Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path": "articles/iot-hub/iot-hub-rm-template.md",
+            "redirect_url": "articles/iot-hub/iot-hub-rm-rest",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/visual-studio/vs-storage-cloud-services-getting-started-blobs.md",
             "redirect_url": "/previous-versions/azure/visual-studio/vs-storage-cloud-services-getting-started-blobs",

articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md

@@ -22,7 +22,7 @@ To improve the security of Linux virtual machines (VMs) in Azure, you can integr
 This article shows you how to create and configure a Linux VM and log in with Azure AD by using OpenSSH certificate-based authentication.
 
 > [!IMPORTANT]
-> This capability is now generally available. The previous version that made use of device code flow was [deprecated on August 15, 2021](../../virtual-machines/linux/login-using-aad.md). To migrate from the old version to this version, see the section [Migrate from the previous (preview) version](#migrate-from-the-previous-preview-version).
+> This capability is now generally available. The previous version that made use of device code flow was [deprecated on August 15, 2021](/azure-docs-archive-pr/virtual-machines/linux/login-using-aad). To migrate from the old version to this version, see the section [Migrate from the previous (preview) version](#migrate-from-the-previous-preview-version).
 
 There are many security benefits of using Azure AD with OpenSSH certificate-based authentication to log in to Linux VMs in Azure. They include:
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -200,7 +200,7 @@ To configure role assignments for your Azure AD-enabled Windows Server 2019 Data
 
 The following example uses [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. You obtain the username of your current Azure account by using [az account show](/cli/azure/account#az-account-show), and you set the scope to the VM created in a previous step by using [az vm show](/cli/azure/vm#az-vm-show). 
 
-You can also assign the scope at a resource group or subscription level. Normal Azure RBAC inheritance permissions apply. For more information, see [Log in to a Linux virtual machine in Azure by using Azure Active Directory authentication](../../virtual-machines/linux/login-using-aad.md).
+You can also assign the scope at a resource group or subscription level. Normal Azure RBAC inheritance permissions apply. For more information, see [Log in to a Linux virtual machine in Azure by using Azure Active Directory authentication](/azure-docs-archive-pr/virtual-machines/linux/login-using-aad).
 
 ```AzureCLI
 $username=$(az account show --query user.name --output tsv)

articles/active-directory/fundamentals/secure-with-azure-ad-resource-management.md

@@ -310,14 +310,14 @@ When a requirement exists to deploy IaaS workloads to Azure that require identit
 
 ![Diagram that shows Azure AD authentication to Azure VMs.](media/secure-with-azure-ad-resource-management/sign-into-vm.png)
 
-**Supported operating systems**: Signing into virtual machines in Azure using Azure AD authentication is currently supported in Windows and Linux. For more specifics on supported operating systems, refer to the documentation for [Windows](../devices/howto-vm-sign-in-azure-ad-windows.md) and [Linux](../../virtual-machines/linux/login-using-aad.md).
+**Supported operating systems**: Signing into virtual machines in Azure using Azure AD authentication is currently supported in Windows and Linux. For more specifics on supported operating systems, refer to the documentation for [Windows](../devices/howto-vm-sign-in-azure-ad-windows.md) and [Linux](/azure-docs-archive-pr/virtual-machines/linux/login-using-aad).
 
 **Credentials**: One of the key benefits of signing into virtual machines in Azure using Azure AD authentication is the ability to use the same federated or managed Azure AD credentials that you normally use for access to Azure AD services for sign-in to the virtual machine.
 
 >[!NOTE]
 >The Azure AD tenant that is used for sign-in in this scenario is the Azure AD tenant that is associated with the subscription that the virtual machine has been provisioned into. This Azure AD tenant can be one that has identities synchronized from on-premises AD DS. Organizations should make an informed choice that aligns with their isolation principals when choosing which subscription and Azure AD tenant they wish to use for sign-in to these servers.
 
-**Network Requirements**: These virtual machines will need to access Azure AD for authentication so you must ensure that the virtual machines network configuration permits outbound access to Azure AD endpoints on 443. See the documentation for [Windows](../devices/howto-vm-sign-in-azure-ad-windows.md) and [Linux](../../virtual-machines/linux/login-using-aad.md) for more information.
