Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: bwren

.docutune/config/docutune-azure-docs-pr.json

@@ -0,0 +1,40 @@
+{
+  "BaseConfiguration": "docutune-default.json",
+  "Docsets": [
+    {
+      "DocsetName": "azure-documents",
+      "BuildSourceFolder": "articles",
+      "BasePath": "/azure"
+  } ],
+  "MetadataDelimiter": "\"",
+  "Exclude": [
+    "licensing-service-plan-reference.md",
+    "policy-reference.md",
+    "security-controls-policy.md",
+    "articles/defender-for-cloud/alerts-reference.md",
+    "articles/defender-for-cloud/windows-admin-center-integration.md",
+    "articles/governance/",
+    "includes/policy/",
+    "includes/defender-for-cloud-alerts-schema-log-analytics-workspace.md",
+    "third-party-notices.md",
+    "*whats-new*",
+    "*release-notes*",
+    "*third-party-notices*",
+    "*change-log*",
+    "*changelog*",
+    "*reference-breaking-changes*",
+    "*version-history*",
+    "banner.md"
+  ],
+  "PreloadTOCFiles": [
+    "articles/cloud-services/toc.yml",
+    "articles/storage/blobs/TOC.yml",
+    "articles/storage/queues/TOC.yml"
+  ],
+  "TermFiles": [
+    "Dictionary-Onboard.ps1",
+    "Bundle-Standard.txt",
+    "Bundle-Cloud.txt"
+  ],
+  "ApplyPolicies": []
+}

.docutune/config/docutune-unattended.json

@@ -0,0 +1,34 @@
+{
+  "baseConfiguration": "docutune-unattended-default.json",
+  "onboarding": {
+    "maxInFlightPullRequests": 20,
+    "maxInFlightFiles": 200
+  },
+  "pullRequest": {
+    "title": "[BULK] [DocuTune-Remediation] - Scheduled execution to fix known issues in WAF",
+    "batchSize": 0,
+    "maxBatches": 100,
+    "body": "",
+    "newBranchNamePrefix": "",
+    "headRemote": "origin",
+    "draft": false,
+    "requestReview": true,
+    "signOff": false,
+    "properties": {},
+    "sleepInterval": 15
+  },
+  "types": [
+    {
+      "name": "Default",
+      "command": "Fix",
+      "configType": "full",
+      "stopAt": 9
+    },
+    {
+      "name": "FlagBrokenLinks",
+      "base": "Default",
+      "configType": "links-only",
+      "stopAt": 10
+    }
+  ]
+}

.openpublishing.redirection.active-directory.json

@@ -5460,6 +5460,11 @@
       "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/identity-secure-score.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/concept-identity-secure-score",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/reference-azure-ad-sla-performance.md",
       "redirect_url": "/azure/active-directory/reports-monitoring/reference-sla-performance",

.openpublishing.redirection.azure-monitor.json

@@ -6319,6 +6319,21 @@
             "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v4.md",
             "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/opencensus-python-dependency.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/opencensus-python-dependency",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/opencensus-python-request.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/opencensus-python-request",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/opencensus-python.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/opencensus-python",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -7560,7 +7560,12 @@
         },
         {
             "source_path_from_root": "/articles/automation/manage-runas-account.md",
-            "redirect_url": "/azure/automation/manage-run-as-account",
+            "redirect_url": "/azure/automation/migrate-run-as-accounts-managed-identity",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/automation/manage-run-as-account.md",
+            "redirect_url": "/azure/automation/migrate-run-as-accounts-managed-identity",
             "redirect_document_id": false
         },
         {

CODEOWNERS

@@ -4,74 +4,6 @@
 # Background: https://github.blog/2017-07-06-introducing-code-owners/
 # NOTE: The people you choose as code owners must have _write_ permissions for the repository. When the code owner is a team, that team must be _visible_ and it must have _write_ permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.
 
