Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into training-page

Author: batamig

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,15 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-training-sessions.md",
+            "redirect_url": "https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot-blog/microsoft-defender-for-iot-ninja-training/ba-p/2428899",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-manage-the-alert-event.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/how-to-view-alerts",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/resources-training-sessions.md",
             "redirect_url": "https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot-blog/microsoft-defender-for-iot-ninja-training/ba-p/2428899",

.openpublishing.redirection.json

@@ -5988,6 +5988,11 @@
             "redirect_url": "/azure/automation/create-azure-automation-account-portal",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/automation/automation-solution-vm-management-enable.md",
+            "redirect_url": "/azure/automation/automation-solution-vm-management",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/update-center/enable-machines.md",
             "redirect_url": "/azure/update-center/updates-maintenance-schedules",

articles/active-directory-b2c/partner-strata.md

@@ -4,100 +4,84 @@ titleSuffix: Azure AD B2C
 description: In this tutorial, learn how to integrate Azure AD B2C authentication with WhoIAM for user verification. 
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.reviewer: kengaderdus
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/13/2022
+ms.date: 12/19/2022
 ms.author: gasinh
 ms.subservice: B2C
 ---
 
-# Tutorial for configuring WhoIAM with Azure Active Directory B2C
+# Tutorial to configure Azure Active Directory B2C with WhoIAM
 
-In this sample tutorial, we provide guidance on how to configure [WhoIAM](https://www.whoiam.ai/brims/) Branded Identity Management System (BRIMS) in your environment and integrate it with Active Directory B2C (Azure AD B2C).
+In this tutorial, learn how to configure WhoIAM Branded Identity Management System (BRIMS) in your environment and integrate it with Azure Active Directory B2C (Azure AD B2C). The BRIMS apps and services are deployed in your environment. They provide user verification with voice, SMS, and email. BRIMS works with your identity and access management solution and is platform-agnostic.
+
+Learn more: [WhoIAM, Products and Services, Branded Identity Management System](https://www.whoiam.ai/brims/)
 
-BRIMS is a set of apps and services that's deployed in your environment. It provides voice, SMS, and email verification of your user base. BRIMS works in conjunction with your existing identity and access management solution and is platform agnostic.
 
 ## Prerequisites
 
 To get started, you'll need:
 
-- An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-
-- [An Azure AD B2C tenant](./tutorial-create-tenant.md) that's linked to your Azure subscription.
-
-- A WhoIAM [trial account](https://www.whoiam.ai/contact-us/).
+- An Azure AD subscription
+  - If you don't have one, you can get an [Azure free account](https://azure.microsoft.com/free/)
+- [An Azure AD B2C tenant](./tutorial-create-tenant.md) linked to your Azure subscription
+- A WhoIAM trial account
+  - Go to [WhoIAM, Contact us](https://www.whoiam.ai/contact-us/) to get started
 
 ## Scenario description
 
 The WhoIAM integration includes the following components:
 
-- An Azure AD B2C tenant. It's the authorization server that verifies the user's credentials based on custom policies defined in it. It's also known as the identity provider.
-
-- An administration portal for managing clients and their configurations.
-
-- An API service that exposes various features through endpoints.  
-
-- Azure Cosmos DB, which acts as the back end for both the BRIMS administration portal and the API service.
+- **Azure AD B2C tenant** - The authorization server that verifies user credentials, based on custom policies, know as the identity provider (IdP)
+- **Administration portal** - To manage clients and their configurations
+- **API service** - To expose various features through endpoints 
+- **Azure Cosmos DB** - The back end for the BRIMS administration portal and API service
 
-The following architecture diagram shows the implementation.
+The following diagram shows the implementation architecture.
 
-![Diagram of the architecture of Azure AD B2C integration with WhoIAM.](media/partner-whoiam/whoiam-architecture-diagram.png)
+   ![Diagram of Azure AD B2C integration with WhoIAM.](media/partner-whoiam/whoiam-architecture-diagram.png)
 
-|Step | Description |
-|:-----| :-----------|
-| 1. | The user arrives at a page to start the sign-up or sign-in request to an app that uses Azure AD B2C as its identity provider.
-| 2. | As part of authentication, the user requests to either verify ownership of their email or phone or use their voice as a biometric verification factor.  
-| 3. | Azure AD B2C makes a call to the BRIMS API service and passes on the user's email address, phone number, and voice recording.
-| 4. | BRIMS uses predefined configurations such as fully customizable email and SMS templates to interact with the user in their respective language in a way that's consistent with the app's style.
-| 5. | After a user's identity verification is complete, BRIMS returns a token to Azure AD B2C to indicate the outcome of the verification. Azure AD B2C then either grants the user access to the app or fails their authentication attempt.  
+1. The user signs up or signs in to request an app that uses Azure AD B2C as IdP
+2. The user requests ownership verification of their email, phone, or they use voice as biometric verification 
+3. Azure AD B2C calls to the BRIMS API service and passes the user attributes
+4. BRIMS interacts with the user in their own language
+5. After verification, BRIMS returns a token to Azure AD B2C, which grants access, or doesn't.  
 
