Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into pauljewell-azurite-update

Author: pauljewellmsft

.openpublishing.publish.config.json

@@ -994,6 +994,7 @@
   "articles/object-anchors/.openpublishing.redirection.object-anchors.json",
   "articles/postgresql/.openpublishing.redirection.postgresql.json",
   "articles/purview/.openpublishing.redirection.purview.json",
+  "articles/sap/.openpublishing.redirection.sap.json",
   "articles/service-bus-messaging/.openpublishing.redirection.service-bus-messaging.json",
   "articles/spatial-anchors/.openpublishing.redirection.spatial-anchors.json",
   "articles/spring-apps/.openpublishing.redirection.spring-apps.json",

.openpublishing.redirection.azure-monitor.json

@@ -5703,13 +5703,18 @@
             "redirect_document_id": false
         },
         {
+            "source_path_from_root": "/articles/azure-monitor/alerts/proactive-performance-diagnostics.md",
+            "redirect_url": "https://azure.microsoft.com/updates/public-preview-alerts-based-smart-detection-for-application-insights/",
+            "redirect_document_id": false
+        },
+      {
             "source_path_from_root": "/articles/azure-monitor/autoscale/autoscale-resource-log-schema.md",
             "redirect_url": "/azure/azure-monitor/autoscale/autoscale-diagnostics",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/azure-monitor/alerts/proactive-performance-diagnostics.md",
-            "redirect_url": "https://azure.microsoft.com/updates/public-preview-alerts-based-smart-detection-for-application-insights/",
+      {
+            "source_path_from_root": "/articles/azure-monitor/app/java-in-process-agent.md",
+            "redirect_url": "/azure/azure-monitor/app/opentelemetry-enable",
             "redirect_document_id": false
         }
     ]

.openpublishing.redirection.json

@@ -22695,6 +22695,11 @@
             "source_path": "articles/application-gateway/tutorial-protect-application-gateway.md",
             "redirect_URL": "/azure/application-gateway/tutorial-protect-application-gateway-ddos",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/virtual-machines/workloads/sap/index.md",
+            "redirect_URL": "/azure/sap/workloads/get-started",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/faq.yml

@@ -3,14 +3,14 @@ metadata:
   title: 'Frequently asked questions (FAQ) for Azure Active Directory B2C'
   description: Answers to frequently asked questions about Azure Active Directory B2C.
   services: active-directory-b2c
-  author: kengaderdus
+  author: garrodonnell
   manager: CelesteDG
 
   ms.service: active-directory
   ms.workload: identity
   ms.topic: faq
-  ms.date: 01/03/2022
-  ms.author: kengaderdus
+  ms.date: 02/09/2023
+  ms.author: godonnell
   ms.subservice: B2C
   ms.custom: "b2c-support"
 title: 'Azure AD B2C: Frequently asked questions (FAQ)'

articles/active-directory-b2c/identity-provider-generic-saml.md

@@ -139,10 +139,10 @@ The **OutputClaims** element contains a list of claims returned by the SAML iden
 
 In the example above, *Contoso-SAML2* includes the claims returned by a SAML identity provider:
 
-* The **issuerUserId** claim is mapped to the **assertionSubjectName** claim.
+* The **assertionSubjectName** claim is mapped to the **issuerUserId** claim.
 * The **first_name** claim is mapped to the **givenName** claim.
 * The **last_name** claim is mapped to the **surname** claim.
-* The **displayName** claim is mapped to the `http://schemas.microsoft.com/identity/claims/displayname` claim.
+* The `http://schemas.microsoft.com/identity/claims/displayname` claim is mapped to the **displayName** claim.
 * The **email** claim without name mapping.
 
 The technical profile also returns claims that aren't returned by the identity provider:
@@ -237,4 +237,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 - [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
 
-::: zone-end
+::: zone-end

articles/active-directory/authentication/concept-certificate-based-authentication-smartcard.md

@@ -73,7 +73,11 @@ The Windows smart card sign-in works with the latest preview build of Windows 11
 |✅ | ✅ | ✅ |✅ |
 
 >[!NOTE] 
->Azure AD CBA supports both certificates on-device as well as external storage like security keys on Windows.
+>Azure AD CBA supports both certificates on-device as well as external storage like security keys on Windows. 
+
+## Windows Out of the box experience (OOBE)
+
+Windows OOBE should allow the user to login using an external smart card reader and authenticate against Azure AD CBA. Windows OOBE by default should have the necessary smart card drivers or the smart card drivers previously added to the Windows image before OOBE setup.
 
