Merge pull request #194056 from MicrosoftDocs/main

4/05 AM Publish

Author: huypub

articles/active-directory-b2c/TOC.yml

@@ -233,7 +233,7 @@
       displayName: Username, Email, Phone authorization, Phone sign-in
     - name: Add an identity provider
       href: add-identity-provider.md
-    - name: AD FS
+    - name: AD FS (OpenID Connect)
       href: identity-provider-adfs.md
       displayName: AD-FS, ADFS
     - name: AD FS (SAML)

articles/active-directory-b2c/secure-rest-api.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/25/2021
+ms.date: 04/05/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -397,6 +397,35 @@ After you add the above snippets, your technical profile should look like the fo
 </ClaimsProvider>
 ```
 
+### Call the REST technical profile 
+
+To call the `REST-GetProfile` technical profile, you first need to acquire an Azure AD access token using the `REST-AcquireAccessToken` technical profile. The following example shows how to call the `REST-GetProfile` technical profile from a [validation technical profile](validation-technical-profile.md):
+
+```xml
+<ValidationTechnicalProfiles>
+  <ValidationTechnicalProfile ReferenceId="REST-AcquireAccessToken" />
+  <ValidationTechnicalProfile ReferenceId="REST-GetProfile" />
+</ValidationTechnicalProfiles>
+```
+
+The following example shows how to call the `REST-GetProfile` technical profile from a [user journey](userjourneys.md), or a [sub journey](subjourneys.md):
+
+```xml
+<OrchestrationSteps>
+  <OrchestrationStep Order="2" Type="ClaimsExchange">
+    <ClaimsExchanges>
+      <ClaimsExchange Id="REST-AcquireAccessTokens" TechnicalProfileReferenceId="REST-AcquireAccessToken" />
+    </ClaimsExchanges>
+  </OrchestrationStep>
+
+  <OrchestrationStep Order="3" Type="ClaimsExchange">
+    <ClaimsExchanges>
+      <ClaimsExchange Id="REST-GetProfile" TechnicalProfileReferenceId="REST-GetProfile" />
+    </ClaimsExchanges>
+  </OrchestrationStep>
+</OrchestrationSteps>
+```
+
 ## Using a static OAuth2 bearer 
 
 ### Add the OAuth2 bearer token policy key

articles/active-directory-b2c/tutorial-register-applications.md

@@ -50,8 +50,9 @@ To register a web application in your Azure AD B2C tenant, you can use our new u
 
     The following restrictions apply to redirect URIs:
 
-    * The reply URL must begin with the scheme `https`.
+    * The reply URL must begin with the scheme `https`, unless you use a localhost redirect URL.
     * The reply URL is case-sensitive. Its case must match the case of the URL path of your running application. For example, if your application includes as part of its path `.../abc/response-oidc`,  do not specify `.../ABC/response-oidc` in the reply URL. Because the web browser treats paths as case-sensitive, cookies associated with `.../abc/response-oidc` may be excluded if redirected to the case-mismatched `.../ABC/response-oidc` URL.
+    * The reply URL should include or exclude the trailing forward slash as your application expects it. For example, `https://contoso.com/auth-response` and `https://contoso.com/auth-response/` might be treated as nonmatching URLs in your application.
 
 1. Under **Permissions**, select the *Grant admin consent to openid and offline_access permissions* check box.
 1. Select **Register**.
@@ -71,6 +72,7 @@ To register a web application in your Azure AD B2C tenant, you can use our new u
 
     * The reply URL must begin with the scheme `https`, unless using `localhost`.
     * The reply URL is case-sensitive. Its case must match the case of the URL path of your running application. For example, if your application includes as part of its path `.../abc/response-oidc`,  do not specify `.../ABC/response-oidc` in the reply URL. Because the web browser treats paths as case-sensitive, cookies associated with `.../abc/response-oidc` may be excluded if redirected to the case-mismatched `.../ABC/response-oidc` URL.
+    * The reply URL should include or exclude the trailing forward slash as your application expects it. For example, `https://contoso.com/auth-response` and `https://contoso.com/auth-response/` might be treated as nonmatching URLs in your application.
 
 1. Select **Create** to complete the application registration.
 

articles/active-directory/saas-apps/code42-tutorial.md

@@ -108,11 +108,11 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Code42 SSO
 
-To configure single sign-on on **Code42** side, you need to send the **App Federation Metadata Url** to [Code42 support team](mailto:idpsupport@code42.com). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Code42** side, you need to send the **App Federation Metadata Url** to [Code42 support team](http://gethelp.code42.com/). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create Code42 test user
 
-In this section, you create a user called B.Simon in Code42. Work with [Code42 support team](mailto:idpsupport@code42.com) to add the users in the Code42 platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called B.Simon in Code42. Work with [Code42 support team](http://gethelp.code42.com/) to add the users in the Code42 platform. Users must be created and activated before you use single sign-on.
 
 ## Test SSO 
 

articles/aks/api-server-authorized-ip-ranges.md

@@ -103,7 +103,7 @@ az aks create \
 
 ## Update a cluster's API server authorized IP ranges
 
-To update the API server authorized IP ranges on an existing cluster, use [az aks update][az-aks-update] command and use the *`--api-server-authorized-ip-ranges`*,--load-balancer-outbound-ip-prefixes*, *`--load-balancer-outbound-ips`*, or--load-balancer-outbound-ip-prefixes* parameters.
+To update the API server authorized IP ranges on an existing cluster, use [az aks update][az-aks-update] command and use the *`--api-server-authorized-ip-ranges`*, *`--load-balancer-outbound-ip-prefixes`*, *`--load-balancer-outbound-ips`*, or *`--load-balancer-outbound-ip-prefixes`* parameters.
 
 The following example updates API server authorized IP ranges on the cluster named *myAKSCluster* in the resource group named *myResourceGroup*. The IP address range to authorize is *73.140.245.0/24*:
 

articles/aks/cluster-configuration.md

@@ -181,6 +181,12 @@ To update a cluster to use OIDC Issuer.
 az aks update -n aks -g myResourceGroup --enable-oidc-issuer
 ```
 
