Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into maxcap

Author: dlepow

.openpublishing.publish.config.json

@@ -970,6 +970,7 @@
     "articles/applied-ai-services/.openpublishing.redirection.applied-ai-old.json",
     "articles/cognitive-services/.openpublishing.redirection.cognitive-services.json",
     ".openpublishing.redirection.baremetal-infrastructure.json",
-    "articles/iot-dps/.openpublishing.redirection.iot-dps.json"
+    "articles/iot-dps/.openpublishing.redirection.iot-dps.json",
+    "articles/cloud-shell/.openpublishing.redirection.cloud-shell.json"
   ]
 }

.openpublishing.redirection.active-directory.json

@@ -45,6 +45,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/icertisicm-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/governance/tutorial-onboard-custom-workflow-graph.md",
       "redirect_url": "/graph/tutorial-lifecycle-workflows-onboard-custom-workflow",

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/concept-enterprise",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/resources-frequently-asked-questions.md",
             "redirect_url": "/azure/defender-for-iot/organizations/faqs-general",

.openpublishing.redirection.json

@@ -9,21 +9,21 @@
             "source_path_from_root": "/articles/api-management/developer-portal-use-community-widgets.md",
             "redirect_url": "/azure/api-management/developer-portal-extend-custom-functionality",
             "redirect_document_id": false
-        },       
+        },
         {
             "source_path":  "articles/sentinel/whats-new-archive.md",
             "redirect_url":  "/azure/sentinel/whats-new",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/backup/sap-hana-db-manage.md",
             "redirect_url":  "/azure/backup/sap-hana-database-manage",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/backup/sap-hana-db-restore.md",
             "redirect_url":  "/azure/backup/sap-hana-database-restore",
-            "redirect_document_id":  false  
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/backup/sap-hana-db-about.md",
@@ -93,32 +93,32 @@
         {
             "source_path":  "articles/site-recovery/switch-replication-appliance-preview.md",
             "redirect_url":  "/azure/site-recovery/switch-replication-appliance-modernized",
-            "redirect_document_id":  false 
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/site-recovery/upgrade-mobility-service-preview.md",
             "redirect_url":  "/azure/site-recovery/upgrade-mobility-service-modernized",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/site-recovery/vmware-azure-set-up-replication-tutorial-preview.md",
             "redirect_url":  "/azure/site-recovery/vmware-azure-set-up-replication-tutorial-modernized",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/site-recovery/vmware-azure-architecture-preview.md",
             "redirect_url":  "/azure/site-recovery/vmware-azure-architecture-modernized",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/physical-server-azure-architecture-preview.md",
             "redirect_url":  "/azure/physical-server-azure-architecture-modernized",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path":  "articles/vmware-azure-tutorial-failover-failback-preview.md",
             "redirect_url":  "/azure/vmware-azure-tutorial-failover-failback-modernized",
-            "redirect_document_id":  false   
+            "redirect_document_id":  false
         },
         {
             "source_path": "articles/automanage/automanage-virtual-machines.md",
@@ -790,7 +790,7 @@
         },
         {
             "source_path_from_root": "/articles/aks/concepts-diagnostics.md",
-            "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
+            "redirect_url": "/azure/aks/aks-diagnostics",
             "redirect_document_id": false
         },
         {
@@ -6353,12 +6353,12 @@
             "redirect_url": "/azure/azure-cache-for-redis/scripts/create-manage-cache",
             "redirect_document_id": false
         },
-        { 
+        {
             "source_path_from_root": "/articles/storage/blobs/anonymous-read-access-client.md",
             "redirect_url": "/azure/storage/blobs/anonymous-read-access-prevent",
             "redirect_document_id": false
         },
-        { 
+        {
             "source_path_from_root": "/articles/storage/common/storage-auth-abac-attributes.md",
             "redirect_url": "/azure/storage/blobs/storage-auth-abac-attributes",
             "redirect_document_id": false
@@ -10493,21 +10493,6 @@
             "redirect_url": "/azure/cloud-services/diagnostics-performance-counters",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/cloud-shell/features-powershell.md",
-            "redirect_url": "/azure/cloud-shell/features",
-            "redirect_document_id": false
-        },
-        {
-            "source_path_from_root": "/articles/cloud-shell/index.md",
-            "redirect_url": "/azure/cloud-shell/overview",
-            "redirect_document_id": false
-        },
-        {
-            "source_path_from_root": "/articles/cloud-shell/persisting-shell-storage-powershell.md",
-            "redirect_url": "/azure/cloud-shell/persisting-shell-storage",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/jenkins/azure-container-agents-plugin-run-container-as-an-agent.md",
             "redirect_url": "/azure/container-instances/container-instances-jenkins",
@@ -25437,7 +25422,7 @@
             "source_path_from_root": "/articles/virtual-machines/scripts/virtual-machines-cli-sample-copy-managed-disks-to-same-or-different-subscription.md",
             "redirect_url": "/previous-versions/azure/virtual-machines/scripts/virtual-machines-cli-sample-copy-managed-disks-to-same-or-different-subscription",
             "redirect_document_id": false
-        },        
+        },
         {
             "source_path_from_root": "/articles/virtual-machines/disks-cross-tenant-cmk.md",
             "redirect_url": "/azure/virtual-machines/disks-cross-tenant-customer-managed-keys",
@@ -29494,11 +29479,6 @@
             "redirect_url": "/azure/virtual-network/ip-services/create-custom-ip-address-prefix-ipv6-powershell",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/cloud-shell/example-terraform-bash.md",
-            "redirect_url": "/azure/developer/terraform/quickstart-configure",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/aks/managed-cluster-snapshot.md",
             "redirect_url": "/azure/aks/intro-kubernetes",

.openpublishing.redirection.security-benchmark.json

@@ -386,11 +386,6 @@
         "redirect_url": "/security/benchmark/azure/baselines/batch-security-baseline",
         "redirect_document_id": false
     },
-    {
-        "source_path_from_root": "/articles/cloud-shell/security-baseline.md",
-        "redirect_url": "/security/benchmark/azure/baselines/cloud-shell-security-baseline",
-        "redirect_document_id": false
-    },
     {
         "source_path_from_root": "/articles/cognitive-services/security-baseline.md",
         "redirect_url": "/security/benchmark/azure/baselines/cognitive-services-security-baseline",

articles/active-directory-b2c/index.yml

@@ -244,7 +244,7 @@ conceptualContent:
             url: azure-sentinel.md
             itemType: how-to-guide             
           - text: Regulations
-            url: https://docs.microsoft.com/azure/compliance/
+            url: ../compliance/index.yml
             itemType: concept 
           #- text: 'Manage user access: Minors and parental consent'
            #  url: manage-user-access.md
@@ -364,4 +364,4 @@ tools:
   - title: MSAL React
     url: https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
     imageSrc: ../active-directory/develop/media/hub/react.svg
-## BAND 4 - TOOLS END #######################################################################################################################################
+## BAND 4 - TOOLS END #######################################################################################################################################

articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/04/2022
+ms.date: 11/12/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 # Troubleshoot on-premises application provisioning
 
 ## Troubleshoot test connection issues
-After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. When the test connection fails, try the following troubleshooting steps:
+After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. Be sure to wait 10 to 20 minutes after assigning an initial agent or changing the agent before testing the connection. If after this time the test connection fails, try the following troubleshooting steps:
 
  1. Check that the agent and ECMA host are running:
      1. On the server with the agent installed, open **Services** by going to **Start** > **Run** > **Services.msc**.
@@ -31,7 +31,8 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
  6. After you assign an agent, you need to wait 10 to 20 minutes for the registration to complete. The connectivity test won't work until the registration completes.
  7. Ensure that you're using a valid certificate. Go to the **Settings** tab of the ECMA host to generate a new certificate.
  8. Restart the provisioning agent by going to the taskbar on your VM by searching for the Microsoft Azure AD Connect provisioning agent. Right-click **Stop**, and then select **Start**.
- 9. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
+ 1. If you continue to see `The ECMA host is currently importing data from the target application` even after restarting the ECMA Connector Host and the provisioning agent, and waiting for the initial import to complete, then you may need to cancel and re-start configuring provisioning to the application in the Azure portal.
+ 1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
 
