Merge branch 'master' into phmantri/bayesian-doc

Author: PhaniShekhar

.github/workflows/stale.yml

@@ -23,11 +23,11 @@ jobs:
         # start-date: '2021-03-19'
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
-          If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation?branch=main) for instructions.
+          If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.learn.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation?branch=main) for instructions.
                     
-          [Get Help](https://review.docs.microsoft.com/help/contribute/help-options?branch=main)  
+          [Get Help](https://review.learn.microsoft.com/help/contribute/help-options?branch=main)  
           
           [Docs Support Teams Channel](https://teams.microsoft.com/l/channel/19%3a7ecffca1166a4a3986fed528cf0870ee%40thread.skype/General?groupId=de9ddba4-2574-4830-87ed-41668c07a1ca&tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47)  
           
-          [Resolve Merge Conflict](https://review.docs.microsoft.com/help/contribute/resolve-merge-conflicts?branch=main)  
+          [Resolve Merge Conflict](https://review.learn.microsoft.com/help/contribute/resolve-merge-conflicts?branch=main)  
         

.openpublishing.publish.config.json

@@ -458,6 +458,12 @@
       "branch": "main",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "azureml-examples-v2samplesreorg",
+      "url": "https://github.com/azure/azureml-examples",
+      "branch": "v2samplesreorg",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azureml-examples-sdk-preview",
       "url": "https://github.com/azure/azureml-examples",
@@ -674,6 +680,12 @@
       "branch": "main",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "cosmos-db-sql-api-javascript-samples",
+      "url": "https://github.com/Azure-Samples/cosmos-db-sql-api-javascript-samples",
+      "branch": "main",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azure-cosmos-db-python-getting-started",
       "url": "https://github.com/Azure-Samples/azure-cosmos-db-python-getting-started",

.openpublishing.redirection.json

@@ -29139,6 +29139,11 @@
             "redirect_url": "/azure/iot-dps/quick-enroll-device-tpm",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/iot-dps/how-to-use-custom-allocation-policies.md",
+            "redirect_url": "/azure/iot-dps/tutorial-custom-allocation-policies",
+            "redirect_document_id": false
+          },          
         {
             "source_path_from_root": "/articles/app-service/environment/app-service-app-service-environment-web-application-firewall.md",
             "redirect_url": "/azure/app-service/environment/integrate-with-application-gateway",

.openpublishing.redirection.virtual-desktop.json

@@ -29,6 +29,11 @@
             "source_path_from_root": "/articles/virtual-desktop/shortpath-public.md",
             "redirect_url": "/azure/virtual-desktop/rdp-shortpath",
             "redirect_document_id": false
-        }
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/windows/using-visual-studio-vm.md",
+            "redirect_url": "/visualstudio/install/using-visual-studio-vm",
+            "redirect_document_id": false
+        }        
     ]
 }

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

@@ -216,7 +216,7 @@ Extending this scenario:
 
 ### Mapping employment status to account status
 
-By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://userapps.support.sap.com/sap/support/knowledge/en/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work. 
+By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://launchpad.support.sap.com/#/notes/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work. 
 
 If you are running into this issue or prefer mapping employment status to  account status, you can update the mapping to expand the `emplStatus` field and use the employment status code present in the field `emplStatus.externalCode`. Based on [SAP support note 2505526](https://launchpad.support.sap.com/#/notes/2505526), here is a list of employment status codes that you can retrieve in the provisioning app. 
 * A = Active 

articles/active-directory/app-proxy/application-proxy-add-on-premises-application.md

@@ -214,7 +214,7 @@ Now that you've prepared your environment and installed a connector, you're read
     | **Name** | The name of the application that will appear on My Apps and in the Azure portal. |
     | **Internal URL** | The URL for accessing the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules.<br><br>If you publish a path, make sure that it includes all the necessary images, scripts, and style sheets for your application. For example, if your app is at `https://yourapp/app` and uses images located at `https://yourapp/media`, then you should publish `https://yourapp/` as the path. This internal URL doesn't have to be the landing page your users see. For more information, see [Set a custom home page for published apps](application-proxy-configure-custom-home-page.md). |
     | **External URL** | The address for users to access the app from outside your network. If you don't want to use the default Application Proxy domain, read about [custom domains in Azure AD Application Proxy](./application-proxy-configure-custom-domain.md). |
-    | **Pre Authentication** | How Application Proxy verifies users before giving them access to your application.<br><br>**Azure Active Directory** - Application Proxy redirects users to sign in with Azure AD, which authenticates their permissions for the directory and application. We recommend keeping this option as the default so that you can take advantage of Azure AD security features like Conditional Access and Multi-Factor Authentication. **Azure Active Directory** is required for monitoring the application with Microsoft Cloud Application Security.<br><br>**Passthrough** - Users don't have to authenticate against Azure AD to access the application. You can still set up authentication requirements on the backend. |
+    | **Pre Authentication** | How Application Proxy verifies users before giving them access to your application.<br><br>**Azure Active Directory** - Application Proxy redirects users to sign in with Azure AD, which authenticates their permissions for the directory and application. We recommend keeping this option as the default so that you can take advantage of Azure AD security features like Conditional Access and Multi-Factor Authentication. **Azure Active Directory** is required for monitoring the application with Microsoft Defender for Cloud Apps.<br><br>**Passthrough** - Users don't have to authenticate against Azure AD to access the application. You can still set up authentication requirements on the backend. |
     | **Connector Group** | Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to **Default**.<br><br>If your application uses WebSockets to connect, all connectors in the group must be version 1.5.612.0 or later. |
 
