Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vnet-encrypt

Author: halkazwini

articles/active-directory-b2c/tokens-overview.md

@@ -55,16 +55,16 @@ The following table lists the claims that you can expect in ID tokens and access
 
 | Name | Claim | Example value | Description |
 | ---- | ----- | ------------- | ----------- |
-| Audience | `aud` | `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` | Identifies the intended recipient of the token. For Azure AD B2C, the audience is the application ID. Your application should validate this value and reject the token if it doesn't match. Audience is synonymous with resource. |
-| Issuer | `iss` |`https://<tenant-name>.b2clogin.com/775527ff-9a37-4307-8b3d-cc311f58d925/v2.0/` | Identifies the security token service (STS) that constructs and returns the token. It also identifies the directory in which the user was authenticated. Your application should validate the issuer claim to make sure that the token came from the appropriate endpoint. |
+| Audience | `aud` | `00001111-aaaa-2222-bbbb-3333cccc4444` | Identifies the intended recipient of the token. For Azure AD B2C, the audience is the application ID. Your application should validate this value and reject the token if it doesn't match. Audience is synonymous with resource. |
+| Issuer | `iss` |`https://<tenant-name>.b2clogin.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/` | Identifies the security token service (STS) that constructs and returns the token. It also identifies the directory in which the user was authenticated. Your application should validate the issuer claim to make sure that the token came from the appropriate endpoint. |
 | Issued at | `iat` | `1438535543` | The time at which the token was issued, represented in epoch time. |
 | Expiration time | `exp` | `1438539443` | The time at which the token becomes invalid, represented in epoch time. Your application should use this claim to verify the validity of the token lifetime. |
 | Not before | `nbf` | `1438535543` | The time at which the token becomes valid, represented in epoch time. This time is usually the same as the time the token was issued. Your application should use this claim to verify the validity of the token lifetime. |
 | Version | `ver` | `1.0` | The version of the ID token, as defined by Azure AD B2C. |
 | Code hash | `c_hash` | `SGCPtt01wxwfgnYZy2VJtQ` | A code hash included in an ID token only when the token is issued together with an OAuth 2.0 authorization code. A code hash can be used to validate the authenticity of an authorization code. For more information about how to perform this validation, see the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html).  |
 | Access token hash | `at_hash` | `SGCPtt01wxwfgnYZy2VJtQ` | An access token hash included in an ID token only when the token is issued together with an OAuth 2.0 access token. An access token hash can be used to validate the authenticity of an access token. For more information about how to perform this validation, see the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html)  |
 | Nonce | `nonce` | `12345` | A nonce is a strategy used to mitigate token replay attacks. Your application can specify a nonce in an authorization request by using the `nonce` query parameter. The value you provide in the request is emitted unmodified in the `nonce` claim of an ID token only. This claim allows your application to verify the value against the value specified on the request. Your application should perform this validation during the ID token validation process. |
-| Subject | `sub` | `884408e1-2918-4cz0-b12d-3aa027d7563b` | The principal about which the token asserts information, such as the user of an application. This value is immutable and can't be reassigned or reused. It can be used to perform authorization checks safely, such as when the token is used to access a resource. By default, the subject claim is populated with the object ID of the user in the directory. |
+| Subject | `sub` | `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` | The principal about which the token asserts information, such as the user of an application. This value is immutable and can't be reassigned or reused. It can be used to perform authorization checks safely, such as when the token is used to access a resource. By default, the subject claim is populated with the object ID of the user in the directory. |
 | Authentication context class reference | `acr` | Not applicable | Used only with older policies. |
 | Trust framework policy | `tfp` | `b2c_1_signupsignin1` | The name of the policy that was used to acquire the ID token. |
 | Authentication time | `auth_time` | `1438535543` | The time at which a user last entered credentials, represented in epoch time. There's no discrimination between that authentication being a fresh sign-in, a single sign-on (SSO) session, or another sign-in type. The `auth_time` is the last time the application (or user) initiated an authentication attempt against Azure AD B2C. The method used to authenticate isn't differentiated. |
@@ -157,4 +157,3 @@ For a full list of validations your application should perform, refer to the [Op
 ## Next steps
 
