Merge branch 'main' into Release_Archive_main_2024-07-02-18-52-05

Author: cynthn

.openpublishing.redirection.app-service.json

@@ -1850,6 +1850,16 @@
             "redirect_url": "/azure/app-service/scripts/powershell-scale-manual",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/app-service/get-resource-events.md",
+            "redirect_url": "/azure/app-service/monitor-app-service",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/app-service/overview-monitoring.md",
+            "redirect_url": "/azure/app-service/monitor-app-service",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/app-service/app-service-security-attributes.md",
             "redirect_url": "/azure/app-service/security-baseline",

.openpublishing.redirection.azure-monitor.json

@@ -10,6 +10,11 @@
             "redirect_url": "/azure/azure-monitor/vm/scom-managed-instance-overview",
             "redirect_document_id": false
          },
+        {
+            "source_path_from_root": "/articles/azure-monitor/scom-manage-instance/monitor-arc-enabled-vm-with-scom-managed-instance.md",
+            "redirect_url": "/azure/azure-monitor/scom-manage-instance/monitor-azure-off-azure-vm-with-scom-managed-instance",
+            "redirect_document_id": false
+         },
         {
             "source_path_from_root": "/articles/azure-monitor/scom-manage-instance/common-questions.md",
             "redirect_url": "/azure/azure-monitor/scom-manage-instance/scom-managed-instance-faq",

.openpublishing.redirection.defender-for-cloud.json

@@ -1,5 +1,25 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/recommendations-reference.md",
+            "redirect_url": "/azure/defender-for-cloud/security-policy-concept",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/recommendations-reference-gcp.md",
+            "redirect_url": "/azure/defender-for-cloud/security-policy-concept",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/recommendations-reference-aws.md",
+            "redirect_url": "/azure/defender-for-cloud/security-policy-concept",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/upcoming-changes.md",
+            "redirect_url": "/azure/defender-for-cloud/release-notes",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/secret-scanning.md",
             "redirect_url": "/azure/defender-for-cloud/secrets-scanning-servers",
@@ -960,6 +980,11 @@
             "redirect_url": "/azure/defender-for-cloud/view-and-remediate-vulnerability-registry-images",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/management-groups-roles.md",
+            "redirect_url": "/azure/governance/management-groups/overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/how-to-migrate-to-built-in.md",
             "redirect_url": "/azure/defender-for-cloud/how-to-transition-to-built-in",

.openpublishing.redirection.json

@@ -274,6 +274,12 @@ sections:
 
           * API connectors
           * Conditional Access
+
+      - question: |
+          I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
+        answer: |
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+             
           
       - question: |
           I've revoked the refresh token using Microsoft Graph invalidateAllRefreshTokens, or Microsoft Graph PowerShell,  Revoke-MgUserSignInSession. Why is Azure AD B2C still accepting the old refresh token?
@@ -286,6 +292,9 @@ sections:
           1. Wait for 10 minutes.
           
           1. Retrieve the `RefreshToken` again.
+
+          > [!TIP]
+          > With Azure AD B2C [custom policy](custom-policy-overview.md), you can reduce the above mentioned skew time of 5 minutes (300000 milliseconds)  by adjusting the value for InputParameter "TreatAsEqualIfWithinMillseconds" under claim transformation Id "AssertRefreshTokenIssuedLaterThanValidFromDate". This claim transformation can be found in the TrustFrameworkBase.xml file under latest custom policy [stater-pack](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#get-the-starter-pack). 
           
       - question: |
          I use multiple tabs in a web browser to sign in to multiple applications that I registered in the same Azure AD B2C tenant. When I try to perform a single sign-out, not all of the applications are signed out. Why does this happen? 

articles/active-directory-b2c/faq.yml

@@ -23,7 +23,7 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag.
+With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag. From selfasserted page layout version 2.1.21 / unifiedssp version 2.1.10 / multifactor version 1.2.10 onwards B2C doesn't support adding scripts in `<body>` tag (as this can pose a risk for cross site scripting attack). Migrating existing scripts from `<body>` to `<head>` may at-times require rewriting existing scripts with mutation observers for proper working.
 