 6. If necessary, configure **Additional settings**. For most applications, you should keep these settings in their default states.

articles/active-directory/authentication/how-to-mfa-additional-context.md

@@ -1,17 +1,17 @@
 ---
-title: Use additional context in Microsoft Authenticator notifications - Azure Active Directory
+title: Use additional context in Microsoft Authenticator notifications (Preview) - Azure Active Directory
 description: Learn how to use additional context in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/15/2022
+ms.date: 09/22/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.
 ---
-# How to use additional context in Microsoft Authenticator notifications - Authentication methods policy
+# How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication methods policy
 
 This topic covers how to improve the security of user sign-in by adding the application name and geographic location of the sign-in to Microsoft Authenticator passwordless and push notifications.  
 

articles/active-directory/authentication/how-to-mfa-number-match.md

@@ -1,17 +1,17 @@
 ---
-title: Use number matching in multifactor authentication (MFA) notifications - Azure Active Directory
+title: Use number matching in multifactor authentication (MFA) notifications (Preview) - Azure Active Directory
 description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/15/2022
+ms.date: 09/22/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.
 ---
-# How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy
+# How to use number matching in multifactor authentication (MFA) notifications (Preview) - Authentication methods policy
 
 This topic covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
 

articles/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-playbook.md

@@ -230,10 +230,11 @@ Use the **Activity triggers** dashboard to view information and set alerts and t
 -   **Group entitlements and Usage reports:** Provides guidance on cleaning up directly assigned permissions
 -   **Access Key Entitlements and Usage reports**: Identifies high risk service principals with old secrets that haven’t been rotated every 90 days (best practice) or decommissioned due to lack of use (as recommended by the Cloud Security Alliance).
 
-## Next Steps
-For more information about Permissions Management, see:                     
-                     
-**Microsoft Docs**: [Visit Docs](../cloud-infrastructure-entitlement-management/index.yml).
+## Next steps
+
+For more information about Permissions Management, see:
+
+**Microsoft Learn**: [Permissions management](../cloud-infrastructure-entitlement-management/index.yml).
 
 **Datasheet:** <https://aka.ms/PermissionsManagementDataSheet>
 

articles/active-directory/cloud-sync/how-to-prerequisites.md

@@ -165,7 +165,7 @@ If there's a firewall between your servers and Azure AD, configure the following
  |-----|-----|
  |&#42;.msappproxy.us</br>&#42;.servicebus.usgovcloudapi.net|The agent uses these URLs to communicate with the Azure AD cloud service. |
  |`mscrl.microsoft.us:80` </br>`crl.microsoft.us:80` </br>`ocsp.msocsp.us:80` </br>`www.microsoft.us:80`| The agent uses these URLs to verify certificates.|
- |login.windows.us </br>secure.aadcdn.microsoftonline-p.com </br>&#42;.microsoftonline.us </br>&#42;.microsoftonline-p.us </br>&#42;.msauth.net </br>&#42;.msauthimages.net </br>&#42;.msecnd.net</br>&#42;.msftauth.net </br>&#42;.msftauthimages.net</br>&#42;.phonefactor.net </br>enterpriseregistration.windows.net</br>management.azure.com </br>policykeyservice.dc.ad.msft.net</br>ctldl.windowsupdate.us:80| The agent uses these URLs during the registration process.
+ |login.windows.us </br>secure.aadcdn.microsoftonline-p.com </br>&#42;.microsoftonline.us </br>&#42;.microsoftonline-p.us </br>&#42;.msauth.net </br>&#42;.msauthimages.net </br>&#42;.msecnd.net</br>&#42;.msftauth.net </br>&#42;.msftauthimages.net</br>&#42;.phonefactor.net </br>enterpriseregistration.windows.net</br>management.azure.com </br>policykeyservice.dc.ad.msft.net</br>ctldl.windowsupdate.us:80 </br>aadcdn.msftauthimages.us </br>*.microsoft.us </br>msauthimages.us </br>mfstauthimages.us| The agent uses these URLs during the registration process.
 
 
 
@@ -195,7 +195,7 @@ The following are known limitations:
 
 ### Scoping filter
 When using OU scoping filter
-- You can only sync up to 59 separate OUs for a given configuration. 
+- You can only sync up to 59 separate OUs or Security Groups for a given configuration. 
 - Nested OUs are supported (that is, you **can** sync an OU that has 130 nested OUs, but you **cannot** sync 60 separate OUs in the same configuration). 
 
 ### Password Hash Sync