Access Pass is added to an account or expires, it can take a few minutes for the changes to replicate. Users may still see a prompt for Temporary Access Pass during this time. 
+- It can take a few minutes for changes to replicate. Because of this, after a Temporary Access Pass is added to an account it can take a while for the prompt to appear. For the same reason, after a Temporary Access Pass expires, users may still see a prompt for Temporary Access Pass. 
 
 ## Troubleshooting    
 

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 02/13/2023
 
 ms.author: justinha
 author: justinha
@@ -144,7 +144,11 @@ Depending on the size of the CSV file, it might take a few minutes to process. S
 
 After any errors are addressed, the administrator can activate each key by selecting **Activate** for the token and entering the OTP displayed in the token.
 
-Users can have a combination of up to five OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time.
+Users can have a combination of up to five OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time. 
+
+>[!IMPORTANT]
+>Make sure to only assign each token to a single user.
+>In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
 
 ## Phone call settings
 

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-controller-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 02/13/2023
 ms.author: jfields
 ---
 
@@ -49,8 +49,11 @@ This article also describes how to enable the controller in Amazon Web Services
 
 ## Enable or disable the controller in Azure
 
+You can enable or disable the controller in Azure at the Subscription level of you Management Group(s).  
 
-1. In Azure, open the **Access control (IAM)** page.
+1. From the Azure **Home** page, select **Management groups**.
+1. Locate the group for which you want to enable or disable the controller, then select the arrow to expand the group menu and view your subscriptions. Alternatively, you can select the **Total Subscriptions** number listed for your group.
+1. Select the subscription for which you want to enable or disable the controller, then click **Access control (IAM)** in the navigation menu.
 1. In the **Check access** section, in the **Find** box, enter **Cloud Infrastructure Entitlement Management**.
 
     The **Cloud Infrastructure Entitlement Management assignments** page appears, displaying the roles assigned to you.

articles/active-directory/cloud-infrastructure-entitlement-management/ui-remediation.md

@@ -19,7 +19,7 @@ The **Remediation** dashboard in Permissions Management provides an overview of
 This article provides an overview of the components of the **Remediation** dashboard.
 
 > [!NOTE]
-> To view the **Remediation** dashboard, your must have **Viewer**, **Controller**, or **Administrator** permissions. To make changes on this dashboard, you must have **Controller** or **Administrator** permissions. If you don't have these permissions, contact your system administrator.
+> To view the **Remediation** dashboard, you must have **Viewer**, **Controller**, or **Approver** permissions. To make changes on this dashboard, you must have **Controller** or **Approver** permissions. If you don't have these permissions, contact your system administrator.
 
 > [!NOTE]
 > Microsoft Azure uses the term *role* for what other cloud providers call *policy*. Permissions Management automatically makes this terminology change when you select the authorization system type. In the user documentation, we use *role/policy* to refer to both.

articles/active-directory/conditional-access/overview.md

@@ -6,15 +6,15 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 11/07/2022
+ms.date: 02/13/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: amycolannino
 ms.reviewer: calebb
 
 ms.collection: M365-identity-device-management
-ms.custom: contperf-fy20q4, azuread-video-2020
+ms.custom: zt-include
 ---
 # What is Conditional Access?
 
@@ -97,6 +97,8 @@ When licenses required for Conditional Access expire, policies aren't automatica
 
 [Security defaults](../fundamentals/concept-fundamentals-security-defaults.md) help protect against identity-related attacks and are available for all customers.  
 
+[!INCLUDE [active-directory-zero-trust](../../../includes/active-directory-zero-trust.md)]
+
 ## Next steps
 
 - [Building a Conditional Access policy piece by piece](concept-conditional-access-policies.md)