Merge pull request #184999 from MicrosoftDocs/master

1/13 AM Publish

Author: huypub

articles/active-directory-b2c/identity-provider-microsoft-account.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/16/2021
+ms.date: 01/13/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C

articles/active-directory-b2c/manage-user-access.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/09/2021
+ms.date: 01/13/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---

articles/active-directory-b2c/quickstart-native-app-desktop.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: quickstart
 ms.custom: mvc, mode-other
-ms.date: 08/16/2021
+ms.date: 01/13/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---

articles/active-directory-b2c/quickstart-single-page-app.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: quickstart
-ms.date: 04/04/2020
+ms.date: 01/13/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: mode-other

articles/active-directory/develop/active-directory-how-applications-are-added.md

@@ -133,19 +133,14 @@ Allowing users to register and consent to applications might initially sound con
 
 If you still want to prevent users in your directory from registering applications and from signing in to applications without administrator approval, there are two settings that you can change to turn off those capabilities:
 
-* To prevent users from consenting to applications on their own behalf:
-  1. In the Azure portal, go to the [User settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/) section under Enterprise applications.
-  2. Change **Users can consent to apps accessing company data on their behalf** to **No**.
-     
-     > [!NOTE]
-     > If you decide to turn off user consent, an admin will be required to consent to any new application a user needs to use.
+* To change the user consent settings in your organization, see [Configure how users consent to applications](../manage-apps/configure-user-consent.md).
 
 * To prevent users from registering their own applications:
   1. In the Azure portal, go to the [User settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/UserSettings) section under Azure Active Directory
   2. Change **Users can register applications** to **No**.
 
 > [!NOTE]
-> Microsoft itself uses the default configuration with users able to register applications and consent to applications on their own behalf.
+> Microsoft itself uses the default configuration allowing users to register applications and only allows user consent for a very limited set of permissions.
 
 <!--Image references-->
-[apps_service_principals_directory]:../media/active-directory-how-applications-are-added/HowAppsAreAddedToAAD.jpg
+[apps_service_principals_directory]:../media/active-directory-how-applications-are-added/HowAppsAreAddedToAAD.jpg

articles/active-directory/manage-apps/configure-admin-consent-workflow.md

@@ -41,7 +41,7 @@ To enable the admin consent workflow and choose reviewers:
 1. Select **Enterprise applications**.
 1. Under **Manage**, select **User settings**.
 Under **Admin consent requests**,  select **Yes** for **Users can request admin consent to apps they are unable to consent to** .
-   :::image type="content" source="media/configure-admin-consent-workflow/admin-consent-requests-settings.png" alt-text="Configure admin consent workflow settings":::
+   :::image type="content" source="media/configure-admin-consent-workflow/enable-admin-consent-workflow.png" alt-text="Configure admin consent workflow settings":::
 1. Configure the following settings:
 
    - **Select users to review admin consent requests** - Select reviewers for this workflow from a set of users that have the global administrator, cloud application administrator, or application administrator roles. You can also add groups and roles that can configure an admin consent workflow. You must designate at least one reviewer before the workflow can be enabled.

articles/active-directory/manage-apps/manage-app-consent-policies.md

@@ -3,15 +3,13 @@ title: Manage app consent policies
 description: Learn how to manage built-in and custom app consent policies to control when consent can be granted.
 titleSuffix: Azure AD
 services: active-directory
-author: davidmu1
-manager: CelesteDG
+author: psignoret
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
 ms.date: 09/02/2021
-ms.author: davidmu
-ms.reviewer: arvindh, luleon, phsignor
+ms.author: phsignor
 ms.custom: contperf-fy21q2
 
 #customer intent: As an admin, I want to manage app consent policies for enterprise applications in Azure AD
@@ -29,14 +27,7 @@ App consent policies where the ID begins with "microsoft-" are built-in policies
 
 ## Pre-requisites
 
-1. Make sure you're using the [AzureADPreview](/powershell/module/azuread/?preserve-view=true&view=azureadps-2.0-preview) module. This step is important if you have installed both the [AzureAD](/powershell/module/azuread/) module and the [AzureADPreview](/powershell/module/azuread/?preserve-view=true&view=azureadps-2.0-preview) module).
-
-    ```powershell
-    Remove-Module AzureAD -ErrorAction SilentlyContinue
-    Import-Module AzureADPreview
-    ```
-
-1. Connect to Azure AD PowerShell.
+1. Connect to [Azure AD PowerShell](/powershell/module/azuread/).
 