+**Network Requirements**: These virtual machines will need to access Azure AD for authentication so you must ensure that the virtual machines network configuration permits outbound access to Azure AD endpoints on 443. See the documentation for [Windows](../devices/howto-vm-sign-in-azure-ad-windows.md) and [Linux](/azure-docs-archive-pr/virtual-machines/linux/login-using-aad) for more information.
 
 **Role-based Access Control (RBAC)**: Two RBAC roles are available to provide the appropriate level of access to these virtual machines. These RBAC roles can be configured via the Azure AD Portal or via the Azure Cloud Shell Experience. For more information, see [Configure role assignments for the VM](../devices/howto-vm-sign-in-azure-ad-windows.md).
 

articles/active-directory/manage-apps/configure-permission-classifications.md

@@ -22,7 +22,7 @@ In this article you'll learn how to configure permissions classifications in Azu
 
 Currently, only the "Low impact" permission classification is supported. Only delegated permissions that don't require admin consent can be classified as "Low impact".
 
-The minimum permissions needed to do basic sign in are `openid`, `profile`, `email`, `User.Read` and `offline_access`, which are all delegated permissions on the Microsoft Graph. With these permissions an app can read the full profile details of the signed-in user and can maintain this access even when the user is no longer using the app.
+The minimum permissions needed to do basic sign in are `openid`, `profile`, `email`, and `offline_access`, which are all delegated permissions on the Microsoft Graph. With these permissions an app can read details of the signed-in user's profile, and can maintain this access even when the user is no longer using the app.
 
 ## Prerequisites
 

articles/active-directory/manage-apps/datawiza-azure-ad-sso-oracle-peoplesoft.md

@@ -103,7 +103,7 @@ To integrate Oracle PeopleSoft with Azure AD:
    |:-----------|:-------------|
    | Platform         | Web |
    | App Name         | Enter a unique application name|
-   | Public Domain    | For example: https://ps-external.example.com <br>For testing, you can use localhost DNS. If you aren't deploying DAB behind a load balancer, use the Public Domain port.                      |
+   | Public Domain    | For example: `https://ps-external.example.com` <br>For testing, you can use localhost DNS. If you aren't deploying DAB behind a load balancer, use the Public Domain port.                      |
    | Listen Port      | The port that DAB listens on. |
    | Upstream Servers | The Oracle PeopleSoft implementation URL and port to be protected.|  
 

articles/api-management/api-management-key-concepts.md

@@ -1,31 +1,36 @@
 ---
-title: Azure API Management overview and key concepts | Microsoft Docs
-description: Learn about key scenarios, capabilities, and concepts of the Azure API Management service.
+title: Azure API Management - Overview and key concepts
+description: Introduction to key scenarios, capabilities, and concepts of the Azure API Management service. API Management supports the full API lifecycle.
 services: api-management
 documentationcenter: ''
 author: dlepow
 editor: ''
 
 ms.service: api-management
 ms.topic: overview
-ms.date: 01/07/2022
+ms.date: 09/23/2022
 ms.author: danlep
 ms.custom: mvc
-
-adobe-target: true
-adobe-target-activity: DocsExp–458741–A/B–Docs/APIManagement–Content–FY23Q1
-adobe-target-experience: Experience B
-adobe-target-content: ./api-management-key-concepts-experiment
 ---
 
-# About API Management
+# What is Azure API Management?
+
+This article provides an overview of common scenarios and key components of Azure API Management. Azure API Management is a hybrid, multicloud management platform for APIs across all environments. As a platform-as-a-service, API Management supports the complete API lifecycle.
 
-Azure API Management is a hybrid, multicloud management platform for APIs across all environments. This article provides an overview of common scenarios and key components of API Management.
+> [!TIP]
+> If you're already familiar with API Management and ready to start, see these resources:
+> * [Features and service tiers](api-management-features.md)
+> * [Create an API Management instance](get-started-create-service-instance.md)
+> * [Import and publish an API](import-and-publish.md)
+> * [API Management policies](api-management-howto-policies.md)
 
 ## Scenarios 
 
 APIs enable digital experiences, simplify application integration, underpin new digital products, and make data and services reusable and universally accessible. ​With the proliferation and increasing dependency on APIs, organizations need to manage them as first-class assets throughout their lifecycle.​
 
+:::image type="content" source="media/api-management-key-concepts-experiment/apis-connected-experiences.png" alt-text="Diagram showing role of APIs in connected experiences.":::
+
+
 Azure API Management helps customers meet these challenges:
 
 * Abstract backend architecture diversity and complexity from API consumers
@@ -44,22 +49,23 @@ Common scenarios include:
 
 Azure API Management is made up of an API *gateway*, a *management plane*, and a *developer portal*. These components are Azure-hosted and fully managed by default. API Management is available in various [tiers](api-management-features.md) differing in capacity and features.
