Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI-143029-release-ga-malware-scan

Author: AlizaBernstein

.openpublishing.redirection.json

@@ -23387,6 +23387,11 @@
             "redirect_url": "/azure/devtest-labs/samples-cli",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/devtest-labs/how-to-move-schedule-to-new-region.md",
+            "redirect_url": "/azure/devtest-labs/how-to-move-labs",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure/virtual-desktop/azure-advisor.md",
             "redirect_url": "/azure/advisor/advisor-overview",

articles/active-directory/develop/custom-extension-configure-saml-app.md

@@ -3,7 +3,7 @@ title: Source claims from an external store (SAML app)
 titleSuffix: Microsoft identity platform
 description: Use a custom claims provider to augment tokens with claims from an external identity system. Configure a SAML app to receive tokens with external claims. 
 services: active-directory
-author: yoelhor
+author: davidmu1
 manager: CelesteDG
 
 ms.service: active-directory
@@ -40,9 +40,11 @@ The following steps are for registering a demo [XRayClaims](https://adfshelp.mic
 
 Add a new, non-gallery SAML application in your tenant:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
 
-1. Go to **Azure Active Directory** and then **Enterprise applications**.  Select **New application** and then **Create your own application**.
+1. Browse to **Identity** > **Applications** > **Enterprise applications**.  
+
+1. Select **New application** and then **Create your own application**.
 
 1. Add a name for the app.  For example, **AzureADClaimsXRay**.  Select the **Integrate any other application you don't find in the gallery (Non-gallery)** option and select **Create**.
 

articles/active-directory/develop/custom-extension-get-started.md

@@ -3,7 +3,7 @@ title: Get started with custom claims providers (preview)
 titleSuffix: Microsoft identity platform
 description: Learn how to develop and register an Azure Active Directory custom authentication extensions REST API. The custom authentication extension allows you to source claims from a data store that is external to Azure Active Directory.  
 services: active-directory
-author: yoelhor
+author: davidmu1
 manager: CelesteDG
 
 ms.service: active-directory
@@ -157,14 +157,11 @@ The following screenshot demonstrates how to configure the Azure HTTP trigger fu
 
 In this step, you configure a custom authentication extension, which will be used by Azure AD to call your Azure function. The custom authentication extension contains information about your REST API endpoint, the claims that it parses from your REST API, and how to authenticate to your REST API. Follow these steps to register a custom authentication extension:
 
-# [Azure portal](#tab/azure-portal)
+# [Microsoft Entra admin center](#tab/entra-admin-center)
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Under **Azure services**, select **Azure Active Directory**.
-1. Ensure your user account has the Global Administrator or Application Administrator and Authentication Extensibility Administrator role. Otherwise, learn how to [assign a role](../roles/manage-roles-portal.md).
-1. From the menu, select **Enterprise applications**.
-1. Under **Manage**, select the **Custom authentication extensions**.
-1. Select **Create a custom authentication extension**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](../roles/permissions-reference.md#application-developer) and [Authentication Administrator](../roles/permissions-reference.md#authentication-administrator).
+1. Browse to **Identity** > **Applications** > **Enterprise applications**.
+1. Select **Custom authentication extensions**, and then select **Create a custom authentication extension**.
 1. In **Basics**, select the **tokenIssuanceStart** event and select **Next**.
 1. In **Endpoint Configuration**, fill in the following properties:
 
@@ -361,8 +358,9 @@ Follow these steps to register the **jwt.ms** web application:
 
 ### 3.1 Register a test web application
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to **Azure Active Directory**.
-1. Select **App registrations**, and then select **New registration**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](../roles/permissions-reference.md#application-developer).
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a **Name** for the application. For example, **My Test application**.
 1. Under **Supported account types**, select **Accounts in this organizational directory only**.
 1. In the **Select a platform** dropdown in **Redirect URI**, select **Web** and then enter `https://jwt.ms` in the URL text box.
@@ -414,12 +412,12 @@ For tokens to be issued with claims incoming from the custom authentication exte
 