 Learn more about how to [use access tokens](access-tokens.md).
-

articles/active-directory-b2c/troubleshoot-with-application-insights.md

@@ -126,7 +126,7 @@ Here's a list of queries you can use to see the logs:
 | `traces | where timestamp > ago(1d)` | Get all of the logs generated by Azure AD B2C for the last day.|
 | `traces | where message contains "exception" | where timestamp > ago(2h)`|  Get all of the logs with errors from the last two hours.|
 | `traces | where customDimensions.Tenant == "contoso.onmicrosoft.com" and customDimensions.UserJourney  == "b2c_1a_signinandup"` | Get all of the logs generated by Azure AD B2C *contoso.onmicrosoft.com* tenant, and user journey is *b2c_1a_signinandup*. |
-| `traces | where customDimensions.CorrelationId == "00000000-0000-0000-0000-000000000000"`| Get all of the logs generated by Azure AD B2C for a correlation ID. Replace the correlation ID with your correlation ID. | 
+| `traces | where customDimensions.CorrelationId == "aaaa0000-bb11-2222-33cc-444444dddddd"`| Get all of the logs generated by Azure AD B2C for a correlation ID. Replace the correlation ID with your correlation ID. | 
 
 The entries may be long. Export to CSV for a closer look.
 

articles/active-directory-b2c/user-flow-custom-attributes.md

@@ -78,7 +78,7 @@ Extension attributes can only be registered on an application object, even thoug
 1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
 1. Select **App registrations**, and then select **All applications**.
 1. Select the `b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.` application.
-1. Copy the **Application ID**. Example: `11111111-1111-1111-1111-111111111111`.
+1. Copy the **Application ID**. Example: `00001111-aaaa-2222-bbbb-3333cccc4444`.
 
 ::: zone-end
 
@@ -92,8 +92,8 @@ Extension attributes can only be registered on an application object, even thoug
 1. Select **App registrations**, and then select **All applications**.
 1. Select the **b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.** application.
 1. Copy the following identifiers to your clipboard and save them:
-    * **Application ID**. Example: `11111111-1111-1111-1111-111111111111`.
-    * **Object ID**. Example: `22222222-2222-2222-2222-222222222222`.
+    * **Application ID**. Example: `00001111-aaaa-2222-bbbb-3333cccc4444`.
+    * **Object ID**. Example: `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`.
 
 ## Modify your custom policy
 
@@ -112,9 +112,9 @@ To enable custom attributes in your policy, provide **Application ID** and Appli
         <TechnicalProfiles>
           <TechnicalProfile Id="AAD-Common">
             <Metadata>
-              <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->  
+              <!--Insert b2c-extensions-app application ID here, for example: 00001111-aaaa-2222-bbbb-3333cccc4444-->  
               <Item Key="ClientId"></Item>
-              <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
+              <!--Insert b2c-extensions-app application ObjectId here, for example: aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb-->
               <Item Key="ApplicationObjectId"></Item>
             </Metadata>
           </TechnicalProfile>
@@ -184,7 +184,7 @@ The following example demonstrates the use of a custom attribute in Azure AD B2C
 
 You can use Microsoft Graph to create and manage the custom attributes then set the values for a user. Extension attributes are also called directory or Microsoft Entra extensions.
 
-Custom attributes (directory extensions) in the Microsoft Graph API are named by using the convention `extension_{appId-without-hyphens}_{extensionProperty-name}` where `{appId-without-hyphens}` is the stripped version of the **appId** (called Client ID on the Azure AD B2C portal) for the `b2c-extensions-app` with only characters 0-9 and A-Z. For example, if the **appId** of the `b2c-extensions-app` application is `25883231-668a-43a7-80b2-5685c3f874bc` and the attribute name is `loyaltyId`, then the custom attribute is named `extension_25883231668a43a780b25685c3f874bc_loyaltyId`.
+Custom attributes (directory extensions) in the Microsoft Graph API are named by using the convention `extension_{appId-without-hyphens}_{extensionProperty-name}` where `{appId-without-hyphens}` is the stripped version of the **appId** (called Client ID on the Azure AD B2C portal) for the `b2c-extensions-app` with only characters 0-9 and A-Z. For example, if the **appId** of the `b2c-extensions-app` application is `11112222-bbbb-3333-cccc-4444dddd5555` and the attribute name is `loyaltyId`, then the custom attribute is named `extension_25883231668a43a780b25685c3f874bc_loyaltyId`.
 