-# Azure Monitor
-articles/azure-monitor/* @bwren
-articles/azure-monitor/agents @guywi-ms @bwren
-articles/azure-monitor/alerts @abbyMSFT
-articles/azure-monitor/app @AaronMaxwell 
-articles/azure-monitor/autoscale @EdB-MSFT
-articles/azure-monitor/containers @bwren
-articles/azure-monitor/essentials @bwren @rboucher @EdB-MSFT
-articles/azure-monitor/insights @bwren @rboucher 
-articles/azure-monitor/logs @guywi-ms
-articles/azure-monitor/visualize @abbyMSFT @rboucher
-articles/azure-monitor/vm @bwren
-articles/advisor @rboucher
-articles/service-health @rboucher
-
-# Azure Synapse Analytics
-/articles/synapse-analytics/ @SnehaGunda @WilliamDAssafMSFT @ryanmajidi @saveenr 
-/articles/synapse-analytics/backuprestore/ @joannapea @WilliamDAssafMSFT 
-/articles/synapse-analytics/catalog-governance/@djpmsft @chanuengg 
-/articles/synapse-analytics/ccid/ @liudan66
-/articles/synapse-analytics/data-integration/ @kromerm @jonburchel 
-/articles/synapse-analytics/machine-learning/ @garyericson @NelGson @midesa 
-/articles/synapse-analytics/metadata/@MikeRys @jocaplan
-/articles/synapse-analytics/security/ @RonyMSFT @meenalsri 
-/articles/synapse-analytics/spark/ @euangms @mlee3gsd @midesa 
-/articles/synapse-analytics/sql/ @filippopovic @azaricstefan @WilliamDAssafMSFT @jovanpop-msft
-/articles/synapse-analytics/sql-data-warehouse/ @SnehaGunda @WilliamDAssafMSFT
-/articles/synapse-analytics/synapse-link/ @Rodrigossz @SnehaGunda @jovanpop-msft
-
-# Cognitive Services
-/articles/ai-services/ @aahill @patrickfarley @nitinme @mrbullwinkle @laujan @eric-urban @jboback
-
-# DevOps
-/articles/ansible/ @TomArcherMsft
-/articles/chef/ @TomArcherMsft
-/articles/jenkins/ @TomArcherMsft
-/articles/terraform/ @TomArcherMsft
-
-# compute
-/articles/virtual-machines/ @cynthn @mimckitt
-/articles/virtual-machine-scale-sets/ @ju-shim @mimckitt
-/articles/cloud-services/ @mimckitt
-/articles/cloud-services-extended-support/ @mimckitt
-/articles/service-fabric/ @sukanyamsft @mimckitt
-/articles/container-instances/ @macolso @mimckitt
-/articles/container-registry/ @dlepow @mimckitt
-
-# Security
-/articles/security/fundamentals/feature-availability.md @msmbaldwin @terrylanfear
-
-# Azure Security Center
-/articles/security-center/ @memildin
-/includes/*security-controls*.md @memildin
-
-# Defender for Cloud
-
-/articles/defender-for-cloud @dcurwin @ElazarK
-
-# DDOS Protection
-/articles/ddos-protection @aletheatoh @anupamvi
-
-# Lighthouse
-/articles/lighthouse/ @JnHs
-
-# Healthcare APIs
-/articles/healthcare-apis/ @ranvijaykumar @chachachachami
-
 # Configuration
 *.json @SyntaxC4 @snoviking
-.acrolinx-config.edn @MonicaRush 
 articles/zone-pivot-groups.yml @SyntaxC4 @snoviking

articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
 ms.custom: b2c-docs-improvements
-ms.date: 01/30/2023
+ms.date: 10/03/2023
 ms.author: kengaderdus
 ms.reviewer: yoelh
 ms.subservice: B2C
@@ -301,7 +301,7 @@ When the custom policy runs:
 - **Orchestration Step 3** - This step runs if the user signs up (`objectId` doesn't exist), and that a user doesn't select a company `accountType`. So we've to ask the user to input an `accessCode` by invoking the *AccessCodeInputCollector* self-asserted technical profile.
 
 - **Orchestration Step 4** - This step runs if the user signs up (objectId doesn't exist), so we display the sign-up form by invoking the
-*UserInformationCollector* self-asserted technical profile. This step runs whether a user signs up or signs in. 
+*UserInformationCollector* self-asserted technical profile. 
 
 - **Orchestration Step 5** - This step reads account information from Microsoft Entra ID (we invoke `AAD-UserRead` Microsoft Entra technical profile), so it runs whether a user signs up or signs in.
 
