Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into virtual-machines-extensions

Author: ShawnJackson

.openpublishing.redirection.active-directory.json

@@ -7234,7 +7234,7 @@
     {
       "source_path_from_root": "/articles/active-directory/active-directory-privileged-identity-management-how-to-add-role-to-user.md",
       "redirect_url": "/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user",
-      "redirect_document_id": true
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/active-directory-privileged-identity-management-how-to-change-default-settings.md",
@@ -7551,6 +7551,11 @@
       "redirect_url": "/azure/active-directory/roles/view-assignments",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/roles/groups-pim-eligible.md",
+      "redirect_url": "/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/users-groups-roles/directory-administrative-units.md",
       "redirect_url": "/azure/active-directory/roles/administrative-units",
@@ -7668,8 +7673,8 @@
     },
     {
       "source_path_from_root": "/articles/active-directory/users-groups-roles/roles-groups-pim-eligible.md",
-      "redirect_url": "/azure/active-directory/roles/groups-pim-eligible",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/users-groups-roles/roles-groups-remove-assignment.md",

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path": "articles/route-server/routing-preference.md",
+            "redirect_url": "/azure/route-server/overview",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/storage/queues/storage-ruby-how-to-use-queue-storage.md",
             "redirect_url": "/previous-versions/azure/storage/queues/storage-ruby-how-to-use-queue-storage",
@@ -22522,7 +22527,11 @@
             "source_path_from_root": "/articles/sentinel/data-connectors/microsoft-defender-threat-intelligence.md",
             "redirect_url": "/azure/sentinel/understand-threat-intelligence",
             "redirect_document_id": false
-        }
-       
+        },
+        {
+            "source_path_from_root": "/articles/principles-for-ai-generated-content.md",
+            "redirect_url": "https://aka.ms/ai-content-principles",
+            "redirect_document_id": false
+        } 
     ]
 }

articles/active-directory-b2c/manage-custom-policies-powershell.md

@@ -7,6 +7,7 @@ manager: CelesteDG
 
 ms.service: active-directory
 ms.workload: identity
+ms.custom: devx-track-azurepowershell
 ms.topic: how-to
 ms.date: 02/14/2020
 ms.author: kengaderdus

articles/active-directory-domain-services/ad-auth-no-join-linux-vm.md

@@ -22,7 +22,7 @@ Currently Linux distribution can work as member of Active Directory domains, whi
 To complete the authentication flow we assume, you already have:
 
 * An Active Directory Domain Services already configured.
-* A Linux VM (for the test we use CentosOS based machine).
+* A Linux VM (**for the test we use CentosOS based machine**).
 * A network infrastructure that allows communication between Active Directory and the Linux VM.
 * A dedicated User Account for read AD objects.
 * The Linux VM need to have these packages installed:
@@ -63,21 +63,21 @@ Review the information that you provided, and if everything is correct, click Fi
 
 On your Linux VM, install the following packages: *sssd sssd-tools sssd-ldap openldap-client*:
 
-```console
-yum install -y sssd sssd-tools sssd-ldap openldap-clients
+```bash
+sudo dnf install -y sssd sssd-tools sssd-ldap openldap-clients
 ```
 
 After the installation check if LDAP search works. In order to check it try an LDAP search following the example below:
 
-```console
-ldapsearch -H ldaps://contoso.com -x \
+```bash
+sudo ldapsearch -H ldaps://contoso.com -x \
         -D CN=ReadOnlyUser,CN=Users,DC=contoso,DC=com -w Read0nlyuserpassword \
         -b CN=Users,DC=contoso,DC=com
 ```
 
 If the LDAP query works fine, you will obtain an output with some information like follow:
 
-```console
+```config
 extended LDIF
 
 LDAPv3
@@ -113,7 +113,7 @@ dSCorePropagationData: 16010101000000.0Z
 > [!NOTE]
 > If your get and error run the following command:
 >
-> ldapsearch -H ldaps://contoso.com -x \
+> sudo ldapsearch -H ldaps://contoso.com -x \
 >       -D CN=ReadOnlyUser,CN=Users,DC=contoso,DC=com -w Read0nlyuserpassword \
 >       -b CN=Users,DC=contoso,DC=com -d 3
 >
@@ -125,13 +125,13 @@ Create */etc/sssd/sssd.conf* with a content like the following. Remember to upda
 
 Command for file creation:
 
-```console
-vi /etc/sssd/sssd.conf
+```bash
+sudo vi /etc/sssd/sssd.conf
 ```
 
 Example sssd.conf:
 
-```bash
+```config
 [sssd]
 config_file_version = 2
 domains = default
@@ -184,14 +184,14 @@ Save the file with *ESC + wq!* command.
 
 Set the permission to sssd.conf to 600 with the following command:
 
-```console
-chmod 600 /etc/sssd/sssd.conf
+```bash
+sudo chmod 600 /etc/sssd/sssd.conf
 ```
 
 After that create an obfuscated password for the Bind DN account. You must insert the Domain password for ReadOnlyUser:
 
-```console
-sss_obfuscate --domain default
+```bash
+sudo sss_obfuscate --domain default
 ```
 
 The password will be placed automatically in the configuration file.
@@ -200,27 +200,27 @@ The password will be placed automatically in the configuration file.
 
 Start the sssd service:
 
-```console
-service sssd start
+```bash
+sudo systemctl start sssd
 ```
 