 
-:::image type="content" source="media/api-management-key-concepts/api-management-components.png" alt-text="Key components of Azure API Management":::
+:::image type="content" source="media/api-management-key-concepts-experiment/api-management-components.png" alt-text="Diagram showing key components of Azure API Management.":::
 
-### API gateway
+## API gateway
 
 All requests from client applications first reach the API gateway, which then forwards them to respective backend services. The API gateway acts as a facade to the backend services, allowing API providers to abstract API implementations and evolve backend architecture without impacting API consumers. The gateway enables consistent configuration of routing, security, throttling, caching, and observability.
 
 [!INCLUDE [api-management-gateway-role](../../includes/api-management-gateway-role.md)]
 
+### Self-hosted gateway
 With the [self-hosted gateway](self-hosted-gateway-overview.md), customers can deploy the API gateway to the same environments where they host their APIs, to optimize API traffic and ensure compliance with local regulations and guidelines. The self-hosted gateway enables customers with hybrid IT infrastructure to manage APIs hosted on-premises and across clouds from a single API Management service in Azure.
 
-The self-hosted gateway is packaged as a Linux-based Docker container and is commonly deployed to Kubernetes, including to Azure Kubernetes Service and [Azure Arc-enabled Kubernetes](how-to-deploy-self-hosted-gateway-azure-arc.md). 
+The self-hosted gateway is packaged as a Linux-based Docker container and is commonly deployed to Kubernetes, including to Azure Kubernetes Service and [Azure Arc-enabled  Kubernetes](how-to-deploy-self-hosted-gateway-azure-arc.md). 
 
 More information:
 * [API gateway in Azure API Management](api-management-gateways-overview.md)
 
-### Management plane
+## Management plane
 
 API providers interact with the service through the management plane, which provides full access to the API Management service capabilities. 
 
@@ -75,10 +81,12 @@ Use the management plane to:
   * Manage users
 
 
-### Developer portal
+## Developer portal
 
 The open-source [developer portal][Developer portal] is an automatically generated, fully customizable website with the documentation of your APIs. 
 
+:::image type="content" source="media/api-management-key-concepts-experiment/cover.png" alt-text="Screenshot of API Management developer portal - administrator mode." border="false":::
+
 API providers can customize the look and feel of the developer portal by adding custom content, customizing styles, and adding their branding. Extend the developer portal further by [self-hosting](developer-portal-self-host.md).
 
 App developers use the open-source developer portal to discover the APIs, onboard to use them, and learn how to consume them in applications. (APIs can also be exported to the [Power Platform](export-api-power-platform.md) for discovery and use by citizen developers.)
@@ -94,16 +102,21 @@ Using the developer portal, developers can:
 
 ## Integration with Azure services
 
-API Management integrates with many complementary Azure services, including:
+API Management integrates with many complementary Azure services to create enterprise solutions, including:
 
 * [Azure Key Vault](../key-vault/general/overview.md) for secure safekeeping and management of [client certificates](api-management-howto-mutual-certificates.md) and [secrets​](api-management-howto-properties.md)
 * [Azure Monitor](api-management-howto-use-azure-monitor.md) for logging, reporting, and alerting on management operations, systems events, and API requests​
 * [Application Insights](api-management-howto-app-insights.md) for live metrics, end-to-end tracing, and troubleshooting
-* [Virtual networks](virtual-network-concepts.md) and [Application Gateway](api-management-howto-integrate-internal-vnet-appgateway.md) for network-level protection​
+* [Virtual networks](virtual-network-concepts.md), [private endpoints](private-endpoint.md), and [Application Gateway](api-management-howto-integrate-internal-vnet-appgateway.md) for network-level protection​
 * Azure Active Directory for [developer authentication](api-management-howto-aad.md) and [request authorization](api-management-howto-protect-backend-with-aad.md)​
 * [Event Hubs](api-management-howto-log-event-hubs.md) for streaming events​
 * Several Azure compute offerings commonly used to build and host APIs on Azure, including [Functions](import-function-app-as-api.md), [Logic Apps](import-logic-app-as-api.md), [Web Apps](import-app-service-as-api.md), [Service Fabric](how-to-configure-service-fabric-backend.md), and others.​
 
+**More information**:
+* [Basic enterprise integration](/azure/architecture/reference-architectures/enterprise-integration/basic-enterprise-integration?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
+* [Landing zone accelerator](/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
+
+
 ## Key concepts
 
 ### APIs
@@ -112,7 +125,7 @@ APIs are the foundation of an API Management service instance. Each API represen
 
 Operations in API Management are highly configurable, with control over URL mapping, query and path parameters, request and response content, and operation response caching. 
