Merge pull request #231576 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/cloud-sync/tutorial-pilot-aadc-aadccp.md

@@ -57,7 +57,7 @@ The following are prerequisites required for completing this tutorial
 As a minimum, you should have [Azure AD connect](https://www.microsoft.com/download/details.aspx?id=47594) 1.4.32.0. To update Azure AD Connect sync, complete the steps in [Azure AD Connect: Upgrade to the latest version](../hybrid/how-to-upgrade-previous-version.md).  
 
 ## Back up your Azure AD Connect configuration
-Before making any changes, you should back up your Azure AD Connect configuration.  This way, you can role-back.  See [Import and export Azure AD Connect configuration settings](../hybrid/how-to-connect-import-export-config.md) for more information.
+Before making any changes, you should back up your Azure AD Connect configuration.  This way, you can roll back to your previous configuration.  See [Import and export Azure AD Connect configuration settings](../hybrid/how-to-connect-import-export-config.md) for more information.
 
 ## Stop the scheduler
 

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -111,6 +111,8 @@ A persistent browser session allows users to remain signed in after closing and
 
 The Azure AD default for browser session persistence allows users on personal devices to choose whether to persist the session by showing a “Stay signed in?” prompt after successful authentication. If browser persistence is configured in AD FS using the guidance in the article [AD FS single sign-on settings](/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online), we'll comply with that policy and persist the Azure AD session as well. You can also configure whether users in your tenant see the “Stay signed in?” prompt by changing the appropriate setting in the [company branding pane](../fundamentals/customize-branding.md).
 
+In persistent browsers, cookies stay stored in the user’s device even after a user closes the browser. These cookies could have access to Azure Active Directory artifacts, and those artifacts are useable until token expiry regardless of the Conditional Access policies placed on the resource environment. So, token caching can be in direct violation of desired security policies for authentication. While it may seem convenient to store tokens beyond the current session, doing so can create a security vulnerability by allowing unauthorized access to Azure Active Directory artifacts.
+
 ## Configuring authentication session controls
 
 Conditional Access is an Azure AD Premium capability and requires a premium license. If you would like to learn more about Conditional Access, see [What is Conditional Access in Azure Active Directory?](overview.md#license-requirements)
@@ -196,4 +198,4 @@ We factor for five minutes of clock skew, so that we don’t prompt users more o
 
 ## Next steps
 
-* If you're ready to configure Conditional Access policies for your environment, see the article [Plan a Conditional Access deployment](plan-conditional-access.md).
+* If you're ready to configure Conditional Access policies for your environment, see the article [Plan a Conditional Access deployment](plan-conditional-access.md).

articles/active-directory/hybrid/tutorial-password-hash-sync.md

@@ -113,7 +113,7 @@ Before you install Windows Server AD, run a script that installs prerequisites:
     $ipprefix = "24" 
     $ipgw = "10.0.1.1" 
     $ipdns = "10.0.1.117"
-    $ipdns2 = "8.8.8.8" 
+    $ipdns2 = "4.2.2.2" 
     $ipif = (Get-NetAdapter).ifIndex 
     $featureLogPath = "c:\poshlog\featurelog.txt" 
     $newname = "DC1"

articles/active-directory/roles/delegate-app-roles.md

@@ -43,7 +43,7 @@ By default in Azure AD, all users can register applications and manage all aspec
 
 ### Grant individual permissions to create and consent to applications when the default ability is disabled
 
-Assign the Application Developer role to grant the ability to create application registrations when the **Users can register applications** setting is set to No. This role also grants permission to consent on one's own behalf when the **Users can consent to apps accessing company data on their behalf** setting is set to No.
+Assign the [Application Developer role](../roles/permissions-reference.md#application-developer) to grant the ability to create application registrations when the **Users can register applications** setting is set to No. This role also grants permission to consent on one's own behalf when the **Users can consent to apps accessing company data on their behalf** setting is set to No.
 
 ## Assign application owners
 

articles/active-directory/verifiable-credentials/presentation-request-api.md

@@ -52,7 +52,7 @@ Authorization: Bearer  <token>
 {
     "includeQRCode": true,
     "callback": {
-      "url": "https://www.contoso.com/api/verifier/presentationCallbac",
+      "url": "https://www.contoso.com/api/verifier/presentationCallback",
       "state": "11111111-2222-2222-2222-333333333333",
       "headers": {
         "api-key": "an-api-key-can-go-here"

articles/mariadb/quickstart-create-mariadb-server-database-bicep.md

@@ -1,5 +1,5 @@
 ---
-title: 'Quickstart: Create an Azure DB for MariaDB - Bicep'
+title: 'Quickstart: Create an Azure Database for MariaDB - Bicep'
 description: In this Quickstart article, learn how to create an Azure Database for MariaDB server using Bicep.
 author: rothja
 ms.author: jroth