Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into two-communication-services-articles

Author: ShawnJackson

articles/active-directory-b2c/partner-asignio.md

@@ -6,7 +6,7 @@ author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
+ms.date: 10/03/2024
 ms.author: gasinh
 ms.reviewer: kengaderdus
 ms.subservice: B2C
@@ -65,7 +65,7 @@ The following diagram illustrates the implementation.
 
 1. User opens Azure AD B2C sign in page on their mobile or web application, and then signs in or signs up.
 2. Azure AD B2C redirects the user to Asignio using an OpenID Connect (OIDC) request.
-3. The user is redirected to the Asignio web application for biometric sign in. If the user hasn't registered their Asignio Signature, they can use an SMS One-Time-Password (OTP) to authenticate. After authentication, user receives a registration link to create their Asignio Signature.
+3. The user is redirected to the Asignio web application for biometric sign in. If the user didn't register their Asignio Signature, they can use an SMS One-Time-Password (OTP) to authenticate. After authentication, user receives a registration link to create their Asignio Signature.
 4. The user authenticates with Asignio Signature and facial verification, or voice and facial verification.
 5. The challenge response goes to Asignio. 
 6. Asignio returns the OIDC response to Azure AD B2C sign in.
@@ -76,11 +76,11 @@ The following diagram illustrates the implementation.
 
 Configurating an application with Asignio is with the Asignio Partner Administration site. 
 
-1. Go to asignio.com [Asignio Partner Administration](https://partner.asignio.com) page to request access for your organization. 
+1. To request access for your organization, go to asignio.com [Asignio Partner Administration](https://partner.asignio.com) page. 
 2. With credentials, sign into Asignio Partner Administration.
 3. Create a record for the Azure AD B2C application using your Azure AD B2C tenant. When you use Azure AD B2C with Asignio, Azure AD B2C manages connected applications. Asignio apps represent apps in the Azure portal.
 4. In the Asignio Partner Administration site, generate a Client ID and Client Secret. 
-5. Note and store Client ID and Client Secret. You'll use them later. Asignio doesn't store Client Secrets.
+5. Note and store Client ID and Client Secret. You use them later. Asignio doesn't store Client Secrets.
 6. Enter the redirect URI in your site the user is returned to after authentication. Use the following URI pattern.
 
 `[https://<your-b2c-domain>.b2clogin.com/<your-b2c-domain>.onmicrosoft.com/oauth2/authresp]`.
@@ -99,6 +99,9 @@ For this tutorial, you're registering  `https://jwt.ms`, a Microsoft web applica
 
 Complete [Tutorial: Register a web application in Azure Active Directory B2C](tutorial-register-applications.md?tabs=app-reg-ga)
 
+>[!NOTE]
+>Enable implicit flow only for testing purposes. Don’t enable implicit flow in production.
+
 ## Configure Asignio as an identity provider in Azure AD B2C
 
 For the following instructions, use the Microsoft Entra tenant with the Azure subscription.

articles/active-directory-b2c/partner-trusona.md

@@ -6,7 +6,7 @@ author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 01/26/2024
+ms.date: 10/03/2024
 ms.author: gasinh
 ms.subservice: B2C
 
@@ -40,7 +40,7 @@ The following diagram shows the architecture.
 
 ![Diagram of the xID architecture.](./media/partner-xid/partner-xid-architecture-diagram.png)
 
-1. At the Azure AD B2C sign-in page user signs in or signs up.
+1. At the Azure AD B2C sign-in page, the user signs in or signs up.
 2. Azure AD B2C redirects the user to xID authorize API endpoint using an OpenID Connect (OIDC) request. An OIDC endpoint has endpoint information. xID identity provider (IdP) redirects the user to the xID authorization sign in page. User enters email address.
 3. xID IdP sends push notification to user mobile device.
 4. User opens the xID app, checks the request, enters a PIN, or uses biometrics. xID app activates the private key and creates an electronic signature.
@@ -56,7 +56,7 @@ The following diagram shows the architecture.
 
