Merge pull request #226202 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST 02/03

Author: Maggiemouse1

.openpublishing.redirection.active-directory.json

@@ -4416,6 +4416,11 @@
       "redirect_url": "/azure/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/reference-reports-latencies.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/reference-azure-ad-sla-performance",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/customize-branding.md",
       "redirect_url": "/azure/active-directory/fundamentals/customize-branding",

articles/active-directory/authentication/certificate-based-authentication-faq.yml

@@ -119,6 +119,11 @@ sections:
         answer: |
           The browser caches the certificate after the certificate picker appears. If the user retries, the cached certificate is used automatically. The user should close the browser, and reopen a new session to try CBA again.          
 
+      - question: |
+          Why does not proof up for registering other auth methods come up when I use single factor certificates?
+        answer: |
+          A user will be considered MFA capable when a user is in scope for Certificate-based authentication auth method. This means user will not be able to use proof up as part of their authentication to registerd other available methods and should have MFA via another method to register other available auth methods.
+          
       - question: |
           How can I use single-factor certificates to complete MFA?
         answer: |

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

@@ -21,7 +21,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Add a user
 
-1. Navigate to the [Microsoft Entra admin center](https://entr.microsoft.com/#home). 
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com/#home). 
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to add the user to.
@@ -37,7 +37,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Remove a user
 
-1. Navigate to the Microsoft [Entra admin center](https://entr.microsoft.com/#home). 
+1. Navigate to the Microsoft [Entra admin center](https://entra.microsoft.com/#home). 
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to remove the user from.

articles/active-directory/devices/TOC.yml

@@ -95,7 +95,7 @@
       href: howto-hybrid-join-downlevel.md
   - name: Enforce TLS 1.2
     href: reference-device-registration-tls-1-2.md
-  - name: Graph APIs
+  - name: Microsoft Graph APIs
     href: /graph/api/resources/device
 - name: Resources
   items:
@@ -110,4 +110,4 @@
   - name: Stack Overflow
     href: https://stackoverflow.com/questions/tagged/azure-active-directory
   - name: Videos
-    href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory
+    href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory

articles/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 05/27/2022
+ms.date: 02/02/2023
 ms.author: jomondi
 ms.reviewer: jeedes
 ms.collection: M365-identity-device-management
@@ -22,7 +22,7 @@ In this article, we cover common questions and information related to certificat
 
 This tutorial is relevant only to apps that are configured to use Azure AD SSO through [Security Assertion Markup Language](https://wikipedia.org/wiki/Security_Assertion_Markup_Language) (SAML) federation.
 
-Using the information in this tutorial, an administrator of the application learns how to:
+In this tutorial, an administrator of the application learns how to:
 
 > [!div class="checklist"]
 > * Generate certificates for gallery and non-gallery applications
@@ -41,13 +41,13 @@ Using the information in this tutorial, an administrator of the application lear
 
 When you add a new application from the gallery and configure a SAML-based sign-on (by selecting **Single sign-on** > **SAML** from the application overview page), Azure AD generates a self-signed certificate for the application that is valid for three years. To download the active certificate as a security certificate (**.cer**) file, return to that page (**SAML-based sign-on**) and select a download link in the **SAML Signing Certificate** heading. You can choose between the raw (binary) certificate or the Base64 (base 64-encoded text) certificate. For gallery applications, this section might also show a link to download the certificate as federation metadata XML (an **.xml** file), depending on the requirement of the application.
 
-You can also download an active or inactive certificate by selecting the **SAML Signing Certificate** heading's **Edit** icon (a pencil), which displays the **SAML Signing Certificate** page. Select the ellipsis (**...**) next to the certificate you want to download, and then choose which certificate format you want. You have the additional option to download the certificate in privacy-enhanced mail (PEM) format. This format is identical to Base64 but with a **.pem** file name extension, which isn't recognized in Windows as a certificate format.
+You can also download an active or inactive certificate by selecting the **SAML Signing Certificate** heading's **Edit** icon (a pencil), which displays the **SAML Signing Certificate** page. Select the ellipsis (**...**) next to the certificate you want to download, and then choose which certificate format you want. You have the other option to download the certificate in privacy-enhanced mail (PEM) format. This format is identical to Base64 but with a **.pem** file name extension, which isn't recognized in Windows as a certificate format.
 
 :::image type="content" source="media/manage-certificates-for-federated-single-sign-on/all-certificate-download-options.png" alt-text="SAML signing certificate download options (active and inactive).":::
 
 ## Customize the expiration date for your federation certificate and roll it over to a new certificate
 
-By default, Azure configures a certificate to expire after three years when it's created automatically during SAML single sign-on configuration. Because you can't change the date of a certificate after you save it, you have to:
+By default, Azure configures a certificate to expire after three years when it's created automatically during SAML single sign-on configuration. Because you can't change the date of a certificate after you save it, you've to:
 
 1. Create a new certificate with the desired date.
 1. Save the new certificate.
@@ -91,14 +91,16 @@ Next, download the new certificate in the correct format, upload it to the appli
 
 If your application doesn't have any validation for the certificate's expiration, and the certificate matches in both Azure Active Directory and your application, your application is still accessible despite having an expired certificate. Ensure your application can validate the certificate's expiration date.
 
