Merge pull request #176057 from MicrosoftDocs/master

10/15 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -46507,6 +46507,11 @@
       "source_path_from_root": "/articles/virtual-desktop/diagnostics-role-service.md",
       "redirect_url": "/azure/virtual-desktop/troubleshoot-set-up-overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/app/how-do-i.md",
+      "redirect_url": "/azure/azure-monitor/faq",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/partner-f5.md

@@ -2,15 +2,14 @@
 title: Tutorial to configure Azure Active Directory B2C with F5 BIG-IP  
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with F5 BIG-IP for secure hybrid access 
-services: active-directory-b2c
 author: gargi-sinha
+ms.author: gasinh
 manager: martinco
 ms.service: active-directory
+ms.subservice: B2C
 ms.workload: identity
 ms.topic: how-to
 ms.date: 10/15/2021
-ms.author: gasinh
-ms.subservice: B2C
 ---
 
 # Tutorial: Extend Azure Active Directory B2C to protect on-premises applications using F5 BIG-IP
@@ -26,9 +25,9 @@ It provides an abundance of features including application-level inspection and
 
 To get started, you'll need:
 
-- An [Azure AD B2C tenant](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-tenant) linked to your Azure subscription
+- An [Azure AD B2C tenant](tutorial-create-tenant.md) linked to your Azure subscription
 
-- An existing BIG-IP or deploy a trial [BIG-IP Virtual Environment (VE) on Azure](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-bigip-deployment-guide)
+- An existing BIG-IP or deploy a trial [BIG-IP Virtual Environment (VE) on Azure](../active-directory/manage-apps/f5-bigip-deployment-guide.md)
 
 - Any of the following F5 BIG-IP license SKUs
 
@@ -40,9 +39,9 @@ To get started, you'll need:
 
   - 90-day BIG-IP full feature [trial license](https://www.f5.com/trial/big-ip-trial.php)
 
-- An existing header-based web application or [setup an IIS app](https://docs.microsoft.com/previous-versions/iis/6.0-sdk/ms525396(v=vs.90)) for testing
+- An existing header-based web application or [setup an IIS app](/previous-versions/iis/6.0-sdk/ms525396(v=vs.90)) for testing
 
-- [SSL certificate](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-bigip-deployment-guide#ssl-profile) for publishing services over HTTPS or use default while testing.
+- [SSL certificate](../active-directory/manage-apps/f5-bigip-deployment-guide.md#ssl-profile) for publishing services over HTTPS or use default while testing.
 
 ## Scenario description
 
@@ -81,7 +80,7 @@ For increased security, organizations using this pattern could also consider blo
 
 ## Azure AD B2C Configuration
 
-Enabling a BIG-IP with Azure AD B2C authentication requires an Azure AD B2C tenant with a suitable user flow or custom policy. [Set up an Azure AD B2C user flow](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows).
+Enabling a BIG-IP with Azure AD B2C authentication requires an Azure AD B2C tenant with a suitable user flow or custom policy. [Set up an Azure AD B2C user flow](tutorial-create-user-flows.md).
 
 ### Create custom attributes
 
@@ -108,7 +107,7 @@ displays them all.
 
 4. Select **Application claims** and add both custom attributes plus also the **Display Name**. These are the attributes that will be sent to the BIG-IP.
 
-You can use the [Run user flow](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows) feature
+You can use the [Run user flow](tutorial-create-user-flows.md) feature
 in the user flow menu on the left navigation bar to verify it prompts for all defined attributes.
 
 ### Azure AD B2C federation
@@ -132,7 +131,7 @@ federating, so the BIG-IP must be registered in the Azure AD B2C tenant as an OI
 
 8. Note down the client secret, you'll need this later for configuring the BIG-IP.
 
-The redirect URI is the BIG-IP endpoint to which a user is sent back to by the authorization server - Azure AD B2C, after authenticating. [Register an application](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-register-applications) for Azure AD B2C.
+The redirect URI is the BIG-IP endpoint to which a user is sent back to by the authorization server - Azure AD B2C, after authenticating. [Register an application](tutorial-register-applications.md) for Azure AD B2C.
 
 ## BIG-IP configuration
 
@@ -328,7 +327,7 @@ Here, we'll configure Azure AD B2C as the OAuth2 IdP. You’ll notice that the G
 ## Related information
 
 The last step provides an overview of configurations. Hitting Deploy will commit your settings and create all necessary BIG-IP and APM objects to enable secure hybrid access to the application.
-The application should also be visible as a target resource in CA. See the [guidance for building CA policies for Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/conditional-access-identity-protection-overview).
+The application should also be visible as a target resource in CA. See the [guidance for building CA policies for Azure AD B2C](conditional-access-identity-protection-overview.md).
 For increased security, organizations using this pattern could also consider blocking all direct access to the application, thereby forcing a strict path through the BIG-IP.
 
