Merge branch 'main' into aio-2505-certificates

Author: dominicbetts

.openpublishing.redirection.json

@@ -1,10 +1,75 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/cdn/cdn-traffic-manager.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-traffic-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-terraform.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-terraform",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-template.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-powershell.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-cli.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-bicep.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-bicep",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-application-and-service-availability-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-application-and-service-availability-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-configuration-and-management-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-configuration-and-management-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-connectivity-and-networking-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-connectivity-and-networking-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-deployment-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-deployment-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/index.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/private-multi-access-edge-compute-mec/index.yml",
       "redirect_url": "/previous-versions/azure/private-multi-access-edge-compute-mec/index",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/site-recovery/shared-disks-common-questions.md",
+      "redirect_url": "/azure/site-recovery/azure-to-azure-common-questions",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/network-watcher/traffic-analytics-schema-update.md",
       "redirect_url": "/previous-versions/azure/network-watcher/traffic-analytics-schema-update",
@@ -499,6 +564,11 @@
       "redirect_url": "/azure/security/fundamentals/azure-CA-details",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security/fundamentals/recover-from-identity-compromise.md",
+      "redirect_url": "/azure/security/fundamentals/ransomware-detect-respond#road-to-recovery",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/event-grid/event-schema-storage-actions.md",
       "redirect_url": "/azure/storage-actions/overview",
@@ -6968,6 +7038,32 @@
       "source_path": "articles/defender-for-iot/organizations/eiot-sensor.md",
       "redirect_url": "/azure/defender-for-iot/organizations/concept-enterprise",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.09.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-09-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.11.08.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-11-08",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.12.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-12-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2025.02.06.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2025-02-06",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/whats-new.md",
+      "redirect_url": "/azure/reliability/overview",
+      "redirect_document_id": false
     }
   ]
 }
+

articles/active-directory-b2c/authorization-code-flow.md

@@ -233,7 +233,7 @@ A successful token response looks like this:
 | access_token |The signed JWT that you requested. |
 | scope |The scopes that the token is valid for. You also can use the scopes to cache tokens for later use. |
 | expires_in |The length of time that the token is valid (in seconds). |
-| refresh_token |An OAuth 2.0 refresh token. The app can use this token to acquire additional tokens after the current token expires. Refresh tokens are long-lived, and can be used to retain access to resources for extended periods of time. For more information, see the [Azure AD B2C token reference](tokens-overview.md). |
+| refresh_token |An OAuth 2.0 refresh token. The app can use this token to acquire additional tokens after the current token expires. Refresh tokens are long-lived and can be used to retain access to resources for extended periods of time. For more information, see the [Azure AD B2C token reference](tokens-overview.md). |
 
 Error responses look like this:
 

articles/active-directory-b2c/billing.md

@@ -5,7 +5,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: reference
-ms.date: 05/20/2025
+ms.date: 06/10/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: fasttrack-edit
@@ -87,33 +87,6 @@ A subscription linked to an Azure AD B2C tenant can be used for the billing of A
 
 After you complete these steps for an Azure AD B2C tenant, your Azure subscription is billed based on your Azure Direct or Enterprise Agreement details, if applicable.
 
-
-<a name='change-your-azure-ad-pricing-tier'></a>
-
-## Change your Microsoft Entra pricing tier
-
-A tenant must be linked to the appropriate Azure pricing tier based on the features you want to use with your Azure AD B2C tenant. Premium features require Azure AD B2C Premium P1 or P2, as described in the [Azure Active Directory B2C pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/). 
-
-In some cases, you'll need to upgrade your pricing tier as you use new features. For example, if you want to use [Identity Protection](conditional-access-identity-protection-overview.md), risk-based Conditional Access policies, and any future Premium P2 capabilities with Azure AD B2C.
-
-To change your pricing tier, follow these steps:
-
-1. Sign in to the [Azure portal](https://portal.azure.com/).
-
-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
-
-1. In the search box at the top of the portal, enter the name of your Azure AD B2C tenant. Then select the tenant in the search results under **Resources**.
-    
-    ![Screenshot that shows how to select an Azure AD B2C tenant in Azure portal.](media/billing/select-azure-ad-b2c-tenant.png)
-
-1. On the resource **Overview** page, under **Pricing tier**, select **change**.
-
-   ![Screenshot that shows how to change the pricing tier.](media/billing/change-pricing-tier.png)
- 
-1. Select the pricing tier that includes the features you want to enable.
-
-   ![Screenshot that shows how to select the pricing tier.](media/billing/select-tier.png)
-
 Learn about the [Microsoft Entra ID features, which are supported in Azure AD B2C](supported-azure-ad-features.md). 
 