 The `<script>` tag should be added in the `<head>` tag in two ways:  
 

articles/active-directory-b2c/javascript-and-page-layout.md

@@ -220,6 +220,7 @@ You can also call a REST API technical profile with your business logic, overwri
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 |setting.forgotPasswordLinkOverride <sup>4</sup>| No | A password reset claims exchange to be executed. For more information, see [Self-service password reset](add-password-reset-policy.md). |
 | setting.enableCaptchaChallenge | No | Specifies whether CAPTCHA challenge code should be displayed. Possible values: `true` , or `false` (default). For this setting to work, the [CAPTCHA display control]() must be referenced in the [display claims](#display-claims) of the self-asserted technical profile. CAPTCHA feature is in **public preview**.|
+| setting.showHeading | No | Specifies whether **User Details** heading element should be visible. Possible values: `true` (default), or `false`.|
 
 Notes:
 

articles/active-directory-b2c/self-asserted-technical-profile.md

@@ -0,0 +1,131 @@
+---
+title: Reduce service costs using Azure Advisor
+description: Use Azure Advisor to optimize the cost of your Azure deployments.
+ms.topic: article
+ms.date: 11/08/2023
+
+---
+
+# Reduce service costs by using Azure Advisor
+
+Azure Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the **Cost** tab on the Advisor dashboard.
+
+1. Sign in to the [**Azure portal**](https://portal.azure.com).
+
+1. Search for and select [**Advisor**](https://aka.ms/azureadvisordashboard) from any page.
+
+1. On the **Advisor** dashboard, select the **Cost** tab.
+
+## Optimize virtual machine (VM) or virtual machine scale set (VMSS) spend by resizing or shutting down underutilized instances
+
+Although certain application scenarios can result in low utilization by design, you can often save money by managing the size and number of your virtual machines or virtual machine scale sets.
+
+Advisor uses machine-learning algorithms to identify low utilization and to identify the ideal recommendation to ensure optimal usage of virtual machines and virtual machine scale sets. The recommended actions are shut down or resize, specific to the resource being evaluated.
+
+### Shutdown recommendations
+
+Advisor identifies resources that weren't used at all over the last seven days and makes a recommendation to shut them down.
+
+* Recommendation criteria include **CPU** and **Outbound Network utilization** metrics. **Memory** isn't considered since we found that **CPU** and **Outbound Network utilization** are sufficient.
+
+* The last seven days of utilization data are analyzed. You can change your lookback period in the configurations. The available lookback periods are 7, 14, 21, 30, 60, and 90 days. After you change the lookback period, it might take up to 48 hours for the recommendations to be updated.
+
+* Metrics are sampled every 30 seconds, aggregated to 1 min and then further aggregated to 30 mins (we take the max of average values while aggregating to 30 mins). On virtual machine scale sets, the metrics from individual virtual machines are aggregated using the average of the metrics across instances.
+
+* A shutdown recommendation is created if:
+  * P95 of the maximum value of CPU utilization summed across all cores is less than 3%
+  * P100 of average CPU in last 3 days (sum over all cores) <= 2%
+  * Outbound Network utilization is less than 2% over a seven-day period
+
+### Resize SKU recommendations
+
+Advisor recommends resizing virtual machines when it's possible to fit the current load on a more appropriate SKU, which is less expensive (based on retail rates). On virtual machine scale sets, Advisor recommends resizing when it's possible to fit the current load on a more appropriate cheaper SKU, or a lower number of instances of the same SKU.
+
+* Recommendation criteria include **CPU**, **Memory**, and **Outbound Network utilization**.
+
+* The last 7 days of utilization data are analyzed. You can change your lookback period in the configurations. The available lookback periods are 7, 14, 21, 30, 60, and 90 days. After you change the lookback period, it might take up to 48 hours for the recommendations to be updated.
+
+* Metrics are sampled every 30 seconds, aggregated to 1 minute, and then further aggregated to 30 minutes (taking the max of average values while aggregating to 30 minutes). On virtual machine scale sets, the metrics from individual virtual machines are aggregated using the average of the metrics for instance count recommendations, and aggregated using the max of the metrics for SKU change recommendations.
+
+* An appropriate SKU (for virtual machines) or instance count (for virtual machine scale set resources) is determined based on the following criteria:
+  * Performance of the workloads on the new SKU won't be impacted.
+    * Target for user-facing workloads:
+      * P95 of CPU and Outbound Network utilization at 40% or lower on the recommended SKU
+      * P100 of Memory utilization at 60% or lower on the recommended SKU
+    * Target for non user-facing workloads:
+      * P95 of the CPU and Outbound Network utilization at 80% or lower on the new SKU
+      * P100 of Memory utilization at 80% or lower on the new SKU
+  * The new SKU, if applicable, has the same Accelerated Networking and Premium Storage capabilities
+  * The new SKU, if applicable, is supported in the current region of the Virtual Machine with the recommendation
+  * The new SKU, if applicable, is less expensive
+  * Instance count recommendations also take into account if the virtual machine scale set is being managed by Service Fabric or AKS. For service fabric managed resources, recommendations take into account reliability and durability tiers.
