Merge pull request #217117 from MicrosoftDocs/main

11/03 PM Publish

Author: huypub

.openpublishing.publish.config.json

@@ -850,8 +850,8 @@
     },
     {
       "path_to_root": "azure-cosmos-dotnet-v3",
-      "url": "https://github.com/Azure-Samples/cosmos-db-sql-api-dotnet-samples",
-      "branch": "v3",
+      "url": "https://github.com/azure-samples/cosmos-db-nosql-dotnet-samples",
+      "branch": "main",
       "branch_mapping": {}
     },
     {

.openpublishing.redirection.communication-services.json

@@ -29363,6 +29363,11 @@
             "source_path_from_root": "/articles/virtual-network/ip-services/create-custom-ip-address-prefix-ipv6.md",
             "redirect_url": "/azure/virtual-network/ip-services/create-custom-ip-address-prefix-ipv6-powershell",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/cloud-shell/example-terraform-bash.md",
+            "redirect_url": "/azure/developer/terraform/quickstart-configure",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 10/13/2022
+ms.date: 10/18/2022
 
 ms.author: justinha
 author: justinha
@@ -46,7 +46,7 @@ The following limitations apply to using SSPR from the Windows sign-in screen:
     - Explorer.exe is replaced with a custom shell
     - Interactive logon: Require smart card is set to enabled or 1
 - The combination of the following specific three settings can cause this feature to not work.
-    - Interactive logon: Do not require CTRL+ALT+DEL = Disabled
+    - Interactive logon: Do not require CTRL+ALT+DEL = Disabled (only for Windows 10 version 1710 and earlier)
     - *DisableLockScreenAppNotifications* = 1 or Enabled
     - Windows SKU is Home edition
 

articles/active-directory/authentication/howto-sspr-windows.md

@@ -7,7 +7,7 @@ metadata:
   ms.service: active-directory
   ms.subservice: authentication
   ms.topic: faq
-  ms.date: 07/14/2020
+  ms.date: 11/03/2022
   ms.author: justinha
   author: justinha
   manager: amycolannino
@@ -18,12 +18,7 @@ summary: |
   This FAQ answers common questions about Azure AD Multi-Factor Authentication and using the Multi-Factor Authentication service. It's broken down into questions about the service in general, billing models, user experiences, and troubleshooting.
   
   > [!IMPORTANT]
-  > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
-  >
-  > The information shared below regarding the Azure Multi-Factor Authentication Server is only applicable for users who already have the MFA server running.
-  >
-  > Consumption-based licensing is no longer available to new customers effective September 1, 2018.
-  > Effective September 1, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated. Multi-factor authentication will continue to be an available feature in Azure AD Premium licenses.
+  > In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users’ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).
   
 
 sections:

articles/active-directory/authentication/multi-factor-authentication-faq.yml

@@ -41,7 +41,7 @@
     - name: Manage user profiles
       href: ../fundamentals/active-directory-users-profile-azure-portal.md?context=%2fazure%2factive-directory%2fenterprise-users%2fcontext%2fugr-context
     - name: Add custom data using extensions - Microsoft Graph
-      href: /graph/extensibility-overview.md?toc=/azure/active-directory/enterprise-users/toc.json&bc=/azure/active-directory/enterprise-users/breadcrumb/toc.json
+      href: /graph/extensibility-overview?toc=/azure/active-directory/enterprise-users/toc.json&bc=/azure/active-directory/enterprise-users/breadcrumb/toc.json
     - name: Assign custom security attributes
       href: users-custom-security-attributes.md
     - name: Download user info

articles/active-directory/enterprise-users/TOC.yml

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 05/13/2022
+ms.date: 10/17/2022
 
 ms.author: mimart
 author: msmimart
@@ -29,7 +29,7 @@ This article describes how to set up [SAML/WS-Fed IdP federation](direct-federat
 
 Azure AD B2B can be configured to federate with IdPs that use the SAML protocol with specific requirements listed below. To illustrate the SAML configuration steps, this section shows how to set up AD FS for SAML 2.0.
 