 

articles/active-directory-b2c/conditional-access-identity-protection-overview.md

@@ -4,7 +4,7 @@ description: Learn how Identity Protection gives you visibility into risky sign-
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: overview
-ms.date: 05/20/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 author: kengaderdus
 manager: mwongerapk
@@ -24,7 +24,7 @@ If you're already familiar with [Identity Protection](../active-directory/identi
 ![Conditional Access in a B2C tenant](media/conditional-access-identity-protection-overview/conditional-access-b2c.png)
 
 > [!NOTE]
-> Azure AD B2C **Premium P2** is required to create risky sign-in policies. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies. For more information, see [Change your Azure AD B2C pricing tier](billing.md#change-your-azure-ad-pricing-tier).
+> Azure AD B2C **Premium P2** is required to create risky sign-in policies but it has now been deprecated as of May 1, 2025.. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies.
 
 ## Benefits of Identity Protection and Conditional Access for Azure AD B2C
 

articles/active-directory-b2c/conditional-access-user-flow.md

@@ -5,7 +5,7 @@ description: Learn how to add Conditional Access to Azure AD B2C user flows. Con
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: overview
-ms.date: 02/18/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 author: kengaderdus
 manager: CelesteDG
@@ -86,7 +86,7 @@ When using the Microsoft Entra Conditional Access, consider the following:
 
 ## Pricing tier
 
-Azure AD B2C **Premium P2** is required to create risky sign-in policies. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies. For more information, see [Change your Azure AD B2C pricing tier](billing.md#change-your-azure-ad-pricing-tier)
+Azure AD B2C **Premium P2** is required to create risky sign-in policies but it has now been deprecated as of May 1, 2025. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies.
 
 ## Prepare your Azure AD B2C tenant
 
@@ -438,4 +438,4 @@ To review the result of a Conditional Access event:
 
 ## Related content
 
-[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)
+[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)

articles/active-directory-b2c/custom-email-mailjet.md

@@ -45,7 +45,7 @@ If you don't already have one, start by setting up a Mailjet account (Azure cust
 2. Navigate to the [API Key Management page](https://dev.mailjet.com/email/guides/senders-and-domains/#use-a-sender-on-all-api-keys-(metasender)). Record the **API Key** and **Secret Key** for use in a later step. Both keys are generated automatically when your account is created.
 
 > [!IMPORTANT]
-> Mailjet offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://documentation.mailjet.com/hc/articles/360043101973-What-is-a-dedicated-IP). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [How do I warm up my IP ?](https://documentation.mailjet.com/hc/articles/1260803352789-How-do-I-warm-up-my-IP-).
+> Mailjet offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://documentation.mailjet.com/hc/en-us/articles/1260803352789-Dedicated-IPs-What-They-Are-and-How-to-Warm-Them-Up). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [How do I warm up my IP ?](https://documentation.mailjet.com/hc/articles/1260803352789-How-do-I-warm-up-my-IP-).
 