+* Advisor determines if a workload is user-facing by analyzing its CPU utilization characteristics. The approach is based on findings by Microsoft Research. You can find more details here: [Prediction-Based Power Oversubscription in Cloud Platforms - Microsoft Research](https://www.microsoft.com/research/publication/prediction-based-power-oversubscription-in-cloud-platforms/).
+
+* Based on the best fit and the cheapest costs with no performance impacts, Advisor not only recommends smaller SKUs in the same family (for example D3v2 to D2v2), but also SKUs in a newer version (for example D3v2 to D2v3), or a different family (for example D3v2 to E3v2).
+
+* For virtual machine scale set resources, Advisor prioritizes instance count recommendations over SKU change recommendations because instance count changes are easily actionable, resulting in faster savings.
+
+### Burstable recommendations
+
+We evaluate if workloads are eligible to run on specialized SKUs called **Burstable SKUs** that support variable workload performance requirements and are less expensive than general purpose SKUs. Learn more about burstable SKUs here: [B-series burstable - Azure Virtual Machines](../virtual-machines/sizes-b-series-burstable.md).
+
+A burstable SKU recommendation is made if:
+
+* The average **CPU utilization** is less than a burstable SKUs' baseline performance
+  * If the P95 of CPU is less than two times the burstable SKUs' baseline performance
+  * If the current SKU doesn't have accelerated networking enabled, since burstable SKUs don't support accelerated networking yet
+  * If we determine that the Burstable SKU credits are sufficient to support the average CPU utilization over 7 days. You can change your lookback period in the configurations.
+
+The resulting recommendation suggests that a user should resize their current virtual machine or virtual machine scale set to a burstable SKU with the same number of cores. This suggestion is made so a user can take advantage of lower cost and also the fact that the workload has low average utilization but high spikes in cases, which can be best served by the B-series SKU.
+
+Advisor shows the estimated cost savings for either recommended action: resize or shut down. For resize, Advisor provides current and target SKU/instance count information.
+To be more selective about the actioning on underutilized virtual machines or virtual machine scale sets, you can adjust the CPU utilization rule by subscription.
+
+In some cases recommendations can't be adopted or might not be applicable, such as some of these common scenarios (there might be other cases):
+
+* Virtual machine or virtual machine scale set has been provisioned to accommodate upcoming traffic
+
+* Virtual machine or virtual machine scale set uses other resources not considered by the resize algorithm, such as metrics other than CPU, Memory and Network
+
+* Specific testing being done on the current SKU, even if not utilized efficiently
+
+* Need to keep virtual machine or virtual machine scale set SKUs homogeneous
+
+* Virtual machine or virtual machine scale set being utilized for disaster recovery purposes
+
+In such cases, simply use the Dismiss/Postpone options associated with the recommendation.
+
+### Limitations
+
+* The savings associated with the recommendations are based on retail rates and don't take into account any temporary or long-term discounts that might apply to your account. As a result, the listed savings might be higher than actually possible.  
+
+* The recommendations don't take into account the presence of Reserved Instances (RI) / Savings plan purchases. As a result, the listed savings might be higher than actually possible. In some cases, for example in the case of cross-series recommendations, depending on the types of SKUs that reserved instances have been purchased for, the costs might increase when the optimization recommendations are followed. We caution you to consider your RI/Savings plan purchases when you act on the right-size recommendations.
+
+We're constantly working on improving these recommendations. Feel free to share feedback on [Advisor Forum](https://aka.ms/advisorfeedback).
+
+## Configure VM/VMSS recommendations
+
+You can adjust Advisor virtual machine (VM) and Virtual Machine Scale Sets recommendations. Specifically, you can set up a filter for each subscription to only show recommendations for machines with certain CPU utilization. This setting will filter recommendations but will not change how they are generated.
+
+> [!NOTE]
+> If you don't have the required permissions, the option is disabled in the user interface. For information on permissions, see [Permissions in Azure Advisor](permissions.md).
+
+To adjust Advisor VM/Virtual Machine Scale Sets right sizing rules, follow these steps:
+
+1. From any Azure Advisor page, click **Configuration** in the left navigation pane. The Advisor Configuration page opens with the **Resources** tab selected, by default.
+
+1. Select the **VM/Virtual Machine Scale Sets right sizing** tab.
+
+1. Select the subscriptions you’d like to set up a filter for average CPU utilization, and then click **Edit**.
+
+1. Select the desired average CPU utilization value and click **Apply**. It can take up to 24 hours for the new settings to be reflected in recommendations.
+
+  :::image type="content" source="media/advisor-get-started/advisor-configure-rules.png" alt-text="Screenshot of Azure Advisor configuration option for VM/Virtual Machine Scale Sets sizing rules." lightbox="media/advisor-get-started/advisor-configure-rules.png":::
+
+## Next steps
+
+To learn more about Advisor recommendations, see:
+
+* [Advisor cost recommendations (full list)](advisor-reference-cost-recommendations.md)
+* [Introduction to Advisor](advisor-overview.md)
+* [Advisor score](azure-advisor-score.md)