Merge pull request #262530 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST, 1/5

Author: ttorble

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 12/01/2023
+ms.date: 01/05/2024
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference
@@ -15,6 +15,15 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Microsoft Entra ID](../active-directory/fundamentals/whats-new.md), [Azure AD B2C developer release notes](custom-policy-developer-notes.md) and [What's new in Microsoft Entra External ID](/entra/external-id/whats-new-docs).
 
+## December 2023
+
+### Updated articles
+
+- [Set up a resource owner password credentials flow in Azure Active Directory B2C](add-ropc-policy.md) - Updated ROPC flow limitations
+- [Add user attributes and customize user input in Azure Active Directory B2C](configure-user-input.md) - Updated instructional steps
+- [Set up sign-up and sign-in with a Google account using Azure Active Directory B2C](identity-provider-google.md) - Editorial updates
+- [Localization string IDs](localization-string-ids.md) - Updated the localization string IDs
+
 ## November 2023
 
 ### Updated articles
@@ -41,25 +50,5 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 - [Azure AD B2C: Frequently asked questions (FAQ)](faq.yml) - Editorial updates
 - [Enable JavaScript and page layout versions in Azure Active Directory B2C](javascript-and-page-layout.md) - Added breaking change on script tags
 
-## September 2023
-
-### Updated articles
-
-- [Supported Microsoft Entra ID features](supported-azure-ad-features.md) - Editorial updates
-- [Publish your Azure Active Directory B2C app to the Microsoft Entra app gallery](publish-app-to-azure-ad-app-gallery.md) - Editorial updates
-- [Secure your API used an API connector in Azure AD B2C](secure-rest-api.md) - Editorial updates
-- [Azure AD B2C: Frequently asked questions (FAQ)'](faq.yml) - Editorial updates
-- [Define an ID token hint technical profile in an Azure Active Directory B2C custom policy](id-token-hint.md) - Editorial updates
-- [Set up sign-in for multitenant Microsoft Entra ID using custom policies in Azure Active Directory B2C](identity-provider-azure-ad-multi-tenant.md) - Editorial updates
-- [Set up sign-in for a specific Microsoft Entra organization in Azure Active Directory B2C](identity-provider-azure-ad-single-tenant.md) - Editorial updates
-- [Localization string IDs](localization-string-ids.md) - Editorial updates
-- [Define a Microsoft Entra ID multifactor authentication technical profile in an Azure AD B2C custom policy](multi-factor-auth-technical-profile.md) - Editorial updates
-- [Define a Microsoft Entra ID SSPR technical profile in an Azure AD B2C custom policy](aad-sspr-technical-profile.md) - Editorial updates
-- [Define a Microsoft Entra technical profile in an Azure Active Directory B2C custom policy](active-directory-technical-profile.md) - Editorial updates
-- [Monitor Azure AD B2C with Azure Monitor](azure-monitor.md) - Editorial updates
-- [Billing model for Azure Active Directory B2C](billing.md) - Editorial updates
-- [Enable custom domains for Azure Active Directory B2C](custom-domain.md) - Editorial updates
-- [Set up a sign-up and sign-in flow with a social account by using Azure Active Directory B2C custom policy](custom-policies-series-sign-up-or-sign-in-federation.md) - Editorial updates
-- [Create and read a user account by using Azure Active Directory B2C custom policy](custom-policies-series-store-user.md) - Editorial updates
 
 

articles/app-service/configure-ssl-certificate.md

@@ -309,6 +309,12 @@ After the certificate renews inside your key vault, App Service automatically sy
 - [Azure CLI: Bind a custom TLS/SSL certificate to a web app](scripts/cli-configure-ssl-certificate.md)
 - [Azure PowerShell Bind a custom TLS/SSL certificate to a web app using PowerShell](scripts/powershell-configure-ssl-certificate.md)
 
+#### Can I configure a private CA certificate on my app?
+
+App Service has a list of Trusted Root Certificates which you cannot modify in the multi-tenant variant version of App Service, but you can load your own CA certificate in the Trusted Root Store in an App Service Environment (ASE), which is a single-tenant environment in App Service. (The Free, Basic, Standard, and Premium App Service Plans are all multi-tenant, and the Isolated Plans are single-tenant.)
+- [Private client certificate](environment/overview-certificates.md)
+
+
 ## More resources
 
 * [Secure a custom DNS name with a TLS/SSL binding in Azure App Service](configure-ssl-bindings.md)

articles/app-service/troubleshoot-diagnostic-logs.md

@@ -219,6 +219,8 @@ The following table shows the supported log types and descriptions:
 