 ## Restrictions and caveats  
 

articles/active-directory/cloud-infrastructure-entitlement-management/media/usage-analytics-active-tasks/high-risk-deleted-task.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 02/08/2023
 ms.author: jfields
 ---
 
@@ -48,11 +48,10 @@ When you select **Active Tasks**, the **Analytics** dashboard provides a high-le
 The **Active Tasks** table displays the results of your query.
 
 - **Task Name**: Provides the name of the task.
-    - To view details about the task, select the down arrow in the table.
+    - To view details about the task, select the down arrow next to the task in the table.
 
-        - A **Normal Task** icon displays to the left of the task name if the task is normal (that is, not risky).
-        - A **Deleted Task** icon displays to the left of the task name if the task involved deleting data.
-        - A **High-Risk Task** icon displays to the left of the task name if the task is high-risk.
+        - An icon (![Image of task icon](media/usage-analytics-active-tasks/normal-task.png)) displays to the left of the task name if the task is a **Normal Task** (that is, not risky).
+        - A highlighted icon (![Image of highlighted task icon](media/usage-analytics-active-tasks/high-risk-deleted-task.png)) displays to the left of the task name if the task involved deleting data — a **High-Delete Task** — or if the task is a **High-Risk Task**.
 
 - **Performed on (resources)**: The number of resources on which the task was used.
 

articles/active-directory/cloud-infrastructure-entitlement-management/media/usage-analytics-active-tasks/normal-task.png

@@ -179,7 +179,7 @@ When Conditional Access policy or group membership changes need to be applied to
 Modern networks often optimize connectivity and network paths for applications differently. This optimization frequently causes variations of the routing and source IP addresses of connections, as seen by your identity provider and resource providers. You may observe this split path or IP address variation in multiple network topologies, including, but not limited to: 
 
 - On-premises and cloud-based proxies.
-- Virtual private network (VPN) implementations, like split tunneling.
+- Virtual private network (VPN) implementations, like [split tunneling](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel).
 - Software defined wide area network (SD-WAN) deployments.
 - Load balanced or redundant network egress network topologies, like those using [SNAT](https://wikipedia.org/wiki/Network_address_translation#SNAT). 
 - Branch office deployments that allow direct internet connectivity for specific applications.
@@ -189,9 +189,10 @@ Modern networks often optimize connectivity and network paths for applications d
 In addition to IP variations, customers also may employ network solutions and services that: 
 
 - Use IP addresses that may be shared with other customers. For example, cloud-based proxy services where egress IP addresses are shared between customers.
-- Use easily varied or undefinable IP addresses. For example, topologies where there are large, dynamic sets of egress IP addresses used, like large enterprise scenarios or split VPN and local egress network traffic.
+- Use easily varied or undefinable IP addresses. For example, topologies where there are large, dynamic sets of egress IP addresses used, like large enterprise scenarios or [split VPN](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel) and local egress network traffic.
+
+Networks where egress IP addresses may change frequently or are shared may affect Azure AD Conditional Access and Continues Access Evaluation (CAE). This variability can affect how these features work and their recommended configurations. Split Tunneling may also cause unexpected blocks when an environment is configured using [Split Tunneling VPN Best Practices](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel). Routing [Optimized IPs](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel#optimize-ip-address-ranges) through a Trusted IP/VPN may be required to prevent blocks related to "insufficient_claims" or "Instant IP Enforcement check failed".
 
-Networks where egress IP addresses may change frequently or are shared may affect Azure AD Conditional Access and Continues Access Evaluation (CAE). This variability can affect how these features work, and their recommended configurations.
 
 The following table summarizes Conditional Access and CAE feature behaviors and recommendations for different types of network deployments: