Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into cogserv

Author: PatrickFarley

.openpublishing.redirection.azure-monitor.json

@@ -510,6 +510,11 @@
             "source_path_from_root": "/articles/azure-monitor/logs/workspace-design-service-providers.md" ,
             "redirect_url": "/azure/azure-monitor/logs/workspace-design",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-transition-hybrid.md" ,
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-onboard",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -22348,6 +22348,11 @@
     "redirect_url":  "/azure/storage/common/customer-managed-keys-configure-key-vault",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/storage/common/customer-managed-keys-configure-key-vault.md",
+    "redirect_url":  "/azure/storage/common/customer-managed-keys-configure-existing-account",
+    "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/storage/common/encryption-customer-managed-keys.md",
     "redirect_url":  "/azure/storage/common/customer-managed-keys-overview",

articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md

@@ -171,7 +171,7 @@ In the sample folder, open the *config.json* file. This file contains informatio
 
 |Section  |Key  |Value  |
 |---------|---------|---------|
-|credentials|tenantName| The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). For example: `contoso`.|
+|credentials|tenantName| Your Azure AD B2C [domain/tenant name](tenant-management.md#get-your-tenant-name). For example: `contoso.ommicrosoft.com`.|
 |credentials|clientID| The web API application ID from step [2.1](#21-register-the-web-api-application). In the [earlier diagram](#app-registration), it's the application with **App ID: 2**.|
 |credentials| issuer| (Optional) The token issuer `iss` claim value. Azure AD B2C by default returns the token in the following format: `https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/`. Replace `<your-tenant-name>` with the first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). Replace `<your-tenant-ID>` with your [Azure AD B2C tenant ID](tenant-management.md#get-your-tenant-id). |
 |policies|policyName|The user flow or custom policy that you created in [step 1](#step-1-configure-your-user-flow). If your application uses multiple user flows or custom policies, specify only one. For example, use the sign-up or sign-in user flow.|
@@ -182,7 +182,7 @@ Your final configuration file should look like the following JSON:
 ```json
 {
     "credentials": {
-        "tenantName": "<your-tenant-name>",
+        "tenantName": "<your-tenant-name>.ommicrosoft.com",
         "clientID": "<your-webapi-application-ID>",
         "issuer": "https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/"
     },

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -60,8 +60,8 @@ Note, the [list](/graph/api/authentication-list-phonemethods) operation returns
 
 An email address that can be used by a [username sign-in account](sign-in-options.md#username-sign-in) to reset the password. For more information, see [Azure AD authentication methods API](/graph/api/resources/emailauthenticationmethod).
 
-- [Add](/graph/api/emailauthenticationmethod-post)
-- [List](/graph/api/emailauthenticationmethod-list)
+- [Add](/graph/api/authentication-post-emailmethods)
+- [List](/graph/api/authentication-list-emailmethods)
 - [Get](/graph/api/emailauthenticationmethod-get)
 - [Update](/graph/api/emailauthenticationmethod-update)
 - [Delete](/graph/api/emailauthenticationmethod-delete)

articles/active-directory-b2c/partner-dynamics-365-fraud-protection.md

@@ -10,14 +10,14 @@ ms.reviewer: kengaderdus
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 5/12/2021
+ms.date: 08/28/2022
 ms.author: gasinh
 ms.subservice: B2C
 ---
 
 # Tutorial: Configure Microsoft Dynamics 365 Fraud Protection with Azure Active Directory B2C
 
-In this sample tutorial, learn how to integrate [Microsoft Dynamics 365 Fraud Protection](/dynamics365/fraud-protection/overview) (DFP) with Azure Active Directory (AD) B2C.
+In this sample tutorial, learn how to integrate [Microsoft Dynamics 365 Fraud Protection](/dynamics365/fraud-protection/ap-overview) (DFP) with Azure Active Directory (AD) B2C.
 
 Microsoft DFP provides organizations with the capability to assess the risk of attempts to create fraudulent accounts and  log-ins. Microsoft DFP assessment can be used by the customer to block or challenge suspicious attempts to create new fake accounts or to compromise existing accounts.
 

articles/active-directory/app-provisioning/on-premises-application-provisioning-architecture.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/11/2022
+ms.date: 08/26/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -31,6 +31,8 @@ There are three primary components to provisioning users into an on-premises app
 > Microsoft Identity Manager Synchronization isn't required. But you can use it to build and test your ECMA connector before you import it into the ECMA host.
 
 
+> [!VIDEO https://www.youtube.com/embed/QdfdpaFolys]
+