 ## Networking considerations
 
+- App Service logs aren't supported using Regional VNet integration, our recommendation is to use the Diagnostic settings feature.
+
 If you secure your Azure Storage account by [only allowing selected networks](../storage/common/storage-network-security.md#change-the-default-network-access-rule), it can receive logs from App Service only if both of the following are true:
 
 - The Azure Storage account is in a different Azure region from the App Service app.

articles/azure-arc/system-center-virtual-machine-manager/enable-virtual-hardware-scvmm.md

@@ -0,0 +1,41 @@
+---
+title:  Enable virtual hardware and VM CRUD capabilities in an SCVMM machine with Arc agent installed
+description: Enable virtual hardware and VM CRUD capabilities in an SCVMM machine with Arc agent installed
+ms.topic: how-to 
+ms.date: 01/05/2024
+ms.service: azure-arc
+ms.subservice: azure-arc-scvmm
+author: Farha-Bano
+ms.author: v-farhabano
+manager: jsuri
+ms.custom: 
+---
+
+# Enable virtual hardware and VM CRUD capabilities in an SCVMM machine with Arc agent installed
+
+In this article, you learn how to enable virtual hardware management and VM CRUD operational ability on an SCVMM VM that has Arc agents installed via the Arc-enabled Servers route.
+
+>[!IMPORTANT]
+> This article is applicable only if you've installed Arc agents directly in SCVMM machines before onboarding to Azure Arc-enabled SCVMM by deploying Arc resource bridge. 
+
+## Prerequisites
+
+- An Azure subscription and resource group where you have *Arc ScVmm VM Administrator* role. 
+- Your SCVMM management server instance must be [onboarded](quickstart-connect-system-center-virtual-machine-manager-to-arc.md) to Azure Arc.
+
+## Enable virtual hardware management and self-service access to SCVMM VMs with Arc agent installed
+
+1. From your browser, go to [Azure portal](https://portal.azure.com/).
+
+1. Navigate to the Virtual machines inventory page of your SCVMM management servers. The virtual machines that have Arc agent installed via the Arc-enabled Servers route will have **Link to SCVMM management server** status under virtual hardware management.
+
+1. Select **Link to SCVMM management server** to view the pane with the list of all the machines under SCVMM management server with Arc agent installed but not linked to the SCVMM management server in Azure Arc.
+
+1. Choose all the machines that need to be enabled in Azure, and select **Link** to link the machines to SCVMM management server.
+
+1. After you link to SCVMM management server, the virtual hardware status will reflect as **Enabled** for all the VMs, and you can perform virtual hardware operations. 
+
+## Next steps
+
+[Set up and manage self-service access to SCVMM resources](set-up-and-manage-self-service-access-scvmm.md).
+

articles/azure-arc/system-center-virtual-machine-manager/toc.yml

@@ -24,6 +24,8 @@
     items:
     - name: Enable SCVMM inventory resources in Azure
       href: enable-scvmm-inventory-resources.md
+    - name: Enable virtual hardware and VM CRUD capabilities in an SCVMM machine with Arc agent installed
+      href: enable-virtual-hardware-scvmm.md
   - name: Use VM lifecycle and self-serve capabilities
     items:
     - name: Set up and manage self-service access to SCVMM resources

articles/azure-signalr/signalr-concept-client-negotiation.md

@@ -216,6 +216,74 @@ public SignalRConnectionInfo Negotiate([HttpTrigger(AuthorizationLevel.Anonymous
 
 Then your clients can request the function endpoint `https://<Your Function App Name>.azurewebsites.net/api/negotiate` to get the service URL and access token. You can find a full sample on [GitHub](https://github.com/aspnet/AzureSignalR-samples/tree/main/samples/BidirectionChat).
 