 
-More information:
+**More information**:
 * [Import and publish your first API][How to create APIs]
 * [Mock API responses][How to add operations to an API]
 
@@ -122,7 +135,7 @@ Products are how APIs are surfaced to developers. Products in API Management hav
 
 When a product is ready for use by developers, it can be published. Once published, it can be viewed or subscribed to by developers. Subscription approval is configured at the product level and can either require an administrator's approval or be automatic.
 
-More information:
+**More information**:
 * [Create and publish a product][How to create and publish a product]
 * [Subscriptions in API Management](api-management-subscriptions.md)
 
@@ -140,16 +153,16 @@ Groups are used to manage the visibility of products to developers. API Manageme
 
 Administrators can also create custom groups or use external groups in an [associated Azure Active Directory tenant](api-management-howto-aad.md) to give developers visibility and access to API products. For example, create a custom group for developers in a partner organization to access a specific subset of APIs in a product. A user can belong to more than one group.
 
-More information: 
+**More information**: 
 * [How to create and use groups][How to create and use groups]
 
 ### Developers
 
 Developers represent the user accounts in an API Management service instance. Developers can be created or invited to join by administrators, or they can sign up from the [developer portal][Developer portal]. Each developer is a member of one or more groups, and can subscribe to the products that grant visibility to those groups.
 
-When developers subscribe to a product, they are granted the primary and secondary key for the product for use when calling the product's APIs.
+When developers subscribe to a product, they're granted the primary and secondary key for the product for use when calling the product's APIs.
 
-More information:
+**More information**:
 * [How to manage user accounts][How to create or invite developers]
 
 ### Policies
@@ -160,7 +173,7 @@ Policy expressions can be used as attribute values or text values in any of the
 
 Policies can be applied at different scopes, depending on your needs: global (all APIs), a product, a specific API, or an API operation. 
 
-More information:
+**More information**:
 
 * [Transform and protect your API][How to create and configure advanced product settings].
 * [Policy expressions](./api-management-policy-expressions.md)

articles/api-management/media/api-management-key-concepts/apis-connected-experiences.png

@@ -58,13 +58,13 @@ To install a pre-release version, follow these pre-requisite instructions:
 If you use the Azure CLI extension:
 
 - Uninstall the Azure CLI extension (`az extension remove -n arcdata`).
-- Download the latest pre-release Azure CLI extension `.whl` file from [https://aka.ms/az-cli-arcdata-ext](https://aka.ms/az-cli-arcdata-ext).
+- Download the latest pre-release Azure CLI extension `.whl` file from the link in the [Current preview release information](#Current preview release information)
 - Install the latest pre-release Azure CLI extension (`az extension add -s <location of downloaded .whl file>`).
 
 If you use the Azure Data Studio extension to install:
 
 - Uninstall the Azure Data Studio extension. Select the Extensions panel and select on the **Azure Arc** extension, select **Uninstall**.
-- Download the latest pre-release Azure Data Studio extension .vsix files from [https://aka.ms/ads-arcdata-ext](https://aka.ms/ads-arcdata-ext) and [https://aka.ms/ads-azcli-ext](https://aka.ms/ads-azcli-ext).
+- Download the latest pre-release Azure Data Studio extension .vsix files from the links in the [Current preview release information](#Current preview release information)
 - Install the extensions by choosing File -> Install Extension from VSIX package and then browsing to the download location of the .vsix files. Install the `azcli` extension first and then `arc`.
 
 ### Install using Azure CLI