 ## Install xID
 
-1. To request API documents, fill out the request form.  Go to [Contact Us](https://xid.inc/contact-us). 
+1. To request API documents, fill out the request form. Go to [Contact Us](https://xid.inc/contact-us). 
 2. In the message, indicate you're using Azure AD B2C. 
 3. An xID sales representative contacts you. 
 4. Follow the instructions in the xID API document.
@@ -78,6 +78,9 @@ For testing, you register `https://jwt.ms`, a Microsoft web application with dec
 
 Complete [Tutorial: Register a web application in Azure AD B2C](tutorial-register-applications.md?tabs=app-reg-ga) 
 
+>[!NOTE]
+>Enable implicit flow only for testing purposes. Don’t enable implicit flow in production.
+
 <a name='create-a-xid-policy-key'></a>
 
 ## Create an xID policy key
@@ -407,7 +410,7 @@ There are identity claims xID supports referenced as part of the policy. Claims
 
 The relying party policy, for example [SignUpSignIn.xml](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/main/LocalAccounts/SignUpOrSignin.xml), specifies the user journey the Azure AD B2C executes. 
 
-1. In the relying party,locate the **DefaultUserJourney** element. 
+1. In the relying party, locate the **DefaultUserJourney** element. 
 2. Update the **ReferenceId** to match the user journey ID you added to the identity provider.
 
 In the following example, for the xID user journey, the **ReferenceId** is set to `CombinedSignInAndSignUp`.

articles/active-directory-b2c/partner-xid.md

@@ -11,6 +11,9 @@ ms.collection: ce-skilling-ai-copilot
 ---
 # Azure App Service TLS overview
 
+> [!NOTE]
+> Customers may be aware of [the retirement notification of TLS 1.0 and 1.1 for interactions with Azure services](https://azure.microsoft.com/updates/azure-support-tls-will-end-by-31-october-2024-2/). This retirement does not affect applications running on App Service or Azure Functions.  Applications on either App Service or Azure Functions configured to accept TLS 1.0 or TLS 1.1 for incoming requests will continue to run unaffected.
+
 ## What does TLS do in App Service?
 
 Transport Layer Security (TLS) is a widely adopted security protocol designed to secure connections and communications between servers and clients. App Service allows customers to use TLS/SSL certificates to secure incoming requests to their web apps. App Service currently supports different set of TLS features for customers to secure their web apps. 

articles/app-service/overview-tls.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: conceptual
-ms.date: 09/30/2023
+ms.date: 10/03/2024
 ms.author: greglin
 ---
 
@@ -26,7 +26,7 @@ The [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chrom
 
 To support this change, starting February 17 2020, Application Gateway (all the SKU types) will inject another cookie called *ApplicationGatewayAffinityCORS* in addition to the existing *ApplicationGatewayAffinity* cookie. The *ApplicationGatewayAffinityCORS* cookie has two more attributes added to it (*"SameSite=None; Secure"*) so that sticky sessions are maintained even for cross-origin requests.
 
-Note that the default affinity cookie name is *ApplicationGatewayAffinity* and you can change it. If you deploy multiple application gateway instances in the same network topology, you must set unique cookie names for each instance. If you're using a custom affinity cookie name, an additional cookie is added with `CORS` as suffix. For example: *CustomCookieNameCORS*.
+Note that the default affinity cookie name is *ApplicationGatewayAffinity* and you can change it. If in your network topology, you deploy multiple application gateways in line, you must set unique cookie names for each resource. If you're using a custom affinity cookie name, an additional cookie is added with `CORS` as suffix. For example: *CustomCookieNameCORS*.
 
 > [!NOTE]
 > If the attribute *SameSite=None* is set, it is mandatory that the cookie also contains the *Secure* flag, and must be sent over HTTPS.  If session affinity is required over CORS, you must migrate your workload to HTTPS. 
@@ -35,8 +35,7 @@ Please refer to TLS offload and End-to-End TLS documentation for Application Gat
 ## Connection draining
 
 Connection draining helps you gracefully remove backend pool members during planned service updates. It applies to backend instances that are 
-- explicitly removed from the backend pool,
-- removed during scale-in operations, or
+- explicitly removed from the backend pool, or
 - reported as unhealthy by the health probes.
 
