Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into FAQ-new

Author: yoninalmsft

.openpublishing.publish.config.json

@@ -1024,7 +1024,7 @@
     "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",
     ".openpublishing.redirection.virtual-desktop.json",
     "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services.json",
-    "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services-renamed.json",
+    "articles/applied-ai-services/.openpublishing.archived.json",
     "articles/cognitive-services/.openpublishing.redirection.cognitive-services.json"
   ]
 }

.openpublishing.redirection.json

@@ -4573,6 +4573,11 @@
     "redirect_url":  "/azure/security/benchmarks",
     "redirect_document_id":  false
 },
+{
+  "source_path_from_root":  "/articles/azure-resource-manager/bicep/linter-rule-use-protectedsettings-for-commandtoexecute-secrets.md",
+  "redirect_url":  "/azure/azure-resource-manager/bicep/linter-rule-protect-commandtoexecute-secrets",
+  "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/azure-resource-manager/templates/view-resources.md",
     "redirect_url":  "/azure/azure-resource-manager/templates/export-template-portal",

articles/active-directory-b2c/identity-provider-twitter.md

@@ -33,6 +33,32 @@ zone_pivot_groups: b2c-policy-type
 
 To enable sign-in for users with a Twitter account in Azure AD B2C, you need to create a Twitter application. If you don't already have a Twitter account, you can sign up at [`https://twitter.com/signup`](https://twitter.com/signup). You also need to [Apply for a developer account](https://developer.twitter.com/). For more information, see [Apply for access](https://developer.twitter.com/en/apply-for-access).
 
+::: zone pivot="b2c-custom-policy"
+1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
+1. Select **+ Create Project** button. 
+1. Under **Project name** tab, enter a preferred name of your project, and then select **Next** button.
+1. Under **Use case** tab, select your preferred use case, and then select **Next**. 
+1. Under **Project description** tab, enter your project description, and then select **Next** button. 
+1. Under **App name** tab, enter a name for your app, such as *azureadb2c*, and the select **Next** button.
+1. Under **Keys & Tokens** tab, copy the value of **API Key** and **API Key Secret** for later. You use both of them to configure Twitter as an identity provider in your Azure AD B2C tenant. 
+1. Select **App settings** to open the app settings. 
+1. At the lower part of the page, under **User authentication settings**, select **Set up**.
+1. In the **User authentication settings** page, select **OAuth 2.0** option. 
+1. Under **OAUTH 2.0 SETTINGS**, for the **Type of app**, select your appropriate app type such as *Web App*. 
+1. Under **GENERAL AUTHENTICATION SETTINGS**:
+    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-policy-id/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
+        - `your-tenant-name` with the name of your tenant name.
+        - `your-domain-name` with your custom domain.
+        - `your-policy-id` with the identifier of your user flow. For example, `b2c_1a_signup_signin_twitter`.  
+    1. For the **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.
+    1. Enter a URL for the **Terms of service**, for example `http://www.contoso.com/tos`. The policy URL is a page you maintain to provide terms and conditions for your application.
+    1. Enter a URL for the **Privacy policy**, for example `http://www.contoso.com/privacy`. The policy URL is a page you maintain to provide privacy information for your application.
+1. Select **Save**. 
+ ::: zone-end
+
+
+::: zone pivot="b2c-user-flow"
+
 1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
 1. Select **+ Create Project** button. 
 1. Under **Project name** tab, enter a preferred name of your project, and then select **Next** button.
@@ -45,15 +71,16 @@ To enable sign-in for users with a Twitter account in Azure AD B2C, you need to
 1. In the **User authentication settings** page, select **OAuth 2.0** option. 
 1. Under **OAUTH 2.0 SETTINGS**, for the **Type of app**, select your appropriate app type such as *Web App*. 
 1. Under **GENERAL AUTHENTICATION SETTINGS**:
-    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
+    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-name/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
         - `your-tenant-name` with the name of your tenant name.
         - `your-domain-name` with your custom domain.
-        - `your-user-flow-Id` with the identifier of your user flow. For example, `b2c_1a_signup_signin_twitter`. 
-    
+        - `your-user-flow-name` with the identifier of your user flow. For example, `b2c_1_signup_signin_twitter`. 
     1. For the **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.
     1. Enter a URL for the **Terms of service**, for example `http://www.contoso.com/tos`. The policy URL is a page you maintain to provide terms and conditions for your application.
     1. Enter a URL for the **Privacy policy**, for example `http://www.contoso.com/privacy`. The policy URL is a page you maintain to provide privacy information for your application.
 1. Select **Save**. 
+ 
+::: zone-end
 