 Follow these steps to connect the *My Test application* with your custom authentication extension:
 
-# [Azure portal](#tab/azure-portal)
+# [Microsoft Entra admin center](#tab/entra-admin-center)
 
 First assign the custom authentication extension as a custom claims provider source:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to **Azure Active Directory**.
-1. Select **App registrations**, and find the *My Test application* registration you created.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](../roles/permissions-reference.md#application-administrator).
+1. Browse to **Identity** > **Applications** > **Application registrations**.
 1. In the **Overview** page, under **Managed application in local directory**, select **My Test application**.
 1. Under **Manage**, select **Single sign-on**.
 1. Under **Attributes & Claims**, select **Edit**.
@@ -630,7 +628,7 @@ If you configured the [Microsoft identity provider](#step-5-protect-your-azure-f
 
 1. Under the **App registration**, enter the application ID (client ID) of the *Azure Functions authentication events API* app registration [you created previously](#step-2-register-a-custom-authentication-extension).
 
-1. Go to your Azure AD tenant in which your custom authentication extension is registered, and select **Azure Active Directory** > **App registrations**.
+1. In the Microsoft Entra admin center:
     1. Select the *Azure Functions authentication events API* app registration [you created previously](#step-2-register-a-custom-authentication-extension).
     1. Select **Certificates & secrets** > **Client secrets** > **New client secret**.
     1. Add a description for your client secret.

articles/active-directory/develop/custom-extension-troubleshoot.md

@@ -3,7 +3,7 @@ title: Troubleshoot a custom claims provider
 titleSuffix: Microsoft identity platform
 description: Troubleshoot and monitor your custom claims provider API.  Learn how to use logging and Azure AD sign-in logs to find errors and issues in your custom claims provider API.
 services: active-directory
-author: yoelhor
+author: davidmu1
 manager: CelesteDG
 
 ms.service: active-directory
@@ -44,9 +44,9 @@ Azure AD sign-in logs also integrate with [Azure Monitor](../../azure-monitor/in
 
 To access the Azure AD sign-in logs:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. In the **Enterprise apps** experience for your given application, select on the **Sign-in** logs tab.
-1. Select the latest sign-in log.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
+1. Browse to **Identity** > **Applications** > **Enterprise applications**.
+1. Select **Sign-in logs**, and then select the latest sign-in log.
 1. For more details, select the **Authentication Events** tab. Information related to the custom authentication extension REST API call is displayed, including any [error codes](#error-codes-reference).
 
     :::image type="content" source="media/custom-extension-troubleshoot/authentication-events.png" alt-text="Screenshot that shows the authentication events information." :::
@@ -89,8 +89,8 @@ Use the following table to diagnose an error code.
 
 Your REST API is protected by Azure AD access token. You can test your API by obtaining an access token with the [application registration](custom-extension-get-started.md#22-grant-admin-consent) associated with the custom authentiction extensions. After you acquire an access token, pass it the HTTP `Authorization` header. To obtain an access token, follow these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with your Azure administrator account.
-1. Select **Azure Active Directory** > **App registrations**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
+1. Browse to **Identity** > **Applications** > **Application registrations**.
 1. Select the *Azure Functions authentication events API* app registration [you created previously](custom-extension-get-started.md#step-2-register-a-custom-authentication-extension). 
 1. Copy the [application ID](custom-extension-get-started.md#22-grant-admin-consent).
 1. If you haven't created an app secret, follow these steps:

articles/active-directory/develop/developer-support-help-options.md

@@ -23,11 +23,11 @@ If you need an answer to a question or help in solving a problem not covered in
     <img alt='Azure support' src='./media/common/logo_azure.svg'>
 </div>
 
-Explore the range of [Azure support options and choose the plan](https://azure.microsoft.com/support/plans) that best fits you. There are two options to create and manage support requests in the Azure portal:
+Explore the range of [Azure support options and choose the plan](https://azure.microsoft.com/support/plans) that best fits you. There are two options to create and manage support requests in the Microsoft Entra admin center:
 
-- If you already have an Azure Support Plan, [open a support request here](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
+- If you already have an Azure Support Plan, [open a support request here](https://entra.microsoft.com/#view/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical).
 