    ```powershell
    Connect-AzureAD

articles/aks/csi-secrets-store-identity-access.md

@@ -111,7 +111,7 @@ Azure Active Directory (Azure AD) pod-managed identities use AKS primitives to a
 1. To access your key vault, you can use the user-assigned managed identity that you created when you [enabled a managed identity on your AKS cluster][use-managed-identity]:
 
     ```azurecli-interactive
-    az aks show -g <resource-group> -n <cluster-name> --query identityProfile.kubeletidentity.clientId -o tsv
+    az aks show -g <resource-group> -n <cluster-name> --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId -o tsv
     ```
 
     Alternatively, you can create a new managed identity and assign it to your virtual machine (VM) scale set or to each VM instance in your availability set:

articles/aks/kubernetes-walkthrough.md

@@ -27,6 +27,19 @@ To learn more about creating a Windows Server node pool, see [Create an AKS clus
 
 - This article requires version 2.0.64 or greater of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
 - The identity you are using to create your cluster has the appropriate minimum permissions. For more details on access and identity for AKS, see [Access and identity options for Azure Kubernetes Service (AKS)](concepts-identity.md).
+- Verify *Microsoft.OperationsManagement* and *Microsoft.OperationalInsights* are registered on your subscription. To check the registration status:
+
+    ```azurecli
+    az provider show -n Microsoft.OperationsManagement -o table
+    az provider show -n Microsoft.OperationalInsights -o table
+    ```
+     
+    If they are not registered, register *Microsoft.OperationsManagement* and *Microsoft.OperationalInsights* using:
+     
+    ```azurecli
+    az provider register --namespace Microsoft.OperationsManagement
+    az provider register --namespace Microsoft.OperationalInsights
+    ```
 
 > [!NOTE]
 > Run the commands as administrator if you plan to run the commands in this quickstart locally instead of in Azure Cloud Shell.
@@ -59,27 +72,11 @@ Output for successfully created resource group:
   },
   "tags": null
 }
-```
-
-## Enable cluster monitoring
-
-Verify *Microsoft.OperationsManagement* and *Microsoft.OperationalInsights* are registered on your subscription. To check the registration status:
-
-```azurecli
-az provider show -n Microsoft.OperationsManagement -o table
-az provider show -n Microsoft.OperationalInsights -o table
-```
- 
-If they are not registered, register *Microsoft.OperationsManagement* and *Microsoft.OperationalInsights* using:
- 
-```azurecli
-az provider register --namespace Microsoft.OperationsManagement
-az provider register --namespace Microsoft.OperationalInsights
-```
+```    
 
 ## Create AKS cluster
 
-Create an AKS cluster using the [az aks create][az-aks-create] command with the *--enable-addons monitoring* parameter to enable [Azure Monitor for containers][azure-monitor-containers]. The following example creates a cluster named *myAKSCluster* with one node: 
+Create an AKS cluster using the [az aks create][az-aks-create] command with the *--enable-addons monitoring* parameter to enable [Azure Monitor container insights][azure-monitor-containers]. The following example creates a cluster named *myAKSCluster* with one node: 
 
 ```azurecli-interactive
 az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys
@@ -268,7 +265,7 @@ To see the Azure Vote app in action, open a web browser to the external IP addre
 
 ![Voting app deployed in Azure Kubernetes Service](./media/container-service-kubernetes-walkthrough/voting-app-deployed-in-azure-kubernetes-service.png)
 
-View the cluster nodes' and pods' health metrics captured by [Azure Monitor for containers][azure-monitor-containers] in the Azure portal. 
+View the cluster nodes' and pods' health metrics captured by [Azure Monitor container insights][azure-monitor-containers] in the Azure portal. 
 
 ## Delete the cluster
 
@@ -279,9 +276,9 @@ az group delete --name myResourceGroup --yes --no-wait
 ```
 
 > [!NOTE]
-> When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see [AKS service principal considerations and deletion][sp-delete].
+> If the AKS cluster was created with system-assigned managed identity (default identity option used in this quickstart), the identity is managed by the platform and does not require removal.
 > 
-> If you used a managed identity, the identity is managed by the platform and does not require removal.
+> If the AKS cluster was created with service principal as the identity option instead, then when you delete the cluster, the service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see [AKS service principal considerations and deletion][sp-delete].
 
 ## Get the code
 

articles/aks/quickstart-helm.md

@@ -92,7 +92,7 @@ cd azure-voting-app-redis/azure-vote/
 
 ## Build and push the sample application to the ACR
 
-Using the preceding Dockerfile, run the [az acr build][az-acr-build] command to build and push an image to the registry. The `.` at the end of the command sets the location of the Dockerfile (in this case, the current directory).
+Using the preceding Dockerfile, run the [az acr build][az-acr-build] command to build and push an image to the registry. The `.` at the end of the command provides the location of the source code directory path (in this case, the current directory). The `--file` parameter takes in the path of the Dockerfile relative to this source code directory path.
 
 ```azurecli
 az acr build --image azure-vote-front:v1 --registry MyHelmACR --file Dockerfile .
@@ -214,9 +214,9 @@ az group delete --name MyResourceGroup --yes --no-wait
 ```
 
 > [!NOTE]
-> When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see [AKS service principal considerations and deletion][sp-delete].
+> If the AKS cluster was created with system-assigned managed identity (default identity option used in this quickstart), the identity is managed by the platform and does not require removal.
 > 
-> If you used a managed identity, the identity is managed by the platform and does not require removal.
+> If the AKS cluster was created with service principal as the identity option instead, then when you delete the cluster, the service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see [AKS service principal considerations and deletion][sp-delete].
 
 ## Next steps