@@ -327,4 +327,4 @@ You can sign in by entering the **Email Address** and **Password** of an existin
 
 - Learn how to [Remove the sign-up link](add-sign-in-policy.md), so users can just sign in.  
 
-- Learn more about [OpenID Connect technical profile](openid-connect-technical-profile.md).
+- Learn more about [OpenID Connect technical profile](openid-connect-technical-profile.md).

articles/active-directory-b2c/openid-connect-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/22/2023
+ms.date: 09/12/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -88,7 +88,7 @@ The technical profile also returns claims that aren't returned by the identity p
 | MarkAsFailureOnStatusCode5xx | No | Indicates whether a request to an external service should be marked as a failure if the Http status code is in the 5xx range. The default is `false`. |
 | DiscoverMetadataByTokenIssuer | No | Indicates whether the OIDC metadata should be discovered by using the issuer in the JWT token.If you need to build the metadata endpoint URL based on Issuer, set this to `true`.|
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
-|token_endpoint_auth_method| No | Specifies how Azure AD B2C sends the authentication header to the token endpoint. Possible values: `client_secret_post` (default), and `client_secret_basic` (public preview), `private_key_jwt`. For more information, see [OpenID Connect client authentication section](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). |
+|token_endpoint_auth_method| No | Specifies how Azure AD B2C sends the authentication header to the token endpoint. Possible values: `client_secret_post` (default), and `client_secret_basic`, `private_key_jwt`. For more information, see [OpenID Connect client authentication section](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). |
 |token_signing_algorithm| No | Specifies the signing algorithm to use when `token_endpoint_auth_method` is set to `private_key_jwt`. Possible values: `RS256` (default) or `RS512`.|
 | SingleLogoutEnabled | No | Indicates whether during sign-in the technical profile attempts to sign out from federated identity providers. For more information, see [Azure AD B2C session sign-out](./session-behavior.md#sign-out).  Possible values: `true` (default), or `false`. |
 |ReadBodyClaimsOnIdpRedirect| No| Set to `true` to read claims from response body on identity provider redirect. This metadata is used with [Apple ID](identity-provider-apple-id.md), where claims return in the response payload.|

articles/active-directory-b2c/roles-resource-access-control.md

@@ -26,7 +26,7 @@ When planning your access control strategy, it's best to assign users the least
 |[Company branding](customize-ui.md#configure-company-branding)| Customize your user flow pages.| [Global Administrator](../active-directory/roles/permissions-reference.md#global-administrator)|
 |[User attributes](user-flow-custom-attributes.md)| Add or delete custom attributes available to all user flows.| [External ID User Flow Attribute Administrator](../active-directory/roles/permissions-reference.md#external-id-user-flow-attribute-administrator)|
 |Manage users| Manage [consumer accounts](manage-users-portal.md) and administrative accounts as described in this article.| [User Administrator](../active-directory/roles/permissions-reference.md#user-administrator)|
-|Roles and administrators| Manage role assignments in Azure AD B2C directory. Create and manage groups that can be assigned to Azure AD B2C roles. |[Global Administrator](../active-directory/roles/permissions-reference.md#global-administrator), [Privileged Role Administrator](../active-directory/roles/permissions-reference.md#privileged-role-administrator)|
+|Roles and administrators| Manage role assignments in Azure AD B2C directory. Create and manage groups that can be assigned to Azure AD B2C roles. Note that the Azure AD custom roles feature is currently not available for Azure AD B2C directories. |[Global Administrator](../active-directory/roles/permissions-reference.md#global-administrator), [Privileged Role Administrator](../active-directory/roles/permissions-reference.md#privileged-role-administrator)|
 |[User flows](user-flow-overview.md)|For quick configuration and enablement of common identity tasks, like sign-up, sign-in, and profile editing.| [External ID User Flow Administrator](../active-directory/roles/permissions-reference.md#external-id-user-flow-administrator)|
 |[Custom policies](user-flow-overview.md)| Create, read, update, and delete all custom policies in Azure AD B2C.| [B2C IEF Policy Administrator](../active-directory/roles/permissions-reference.md#b2c-ief-policy-administrator)|
 |[Policy keys](policy-keys-overview.md)|Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords used in custom policies.|[B2C IEF Keyset Administrator](../active-directory/roles/permissions-reference.md#b2c-ief-keyset-administrator)|