+### Self-exposing `/negotiate` endpoint
+
+You could also expose the negotiation endpoint in your own server and return the negotiation response by yourself if you are using other languages. 
+
+#### Using ConnectionString
+
+Below is a pseudo code in JavaScript showing how to implement the negotiation endpoint for hub `chat` and generate access token from Azure SignalR connection string.
+
+```js
+import express from 'express';
+const connectionString = '<your-connection-string>';
+const hub = 'chat';
+let app = express();
+app.post('/chat/negotiate', (req, res) => {
+  let endpoint = /Endpoint=(.*?);/.exec(connectionString)[1];
+  let accessKey = /AccessKey=(.*?);/.exec(connectionString)[1];
+  let url = `${endpoint}/client/?hub=${hub}`;
+  let token = jwt.sign({ aud: url }, accessKey, { expiresIn: 3600 });
+  res.json({ url: url, accessToken: token });
+});
+app.listen(8080, () => console.log('server started'));
+```
+
+A JavaScript SignalR client then connects with URL `/chat`:
+
+```js
+let connection = new signalR.HubConnectionBuilder().withUrl('/chat').build();
+connection.start();
+```
+
+#### Using Microsoft Entra ID
+Azure SignalR also provides REST API `POST /api/hubs/${hub}/:generateToken?api-version=2022-11-01&userId=${userId}&minutesToExpire=${minutesToExpire}` to generate the client access token for you when you are using Microsoft Entra ID.
+
+The steps are:
+1. Follow [Add role assignments](signalr-howto-authorize-application.md#add-role-assignments-in-the-azure-portal) to assign role `SignalR REST API Owner` or `SignalR Service Owner` to your identity so that your identity has the permission to invoke the REST API to generate the client access token.
+2. Use Azure Identity client library to fetch the Microsoft Entra ID token with scope `https://signalr.azure.com/.default`
+3. Use this token to visit the generate token REST API
+4. Return the client access token in the negotiation response.
+
+Below is a pseudo code in JavaScript showing how to implement the negotiation endpoint for hub `chat` and get access token using Microsoft Entra ID and REST API `/generateToken`.
+```js
+import express from "express";
+import axios from "axios";
+import { DefaultAzureCredential } from "@azure/identity";
+
+const endpoint = "https://<your-service>.service.signalr.net";
+const hub = "chat";
+const generateTokenUrl = `${endpoint}/api/hubs/${hub}/:generateToken?api-version=2022-11-01`;
+let app = express();
+app.get("/chat/negotiate", async (req, res) => {
+  // use DefaultAzureCredential to get the Entra ID token to call the Azure SignalR REST API
+  const credential = new DefaultAzureCredential();
+  const entraIdToken = await credential.getToken("https://signalr.azure.com/.default");
+  const token = (
+    await axios.post(generateTokenUrl, undefined, {
+      headers: {
+        "content-type": "application/json",
+        Authorization: `Bearer ${entraIdToken.token}`,
+      },
+    })
+  ).data.token;
+  let url = `${endpoint}/client/?hub=${hub}`;
+  res.json({ url: url, accessToken: token });
+});
+app.listen(8080, () => console.log("server started"));
+
+```
+
 ## Next steps
 
 To learn more about how to use default and serverless modes, see the following articles:

articles/backup/backup-overview.md

@@ -2,8 +2,8 @@
 title: What is Azure Backup?
 description: Provides an overview of the Azure Backup service, and how it contributes to your business continuity and disaster recovery (BCDR) strategy.
 ms.topic: overview
-ms.date: 04/01/2023
-ms.custom: mvc
+ms.date: 01/05/2024
+ms.custom: mvc, engagement-fy24
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
@@ -23,6 +23,9 @@ The Azure Backup service provides simple, secure, and cost-effective solutions t
 - **SAP HANA databases in Azure VMs** - [Backup SAP HANA databases running on Azure VMs](backup-azure-sap-hana-database.md)
 - **Azure Database for PostgreSQL servers** -  [Back up Azure PostgreSQL databases and retain the backups for up to 10 years](backup-azure-database-postgresql.md)
 - **Azure Blobs** - [Overview of operational backup for Azure Blobs](blob-backup-overview.md)
+- **Azure Database for PostgreSQL Flexible server** - [Overview of Azure Database for PostgreSQL Flexible server backup (preview)](backup-azure-database-postgresql-flex-overview.md)
+- **Azure Kubernetes service** - [Overview of AKS backup](azure-kubernetes-service-backup-overview.md)
+
 
 ![Azure Backup Overview](./media/backup-overview/azure-backup-overview.png)
 

articles/hdinsight/hadoop/apache-hadoop-on-premises-migration-best-practices-storage.md

@@ -4,7 +4,7 @@ description: Learn storage best practices for migrating on-premises Hadoop clust
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 12/31/2022
+ms.date: 01/04/2024
 ---
 
 # Migrate on-premises Apache Hadoop clusters to Azure HDInsight
@@ -98,7 +98,7 @@ In the past, cloud-based analytics had to compromise in areas of performance, ma
 
 - **Works with Blob storage tools, frameworks, and apps**: Data Lake Storage Gen2 continues to work with a wide array of tools, frameworks, and applications that exist today for Blob storage.
 