-- If you're using Azure AD for customers (preview), the support request feature is currently unavailable in customer tenants. However, you can use the **Give Feedback** link on the **New support request** page to provide feedback. Or, you can switch to your Azure AD workforce tenant and [open a support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
+- If you're using Azure AD for customers (preview), the support request feature is currently unavailable in customer tenants. However, you can use the **Give Feedback** link on the **New support request** page to provide feedback. Or, you can switch to your Azure AD workforce tenant and [open a support request](https://entra.microsoft.com/#view/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical).
 
 - If you're not an Azure customer, you can open a support request with [Microsoft Support for business](https://support.serviceshub.microsoft.com/supportforbusiness).
 

articles/active-directory/develop/msal-net-use-brokers-with-xamarin-apps.md

@@ -181,8 +181,9 @@ Add the redirect URI to the app's registration in the [Azure portal](https://por
 
 **To generate the redirect URI:**
 
-1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a>.
-1. Select **Azure Active Directory** > **App registrations** > your registered app
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Search for and select the application.
 1. Select **Authentication** > **Add a platform** > **iOS / macOS**
 1. Enter your bundle ID, and then select **Configure**.
 

articles/active-directory/develop/quickstart-daemon-app-java-acquire-token.md

@@ -35,7 +35,9 @@ You have two options to start your quickstart application: Express (Option 1 bel
 
 ### Option 1: Register and auto configure your app and then download your code sample
 
-1. Go to the [Azure portal - App registrations](https://portal.azure.com/?Microsoft_AAD_RegisteredApps=true#blade/Microsoft_AAD_RegisteredApps/applicationsListBlade/quickStartType/JavaDaemonQuickstartPage/sourceType/docs) quickstart experience.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a name for your application and select **Register**.
 1. Follow the instructions to download and automatically configure your new application with just one click.
 
@@ -47,10 +49,10 @@ You have two options to start your quickstart application: Express (Option 1 bel
 
 To register your application and add the app's registration information to your solution manually, follow these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
-1. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations** > **New registration**.
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a **Name** for your application, for example `Daemon-console`. Users of your app might see this name, and you can change it later.
 1. Select **Register**.
 1. Under **Manage**, select  **Certificates & secrets**.

articles/active-directory/develop/supported-accounts-validation.md

@@ -38,7 +38,7 @@ See the following table for the validation differences of various properties for
 | Certificates (`keyCredentials`)             | Symmetric signing key     | Symmetric signing key    | Encryption and asymmetric signing key  |
 | Client secrets (`passwordCredentials`)      | No limit\*                | No limit\*               | If liveSDK is enabled: Maximum of two client secrets  |
 | Redirect URIs (`replyURLs`)                 | See [Redirect URI/reply URL restrictions and limitations](reply-url.md) for more info.  |  |   |
-| API permissions (`requiredResourceAccess`)  | No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs.   | No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs.   | Maximum of 50 resources per application and 30 permissions per resource (for example, Microsoft Graph). Total limit of 200 per application (resources x permissions).   |
+| API permissions (`requiredResourceAccess`)  | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 400 permissions total across all APIs.  | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 400 permissions total across all APIs. | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 200 permissions total across all APIs. Maximum of 30 permissions per resource (for example, Microsoft Graph).   |
 | Scopes defined by this API (`oauth2Permissions`)             | Maximum scope name length of 120 characters <br><br> No limit\* on the number of scopes defined       | Maximum scope name length of 120 characters <br><br> No limit\* on the number of scopes defined    | Maximum scope name length of 40 characters <br><br> Maximum of 100 scopes defined     |
 | Authorized client applications (`preAuthorizedApplications`) | No limit\*  | No limit\*    | Total maximum of 500 <br><br> Maximum of 100 client apps defined <br><br> Maximum of 30 scopes defined per client  |
 | appRoles      | Supported <br> No limit\*   | Supported <br> No limit\* | Not supported |