Merge pull request #192786 from MicrosoftDocs/main

3/24 AM Publish

Author: huypub

articles/active-directory-b2c/deploy-custom-policies-devops.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/26/2021
+ms.date: 03/25/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -24,7 +24,7 @@ ms.subservice: B2C
 ## Prerequisites
 
 * Complete the steps in the [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).
-* If you haven't created an DevOps organization, create one by following the instructions in [Sign up, sign in to Azure DevOps](/azure/devops/user-guide/sign-up-invite-teammates).  
+* If you haven't created a DevOps organization, create one by following the instructions in [Sign up, sign in to Azure DevOps](/azure/devops/user-guide/sign-up-invite-teammates).  
 
 ## Register an application for management tasks
 
@@ -93,7 +93,7 @@ try {
     
                 $graphuri = 'https://graph.microsoft.com/beta/trustframework/policies/' + $PolicyId + '/$value'
                 $content = [System.Text.Encoding]::UTF8.GetBytes($policycontent)
-                $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers
+                $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers -ContentType "application/xml; charset=utf-8"
     
                 Write-Host "Policy" $PolicyId "uploaded successfully."
             }
@@ -162,7 +162,7 @@ A pipeline task is a pre-packaged script that performs an action. Add a task tha
 
 1. In the pipeline you created, select the **Tasks** tab.
 1. Select **Agent job**, and then select the plus sign (**+**) to add a task to the Agent job.
-1. Search for and select **PowerShell**. Do not select "Azure PowerShell," "PowerShell on target machines," or another PowerShell entry.
+1. Search for and select **PowerShell**. Don't select "Azure PowerShell," "PowerShell on target machines," or another PowerShell entry.
 1. Select newly added **PowerShell Script** task.
 1. Enter following values for the PowerShell Script task:
     * **Task version**: 2.*

articles/active-directory-domain-services/concepts-migration-benefits.md

@@ -38,7 +38,7 @@ After migration, Azure AD DS provides many features that are only available for
 * [Email notifications for alerts on your managed domain][email-alerts].
 * [Use Azure Workbooks and Azure monitor to view audit logs and sign-in activity][workbooks].
 * In supported regions, [Azure Availability Zones][availability-zones].
-* Integrations with other Azure products such as [Azure Files][azure-files], [HD Insights][hd-insights], and [Windows Virtual Desktop][wvd].
+* Integrations with other Azure products such as [Azure Files][azure-files], [HD Insights][hd-insights], and [Azure Virtual Desktop][avd].
 * Support has access to more telemetry and can help troubleshoot more effectively.
 * Encryption at rest using [Azure Managed Disks][managed-disks] for the data on the managed domain controllers.
 
@@ -55,7 +55,7 @@ To get started, see [Migrate Azure AD Domain Services from the Classic virtual n
 [workbooks]: use-azure-monitor-workbooks.md
 [azure-files]: ../storage/files/storage-files-identity-auth-active-directory-domain-service-enable.md
 [hd-insights]: ../hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds.md
-[wvd]: ../virtual-desktop/overview.md
+[avd]: ../virtual-desktop/overview.md
 [availability-zones]: ../availability-zones/az-overview.md
 [howto-migrate]: migrate-from-classic-vnet.md
 [attributes]: synchronization.md#attribute-synchronization-and-mapping-to-azure-ad-ds

articles/active-directory/authentication/active-directory-passwords-faq.yml

@@ -92,9 +92,10 @@ sections:
         answer: |
             > Yes, there are security features built into password reset to protect it from misuse. 
             >
-            > Users can try only five password reset attempts within a 24 hour period before they're locked out for 24 hours. 
             >
-            > Users can try to validate a phone number, send a SMS, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
+            > Users can attempt to validate their information (such as their phone number), but if they're unable to prove their identity five times within a 24-hour period, they're locked out for 24 hours.
+            >
+            > Users can try to validate a phone number, auth app, send a SMS, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
             >
             > Users can send an email a maximum of 10 times within a 10 minute period before they're locked out for 24 hours.
             >

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -331,6 +331,19 @@ The following script is available to perform basic health check steps when troub
 
 [MFA_NPS_Troubleshooter.ps1](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/)
 