 ::: zone pivot="b2c-user-flow"
 
@@ -83,8 +110,6 @@ At this point, the Twitter identity provider has been set up, but it's not yet a
 1. Select the **Run user flow** button.
 1. From the sign-up or sign-in page, select **Twitter** to sign in with Twitter account.
 
-If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
-
 ::: zone-end
 
 ::: zone pivot="b2c-custom-policy"
@@ -186,7 +211,9 @@ You can define a Twitter account as a claims provider by adding it to the **Clai
 1. For **Application**, select a web application that you [previously registered](tutorial-register-applications.md). The **Reply URL** should show `https://jwt.ms`.
 1. Select the **Run now** button.
 1. From the sign-up or sign-in page, select **Twitter** to sign in with Twitter account.
+::: zone-end
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
-::: zone-end
+> [!TIP]
+>  If you're facing `unauthorized` error while testing this identity provider, make sure you use the correct Twitter API Key and API Key Secret, or try to apply for [elevated](https://developer.twitter.com/en/portal/products/elevated) access. Also, we recommend you've a look at [Twitter's projects structure](https://developer.twitter.com/en/docs/projects/overview), if you registered your app before the feature was available.

articles/active-directory-b2c/localization-string-ids.md

@@ -377,7 +377,7 @@ The following are the IDs for a [Verification display control](display-control-v
 
 | ID | Default value |
 | --- | ------------- |
-|intro_msg <sup>*</sup>| Verification is necessary. Please click Send button.|
+|intro_msg<sup>1</sup>| Verification is necessary. Please click Send button.|
 |success_send_code_msg | Verification code has been sent. Please copy it to the input box below.|
 |failure_send_code_msg | We are having trouble verifying your email address. Please enter a valid email address and try again.|
 |success_verify_code_msg | E-mail address verified. You can now continue.|
@@ -386,13 +386,16 @@ The following are the IDs for a [Verification display control](display-control-v
 |but_verify_code | Verify code|
 |but_send_new_code | Send new code|
 |but_change_claims | Change e-mail|
+| UserMessageIfVerificationControlClaimsNotVerified<sup>2</sup>| The claims for verification control have not been verified. |
 
-Note: The `intro_msg` element is hidden, and not shown on the self-asserted page. To make it visible, use the [HTML customization](customize-ui-with-html.md) with Cascading Style Sheets. For example:
+<sup>1</sup> The `intro_msg` element is hidden, and not shown on the self-asserted page. To make it visible, use the [HTML customization](customize-ui-with-html.md) with Cascading Style Sheets. For example:
 
 ```css
 .verificationInfoText div{display: block!important}
 ```
 
+<sup>2</sup> This error message is displayed to the user if they enter a verification code, but instead of completing the verification by selecting on the **Verify** button, they select the **Continue** button.
+  
 ### Verification display control example
 
 ```xml
@@ -408,6 +411,7 @@ Note: The `intro_msg` element is hidden, and not shown on the self-asserted page
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_verify_code">Verify code</LocalizedString>
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_send_new_code">Send new code</LocalizedString>
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_change_claims">Change e-mail</LocalizedString>
+    <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfVerificationControlClaimsNotVerified">The claims for verification control have not been verified.</LocalizedString>
   </LocalizedStrings>
 </LocalizedResources>
 ```