     ```
     https://localhost:8585/ecma2host_connectorName/scim
@@ -142,7 +143,7 @@ After the ECMA Connector Host schema mapping has been configured, start the serv
 | Error      | Resolution |
 | ----------- | ----------- |
 | Could not load file or assembly 'file:///C:\Program Files\Microsoft ECMA2Host\Service\ECMA\Cache\8b514472-c18a-4641-9a44-732c296534e8\Microsoft.IAM.Connector.GenericSql.dll' or one of its dependencies. Access is denied.      | Ensure that the network service account has 'full control' permissions over the cache folder. |
-| Invalid LDAP style of object's DN. DN: [email protected]"   | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
+| Invalid LDAP style of object's DN. DN: [email protected]" or `Target Site: ValidByLdapStyle`  | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
 
 ## Understand incoming SCIM requests
 
@@ -232,7 +233,7 @@ By using Azure AD, you can monitor the provisioning service in the cloud and col
   ```
 
 ### I am getting an Invalid LDAP style DN error when trying to configure the ECMA Connector Host with SQL
-By default, the genericSQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message above, you can see that the DN is a UPN, rather than an LDAP style DN that the connector expects. 
+By default, the generic SQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message `Invalid LDAP style DN` or `Target Site: ValidByLdapStyle`, you may see that the DN field contains a user principal name (UPN), rather than an LDAP style DN that the connector expects.
 
 To resolve this, ensure that **Autogenerated** is selected on the object types page when you configure the connector.
 

articles/active-directory/authentication/concept-authentication-authenticator-app.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/23/2022
+ms.date: 11/16/2022
 
 ms.author: justinha
 author: justinha
@@ -57,8 +57,24 @@ Users may have a combination of up to five OATH hardware tokens or authenticator
 >
 > When two methods are required, users can reset using either a notification or verification code in addition to any other enabled methods.
 
+
+## FIPS 140 compliant for Azure AD authentication
+
+Beginning with version 6.6.8, Microsoft Authenticator for iOS is compliant with [Federal Information Processing Standard (FIPS) 140](https://csrc.nist.gov/publications/detail/fips/140/3/final?azure-portal=true) for all Azure AD authentications using push multi-factor authentications (MFA), passwordless Phone Sign-In (PSI), and time-based one-time passcodes (TOTP).  
+
+Consistent with the guidelines outlined in [NIST SP 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html?azure-portal=true), authenticators are required to use FIPS 140 validated cryptography. This helps federal agencies meet the requirements of [Executive Order (EO) 14028](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/?azure-portal=true) and healthcare organizations working with [Electronic Prescriptions for Controlled Substances (EPCS)](/azure/compliance/offerings/offering-epcs-us). 
+
+FIPS 140 is a US government standard that defines minimum security requirements for cryptographic modules in information technology products and systems. Testing against the FIPS 140 standard is maintained by the [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program?azure-portal=true).
+
+No changes in configurations are required in Microsoft Authenticator or the Azure portal to enable FIPS 140 compliance. Beginning with Microsoft Authenticator for iOS version 6.6.8, Azure AD authentications will be FIPS 140 compliant by default.
+
+Authenticator leverages the native Apple cryptography to achieve FIPS 140, Security Level 1 compliance on Apple iOS devices beginning with Microsoft Authenticator version 6.6.8. For more information about the certifications being used, see the [Apple CoreCrypto module](https://support.apple.com/guide/sccc/security-certifications-for-ios-scccfa917cb49/web?azure-portal=true). 
+
+FIPS 140 compliance for Microsoft Authenticator on Android is in progress and will follow soon.
+
 ## Next steps
 
 - To get started with passwordless sign-in, see [Enable passwordless sign-in with the Microsoft Authenticator](howto-authentication-passwordless-phone.md).
 
 - Learn more about configuring authentication methods using the [Microsoft Graph REST API](/graph/api/resources/authenticationmethods-overview).
+

articles/active-directory/authentication/concept-authentication-phone-options.md

@@ -52,7 +52,7 @@ With phone call verification during SSPR or Azure AD Multi-Factor Authentication
 
 ## Office phone verification
 
-With phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad. 
+With office phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad. 
 
 ## Troubleshooting phone options