+If you intend to keep certificate expiry validation disabled, then the new certificate shouldn't be created until your scheduled maintenance window for the certificate rollover. If both an expired and an inactive valid certificate exist on the application, Azure AD will automatically utilize the valid certificate. In this case, users may experience application outage.
+
 ## Add email notification addresses for certificate expiration
 
-Azure AD will send an email notification 60, 30, and 7 days before the SAML certificate expires. You may add more than one email address to receive notifications. To specify the email address(es) you want the notifications to be sent to:
+Azure AD will send an email notification 60, 30, and 7 days before the SAML certificate expires. You may add more than one email address to receive notifications. To specify the email address(es), you want the notifications to be sent to:
 
 1. In the **SAML Signing Certificate** page, go to the **notification email addresses** heading. By default, this heading uses only the email address of the admin who added the application.
 1. Below the final email address, type the email address that should receive the certificate's expiration notice, and then press Enter.
 1. Repeat the previous step for each email address you want to add.
-1. For each email address you want to delete, select the **Delete** icon (a garbage can) next to the email address.
+1. For each email address you want to delete, select the **Delete** icon (garbage can) next to the email address.
 1. Select **Save**.
 
 You can add up to five email addresses to the Notification list (including the email address of the admin who added the application). If you need more people to be notified, use the distribution list emails.

articles/active-directory/reports-monitoring/reference-reports-latencies.md

@@ -9,7 +9,7 @@ metadata:
   ms.workload: identity
   ms.topic: faq
   ms.subservice: report-monitor
-  ms.date: 01/30/2023
+  ms.date: 02/02/2023
   ms.author: sarahlipsey
   ms.reviewer: besiler
   ms.collection: M365-identity-device-management
@@ -47,17 +47,7 @@ sections:
           Do I need to be a Global Administrator to see the activity logs in the Azure portal or to get data through the API?
         answer: |
           No, the [least privilege role](../roles/delegate-by-task.md) to view audit and sign-in logs is **Reports Reader**. Other roles include **Security Reader** and **Security Administrator** for the tenant. You can also access the reporting data through the portal or through the API if you're a Global Administrator.
-
-      - question: |
-          What is the data retention for activity logs (Audit, Sign-ins, and Provisioning) in the Azure portal? 
-        answer: |
-          For more information, see [data retention policies for Azure AD reports](reference-reports-data-retention.md).
-          
-      - question: |
-          How long does it take until I can see the activity data after I've completed my task?
-        answer: |
-          Audit logs have a latency ranging from 15 minutes to an hour. Sign-in activity logs can take from 15 minutes to up to 2 hours for some records. If you don’t see the logs even after two hours, [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we'll look into it.
-
+         
       - question: |
           Can I get Microsoft 365 activity log information through the Azure portal?
         answer: |
@@ -74,7 +64,7 @@ sections:
           You can download up to 250,000 records from the Azure portal. To download data sets larger than 250,000 records, use the [reporting API](/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0) to download the data.
 
       - question: |
-          How long does Azure AD store activity logs?
+          How long does Azure AD store activity logs? What is the data retention?
         answer: |
           Depending on your license, Azure AD stores activity logs for between 7 and 30 days. For more information, see [Azure Active Directory report retention policies](reference-reports-data-retention.md).  
 

articles/active-directory/reports-monitoring/reports-faq.yml

@@ -109,8 +109,6 @@ items:
     href: reference-audit-activities.md
   - name: Data retention policies
     href: reference-reports-data-retention.md
-  - name: Reporting latencies
-    href: reference-reports-latencies.md
   - name: Frequently asked questions
     href: reports-faq.yml
   - name: Sign-in log schema

articles/active-directory/reports-monitoring/toc.yml

@@ -7,7 +7,7 @@ ms.service: azure-kubernetes-service
 ms.subservice: aks-networking
 ms.topic: how-to
 ms.custom: references_regions
-ms.date: 12/12/2022
+ms.date: 02/03/2023
 ---
 
 # Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS)
@@ -21,6 +21,8 @@ With Azure CNI Overlay, the cluster nodes are deployed into an Azure Virtual Net
 > - North Central US
 > - West Central US
 > - East US
+> - UK South
+> - Australia East
 
 ## Overview of overlay networking
 

articles/aks/azure-cni-overlay.md

@@ -150,6 +150,11 @@
             "source_path_from_root": "/articles/applied-ai-services/form-recognizer/build-training-data-set.md",
             "redirect_url": "/azure/applied-ai-services/form-recognizer/how-to-guides/build-a-custom-model?view=form-recog-2.1.0&preserve-view=true",
             "redirect_document_id": true
+          },
+          {
+            "source_path_from_root": "/articles/applied-ai-services/form-recognizer/quickstarts/try-v3-form-recognizer-studio.md",
+            "redirect_url": "/azure/applied-ai-services/form-recognizer/quickstarts/try-form-recognizer-studio",
+            "redirect_document_id": true
           }
      ]
 }