Merge pull request #249565 from MicrosoftDocs/repo_sync_working_branch

rmca14 · web-flow · commit 636c6be5550d · 2023-08-28T15:18:17.000-07:00
Resolve syncing conflicts from repo_sync_working_branch to main
diff --git a/articles/active-directory/conditional-access/concept-conditional-access-conditions.md b/articles/active-directory/conditional-access/concept-conditional-access-conditions.md
@@ -176,7 +176,7 @@ This setting has an effect on access attempts made from the following mobile app
 | Outlook mobile app | Exchange Online | Android, iOS |
 | Power BI app | Power BI service | Windows 10, Windows 8.1, Windows 7, Android, and iOS |
 | Skype for Business | Exchange Online| Android, iOS |
-| Visual Studio Team Services app | Visual Studio Team Services | Windows 10, Windows 8.1, Windows 7, iOS, and Android |
+| Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) app | Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) | Windows 10, Windows 8.1, Windows 7, iOS, and Android |
 
 ### Exchange ActiveSync clients
 
diff --git a/articles/active-directory/develop/msal-android-single-sign-on.md b/articles/active-directory/develop/msal-android-single-sign-on.md
@@ -179,6 +179,9 @@ If the application uses a `WebView` strategy without integrating Microsoft Authe
 
 If the application uses MSAL with a broker like Microsoft Authenticator or Intune Company Portal, then users can have SSO experience across applications if they have an active sign-in with one of the apps.
 
+> [!NOTE]
+> MSAL with broker utilizes WebViews instead of Custom Tabs. As a result, the Single Sign-On (SSO) state is not extended to other apps that use Custom Tabs.
+
 ### WebView
 
 To use the in-app WebView, put the following line in the app configuration JSON that is passed to MSAL:
diff --git a/articles/active-directory/devices/concept-primary-refresh-token.md b/articles/active-directory/devices/concept-primary-refresh-token.md
@@ -158,6 +158,9 @@ The following diagrams illustrate the underlying details in issuing, renewing, a
 > [!NOTE]
 > In Azure AD joined devices, Azure AD PRT issuance (steps A-F) happens synchronously before the user can logon to Windows. In hybrid Azure AD joined devices, on-premises Active Directory is the primary authority. So, the user is able to login hybrid Azure AD joined Windows after they can acquire a TGT to login, while the PRT issuance happens asynchronously. This scenario does not apply to Azure AD registered devices as logon does not use Azure AD credentials.
 
+> [!NOTE]
+> In a Hybrid Azure AD joined Windows environment, the issuance of the PRT occurs asynchronously. The issuance of the PRT may fail due to issues with the federation provider. This failure can result in sign on issues when users try to access cloud resources. It is important to troubleshoot this scenario with the federation provider.
+
 | Step | Description |
 | :---: | --- |
 | A | User enters their password in the sign in UI. LogonUI passes the credentials in an auth buffer to LSA, which in turns passes it internally to CloudAP. CloudAP forwards this request to the CloudAP plugin. |
diff --git a/articles/active-directory/fundamentals/security-defaults.md b/articles/active-directory/fundamentals/security-defaults.md
@@ -147,6 +147,7 @@ It's important to verify the identity of users who want to access Azure Resource
 After you enable security defaults in your tenant, any user accessing the following services must complete multifactor authentication: 
 