 ## Next steps
@@ -345,14 +344,14 @@ You will then be redirected to sign up and authenticate against your Azure AD B2
 
 **Single Log-Out (SLO)**
 
-Azure AD B2C fully supports IdP and application sign out through various [mechanisms](https://docs.microsoft.com/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#single-sign-out).
+Azure AD B2C fully supports IdP and application sign out through various [mechanisms](session-behavior.md?pivots=b2c-custom-policy#single-sign-out).
 Having your application’s sign-out function call the Azure AD B2C log-out endpoint would be one way of achieving SLO. That way we can be sure Azure AD B2C issues a final redirect to the BIG-IP to ensure the APM session between the user and the application has also been terminated.
 Another alternative is to have the BIG-IP listen for the request when selecting the applications sign out button, and upon detecting the request it makes a simultaneous call to the Azure AD B2C logoff endpoint. This approach would avoid having to make any changes to the application itself yet achieves SLO. More details on using BIG-IP iRules to implement this are [available](https://support.f5.com/csp/article/K42052145).
 In either case your Azure AD B2C tenant would need to know the APM’s logout endpoint. 
 
 1. Navigate to **Manage** > **Manifest** in your Azure AD B2C portal and locate the logoutUrl property. It should read null.
 
-2. Add the APM’s post logout URI: https://<mysite.com>/my.logout.php3, where <mysite.com> is the BIG-IP FQDN for your own header-based application.
+2. Add the APM’s post logout URI: `https://<mysite.com>/my.logout.php3`, where `<mysite.com>` is the BIG-IP FQDN for your own header-based application.
 
 **Optimized login flow**
 

articles/active-directory/authentication/tutorial-enable-sspr-writeback.md

@@ -91,7 +91,7 @@ Password policies in the on-premises AD DS environment may prevent password rese
 If you update the group policy, wait for the updated policy to replicate, or use the `gpupdate /force` command.
 
 > [!Note]
-> For passwords to be changed immediately, password writeback must be set to 0. However, if users adhere to the on-premises policies, and the *Minimum password age* is set to a value greater than zero, password writeback still works after the on-premises policies are evaluated.
+> For passwords to be changed immediately, *Minimum password age* must be set to 0. However, if users adhere to the on-premises policies, and the *Minimum password age* is set to a value greater than zero, password writeback still works after the on-premises policies are evaluated.
 
 ## Enable password writeback in Azure AD Connect
 

articles/active-directory/external-identities/b2b-fundamentals.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 02/12/2021
+ms.date: 10/13/2021
 
 ms.author: mimart
 author: msmimart
@@ -19,8 +19,8 @@ ms.collection: M365-identity-device-management
 # Azure Active Directory B2B best practices
 This article contains recommendations and best practices for business-to-business (B2B) collaboration in Azure Active Directory (Azure AD).
 
-   > [!IMPORTANT]
-   > **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged ("viral" or "just-in-time") Azure AD accounts and tenants for B2B collaboration scenarios. At that time, the email one-time passcode feature will be turned on for all existing tenants and enabled by default for new tenants. We're enabling the email one-time passcode feature because it provides a seamless fallback authentication method for your guest users. However, you have the option of disabling this feature if you choose not to use it. For details, see [Email one-time passcode authentication](one-time-passcode.md)
+> [!IMPORTANT]
+> **Starting November 1, 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged ("viral" or "just-in-time") Azure AD accounts and tenants for B2B collaboration scenarios. At that time, we'll begin rolling out a change to turn on the email one-time passcode feature for all existing tenants and and enable it by default for new tenants. We're enabling the email one-time passcode feature because it provides a seamless fallback authentication method for your guest users. However, if you don't want to allow this feature to turn on automatically, you can you can [disable it](one-time-passcode.md#disable-email-one-time-passcode).
 
 
 ## B2B recommendations
@@ -31,7 +31,7 @@ This article contains recommendations and best practices for business-to-busines
 | Add company branding to your sign-in page | You can customize your sign-in page so it's more intuitive for your B2B guest users. See how to [add company branding to sign in and Access Panel pages](../fundamentals/customize-branding.md). |
 | Add your privacy statement to the B2B guest user redemption experience | You can add the URL of your organization's privacy statement to the first time invitation redemption process so that an invited user must consent to your privacy terms to continue. See [How-to: Add your organization's privacy info in Azure Active Directory](../fundamentals/active-directory-properties-area.md). |
 | Use the bulk invite (preview) feature to invite multiple B2B guest users at the same time | Invite multiple guest users to your organization at the same time by using the bulk invite preview feature in the Azure portal. This feature lets you upload a CSV file to create B2B guest users and send invitations in bulk. See [Tutorial for bulk inviting B2B users](tutorial-bulk-invite.md). |
-| Enforce Conditional Access policies for Multi-Factor Authentication (MFA) | We recommend enforcing MFA policies on the apps you want to share with partner B2B users. This way, MFA will be consistently enforced on the apps in your tenant regardless of whether the partner organization is using MFA. See [Conditional Access for B2B collaboration users](conditional-access.md). |
+| Enforce Conditional Access policies for Azure Active Directory Multi-Factor Authentication (MFA) | We recommend enforcing MFA policies on the apps you want to share with partner B2B users. This way, MFA will be consistently enforced on the apps in your tenant regardless of whether the partner organization is using MFA. See [Conditional Access for B2B collaboration users](conditional-access.md). |
 | If you’re enforcing device-based Conditional Access policies, use exclusion lists to allow access to B2B users | If device-based Conditional Access policies are enabled in your organization, B2B guest user devices will be blocked because they’re not managed by your organization. You can create exclusion lists containing specific partner users to exclude them from the device-based Conditional Access policy. See [Conditional Access for B2B collaboration users](conditional-access.md). |
 | Use a tenant-specific URL when providing direct links to your B2B guest users | As an alternative to the invitation email, you can give a guest a direct link to your app or portal. This direct link must be tenant-specific, meaning it must include a tenant ID or verified domain so the guest can be authenticated in your tenant, where the shared app is located. See [Redemption experience for the guest user](redemption-experience.md). |
 | When developing an app, use UserType to determine guest user experience  | If you're developing an application and you want to provide different experiences for tenant users and guest users, use the UserType property. The UserType claim isn't currently included in the token. Applications should use the Microsoft Graph API to query the directory for the user to get their UserType. |