-- **Optimized driver**: The Azure Blob Filesystem driver (ABFS) is [optimized specifically](../../storage/blobs/data-lake-storage-abfs-driver.md) for big data analytics. The corresponding REST APIs are surfaced through the dfs endpoint, dfs.core.windows.net.
+- **Optimized driver**: The Azure Blob Filesystem driver (ABFS) is [optimized specifically](../../storage/blobs/data-lake-storage-abfs-driver.md) for big data analytics. The corresponding REST APIs are surfaced through the `dfs` endpoint, dfs.core.windows.net.
 
 One of the following formats can be used to access data that is stored in ADLS Gen2:
 - `abfs:///`: Access the default Data Lake Storage for the cluster.

articles/hdinsight/hbase/apache-hbase-phoenix-performance.md

@@ -4,7 +4,7 @@ description: Best practices to optimize Apache Phoenix performance for Azure HDI
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 12/26/2022
+ms.date: 01/04/2024
 ---
 
 # Apache Phoenix performance best practices
@@ -42,7 +42,7 @@ With this new primary key the row keys generated by Phoenix would be:
 |  Dole-John-111|1111 San Gabriel Dr.|1-425-000-0002|    John|Dole| 111 |
 |  Raji-Calvin-222|5415 San Gabriel Dr.|1-230-555-0191|  Calvin|Raji| 222 |
 
-In the first row above, the data for the rowkey is represented as shown:
+In the first row of given table, the data for the rowkey is represented as shown:
 
 |rowkey|       key|   value|
 |------|--------------------|---|
@@ -107,7 +107,7 @@ Secondary indexes can improve read performance by turning what would be a full t
 
 Covered indexes are indexes that include data from the row in addition to the values that are indexed. After finding the desired index entry, there's no need to access the primary table.
 
-For example, in the example contact table you could create a secondary index on just the socialSecurityNum column. This secondary index would speed up queries that filter by socialSecurityNum values, but retrieving other field values will require another read against the main table.
+For example, in the example contact table you could create a secondary index on just the socialSecurityNum column. This secondary index would speed up queries that filter by socialSecurityNum values, but retrieving other field values require another read against the main table.
 
 |rowkey|       address|   phone| firstName| lastName| socialSecurityNum |
 |------|--------------------|--------------|-------------|--------------| ---|
@@ -145,7 +145,7 @@ The main considerations in query design are:
 
 ### Understand the query plan
 
-In [SQLLine](http://sqlline.sourceforge.net/), use EXPLAIN followed by your SQL query to view the plan of operations that Phoenix will perform. Check that the plan:
+In [SQLLine](http://sqlline.sourceforge.net/), use EXPLAIN followed by your SQL query to view the plan of operations that Phoenix performs. Check that the plan:
 
 * Uses your primary key when appropriate.
 * Uses appropriate secondary indexes, rather than the data table.
@@ -155,13 +155,13 @@ In [SQLLine](http://sqlline.sourceforge.net/), use EXPLAIN followed by your SQL
 
 As an example, say you have a table called FLIGHTS that stores flight delay information.
 
-To select all the flights with an airlineid of `19805`, where airlineid is a field that isn't in the primary key or in any index:
+To select all the flights with an `airlineid` of `19805`, where `airlineid` is a field that isn't in the primary key or in any index:
 
 ```sql
 select * from "FLIGHTS" where airlineid = '19805';
 ```
 
-Run the explain command as follows:
+Run the explained command as follows:
 
 ```sql
 explain select * from "FLIGHTS" where airlineid = '19805';
@@ -196,13 +196,13 @@ CLIENT 1-CHUNK PARALLEL 1-WAY ROUND ROBIN RANGE SCAN OVER FLIGHTS [2014,1,2,'AA'
 
 The values in square brackets are the range of values for the primary keys. In this case, the range values are fixed with year 2014, month 1, and dayofmonth 2, but allow values for flightnum starting with 2 and on up (`*`). This query plan confirms that the primary key is being used as expected.
 
-Next, create an index on the FLIGHTS table named `carrier2_idx` that is on the carrier field only. This index also includes flightdate, tailnum, origin, and flightnum as covered columns whose data is also stored in the index.
+Next, create an index on the FLIGHTS table named `carrier2_idx` that is on the carrier field only. This index also includes `flightdate`, `tailnum`, `origin`, and `flightnum` as covered columns whose data is also stored in the index.
 
 ```sql
 CREATE INDEX carrier2_idx ON FLIGHTS (carrier) INCLUDE(FLIGHTDATE,TAILNUM,ORIGIN,FLIGHTNUM);
 ```
 
-Say you want to get the carrier along with the flightdate and tailnum, as in the following query:
+Say you want to get the carrier along with the `flightdate` and `tailnum`, as in the following query:
 
 ```sql
 explain select carrier,flightdate,tailnum from "FLIGHTS" where carrier = 'AA';