 ## Sign up with WhoIAM
 
 1. Contact [WhoIAM](https://www.whoiam.ai/contact-us/) and create a BRIMS account.
+2. Configure the following Azure services:
 
-2. Use the sign-up guidelines made available to you and configure the following Azure services:
-
-    - [Azure Key Vault](https://azure.microsoft.com/services/key-vault/): Used for secure storage of passwords, such as mail service passwords.
-
-    - [Azure App Service](https://azure.microsoft.com/services/app-service/): Used to host the BRIMS API and admin portal services.
-
-    - [Azure Active Directory](https://azure.microsoft.com/services/active-directory/): Used to authenticate administrative users for the admin portal.
-
-    - [Azure Cosmos DB](https://azure.microsoft.com/services/cosmos-db/): Used to store and retrieve settings.
-
-    - [Application Insights](../azure-monitor/app/app-insights-overview.md) (optional): Used to log in to both the API and the admin portal.
+    * [Key Vault](https://azure.microsoft.com/services/key-vault/): Store passwords
+    * [App Service](https://azure.microsoft.com/services/app-service/): Host the BRIMS API and admin portal services
+    * [Azure Active Directory](https://azure.microsoft.com/services/active-directory/): Authenticate administrative users for the portal
+    * [Azure Cosmos DB](https://azure.microsoft.com/services/cosmos-db/): Store and retrieve settings
+    * [Application Insights overview](../azure-monitor/app/app-insights-overview.md) (optional): Sign in to the API and the portal
 
 3. Deploy the BRIMS API and the BRIMS administration portal in your Azure environment.
-
-4. Azure AD B2C custom policy samples are available in your BRIMS sign-up documentation. Follow the documentation to configure your app and use the BRIMS platform for user identity verification.  
-
-For more information about WhoIAM's BRIMS, see the [product documentation](https://www.whoiam.ai/brims/).
+4. Follow the documentation to configure your app. Use BRIMS for user identity verification. Azure AD B2C custom policy samples are in the BRIMS sign-up documentation.  
+For more information about WhoIAM BRIMS, request documentation on [WhoIAM, Contact Us](https://www.whoiam.ai/brims/).
 
 ## Test the user flow
 
-1. Open the Azure AD B2C tenant. Under **Policies**, select **Identity Experience Framework**.
-
-2. Select your previously created **SignUpSignIn**.
-
-3. Select **Run user flow** and then:
-
-   a. For **Application**, select the registered app (the sample is JWT).
+1. Open the Azure AD B2C tenant. 
+2. Under **Policies**, select **Identity Experience Framework**.
+3. Select the created **SignUpSignIn**.
+4. Select **Run user flow**.
+5. For **Application**, select the registered app (example is JWT).
+6. For **Reply URL**, select the **redirect URL**.
+7. Select **Run user flow**.
+8. Complete the sign-up flow
+9. Create an account.
+10. After the user attribute is created, the BRIMS service is called. 
 
-   b. For **Reply URL**, select the **redirect URL**.
-
-   c. Select **Run user flow**.
-
-4. Go through the sign-up flow and create an account.
-
-5. The BRIMS service will be called during the flow, after the user attribute is created. If the flow is incomplete, check that the user isn't saved in the directory.
+> [!TIP]
+> If the flow is incomplete, confirm the user is saved in the directory.
 
 ## Next steps
 
-For additional information, review the following articles:
-
-- [Custom policies in Azure AD B2C](./custom-policy-overview.md)
-
-- [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
+- [Azure AD B2C custom policy overview](./custom-policy-overview.md)
+- [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)

articles/active-directory-b2c/partner-whoiam.md

@@ -11,7 +11,7 @@ metadata:
   ms.subservice: domain-services
   ms.workload: identity
   ms.topic: faq
-  ms.date: 08/17/2022
+  ms.date: 01/04/2023
   ms.author: justinha
 title: Frequently asked questions (FAQs) about Azure Active Directory (AD) Domain Services
 summary: This page answers frequently asked questions about Azure Active Directory Domain Services.
@@ -84,15 +84,10 @@ sections:
         answer: |
           No. A managed domain resource forest supports up to five one-way outbound forest trusts to on-premises forests. 
 