 - Azure portal
+- Microsoft Entra admin center
 - Azure PowerShell 
 - Azure CLI 
 
diff --git a/articles/active-directory/hybrid/connect/reference-connect-adsynctools.md b/articles/active-directory/hybrid/connect/reference-connect-adsynctools.md
@@ -333,6 +333,7 @@ Accept wildcard characters: False
 ```
 #### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters).
+
 ## Export-ADSyncToolsAadDisconnectors
 ### SYNOPSIS
 Export Azure AD Disconnector objects
@@ -373,9 +374,57 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 Use ObjectType argument in case you want to export Disconnectors for a given object type only
 ### OUTPUTS
 Exports a CSV file with Disconnector objects containing: 
-
 UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId and CloudAnchor
 
+## Export-ADSyncToolsAadPublicFolders
+### SYNOPSIS
+Exports all synchronized Mail-Enabled Public Folder objects from AzureAD to a CSV file
+### SYNTAX
+```
+Export-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-Path] <Object> [<CommonParameters>]
+```
+### DESCRIPTION
+This function exports to a CSV file all the synchronized Mail-Enabled Public Folders (MEPF) present in Azure AD.
+It can be used in conjunction with Remove-ADSyncToolsAadPublicFolders to identify and remove orphaned Mail-Enabled Public Folders in Azure AD.
+This function requires the credentials of a Global Administrator in Azure AD and authentication with MFA is not supported.
+NOTE: If DirSync has been disabled on the tenant, you will need to temporarily re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Azure AD.
+### EXAMPLES
+#### EXAMPLE 1
+```
+Export-ADSyncToolsAadPublicFolders -Credential $(Get-Credential) -Path <file_name>
+```
+### PARAMETERS
+#### -Credential
+Azure AD Global Admin Credential
+```yaml
+Type: PSCredential
+Parameter Sets: (All)
+Aliases:
+Required: true
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -Path
+Path for output file
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: true
+Position: 2
+Default value: None
+Accept pipeline input: false (ByPropertyName)
+Accept wildcard characters: false
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters).
+### INPUTS
+
+### OUTPUTS
+This cmdlet creates the <filename> containing all synced Mail-Enabled PublicFolder objects in CSV format.
+    
 ## Export-ADSyncToolsHybridAadJoinReport
 ### SYNOPSIS
 Generates a report of certificates stored in Active Directory Computer objects, specifically, 
@@ -1150,6 +1199,76 @@ InputCsvFilename must point to a CSV file with at least 2 columns: SourceAnchor,
 ### OUTPUTS
 Shows results from ExportDeletions operation
 DISCLAIMER: Other than User objects that have a Recycle Bin, any other object types DELETED with this function cannot be RECOVERED!
+
+## Remove-ADSyncToolsAadPublicFolders
+### SYNOPSIS
+Removes synchronized Mail-Enabled Public Folders (MEPF) present from AzureAD.
+You can specify one SourceAnchor/ImmutableID for the target MEPF object to delete, or provide a CSV list with a batch of objects to delete when used in conjunction with Export-ADSyncToolsAadPublicFolders.
+This function requires the credentials of a Global Administrator in Azure AD and authentication with MFA is not supported.
+NOTE: If DirSync has been disabled on the tenant, you'll need to temporary re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Azure AD.
+### SYNTAX
+```
+Export-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-Path] <Object> [<CommonParameters>]
+```
+### DESCRIPTION
+This function exports to a CSV file all the synchronized Mail-Enabled Public Folders (MEPF) present in Azure AD.
+It can be used in conjunction with Remove-ADSyncToolsAadPublicFolders to identify and remove orphaned Mail-Enabled Public Folders in Azure AD.
+This function requires the credentials of a Global Administrator in Azure AD and authentication with MFA is not supported.
+NOTE: If DirSync has been disabled on the tenant, you will need to temporarily re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Azure AD.
+### EXAMPLES
+#### EXAMPLE 1
+```
+Remove-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-InputCsvFilename] <Object> [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+#### EXAMPLE 2
+```
+Remove-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-SourceAnchor] <Object> [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+### PARAMETERS
+#### -Credential
+Azure AD Global Admin Credential
+```yaml
+Type: PSCredential
+Parameter Sets: (All)
+Aliases:
+Required: true
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -InputCsvFilename
+Path for input CSV file
+```yaml
+Type: String
+Parameter Sets: InputCsv
+Aliases:
+Required: true
+Position: 2
+Default value: None
+Accept pipeline input: true (ByPropertyName)
+Accept wildcard characters: false
+```
+#### -SourceAnchor
+Target SourceAnchor/ImmutableID
+```yaml
+Type: String
+Parameter Sets: SourceAnchor
+Aliases:
+Required: true
+Position: 2
+Default value: None
+Accept pipeline input: true (ByPropertyName)
+Accept wildcard characters: false
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters).
+### INPUTS
+The CSV input file can be generated using Export-ADSyncToolsAadPublicFolders.
+Path parameters must point to a CSV file with at least 2 columns: SourceAnchor, SyncObjectType.
+### OUTPUTS
+Shows results from ExportDeletions operation.
+
 ## Remove-ADSyncToolsExpiredCertificates
 ### SYNOPSIS
 Script to Remove Expired Certificates from UserCertificate Attribute
diff --git a/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md b/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md
@@ -90,6 +90,8 @@ SQL DB requires unique Azure AD display names. With this, the Azure AD accounts
 
     > [!NOTE]
     > `VMName` in the following command is the name of the VM that you enabled system assigned identity on in the prerequisites section.
+    > 
+    > If you encounter the error "Principal `VMName` has a duplicate display name", append the CREATE USER statement with WITH OBJECT_ID='xxx'.
 
     ```sql
     ALTER ROLE db_datareader ADD MEMBER [VMName]
diff --git a/articles/app-service/scripts/cli-continuous-deployment-vsts.md b/articles/app-service/scripts/cli-continuous-deployment-vsts.md
@@ -35,11 +35,11 @@ This sample script creates an app in App Service with its related resources, and
 Create the following variables containing your GitHub information.
 
