Merge pull request #180863 from MicrosoftDocs/master

11/23 AM Publish

Author: huypub

articles/active-directory-b2c/conditional-access-identity-protection-overview.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 05/28/2021
+ms.date: 11/23/2021
 
 ms.author: kengaderdus
 author: kengaderdus
@@ -43,7 +43,7 @@ Identity Protection and Conditional Access in Azure AD B2C generally work the sa
 
 - Identity Protection and Conditional Access aren't supported for ROPC server-to-server flows in Azure AD B2C tenants.
 
-- In Azure AD B2C tenants, Identity Protection risk detections are available for local B2C accounts only, and not for social identities like Google or Facebook.
+- In Azure AD B2C tenants, Identity Protection risk detections are available for both local and social identities, such as Google or Facebook. For social identities, Conditional Access must be activated. Detection is limited because the social account credentials are managed by the external identity provider.
 
 - In Azure AD B2C tenants, a subset of the Identity Protection risk detections is available. See [Investigate risk with Identity Protection](identity-protection-investigate-risk.md), and [Add Conditional Access to user flows](conditional-access-user-flow.md).
 

articles/active-directory-b2c/custom-domain.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/15/2021
+ms.date: 11/23/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -28,6 +28,10 @@ This article describes how to enable custom domains in your redirect URLs for Az
 
 You can enable custom domains for Azure AD B2C by using [Azure Front Door](https://azure.microsoft.com/services/frontdoor/). Azure Front Door is a global entry point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. You can render Azure AD B2C content behind Azure Front Door, and then configure an option in Azure Front Door to deliver the content via a custom domain in your application's URL.
 
+Watch this video to learn about Azure AD B2C custom domain.
+
+>[!Video https://www.youtube.com/embed/mVNB59VK-DQ]
+
 The following diagram illustrates Azure Front Door integration:
 
 1. From an application, a user selects the sign-in button, which takes them to the Azure AD B2C sign-in page. This page specifies a custom domain name.

articles/active-directory/devices/hybrid-azuread-join-federated-domains.md

@@ -82,7 +82,7 @@ Hybrid Azure AD join requires devices to have access to the following Microsoft
 - `https://autologon.microsoftazuread-sso.com` (If you use or plan to use seamless SSO)
 
 > [!WARNING]
-> If your organization uses proxy servers that intercept SSL traffic for scenarios like data loss prevention or Azure AD tenant restrictions, ensure that traffic to 'https://device.login.microsoftonline.com' is excluded from TLS break-and-inspect. Failure to exclude 'https://device.login.microsoftonline.com' may cause interference with client certificate authentication, causing issues with device registration and device-based Conditional Access.
+> If your organization uses proxy servers that intercept SSL traffic for scenarios like data loss prevention or Azure AD tenant restrictions, ensure that traffic to these URLs are excluded from TLS break-and-inspect. Failure to exclude these URLs may cause interference with client certificate authentication, cause issues with device registration, and device-based Conditional Access.
 
 Beginning with Windows 10 1803, if the instantaneous hybrid Azure AD join for a federated environment by using AD FS fails, we rely on Azure AD Connect to sync the computer object in Azure AD that's subsequently used to complete the device registration for hybrid Azure AD join. Verify that Azure AD Connect has synced the computer objects of the devices you want to be hybrid Azure AD joined to Azure AD. If the computer objects belong to specific organizational units (OUs), you must also configure the OUs to sync in Azure AD Connect. To learn more about how to sync computer objects by using Azure AD Connect, see [Configure filtering by using Azure AD Connect](../hybrid/how-to-connect-sync-configure-filtering.md#organizational-unitbased-filtering).
 

articles/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md

@@ -39,7 +39,7 @@ The need for access to privileged Azure resource and Azure AD roles by employees
 
     :::image type="content" source="./media/pim-create-azure-ad-roles-and-resource-roles-review/identity-governance.png" alt-text="Select Identity Governance in Azure Portal screenshot." lightbox="./media/pim-create-azure-ad-roles-and-resource-roles-review/identity-governance.png"::: 
 
-4. For **Azure AD roles**, select **Azure AD roles** again under **Manage**. For **Azure resources**, select the resource you want to manage, such as a subscription.
+4. For **Azure AD roles**, select **Azure AD roles** again under **Manage**. For **Azure resources**, select the subscription you want to manage.
 
 
 5. Under Manage, select **Access reviews**, and then select **New** to create a new access review.

articles/active-directory/saas-apps/cisco-webex-provisioning-tutorial.md

@@ -53,7 +53,7 @@ Before configuring Cisco Webex for automatic user provisioning with Azure AD, yo
 
 4. In the search box, type **Cisco Webex**, select **Cisco Webex** from result panel then click **Add** button to add the application.
 