+### How to fix the error "Service principal was not found" while running `AzureMfaNpsExtnConfigSetup.ps1` script? 
+
+If for any reason the "Azure Multi-Factor Auth Client" service principal was not created in the tenant , it can be manually created by running the `New-MsolServicePrincipal` cmdlet as shown below. 
+
+```powershell
+import-module MSOnline
+Connect-MsolService
+New-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -DisplayName "Azure Multi-Factor Auth Client"
+```
+Once done , go to https://aad.portal.azure.com > "Enterprise Applications" > Search for "Azure Multi-Factor Auth Client" > Check properties for this app > Confirm if the service principal is enabled or disabled > Click on the application entry > Go to Properties of the app > If the option "Enabled for users to sign-in? is set to No in Properties of this app , please set it to Yes.
+
+Run the `AzureMfaNpsExtnConfigSetup.ps1` script again and it should not return the `Service principal was not found` error. 
+
 ### How do I verify that the client cert is installed as expected?
 
 Look for the self-signed certificate created by the installer in the cert store, and check that the private key has permissions granted to user *NETWORK SERVICE*. The cert has a subject name of **CN \<tenantid\>, OU = Microsoft NPS Extension**

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -97,7 +97,6 @@ The following key applications are included in the Office 365 client app:
 - Microsoft Whiteboard Services
 - Office Delve
 - Office Online
-- Office.com
 - OneDrive
 - Power Apps
 - Power Automate
@@ -202,4 +201,4 @@ For more information about authentication context use in applications, see the f
 
 - [Conditional Access: Conditions](concept-conditional-access-conditions.md)
 - [Conditional Access common policies](concept-conditional-access-policy-common.md)
-- [Client application dependencies](service-dependencies.md)
+- [Client application dependencies](service-dependencies.md)

articles/advisor/advisor-operational-excellence-recommendations.md

@@ -58,10 +58,10 @@ If the customer finds it in their best interest to assign the same policy again,
 
 
 ## No validation environment enabled
-Azure Advisor determines that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected \"No\" for \"Validation environment\" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Windows Virtual Desktop service deployments with early detection of potential issues. [Learn more](../virtual-desktop/create-validation-host-pool.md)
+Azure Advisor determines that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected \"No\" for \"Validation environment\" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Azure Virtual Desktop service deployments with early detection of potential issues. [Learn more](../virtual-desktop/create-validation-host-pool.md)
 
 ## Ensure production (non-validation) environment to benefit from stable functionality
-Azure Advisor detects that too many of your host pools have validation environment enabled. In order for validation environments to best serve their purpose, you should have at least one, but never more than half of your host pools in validation environment. By having a healthy balance between your host pools with validation environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Windows Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select \"No\" next to the \"Validation Environment\" setting.
+Azure Advisor detects that too many of your host pools have validation environment enabled. In order for validation environments to best serve their purpose, you should have at least one, but never more than half of your host pools in validation environment. By having a healthy balance between your host pools with validation environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Azure Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select \"No\" next to the \"Validation Environment\" setting.
 
 ## Enable Traffic Analytics to view insights into traffic patterns across Azure resources
 Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in Azure. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow. With traffic analytics, you can view top talkers across Azure and non Azure deployments, investigate open ports, protocols and malicious flows in your environment and optimize your network deployment for performance. You can process flow logs at 10 mins and 60 mins processing intervals, giving you faster analytics on your traffic. It's a good practice to enable Traffic Analytics for your Azure resources. 

articles/advisor/advisor-performance-recommendations.md

@@ -164,8 +164,8 @@ Advisor analysis indicates that your MySQL server may be incurring unnecessary I
 ## Distribute data in server group to distribute workload among nodes
 Advisor identifies the server groups where the data has not been distributed but stays on the coordinator. Based on this, Advisor recommends that for full Hyperscale (Citus) benefits distribute data on worker nodes for your server groups. This will improve query performance by utilizing resource of each node in the server group. [Learn more](https://go.microsoft.com/fwlink/?linkid=2135201) 
 
-## Improve user experience and connectivity by deploying VMs closer to Windows Virtual Desktop deployment location
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the WVD service and a better overall quality of experience. [Learn more about connection latency here](../virtual-desktop/connection-latency.md).
+## Improve user experience and connectivity by deploying VMs closer to Azure Virtual Desktop deployment location
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the Azure Virtual Desktop service and a better overall quality of experience. [Learn more about connection latency here](../virtual-desktop/connection-latency.md).
 