 Learn how to [manage extension attributes in your Azure AD B2C tenant](microsoft-graph-operations.md#application-extension-directory-extension-properties) using the Microsoft Graph API. 
 

articles/active-directory-b2c/userinfo-endpoint.md

@@ -84,8 +84,8 @@ The user info UserJourney specifies:
             <Metadata>
               <!-- Update the Issuer and Audience below -->
               <!-- Audience is optional, Issuer is required-->
-              <Item Key="issuer">https://yourtenant.b2clogin.com/11111111-1111-1111-1111-111111111111/v2.0/</Item>
-              <Item Key="audience">[ "22222222-2222-2222-2222-222222222222", "33333333-3333-3333-3333-333333333333" ]</Item>
+              <Item Key="issuer">https://yourtenant.b2clogin.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/</Item>
+              <Item Key="audience">[ "00001111-aaaa-2222-bbbb-3333cccc4444", "11112222-bbbb-3333-cccc-4444dddd5555" ]</Item>
               <Item Key="client_assertion_type">urn:ietf:params:oauth:client-assertion-type:jwt-bearer</Item>
             </Metadata>
             <CryptographicKeys>
@@ -111,24 +111,24 @@ The user info UserJourney specifies:
     1. **issuer** - This value must be identical to the `iss` claim within the access token claim. Tokens issued by Azure AD B2C use an issuer in the format `https://yourtenant.b2clogin.com/your-tenant-id/v2.0/`. Learn more about [token customization](configure-tokens.md).
     1. **IdTokenAudience** - Must be identical to the `aud` claim within the access token claim. In Azure AD B2C the `aud` claim is the ID of your relying party application. This value is a collection and supports multiple values using a comma delimiter.
 
-        In the following access token, the `iss` claim value is `https://contoso.b2clogin.com/11111111-1111-1111-1111-111111111111/v2.0/`. The `aud` claim value is `22222222-2222-2222-2222-222222222222`.
+        In the following access token, the `iss` claim value is `https://contoso.b2clogin.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/`. The `aud` claim value is `00001111-aaaa-2222-bbbb-3333cccc4444`.
 
         ```json
         {
           "exp": 1605549468,
           "nbf": 1605545868,
           "ver": "1.0",
           "iss": "https://contoso.b2clogin.com/11111111-1111-1111-1111-111111111111/v2.0/",
-          "sub": "44444444-4444-4444-4444-444444444444",
-          "aud": "22222222-2222-2222-2222-222222222222",
+          "sub": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
+          "aud": "00001111-aaaa-2222-bbbb-3333cccc4444",
           "acr": "b2c_1a_signup_signin",
           "nonce": "defaultNonce",
           "iat": 1605545868,
           "auth_time": 1605545868,
           "name": "John Smith",
           "given_name": "John",
           "family_name": "Smith",
-          "tid": "11111111-1111-1111-1111-111111111111"
+          "tid": "aaaabbbb-0000-cccc-1111-dddd2222eeee"
         }
         ```
 