 ```azurecli
-gitrepo=<Replace with your Visual Studio Team Services repo URL>
-token=<Replace with a Visual Studio Team Services personal access token>
+gitrepo=<Replace with your Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) repo URL>
+token=<Replace with a Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) personal access token>
 ```
 
-Configure continuous deployment from Visual Studio Team Services. The `--git-token` parameter is required only once per Azure account (Azure remembers token).
+Configure continuous deployment from Azure DevOps Services (formerly Visual Studio Team Services, or VSTS). The `--git-token` parameter is required only once per Azure account (Azure remembers token).
 
 ```azurecli
 az webapp deployment source config --name $webapp --resource-group $resourceGroup \
diff --git a/articles/azure-monitor/logs/daily-cap.md b/articles/azure-monitor/logs/daily-cap.md
@@ -86,7 +86,7 @@ Until September 18, 2023, the following is true. If a workspace enabled the [Mic
 To set or change the daily cap for a Log Analytics workspace in the Azure portal:  
 
 1. From the **Log Analytics workspaces** menu, select your workspace, and then **Usage and estimated costs**.
-2. Select **Data Cap** at the top of the page. 
+2. Select **Daily Cap** at the top of the page. 
 3. Select **ON** and then set the data volume limit in GB/day.
 
 :::image type="content" source="media/manage-cost-storage/set-daily-volume-cap-01.png" lightbox="media/manage-cost-storage/set-daily-volume-cap-01.png" alt-text="Log Analytics configure data limit":::
diff --git a/articles/batch/batch-automatic-scaling.md b/articles/batch/batch-automatic-scaling.md
@@ -59,7 +59,7 @@ $TargetDedicatedNodes=min(maxNumberofVMs, pendingTaskSamples);
 $NodeDeallocationOption = taskcompletion;
 ```
 > [!IMPORTANT]
-> Currently, Batch Service has limitaion with the resolution of the pending tasks. When a task is added to the job, it's also added into a internal queue used by Batch service for scheduling. If the task is deleted before it can be scheduled, the task might persist within the queue, causing it to still be counted in `$PendingTasks`. This deleted task will eventually be cleared from the queue when Batch gets chance to pull tasks from the queue to schedule with idle nodes in the Batch pool.
+> Currently, Batch Service has limitations with the resolution of the pending tasks. When a task is added to the job, it's also added into a internal queue used by Batch service for scheduling. If the task is deleted before it can be scheduled, the task might persist within the queue, causing it to still be counted in `$PendingTasks`. This deleted task will eventually be cleared from the queue when Batch gets chance to pull tasks from the queue to schedule with idle nodes in the Batch pool.
 
 #### Preempted nodes
 
diff --git a/articles/communication-services/concepts/numbers/phone-number-management-for-united-kingdom.md b/articles/communication-services/concepts/numbers/phone-number-management-for-united-kingdom.md
@@ -21,7 +21,7 @@ Use the below tables to find all the relevant information on number availability
 
 | Number Type | Send SMS             | Receive SMS          | Make Calls           | Receive Calls          |
 | :---------- | :------------------- | :------------------- | :------------------- | :--------------------- |
-| Toll-Free   |General Availability  | General Availability | General Availability | General Availability\* |
+| Toll-Free   | -                    | -                    | General Availability | General Availability\* |