-    ![Cisco Webex in the results list](common/search-new-app.png)
+    ![Cisco Webex in the results list](media/cisco-webex-provisioning-tutorial/search-cisco-app.png)
 
 ## Assigning users to Cisco Webex
 

articles/active-directory/saas-apps/media/cisco-webex-provisioning-tutorial/search-cisco-app.png

@@ -231,7 +231,7 @@ Authorization: Bearer  <token>
 
 For the complete code, see one of the following code samples:
 
-- [C#](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/AspNetCoreVerifiableCredentials/IssuerController.cs)
+- [C#](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/1-asp-net-core-api-idtokenhint/IssuerController.cs)
 - [Node.js](https://github.com/Azure-Samples/active-directory-verifiable-credentials-node/blob/main/1-node-api-idtokenhint/issuer.js)
 
 ## Presentation request example
@@ -317,7 +317,7 @@ try
 }
 ```
 
-For the complete code, see the [issuance](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/AspNetCoreVerifiableCredentials/IssuerController.cs) and [presentation](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/AspNetCoreVerifiableCredentials/VerifierController.cs) code on the GitHub repo.
+For the complete code, see the [issuance](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/1-asp-net-core-api-idtokenhint/IssuerController.cs) and [presentation](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/blob/main/1-asp-net-core-api-idtokenhint/IssuerController.cs) code on the GitHub repo.
 
 # [Node.js](#tab/nodejs)
 

articles/active-directory/verifiable-credentials/get-started-request-api.md

@@ -18,8 +18,16 @@ This article shows you how to create an RDP connection with an AKS node using th
 
 ## Before you begin
 
-This article assumes that you have an existing AKS cluster with a Windows Server node. If you need an AKS cluster, see the article on [creating an AKS cluster with a Windows container using the Azure CLI][aks-windows-cli]. You need the Windows administrator username and password for the Windows Server node you want to troubleshoot. If you don't know them, you can reset them by following [Reset Remote Desktop Services or its administrator password in a Windows VM
-](/troubleshoot/azure/virtual-machines/reset-rdp). You also need an RDP client such as [Microsoft Remote Desktop][rdp-mac].
+This article assumes that you have an existing AKS cluster with a Windows Server node. If you need an AKS cluster, see the article on [creating an AKS cluster with a Windows container using the Azure CLI][aks-windows-cli]. You need the Windows administrator username and password for the Windows Server node you want to troubleshoot. You also need an RDP client such as [Microsoft Remote Desktop][rdp-mac].
+
+If you need to reset the password you can use `az aks update` to change the password.
+
+```azurecli-interactive
+az aks update -g myResourceGroup -n myAKSCluster --windows-admin-password $WINDOWS_ADMIN_PASSWORD
+```
+
+If you need to reset both the username and password, see [Reset Remote Desktop Services or its administrator password in a Windows VM
+](/troubleshoot/azure/virtual-machines/reset-rdp).
 
 You also need the Azure CLI version 2.0.61 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 

articles/aks/rdp.md

@@ -45,6 +45,10 @@ Choose a pricing tier on the right and then choose **Select**.
 
 :::image type="content" source="media/cache-how-to-scale/select-a-tier.png" alt-text="Azure Cache for Redis tiers":::
 
+> [!NOTE]
+> Scaling is currently not avaialble with Enterprise Tier.
+>
+
 You can scale to a different pricing tier with the following restrictions:
 
 - You can't scale from a higher pricing tier to a lower pricing tier.

articles/azure-cache-for-redis/cache-how-to-scale.md

@@ -94,7 +94,7 @@ The Enterprise tiers rely on Redis Enterprise, a commercial variant of Redis fro
 > separately from cache instances themselves. For more information, see [Load Balancer pricing](https://azure.microsoft.com/pricing/details/load-balancer/).
 > If an Enterprise cache is configured for multiple Availability Zones, data
 > transfer will be billed at the [standard network bandwidth rates](https://azure.microsoft.com/pricing/details/bandwidth/)
-> starting from July 1, 2021.
+> starting from July 1, 2022.
 >
 > In addition, data persistence adds Managed Disks. The use of these resources will be free during
 > the public preview of Enterprise data persistence. This may change when the feature becomes
@@ -111,4 +111,4 @@ The Enterprise tiers rely on Redis Enterprise, a commercial variant of Redis fro
 * [Use Azure Cache for Redis in .NET Framework](cache-dotnet-how-to-use-azure-redis-cache.md)
 * [Use Azure Cache for Redis in Node.js](cache-nodejs-get-started.md)
 * [Use Azure Cache for Redis in Java](cache-java-get-started.md)
-* [Use Azure Cache for Redis in Python](cache-python-get-started.md)
+* [Use Azure Cache for Redis in Python](cache-python-get-started.md)