 Now configure the service with the *authconfig* tool:
 
-```console
-authconfig --enablesssd --enablesssdauth --enablemkhomedir --updateall
+```bash
+sudo authconfig --enablesssd --enablesssdauth --enablemkhomedir --updateall
 ```
 
 At this point restart the service:
 
-```console
-systemctl restart sssd
+```bash
+sudo systemctl restart sssd
 ```
 
 ## Test the configuration
 
 The final step is to check that the flow works properly. To check this, try logging in with one of your AD users in Active Directory. We tried with a user called *ADUser*. If the configuration is correct, you will get the following result:
 
-```console
+```output
 [centosuser@centos8 ~]su - [email protected]
 Last login: Wed Oct 12 15:13:39 UTC 2022 on pts/0
 [ADUser@Centos8 ~]$ exit

articles/active-directory-domain-services/join-windows-vm-template.md

@@ -9,6 +9,7 @@ ms.assetid: 4eabfd8e-5509-4acd-86b5-1318147fddb5
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
+ms.custom: devx-track-arm-template
 ms.topic: how-to
 ms.date: 01/29/2023
 ms.author: justinha

articles/active-directory-domain-services/template-create-instance.md

@@ -8,6 +8,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
+ms.custom: devx-track-arm-template
 ms.topic: sample
 ms.date: 01/29/2023
 ms.author: justinha 

articles/active-directory/app-proxy/application-proxy-connectors.md

@@ -39,6 +39,22 @@ The server needs to have TLS 1.2 enabled before you install the Application Prox
     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
     ```
 
+    A `regedit` file you can use to set these values follows:
+    
+    ```
+    Windows Registry Editor Version 5.00
+
+    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
+    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
+    "DisabledByDefault"=dword:00000000
+    "Enabled"=dword:00000001
+    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
+    "DisabledByDefault"=dword:00000000
+    "Enabled"=dword:00000001
+    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
+    "SchUseStrongCrypto"=dword:00000001
+    ```
+    
 1. Restart the server
 
 For more information about the network requirements for the connector server, see [Get started with Application Proxy and install a connector](application-proxy-add-on-premises-application.md).

articles/active-directory/develop/custom-claims-provider-overview.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/31/2023
+ms.date: 04/10/2023
 ms.author: davidmu
 ms.reviewer: JasSuri
 ms.custom: aaddev 
@@ -25,7 +25,7 @@ When a user authenticates to an application, a custom claims provider can be use
 Key data about a user is often stored in systems external to Azure AD. For example, secondary email, billing tier, or sensitive information. Some applications may rely on these attributes for the application to function as designed. For example, the application may block access to certain features based on a claim in the token.
 
 The following short video provides an excellent overview of the Azure AD custom extensions and custom claims providers:
-> [!VIDEO https://www.youtube.com/embed/BYOMshjlwbc]
+> [!VIDEO https://www.youtube.com/embed/1tPA7B9ztz0]
 
 Use a custom claims provider for the following scenarios:
 

articles/active-directory/develop/custom-extension-get-started.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 03/31/2023
+ms.date: 04/10/2023
 ms.author: davidmu
 ms.custom: aaddev
 ms.reviewer: JasSuri
@@ -23,7 +23,7 @@ This article describes how to configure and setup a custom claims provider with
 
 This how-to guide demonstrates the token issuance start event with a REST API running in Azure Functions and a sample OpenID Connect application. Before you start, take a look at following video, which demonstrates how to configure Azure AD custom claims provider with Function App:
 
-> [!VIDEO https://www.youtube.com/embed/r-JEsMBJ7GE]
+> [!VIDEO https://www.youtube.com/embed/fxQGVIwX8_4]
 
 ## Prerequisites
 
@@ -549,4 +549,4 @@ To test your custom claim provider, follow these steps:
 
 - Learn more about custom claims providers with the [custom claims provider reference](custom-claims-provider-reference.md) article.
 
-- Learn how to [troubleshoot your custom extensions API](custom-extension-troubleshoot.md).
+- Learn how to [troubleshoot your custom extensions API](custom-extension-troubleshoot.md).

articles/active-directory/develop/howto-create-service-principal-portal.md

@@ -10,7 +10,7 @@ ms.subservice: develop
 ms.topic: how-to
 ms.date: 02/01/2023
 ms.author: cwerner
-ms.custom: aaddev, identityplatformtop40, subject-rbac-steps
+ms.custom: aaddev, identityplatformtop40, subject-rbac-steps, devx-track-arm-template
 ---
 
 # Create an Azure Active Directory application and service principal that can access resources
@@ -142,4 +142,4 @@ To configure access policies:
 - Learn how to use [Azure PowerShell](howto-authenticate-service-principal-powershell.md) or [Azure CLI](/cli/azure/create-an-azure-service-principal-azure-cli) to create a service principal.
 - To learn about specifying security policies, see [Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.md).
 - For a list of available actions that can be granted or denied to users, see [Azure Resource Manager Resource Provider operations](../../role-based-access-control/resource-provider-operations.md).
-- For information about working with app registrations by using **Microsoft Graph**, see the [Applications](/graph/api/resources/application) API reference.
+- For information about working with app registrations by using **Microsoft Graph**, see the [Applications](/graph/api/resources/application) API reference.