 You can apply this setting to all backend pool members by enabling Connection Draining in the Backend Setting. It ensures that all deregistering instances in a backend pool don't receive any new requests/connections while maintaining the existing connections until the configured timeout value. This is also true for WebSocket connections.

articles/application-gateway/configuration-http-settings.md

@@ -105,9 +105,8 @@ For more information, see [WebSocket support](application-gateway-websocket.md)
 ## Connection draining
 
 Connection draining helps you achieve graceful removal of backend pool members during planned service updates or problems with backend health. This setting is enabled via the [Backend Setting](configuration-http-settings.md) and is applied to all backend pool members during rule creation. Once enabled, the application gateway ensures all deregistering instances of a backend pool don't receive any new requests while allowing existing requests to complete within a configured time limit. It applies to cases where backend instances are:
-- explicitly removed from the backend pool after a configuration change by a user
-- reported as unhealthy by the health probes, or
-- removed during a scale-in operation
+- explicitly removed from the backend pool after a configuration change by a user, or
+- reported as unhealthy by the health probes
 
 The only exception is when requests continue to be proxied to the deregistering instances because of gateway-managed session affinity. 
 

articles/application-gateway/features.md

@@ -61,11 +61,14 @@ Also, Azure Cache for Redis provides more replica nodes in the Premium tier. A [
 
 ## Zone redundancy
 
-Applicable tiers: **Standard (preview)**, **Premium (preview)**, **Enterprise**, **Enterprise Flash**
+Applicable tiers: **Standard (preview)**, **Premium**, **Enterprise**, **Enterprise Flash**
 
 Recommended for: **High availability**, **Disaster recovery - intra region**
 
-Azure Cache for Redis supports zone redundant configurations in the Standard (preview), Premium (preview), and Enterprise tiers. A [zone redundant cache](cache-how-to-zone-redundancy.md) can place its nodes across different [Azure Availability Zones](../reliability/availability-zones-overview.md) in the same region. It eliminates data center or Availability Zone outage as a single point of failure and increases the overall availability of your cache.
+Azure Cache for Redis supports zone redundant configurations in the Standard (preview), Premium, and Enterprise tiers. A [zone redundant cache](cache-how-to-zone-redundancy.md) can place its nodes across different [Azure Availability Zones](../reliability/availability-zones-overview.md) in the same region. It eliminates data center or Availability Zone outage as a single point of failure and increases the overall availability of your cache.
+
+> [!NOTE]
+> On the Premium caches, only _automatic zone allocation_ is in public preview. Manual selection of availability zones us unchanged. Manual selection is GA (General Availability).
 
 If a cache is configured to use two or more zones as described earlier in the article, the cache nodes are created in different zones. When a zone goes down, cache nodes in other zones are available to keep the cache functioning as usual.
 

articles/azure-cache-for-redis/cache-high-availability.md

@@ -11,9 +11,9 @@ ms.date: 08/05/2024
 
 # Enable zone redundancy for Azure Cache for Redis
 
-In this article, you'll learn how to configure a zone-redundant Azure Cache instance using the Azure portal.
+In this article, you learn how to configure a zone-redundant Azure Cache instance using the Azure portal.
 
-Azure Cache for Redis Standard (Preview), Premium (Premium), and Enterprise tiers provide built-in redundancy by hosting each cache on two dedicated virtual machines (VMs). Even though these VMs are located in separate [Azure fault and update domains](/azure/virtual-machines/availability) and highly available, they're susceptible to data center-level failures. Azure Cache for Redis also supports zone redundancy in its Standard (preview), Premium (preview) and Enterprise tiers. A zone-redundant cache runs on VMs spread across multiple [Availability Zones](../reliability/availability-zones-overview.md). It provides higher resilience and availability.
+Azure Cache for Redis Standard (preview), Premium, and Enterprise tiers provide built-in redundancy by hosting each cache on two dedicated virtual machines (VMs). Even though these VMs are located in separate [Azure fault and update domains](/azure/virtual-machines/availability) and highly available, they're susceptible to data center-level failures. Azure Cache for Redis also supports zone redundancy in its Standard (preview), Premium, and Enterprise tiers. A zone-redundant cache runs on VMs spread across multiple [Availability Zones](../reliability/availability-zones-overview.md). It provides higher resilience and availability.
 