 | Local       | -                    | -                    | General Availability | General Availability\* |
 |Alphanumeric Sender ID\**|Public Preview|-|-|-|
 
diff --git a/articles/cosmos-db/nosql/how-to-dotnet-read-item.md b/articles/cosmos-db/nosql/how-to-dotnet-read-item.md
@@ -41,7 +41,7 @@ The following example point reads a single item asynchronously and returns a des
 
 :::code language="csharp" source="~/cosmos-db-nosql-dotnet-samples/275-read-item/Program.cs" id="read_item" :::
 
-The [``Database.ReadItemAsync<>``](/dotnet/api/microsoft.azure.cosmos.container.readitemasync) method reads and item and returns an object of type [``ItemResponse<>``](/dotnet/api/microsoft.azure.cosmos.itemresponse-1). The **ItemResponse<>** type inherits from the [``Response<>``](/dotnet/api/microsoft.azure.cosmos.response-1) type, which contains an implicit conversion operator to convert the object into the generic type. To learn more about implicit operators, see [user-defined conversion operators](/dotnet/csharp/language-reference/operators/user-defined-conversion-operators).
+The [``Database.ReadItemAsync<>``](/dotnet/api/microsoft.azure.cosmos.container.readitemasync) method reads an item and returns an object of type [``ItemResponse<>``](/dotnet/api/microsoft.azure.cosmos.itemresponse-1). The **ItemResponse<>** type inherits from the [``Response<>``](/dotnet/api/microsoft.azure.cosmos.response-1) type, which contains an implicit conversion operator to convert the object into the generic type. To learn more about implicit operators, see [user-defined conversion operators](/dotnet/csharp/language-reference/operators/user-defined-conversion-operators).
 
 Alternatively, you can return the **ItemResponse<>** generic type and explicitly get the resource. The more general **ItemResponse<>** type also contains useful metadata about the underlying API operation. In this example, metadata about the request unit charge for this operation is gathered using the **RequestCharge** property.
 
diff --git a/articles/data-factory/deploy-linked-arm-templates-with-vsts.md b/articles/data-factory/deploy-linked-arm-templates-with-vsts.md
@@ -1,7 +1,7 @@
 ---
 title: Deploy linked ARM templates with VSTS
 titleSuffix: Azure Data Factory & Azure Synapse
-description: Learn how to deploy linked ARM templates with Visual Studio Team Services (VSTS). 
+description: Learn how to deploy linked ARM templates with Azure DevOps Services (formerly Visual Studio Team Services, or VSTS).
 author: jonburchel
 ms.service: data-factory
 ms.subservice: 
@@ -14,7 +14,7 @@ ms.author: jburchel
 
 [!INCLUDE[appliesto-adf-asa-md](includes/appliesto-adf-asa-md.md)]
 
-This article describes how to deploy linked Azure Resource Manager (ARM) templates with Visual Studio Team Services (VSTS).
+This article describes how to deploy linked Azure Resource Manager (ARM) templates with Azure DevOps Services (formerly Visual Studio Team Services, or VSTS).
 
 ## Overview
 
diff --git a/articles/frontdoor/front-door-wildcard-domain.md b/articles/frontdoor/front-door-wildcard-domain.md
@@ -73,7 +73,7 @@ You can add as many single-level subdomains of the wildcard domain in front-end
 
 - Defining a different route for a subdomain than the rest of the domains (from the wildcard domain).
 
-- Having a different WAF policy for a specific subdomain. For example, `*.contoso.com` allows adding `foo.contoso.com` without having to again prove domain ownership. But it doesn't allow `foo.bar.contoso.com` because it isn't a single level subdomain of `*.contoso.com`. To add `foo.bar.contoso.com` without extra domain ownership validation, `*.bar.contosonews.com` needs to be added.