articles/active-directory-b2c/page-layout.md

@@ -28,25 +28,32 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 |Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compiler version |
 |---------|---------|------|--------|----------|
-|multifactor |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
+|multifactor |>= 1.2.8 | 3.5.1 | 4.7.7 |4.7.7 |
+|            |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
 |            |< 1.2.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|selfasserted |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
+|selfasserted |>= 2.1.11 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 2.1.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|unifiedssp |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
+|unifiedssp |>= 2.1.7 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 2.1.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|globalexception |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|globalexception |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|providerselection |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|providerselection |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|claimsconsent |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|claimsconsent |>= 1.2.2 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.2 | 3.5.1 |4.7.7 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|unifiedssd |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|unifiedssd |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
 

articles/active-directory-b2c/string-transformations.md

@@ -864,7 +864,7 @@ Checks whether the provided phone number is valid, based on phone number regular
   </InputClaims>
   <InputParameters>
     <InputParameter Id="matchTo" DataType="string" Value="^[0-9]{4,16}$" />
-    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="Phone" />
+    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="iPhone" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />

articles/active-directory/app-provisioning/accidental-deletions.md

@@ -20,10 +20,6 @@ The Azure AD provisioning service includes a feature to help avoid accidental de
 The feature lets you specify a deletion threshold, above which an admin 
 needs to explicitly choose to allow the deletions to be processed.
 
-> [!NOTE]
-> Accidental deletions are not supported for our Workday / SuccessFactors integrations. It is also not supported for changes in scoping (e.g. changing a scoping filter or changing from "sync all users and groups" to "sync assigned users and groups"). Until the accidental deletions prevention feature is fully released, you'll need to access the Azure portal using this URL: https://aka.ms/AccidentalDeletionsPreview
-
-
 ## Configure accidental deletion prevention
 To enable accidental deletion prevention:
 1.  In the Azure portal, select **Azure Active Directory**.
@@ -35,11 +31,6 @@ threshold. Also, be sure the notification email address is completed. If the del
 
 When the deletion threshold is met, the job will go into quarantine and a notification email will be sent. The quarantined job can then be allowed or rejected. To learn more about quarantine behavior, see [Application provisioning in quarantine status](application-provisioning-quarantine-status.md).
 
-## Known limitations
-There are two key limitations to be aware of and are actively working to address:
-- HR-driven provisioning from Workday and SuccessFactors don't support the accidental deletions feature. 
-- Changes to your provisioning configuration (e.g. changing scoping) isn't supported by the accidental deletions feature. 
-
 ## Recovering from an accidental deletion
 If you encounter an accidental deletion you'll see it on the provisioning status page.  It will say **Provisioning has been quarantined. See quarantine details for more information.**.
 

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md

@@ -36,7 +36,7 @@ This article describes how to onboard a Google Cloud Platform (GCP) project on P
 
     > [!NOTE]
     > 1. To confirm that the app was created, open **App registrations** in Azure and, on the **All applications** tab, locate your app.
-    > 1. Select the app name to open the **Expose an API** page. The **Application ID URI** displayed in the **Overview** page is the *audience value* used while making an OIDC connection with your AWS account.
+    > 1. Select the app name to open the **Expose an API** page. The **Application ID URI** displayed in the **Overview** page is the *audience value* used while making an OIDC connection with your GCP account.
 
     1. Return to Permissions Management, and in the **Permissions Management Onboarding - Azure AD OIDC App Creation**, select **Next**.
 

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -52,7 +52,7 @@ Continuous access evaluation is implemented by enabling services, like Exchange
 This process enables the scenario where users lose access to organizational SharePoint Online files, email, calendar, or tasks, and Teams from Microsoft 365 client apps within minutes after a critical event. 
 
 > [!NOTE] 
-> Teams and SharePoint Online do not support user risk events.
+> SharePoint Online doesn't support user risk events.
 
 ### Conditional Access policy evaluation