 ### Firewall requirements
 
 You don't need to open inbound connections to the corporate network. The provisioning agents only use outbound connections to the provisioning service, which means there's no need to open firewall ports for incoming connections. You also don't need a perimeter (DMZ) network because all connections are outbound and take place over a secure channel.
@@ -60,9 +62,9 @@ When we think of traditional DNs in a traditional format, for say, Active Direct
 
   `CN=Lola Jacobson,CN=Users,DC=contoso,DC=com`
 
-However, for a data source such as SQL, which is flat, not hierarchical, the DN needs to be either already present in one of the table or created from the information we provide to the ECMA Connector Host.  
+However, for a data source such as SQL, which is flat, not hierarchical, the DN needs to be either already present in one of the tables or created from the information we provide to the ECMA Connector Host.  
 
-This can be achieved by checking **Autogenerated** in the checkbox when configuring the genericSQL connector. When you choose DN to be autogenerated, the ECMA host will generate a DN in an LDAP format: CN=<anchorvalue>,OBJECT=<type>. This also assumes that DN is Anchor is **unchecked** in the Connectivity page. 
+This can be achieved by checking **Autogenerated** in the checkbox when configuring the genericSQL connector. When you choose DN to be autogenerated, the ECMA host will generate a DN in an LDAP format: CN=<anchorvalue>,OBJECT=<type>. This also assumes that the DN is Anchor **unchecked** in the Connectivity page. 
 
  [![DN is Anchor unchecked](.\media\on-premises-application-provisioning-architecture\user-2.png)](.\media\on-premises-application-provisioning-architecture\user-2.png#lightbox)
 
@@ -79,14 +81,14 @@ Since ECMA Connector Host currently only supports the USER object type, the OBJE
 You can define one or more matching attribute(s) and prioritize them based on the precedence.  Should you want to change the matching attribute you can also do so.
  [![Matching attribute](.\media\on-premises-application-provisioning-architecture\match-1.png)](.\media\on-premises-application-provisioning-architecture\match-1.png#lightbox)
 
-2.  ECMA Connector Host receives the GET request and queries its internal cache to see if the user exists and has based imported.  This is done using the matching attribute(s) above. If you define multiple matching attributes, the Azure AD provisioning service will send a GET request for each attribute and the ECMA host will check it's cache for a match until it finds one.   
+2.  ECMA Connector Host receives the GET request and queries its internal cache to see if the user exists and has based imported.  This is done using the matching attribute(s) above. If you define multiple matching attributes, the Azure AD provisioning service will send a GET request for each attribute and the ECMA host will check its cache for a match until it finds one.   
 
 3. If the user does not exist, Azure AD will make a POST request to create the user.  The ECMA Connector Host will respond back to Azure AD with the HTTP 201 and provide an ID for the user. This ID is derived from the anchor value defined in the object types page. This anchor will be used by Azure AD to query the ECMA Connector Host for future and subsequent requests. 
 4. If a change happens to the user in Azure AD, then Azure AD will make a GET request to retrieve the user using the anchor from the previous step, rather than the matching attribute in step 1. This allows, for example, the UPN to change without breaking the link between the user in Azure AD and in the app.  
 
 
 ## Agent best practices
-- Using the same agent for the on-prem provisioning feature along with Workday / SuccessFactors / Azure AD Connect Cloud Sync is currently unsupported. We are actively working to support on-prem provisioning on the same agent as the other provisioning scenarios.
+- Using the same agent for the on-premises provisioning feature along with Workday / SuccessFactors / Azure AD Connect Cloud Sync is currently unsupported. We are actively working to support on-premises provisioning on the same agent as the other provisioning scenarios.
 - - Avoid all forms of inline inspection on outbound TLS communications between agents and Azure. This type of inline inspection causes degradation to the communication flow.
 - The agent must communicate with both Azure and your application, so the placement of the agent affects the latency of those two connections. You can minimize the latency of the end-to-end traffic by optimizing each network connection. Each connection can be optimized by:
   - Reducing the distance between the two ends of the hop.
@@ -135,7 +137,7 @@ You can also check whether all the required ports are open.
      - Microsoft Azure AD Connect Provisioning Agent Package
 
 ## Provisioning agent history
-This article lists the versions and features of Azure Active Directory Connect Provisioning Agent that have been released. The Azure AD team regularly updates the Provisioning Agent with new features and functionality. Please ensure that you do not use the same agent for on-prem provisioning and Cloud Sync / HR-driven provisioning.