-To set up federation, the following attributes must be received in the SAML 2.0 response from the IdP. These attributes can be configured by linking to the online security token service XML file or by entering them manually. Step 12 in [Create a test AD FS instance](https://medium.com/in-the-weeds/create-a-test-active-directory-federation-services-3-0-instance-on-an-azure-virtual-machine-9071d978e8ed) describes how to find the AD FS endpoints or how to generate your metadata URL, for example `https://fs.iga.azure-test.net/federationmetadata/2007-06/federationmetadata.xml`. 
+To set up federation, the following attributes must be received in the SAML 2.0 response from the IdP. These attributes can be configured by linking to the online security token service XML file or by entering them manually. Step 12 in [Create a test AD FS instance](https://medium.com/in-the-weeds/create-a-test-active-directory-federation-services-3-0-instance-on-an-azure-virtual-machine-9071d978e8ed) describes how to find the AD FS endpoints or how to generate your metadata URL, for example `https://fs.iga.azure-test.net/federationmetadata/2007-06/federationmetadata.xml`.
 
 |Attribute  |Value  |
 |---------|---------|
@@ -60,7 +60,7 @@ An AD FS server must already be set up and functioning before you begin this pro
 1. In the **Add a Claim Description** window, specify the following values:
 
    - **Display Name**: Persistent Identifier
-   - **Claim identifier**: `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` 
+   - **Claim identifier**: `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
    - Select the check box for **Publish this claim description in federation metadata as a claim type that this federation service can accept**.
    - Select the check box for **Publish this claim description in federation metadata as a claim type that this federation service can send**.
 
@@ -79,7 +79,7 @@ An AD FS server must already be set up and functioning before you begin this pro
 9. In the **Identifiers** tab, enter ``https://login.microsoftonline.com/<tenant ID>/`` in the **Relying party identifier** text box using the tenant ID of the service partner’s Azure AD tenant. Select **Add**.
 
 > [!NOTE]
-> Be sure to include a slash (/) after the tenant ID. For example, https://login.microsoftonline.com/094a6247-27d4-489f-a23b-b9672900084d/.
+> Be sure to include a slash (/) after the tenant ID, for example: `https://login.microsoftonline.com/00000000-27d4-489f-a23b-00000000084d/`.
 
 10. Select **OK**.
 
@@ -150,7 +150,7 @@ An AD FS server must already be set up and functioning before you begin this pro
       - `https://login.microsoftonline.com/<tenant ID>/` 
 
    > [!NOTE]
-   > Be sure to include a slash (/) after the tenant ID, for example: https://login.microsoftonline.com/094a6247-27d4-489f-a23b-b9672900084d/.
+   > Be sure to include a slash (/) after the tenant ID, for example: `https://login.microsoftonline.com/00000000-27d4-489f-a23b-00000000084d/`.
 
 11. Select **Next**.
 12. In the **Choose Access Control Policy** page, select a policy, and then select **Next**.

articles/active-directory/external-identities/direct-federation-adfs.md

@@ -21,7 +21,7 @@ ms.custom: engagement-fy23
 
 # Leave an organization as an external user
 
-As an Azure Active Directory (Azure AD) [B2B collaboration](/articles/active-directory/external-identities/what-is-b2b.md) or [B2B direct connect](/articles/active-directory/external-identities/b2b-direct-connect-overview.md) user, you can leave an organization at any time if you no longer need to use apps from that organization, or maintain any association.
+As an Azure Active Directory (Azure AD) [B2B collaboration](what-is-b2b.md) or [B2B direct connect](b2b-direct-connect-overview.md) user, you can leave an organization at any time if you no longer need to use apps from that organization, or maintain any association.
 
 You can usually leave an organization on your own without having to contact an administrator. However, in some cases this option won't be available and you'll need to contact your tenant admin, who can delete your account in the external organization. This article is intended for administrators. If you're a user looking for information about how to manage and leave an organization, see the [Manage organizations article.](https://support.microsoft.com/account-billing/manage-organizations-for-a-work-or-school-account-in-the-my-account-portal-a9b65a70-fec5-4a1a-8e00-09f99ebdea17)
 

articles/active-directory/external-identities/leave-the-organization.md

@@ -84,4 +84,4 @@ See the following articles on securing external access to resources. We recommen
 1. [Secure access with Conditional Access policies](7-secure-access-conditional-access.md) 
 1. [Secure access with Sensitivity labels](8-secure-access-sensitivity-labels.md)
 1. [Secure access to Microsoft Teams, OneDrive, and SharePoint](9-secure-access-teams-sharepoint.md)
-1. [Secure local guest accounts](10-secure-local-guest.md) (You’re here)
+1. [Convert local guest accounts to B2B](10-secure-local-guest.md) (You’re here)

articles/active-directory/fundamentals/10-secure-local-guest.md

@@ -90,4 +90,4 @@ See the following articles on securing external access to resources. We recommen
 
 9. [Secure access to Microsoft Teams, OneDrive, and SharePoint](9-secure-access-teams-sharepoint.md)
 
-10. [Secure local guest accounts](10-secure-local-guest.md)
+10. [Convert local guest accounts to B2B](10-secure-local-guest.md)