+- Having a different WAF policy for a specific subdomain. For example, `*.contoso.com` allows adding `foo.contoso.com` without having to again prove domain ownership. But it doesn't allow `foo.bar.contoso.com` because it isn't a single level subdomain of `*.contoso.com`. To add `foo.bar.contoso.com` without extra domain ownership validation, `*.bar.contoso.com` needs to be added.
 
 You can add wildcard domains and their subdomains with certain limitations:
 
diff --git a/articles/industrial-iot/tutorial-publisher-deploy-opc-publisher-standalone.md b/articles/industrial-iot/tutorial-publisher-deploy-opc-publisher-standalone.md
@@ -53,7 +53,7 @@ A typical set of IoT Edge Module Container Create Options for OPC Publisher is:
 {
     "Hostname": "opcpublisher",
     "Cmd": [
-        "--pf=./pn.json",
+        "--pf=/appdata/pn.json",
         "--aa"
     ],
     "HostConfig": {
diff --git a/articles/operator-nexus/includes/kubernetes-cluster/cluster-connect.md b/articles/operator-nexus/includes/kubernetes-cluster/cluster-connect.md
@@ -32,9 +32,9 @@ To access your cluster, you need to set up the cluster connect `kubeconfig`. Aft
 4. Use `kubectl` to send requests to the cluster:
 
     ```console
-    kubectl get nodes
+    kubectl get pods -A
     ```
     You should now see a response from the cluster containing the list of all nodes.
 
 > [!NOTE]
-> If you see the error message "Failed to post access token to client proxyFailed to connect to MSI", you may need to perform an `az login` to re-authenticate with Azure.
+> If you see the error message "Failed to post access token to client proxyFailed to connect to MSI", you may need to perform an `az login` to re-authenticate with Azure.
diff --git a/articles/postgresql/migrate/concepts-single-to-flexible.md b/articles/postgresql/migrate/concepts-single-to-flexible.md
@@ -123,7 +123,7 @@ Along with data migration, the tool automatically provides the following built-i
 > The following limitations are applicable only for flexible servers on which the migration of users/roles functionality is enabled.
 
 - AAD users present on your source server will not be migrated to target server. To mitigate this limitation, manually create all AAD users on your target server using this [link](../flexible-server/how-to-manage-azure-ad-users.md) before triggering a migration. If AAD users are not created on target server, migration will fail with appropriate error message.
-- If the target flexible server uses SCRAM-SHA-256 password encrpytion method, connection to flexible server using the users/roles on single server will fail since the passwords are encrypted using md5 algorithm. To mitigate this limitation, please choose the option **MD5** for **password_encryption** server parameter on your flexible server.
+- If the target flexible server uses SCRAM-SHA-256 password encryption method, connection to flexible server using the users/roles on single server will fail since the passwords are encrypted using md5 algorithm. To mitigate this limitation, please choose the option **MD5** for **password_encryption** server parameter on your flexible server.
 - Though the ownership of database objects such as tables, views, sequences, etc. are copied to the target server, the owner of the database in your target server will be the migration user of your target server. The limitation can be mitigated by executing the following command 
 
 ```sql
diff --git a/articles/web-application-firewall/ag/best-practices.md b/articles/web-application-firewall/ag/best-practices.md