 ## Prerequisites
 
@@ -36,12 +36,15 @@ To create a cache, follow these steps:
     | **Subscription** | Select your subscription. | The subscription under which to create this new Azure Cache for Redis instance. |
     | **Resource group** | Select a resource group, or select **Create new** and enter a new resource group name. | Name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together. |
     | **DNS name** | Enter a globally unique name. | The cache name must be a string between 1 and 63 characters that contains only numbers, letters, or hyphens. The name must start and end with a number or letter, and can't contain consecutive hyphens. Your cache instance's *host name* will be *\<DNS name>.redis.cache.windows.net*. |
-    | **Location** | Select a location. | Select a [region](https://azure.microsoft.com/regions/) near other services that will use your cache. |
+    | **Location** | Select a location. | Select a [region](https://azure.microsoft.com/regions/) near other services that use your cache. |
     | **Cache type** | Select a [Premium or Enterprise tier](https://azure.microsoft.com/pricing/details/cache/) cache. |  The pricing tier determines the size, performance, and features that are available for the cache. For more information, see [Azure Cache for Redis Overview](cache-overview.md). |
 
 1. For Standard or Premium tier cache, select **Advanced** in the Resource menu. To enable zone resiliency with automatic zone allocation, select **(Preview) Select zones automatically**.
 
-   :::image type="content" source="media/cache-how-to-zone-redundancy/cache-availability-zone.png" alt-text="Screenshot showing the Advanced tab with a red box around Availability zones.:":::
+    > [!NOTE]
+    > On the Premium caches, only _automatic zone selection_ is in public preview. Manual selection of availability zones us unchanged. Manual selection is GA (General Availability).
+
+   :::image type="content" source="media/cache-how-to-zone-redundancy/cache-availability-zone.png" alt-text="Screenshot showing the Advanced tab with a red box around Availability zones.":::
 
    For an Enterprise tier cache, select **Advanced** in the Resource menu. For **Zone redundancy**, select **Zone redundant (recommended)**.
 
@@ -53,9 +56,9 @@ To create a cache, follow these steps:
     > Automatic Zone Allocation cannot be modified once enabled for a cache.
 
     > [!IMPORTANT]
-    > Enabling Automatic Zone Allocation is currently NOT supported for Geo Replicated caches or caches with VNET injection.
+    > Enabling Automatic Zone Allocation (preview) is currently NOT supported for Geo-replicated caches or caches with VNET injection.
 
-1. Availability zones can be selected manually for Premium tier caches. The count of availability zones must always be less than or equal to the Replica count for the cache.
+1. Availability zones can be selected manually for Premium tier caches. The number of availability zones must always be less than or equal to the total number of nodes for the cache. 
 
    :::image type="content" source="media/cache-how-to-zone-redundancy/cache-premium-replica-count.png" alt-text="Screenshot showing Availability zones set to one and Replica count set to three.":::
 
@@ -83,11 +86,11 @@ Zone redundancy is available only in Azure regions that have Availability Zones.
 
 ### Why can't I select all three zones during cache create?
 
-A Premium cache has one primary and one replica node by default. To configure zone redundancy for more than two Availability Zones, you need to add [more replicas](cache-how-to-multi-replicas.md) to the cache you're creating.
+A Premium cache has one primary and one replica node by default. To configure zone redundancy for more than two Availability Zones, you need to add [more replicas](cache-how-to-multi-replicas.md) to the cache you're creating. The total number of availability zones must not exceed the combined count of nodes within the cache, including both the primary and replica nodes.
 
 ### Can I update my existing Standard or Premium cache to use zone redundancy?
 
-Yes, updating an existing Standard or Premium cache to use zone redundancy is supported. You can enable it by selecting **Allocate Zones automatically** from the **Advanced settings** on the Resource menu. You cannot disable zone redundancy once you have enabled it.
+Yes, updating an existing Standard or Premium cache to use zone redundancy is supported. You can enable it by selecting **Allocate Zones automatically** from the **Advanced settings** on the Resource menu. You can't disable zone redundancy once you enable it.
 
   > [!IMPORTANT]
   > Automatic Zone Allocation cannot be modified once enabled for a cache.
@@ -97,7 +100,7 @@ Yes, updating an existing Standard or Premium cache to use zone redundancy is su
 
 ### How much does it cost to replicate my data across Azure Availability Zones?
 
-When your cache uses zone redundancy configured with multiple Availability Zones, data is replicated from the primary cache node in one zone to the other node(s) in another zone(s). The data transfer charge is the network egress cost of data moving across the selected Availability Zones. For more information, see [Bandwidth Pricing Details](https://azure.microsoft.com/pricing/details/bandwidth/).
+When your cache uses zone redundancy configured with multiple Availability Zones, data is replicated from the primary cache node in one zone to the other nodes in another zone. The data transfer charge is the network egress cost of data moving across the selected Availability Zones. For more information, see [Bandwidth Pricing Details](https://azure.microsoft.com/pricing/details/bandwidth/).
 
 ## Next Steps