articles/active-directory/external-identities/faq.yml

@@ -7,7 +7,7 @@ metadata:
   ms.service: active-directory
   ms.subservice: B2B
   ms.topic: reference
-  ms.date: 10/12/2021
+  ms.date: 10/13/2021
   ms.author: mimart
   author: msmimart
   manager: celestedg
@@ -21,7 +21,7 @@ summary: |
   
   > [!IMPORTANT]
   > - **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If you’re using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-web-view-sign-in-support).
-  > - **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into [email one-time passcode authentication](one-time-passcode.md), which is now generally available.
+  > - **Starting November 1, 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. At that time, we'll begin rolling out a change to turn on the email one-time passcode feature for all existing tenants and enable it by default for new tenants. If you don't want to allow this feature to turn on automatically, you can [disable it](one-time-passcode.md#disable-email-one-time-passcode).
   
 
 sections:
@@ -48,19 +48,19 @@ sections:
           You can customize almost everything about the inviter process by using the [B2B invitation APIs](customize-invitation-api.md).
           
       - question: |
-          Can guest users reset their multi-factor authentication method?
+          Can guest users reset their multifactor authentication method?
         answer: |
-          Yes. Guest users can reset their multi-factor authentication method the same way that regular users do.
+          Yes. Guest users can reset their multifactor authentication method the same way that regular users do.
 
       - question: |
-          Which organization is responsible for multi-factor authentication licenses?
+          Which organization is responsible for multifactor authentication licenses?
         answer: |
-          The inviting organization performs multi-factor authentication. The inviting organization must make sure that the organization has enough licenses for their B2B users who are using multi-factor authentication.
+          The inviting organization performs multifactor authentication. The inviting organization must make sure that the organization has enough licenses for their B2B users who are using multifactor authentication.
 
       - question: |
-          What if a partner organization already has multi-factor authentication set up? Can we trust their multi-factor authentication, and not use our own multi-factor authentication?
+          What if a partner organization already has multifactor authentication set up? Can we trust their multifactor authentication, and not use our own multifactor authentication?
         answer: |
-          This feature is currently not supported. If access to your organization's resources requires multi-factor authentication, the partner organization will need to register for multi-factor authentication in your (the inviting) organization.
+          This feature is currently not supported. If access to your organization's resources requires multifactor authentication, the partner organization will need to register for multifactor authentication in your (the inviting) organization.
 
       - question: |
           How can I use delayed invitations?
@@ -101,9 +101,9 @@ sections:
           13. On the **Cloud apps or actions** page, select **Done**.
           
       - question: |
-          Does Azure AD B2B collaboration support multi-factor authentication and consumer email accounts?
+          Does Azure AD B2B collaboration support multifactor authentication and consumer email accounts?
         answer: |
-          Yes. Multi-factor authentication and consumer email accounts are both supported for Azure AD B2B collaboration.
+          Yes. Multifactor authentication and consumer email accounts are both supported for Azure AD B2B collaboration.
 
       - question: |
           Do you support password reset for Azure AD B2B collaboration users?
@@ -171,14 +171,14 @@ sections:
           All Azure AD-integrated applications can support Azure B2B guest users, but they must use an endpoint set up as a tenant to authenticate guest users. You might also need to [customize the claims](claims-mapping.md) in the SAML token that is issued when a guest user authenticates to the app. 
           
       - question: |
-          Can we force multi-factor authentication for B2B guest users if our partners don't have multi-factor authentication?
+          Can we force multifactor authentication for B2B guest users if our partners don't have multifactor authentication?
         answer: |
           Yes. For more information, see [Conditional Access for B2B collaboration users](conditional-access.md).
           
       - question: |
           In SharePoint, you can define an "allow" or "deny" list for external users. Can we do this in Azure?
         answer: |
-          Yes. Azure AD B2B collaboration supports allow lists and deny lists. 
+          Yes. Azure AD B2B collaboration supports allowlists and blocklists. 
 
       - question: |
           What licenses do we need to use Azure AD B2B?