-      - question: |
-          Why can't I see the Trusts menu?
-        answer: |
-          If you don't see the **Trusts** menu option, check under **Properties** for the **Forest type**. Only **Resource** forests can create trusts. If the forest type is **User**, you can't create trusts. There's currently no way to change the forest type of a managed domain. You need to delete and recreate the managed domain as a resource forest. 
-
       - question: |
           Can I move a managed domain?
         answer: |
-          No. After you create an Azure AD Domain Services managed domain, you can't move it to a different subscription, resource group, region, virtual network, or subnet. As a workaround, you can [delete the managed domain](delete-aadds.md) by using PowerShell or the Azure portal and re-create it with your desired setup. No restore operations can be provided while the managed domain is re-created.
+          After you create an Azure AD Domain Services managed domain, you can't move it to a different subscription, resource group, or region. As a workaround, you can [delete the managed domain](delete-aadds.md) by using PowerShell or the Azure portal and re-create it with your desired setup. No restore operations can be provided while the managed domain is re-created.
 
       - question: |
           Can I rename an existing Azure AD Domain Services domain name?

articles/active-directory-domain-services/faqs.yml

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/17/2022
+ms.date: 01/04/2023
 ms.author: justinha 
 ms.custom: devx-track-azurepowershell
 
@@ -25,6 +25,8 @@ This article shows you how to harden a managed domain by using setting setting s
 - Disable NTLM password hash synchronization
 - Disable the ability to change passwords with RC4 encryption
 - Enable Kerberos armoring
+- LDAP signing 
+- LDAP channel binding
 
 ## Prerequisites
 
@@ -44,12 +46,13 @@ To complete this article, you need the following resources:
 1. Choose your managed domain, such as *aaddscontoso.com*.
 1. On the left-hand side, select **Security settings**.
 1. Click **Enable** or **Disable** for the following settings:
-   - **TLS 1.2 only mode**
-   - **NTLM authentication**
-   - **Password synchronization from on-premises**
-   - **NTLM password synchronization from on-premises**
-   - **RC4 encryption**
-   - **Kerberos armoring**
+   - **TLS 1.2 Only Mode**
+   - **NTLM v1 Authentication**
+   - **NTLM Password Synchronization**
+   - **Kerberos RC4 Encryption**
+   - **Kerberos Armoring**
+   - **LDAP Signing**
+   - **LDAP Channel Binding**
 
    ![Screenshot of Security settings to disable weak ciphers and NTLM password hash sync](media/secure-your-domain/security-settings.png)
 

articles/active-directory-domain-services/media/secure-your-domain/security-settings.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/16/2022
+ms.date: 01/04/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain and define advanced configuration options so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -44,7 +44,7 @@ To complete this tutorial, you need the following resources and privileges:
 Although not required for Azure AD DS, it's recommended to [configure self-service password reset (SSPR)][configure-sspr] for the Azure AD tenant. Users can change their password without SSPR, but SSPR helps if they forget their password and need to reset it.
 
 > [!IMPORTANT]
-> After you create a managed domain, you can't then move the managed domain to a different resource group, virtual network, subscription, etc. Take care to select the most appropriate subscription, resource group, region, and virtual network when you deploy the managed domain.
+> After you create a managed domain, you can't move it to a different subscription, resource group, or region. Take care to select the most appropriate subscription, resource group, and region when you deploy the managed domain.
 
 ## Sign in to the Azure portal
 
@@ -119,7 +119,6 @@ Some considerations for this dedicated virtual network subnet include the follow
 * The subnet must have at least 3-5 available IP addresses in its address range to support the Azure AD DS resources.
 * Don't select the *Gateway* subnet for deploying Azure AD DS. It's not supported to deploy Azure AD DS into a *Gateway* subnet.
 * Don't deploy any other virtual machines to the subnet. Applications and VMs often use network security groups to secure connectivity. Running these workloads in a separate subnet lets you apply those network security groups without disrupting connectivity to your managed domain.
-* You can't move your managed domain to a different virtual network after you enable Azure AD DS.
 
 For more information on how to plan and configure the virtual network, see [networking considerations for Azure Active Directory Domain Services][network-considerations].
 

articles/active-directory-domain-services/secure-your-domain.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/16/2022
+ms.date: 01/04/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -44,7 +44,7 @@ To complete this tutorial, you need the following resources and privileges:
 Although not required for Azure AD DS, it's recommended to [configure self-service password reset (SSPR)][configure-sspr] for the Azure AD tenant. Users can change their password without SSPR, but SSPR helps if they forget their password and need to reset it.
 
 > [!IMPORTANT]
-> You can't move the managed domain to a different subscription, resource group, region, virtual network, or subnet after you create it. Take care to select the most appropriate subscription, resource group, region, virtual network, and subnet when you deploy the managed domain.
+> You can't move the managed domain to a different subscription, resource group, or region after you create it. Take care to select the most appropriate subscription, resource group, and region when you deploy the managed domain.
 
 ## Sign in to the Azure portal