 ## Upgrade to the latest version of the Immersive Reader SDK
 We have identified resources under this subscription using outdated versions of the Immersive Reader SDK. Using the latest version of the Immersive Reader SDK provides you with updated security, performance and an expanded set of features for customizing and enhancing your integration experience.
@@ -175,7 +175,7 @@ Learn more about [Immersive reader SDK](../applied-ai-services/immersive-reader/
 
 Advisor detects that you have a host pool that has depth first set as the load balancing algorithm, and that host pool's max session limit is greater than or equal to 999999. Depth first load balancing uses the max session limit to determine the maximum number of users that can have concurrent sessions on a single session host. If the max session limit is too high, all user sessions will be directed to the same session host, and this will cause performance and reliability issues. Therefore, when setting a host pool to have depth first load balancing, you must set an appropriate max session limit according to the configuration of your deployment and capacity of your VMs. 
 
-To learn more about load balancing in Windows Virtual Desktop, see [Configure the Windows Virtual Desktop load-balancing method](../virtual-desktop/troubleshoot-set-up-overview.md).
+To learn more about load balancing in Azure Virtual Desktop, see [Host pool load-balancing algorithms](../virtual-desktop/host-pool-load-balancing.md).
 
 ## Upgrade to the latest version of the Azure Communication Services SDKs
 

articles/advisor/advisor-reference-operational-excellence-recommendations.md

@@ -193,13 +193,13 @@ Learn more about [Host Pool - AVDStartVMonConnect (Permissions missing for start
 
 ### No validation environment enabled
 
-We have determined that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected "No" for "Validation environment" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Windows Virtual Desktop service deployments with early detection of potential issues.
+We have determined that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected "No" for "Validation environment" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Azure Virtual Desktop service deployments with early detection of potential issues.
 
 Learn more about [Host Pool - ValidationEnvHostPools (No validation environment enabled)](../virtual-desktop/create-validation-host-pool.md).
 
 ### Not enough production environments enabled
 
-We have determined that too many of your host pools have Validation Environment enabled. In order for Validation Environments to best serve their purpose, you should have at least one, but never more than half of your host pools in Validation Environment. By having a healthy balance between your host pools with Validation Environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Windows Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select "No" next to the "Validation Environment" setting.
+We have determined that too many of your host pools have Validation Environment enabled. In order for Validation Environments to best serve their purpose, you should have at least one, but never more than half of your host pools in Validation Environment. By having a healthy balance between your host pools with Validation Environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Azure Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select "No" next to the "Validation Environment" setting.
 
 Learn more about [Host Pool - ProductionEnvHostPools (Not enough production environments enabled)](../virtual-desktop/create-host-pools-powershell.md).
 

articles/advisor/advisor-reference-performance-recommendations.md

@@ -138,7 +138,7 @@ Learn more about [Communication service - UpgradeTurnSdk (Use recommended versio
 
 ### Improve user experience and connectivity by deploying VMs closer to user’s location.
 
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD.
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop.
 
 Learn more about [Virtual machine - RegionProximitySessionHosts (Improve user experience and connectivity by deploying VMs closer to user’s location.)](../virtual-desktop/connection-latency.md).
 
@@ -542,7 +542,7 @@ Learn more about [Azure Database for PostgreSQL flexible server - OrcasPostgreSq
 
 ### Improve user experience and connectivity by deploying VMs closer to user’s location.
 
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the WVD service and a better overall quality of experience.
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the Azure Virtual Desktop service and a better overall quality of experience.
 
 Learn more about [Host Pool - RegionProximityHostPools (Improve user experience and connectivity by deploying VMs closer to user’s location.)](../virtual-desktop/connection-latency.md).
 

articles/advisor/advisor-reference-reliability-recommendations.md

@@ -89,11 +89,11 @@ We have identified that your Virtual Machine might be running a version of Check
 
 Learn more about [Virtual machine - CheckPointPlatformServicingKnownIssueA (Check Point Virtual Machine may lose Network Connectivity.)](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk151752&partition=Advanced&product=CloudGuard).
 
-### Access to mandatory URLs missing for your Windows Virtual Desktop environment
+### Access to mandatory URLs missing for your Azure Virtual Desktop environment
 
-In order for a session host to deploy and register to WVD properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting "Learn More" link, you will be able to see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
+In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting the "Learn More" link, you will be able to see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
 
-Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Windows Virtual Desktop environment)](../virtual-desktop/safe-url-list.md).
+Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Azure Virtual Desktop environment)](../virtual-desktop/safe-url-list.md).
 
 ## PostgreSQL