@@ -259,7 +259,7 @@ A successful response would look like:
 
 ```json
 {
-    "objectId": "44444444-4444-4444-4444-444444444444",
+    "objectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
     "givenName": "John",
     "surname": "Smith",
     "displayName": "John Smith",

articles/active-directory-b2c/view-audit-logs.md

@@ -166,7 +166,7 @@ Here's the JSON representation of the example activity event shown earlier in th
 {
     "id": "B2C_DQO3J_4984536",
     "category": "Authentication",
-    "correlationId": "00000000-0000-0000-0000-000000000000",
+    "correlationId": "ffffffff-eeee-dddd-cccc-bbbbbbbbbbb0",
     "result": "success",
     "resultReason": "N/A",
     "activityDisplayName": "Issue an id_token to the application",
@@ -176,7 +176,7 @@ Here's the JSON representation of the example activity event shown earlier in th
     "initiatedBy": {
         "user": null,
         "app": {
-            "appId": "00000000-0000-0000-0000-000000000000",
+            "appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
             "displayName": null,
             "servicePrincipalId": null,
             "servicePrincipalName": "00000000-0000-0000-0000-000000000000"

articles/api-center/check-minimal-api-permissions-dev-proxy.md

@@ -64,7 +64,7 @@ In the `devproxyrc.json` file, add the following configuration:
     "https://api.northwind.com/*"
   ],
   "apiCenterMinimalPermissionsPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default"
@@ -105,7 +105,7 @@ Update your `devproxyrc.json` file with a reference to the plain-text reporter:
     "https://api.northwind.com/*"
   ],
   "apiCenterMinimalPermissionsPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default"

articles/api-center/discover-shadow-apis-dev-proxy.md

@@ -51,7 +51,7 @@ In the `devproxyrc.json` file, add the following configuration:
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterOnboardingPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default",
@@ -93,7 +93,7 @@ Update your `devproxyrc.json` file with a reference to the plain-text reporter:
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterOnboardingPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default",
@@ -207,7 +207,7 @@ The `ApiCenterOnboardingPlugin` can not only detect shadow APIs, but also automa
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterOnboardingPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default",
@@ -251,7 +251,7 @@ To automatically generate OpenAPI specs for onboarded APIs, update Dev Proxy con
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterOnboardingPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default",

articles/api-center/find-nonproduction-api-requests-dev-proxy.md

@@ -57,7 +57,7 @@ In the `devproxyrc.json` file, add the following configuration:
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterProductionVersionPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default"
@@ -98,7 +98,7 @@ Update your `devproxyrc.json` file with a reference to the plain-text reporter:
     "https://jsonplaceholder.typicode.com/*"
   ],
   "apiCenterProductionVersionPlugin": {
-    "subscriptionId": "00000000-0000-0000-0000-000000000000",
+    "subscriptionId": "aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
     "resourceGroupName": "demo",
     "serviceName": "contoso-api-center",
     "workspaceName": "default"

articles/automation/change-tracking/enable-vms-monitoring-agent.md

@@ -3,7 +3,7 @@ title: Enable Azure Automation Change Tracking for single machine and multiple m
 description: This article tells how to enable the Change Tracking feature for single machine and multiple machines at scale from the Azure portal.
 services: automation
 ms.subservice: change-inventory-management
-ms.date: 10/10/2024
+ms.date: 10/29/2024
 ms.topic: how-to
 ms.service: azure-automation
 ---
@@ -40,9 +40,10 @@ This section provides detailed procedure on how you can enable change tracking o
    It will initiate the deployment and the notification appears on the top right corner of the screen.
 
    :::image type="content" source="media/enable-vms-monitoring-agent/deployment-success-inline.png" alt-text="Screenshot showing the notification of deployment." lightbox="media/enable-vms-monitoring-agent/deployment-success-expanded.png":::
-
+    
 > [!NOTE]
-> It usually takes up to two to three minutes to successfully onboard and enable the virtual machine(s). After you enable a virtual machine for change tracking, you can make changes to the files, registries, or software for the specific VM.
+> - When you enable Change Tracking in the Azure portal using the Azure Monitoring Agent, the process automatically creates a Data Collection Rule (DCR). This rule will appear in the resource group with a name in the format ct-dcr-aaaaaaaaa. After the rule is created, add the required resources.
+> - It usually takes up to two to three minutes to successfully onboard and enable the virtual machine(s). After you enable a virtual machine for change tracking, you can make changes to the files, registries, or software for the specific VM.
 
 #### [Multiple Azure VMs - portal](#tab/multiplevms)
 
@@ -55,7 +56,7 @@ This section provides detailed procedure on how you can enable change tracking o
    :::image type="content" source="media/enable-vms-monitoring-agent/select-change-tracking-multiple-vms-inline.png" alt-text="Screenshot showing how to select multiple virtual machines from the portal." lightbox="media/enable-vms-monitoring-agent/select-change-tracking-multiple-vms-expanded.png":::
 
    > [!NOTE]
-   > You can select upto 250 virtual machines at a time to enable this feature.
+   > You can select up to 250 virtual machines at a time to enable this feature.
 
 1. In **Enable Change Tracking** page, select the banner at the top of the page, **Click here to try new change tracking and inventory with Azure Monitoring Agent (AMA) experience**.
 
@@ -193,6 +194,9 @@ Using the Deploy if not exist (DINE) policy, you can enable Change tracking with
 
    :::image type="content" source="media/enable-vms-monitoring-agent/deployment-confirmation.png" alt-text="Screenshot of deployment notification.":::
 
+> [!NOTE]
+> After creating the Data Collection Rule (DCR) using the Azure Monitoring Agent's change tracking schema, ensure that you don't add any Data Sources to this rule. This can cause Change Tracking and Inventory to fail. You must only add new Resources in this section.
+
 ## Next steps
 
 - For details of working with the feature, see [Manage Change Tracking](../change-tracking/manage-change-tracking-monitoring-agent.md).