 ## Create Azure AD B2C policy key
 

articles/active-directory-b2c/custom-policies-series-call-rest-api.md

@@ -216,7 +216,7 @@ to:
 ```xml
     <ValidationTechnicalProfile ReferenceId="ValidateAccessCodeViaHttp"/>
 ```
-At this point, the Technical Profile with `Id` *CheckAccessCodeViaClaimsTransformationChecker* isn't needed, and can be removed. 
+At this point, the Technical Profile with `Id` *CheckAccessCodeViaClaimsTransformationChecker* isn't needed and can be removed.
 
 
 ## Step 3 - Upload custom policy file

articles/active-directory-b2c/faq.yml

@@ -8,7 +8,7 @@ metadata:
   ms.service: azure-active-directory
 
   ms.topic: faq
-  ms.date: 10/01/2024
+  ms.date: 06/12/2024
   ms.author: godonnell
   ms.subservice: b2c
   ms.custom: b2c-support, has-azure-ad-ps-ref,azure-ad-ref-level-one-done
@@ -269,7 +269,7 @@ sections:
       - question: |
           Can I purchase Microsoft Entra ID P1 and Microsoft Entra ID P2 licensing for my Azure AD B2C tenant?
         answer: |
-          No, Azure AD B2C tenants don't use Microsoft Entra ID P1 or Microsoft Entra ID P2 licensing. Azure AD B2C uses [Azure AD B2C Premium P1 or P2](billing.md#change-your-azure-ad-pricing-tier) licenses, which are different from Microsoft Entra ID P1 or P2 licenses for a Standard Microsoft Entra tenant. Azure AD B2C tenants natively support some features that are similar to Microsoft Entra ID P1 or P2 features, as explained in [Supported Microsoft Entra ID features](supported-azure-ad-features.md).
+          No, Azure AD B2C tenants don't use Microsoft Entra ID P1 or Microsoft Entra ID P2 licensing. Azure AD B2C uses Premium P1 or P2 licenses, which are no longer available for purchase as of May 1, 2025. They are different from Microsoft Entra ID P1 or P2 licenses for a Standard Microsoft Entra tenant. Azure AD B2C tenants natively support some features that are similar to Microsoft Entra ID P1 or P2 features, as explained in [Supported Microsoft Entra ID features](supported-azure-ad-features.md).
          
       - question: |
           Can I use a group-based assignment for Microsoft Entra Enterprise Applications in my Azure AD B2C tenant?

articles/active-directory-b2c/identity-provider-adfs.md

@@ -31,7 +31,7 @@ zone_pivot_groups: b2c-policy-type
 
 To enable sign-in for users with an AD FS account in Azure Active Directory B2C (Azure AD B2C), create an Application Group in your AD FS. For more information, see [Build a web application using OpenID Connect with AD FS 2016 and later](../active-directory/develop/msal-migration.md)
 
-To create an Application Group, follow theses steps:
+To create an Application Group, follow these steps:
 
 1. In **Server Manager**, select **Tools**, and then select **AD FS Management**.
 1. In AD FS Management, right-click on **Application Groups** and select **Add Application Group**.

articles/active-directory-b2c/page-layout.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 02/27/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -65,6 +65,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## Self-asserted page (selfasserted)
 
+**2.1.35**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI.
+  
 **2.1.34**
 - Input labels are now consistently visible and accessible, enhancing user experience and clarity. A new `enableInputLabel` feature flag has been introduced, which is enabled by default, allowing clients to toggle the visibility of input labels according to their preferences.
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.
@@ -224,6 +227,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 > [!TIP]
 > If you localize your page to support multiple locales, or languages in a user flow. The [localization IDs](localization-string-ids.md) article provides the list of localization IDs that you can use for the page version you select.
 
+**2.1.23**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI.
+  
 **2.1.22**
 - Input labels are now consistently visible and accessible, enhancing user experience and clarity. A new `enableInputLabel` feature flag has been introduced, which is enabled by default, allowing clients to toggle the visibility of input labels according to their preferences.
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.
@@ -324,6 +330,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## MFA page (multifactor)
 
+**1.2.21**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI. 
+
 **1.2.20**
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.