+This article lists the versions and features of Azure Active Directory Connect Provisioning Agent that have been released. The Azure AD team regularly updates the Provisioning Agent with new features and functionality. Please ensure that you do not use the same agent for on-premises provisioning and Cloud Sync / HR-driven provisioning.
 
 Microsoft provides direct support for the latest agent version and one version before.
 

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 07/05/2022
+ms.date: 08/25/2022
 ms.author: billmath
 ms.reviewer: arvinh
 ---
@@ -22,6 +22,7 @@ The Azure Active Directory (Azure AD) provisioning service supports a [SCIM 2.0]
 - An Azure AD tenant with Azure AD Premium P1 or Premium P2 (or EMS E3 or E5). [!INCLUDE [active-directory-p1-license.md](../../../includes/active-directory-p1-license.md)]
 - Administrator role for installing the agent. This task is a one-time effort and should be an Azure account that's either a hybrid administrator or a global administrator. 
 - Administrator role for configuring the application in the cloud (application administrator, cloud application administrator, global administrator, or a custom role with permissions).
+- A computer with at least 3 GB of RAM, to host a provisioning agent. The computer should have Windows Server 2016 or a later version of Windows Server, with connectivity to the target application, and with outbound connectivity to login.microsoftonline.com, other Microsoft Online Services and Azure domains. An example is a Windows Server 2016 virtual machine hosted in Azure IaaS or behind a proxy.
 
 ## Deploying Azure AD provisioning agent
 The Azure AD Provisioning agent can be deployed on the same server hosting a SCIM enabled application, or a seperate server, providing it has line of sight to the application's SCIM endpoint. A single agent also supports provision to multiple applications hosted locally on the same server or seperate hosts, again as long as each SCIM endpoint is reachable by the agent.  
@@ -49,6 +50,9 @@ Once the agent is installed, no further configuration is necesary on-prem, and a
  12.  Go to the **Provisioning** pane, and select **Start provisioning**.
  13.  Monitor using the [provisioning logs](../../active-directory/reports-monitoring/concept-provisioning-logs.md).
 
+The following video provides an overview of on-premises provisoning.
+> [!VIDEO https://www.youtube.com/embed/QdfdpaFolys]
+
 ## Additional requirements
 * Ensure your [SCIM](https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010) implementation meets the [Azure AD SCIM requirements](use-scim-to-provision-users-and-groups.md).
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -969,8 +969,8 @@ The SCIM endpoint must have an HTTP address and server authentication certificat
 
 The .NET Core SDK includes an HTTPS development certificate that can be used during development, the certificate is installed as part of the first-run experience. Depending on how you run the ASP.NET Core Web Application it will listen to a different port:
 
-* Microsoft.SCIM.WebHostSample: <https://localhost:5001>
-* IIS Express: <https://localhost:44359/>
+* Microsoft.SCIM.WebHostSample: `https://localhost:5001`
+* IIS Express: `https://localhost:44359`
 
 For more information on HTTPS in ASP.NET Core use the following link:
 [Enforce HTTPS in ASP.NET Core](/aspnet/core/security/enforcing-ssl)

articles/active-directory/app-proxy/index.yml

@@ -10,7 +10,7 @@ metadata:
    ms.subservice: app-proxy
    ms.workload: identity
    ms.topic: landing-page
-   ms.date: 04/27/2021
+   ms.date: 08/29/2022
    author: kenwith
    ms.author: kenwith
    manager: amycolannino

articles/active-directory/app-proxy/what-is-application-proxy.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-proxy
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/27/2021
+ms.date: 08/29/2022
 ms.author: kenwith
 ms.reviewer: ashishj
 ms.custom: has-adal-ref
@@ -62,7 +62,8 @@ In today's digital workplace, users work anywhere with multiple devices and apps
 
 With Application Proxy, Azure AD keeps track of users who need to access web apps published on-premises and in the cloud. It provides a central management point for those apps. While not required, it's recommended you also enable Azure AD Conditional Access. By defining conditions for how users authenticate and gain access, you further ensure that the right people access your applications.
 
-**Note:** It's important to understand that Azure AD Application Proxy is intended as a VPN or reverse proxy replacement for roaming (or remote) users who need access to internal resources. It's not intended for internal users on the corporate network. Internal users who unnecessarily use Application Proxy can introduce unexpected and undesirable performance issues.
+> [!NOTE]
+> It's important to understand that Azure AD Application Proxy is intended as a VPN or reverse proxy replacement for roaming (or remote) users who need access to internal resources. It's not intended for internal users on the corporate network. Internal users who unnecessarily use Application Proxy can introduce unexpected and undesirable performance issues.
 
 ![Azure Active Directory and all your apps](media/what-is-application-proxy/azure-ad-and-all-your-apps.png)