+### Show the OIDC Issuer URL
+
+```azurecli-interactive
+az aks show -n aks -g myResourceGroup --query "oidcIssuerProfile.issuerUrl" -otsv
+```
+
 ## Next steps
 
 - Learn how [upgrade the node images](node-image-upgrade.md) in your cluster.

articles/aks/integrations.md

@@ -12,7 +12,7 @@ Azure Kubernetes Service (AKS) provides additional, supported functionality for
 
 ## Add-ons
 
-Add-ons provide extra capabilities for your AKS cluster and their installation and configuration is managed Azure. Use `az aks addon` to manage all add-ons for your cluster.
+Add-ons provide extra capabilities for your AKS cluster and their installation and configuration is managed by Azure. Use `az aks addon` to manage all add-ons for your cluster.
 
 The below table shows the available add-ons.
 

articles/aks/use-azure-dedicated-hosts.md

@@ -62,7 +62,7 @@ The following limitations apply when you integrate Azure Dedicated Host with Azu
 
 * An existing agent pool can't be converted from non-ADH to ADH or ADH to non-ADH.
 * It is not supported to update agent pool from host group A to host group B.
-* Fault domain count can only be 1.
+* Using ADH across subscriptions.
 
 ## Add a Dedicated Host Group to an AKS cluster
 
@@ -96,7 +96,7 @@ az vm host group create \
 --name myHostGroup \
 -g myDHResourceGroup \
 -z 1\
---platform-fault-domain-count 1
+--platform-fault-domain-count 5
 --automatic-placement true
 ```
 
@@ -167,4 +167,4 @@ In this article, you learned how to create an AKS cluster with a Dedicated host,
 [aks-faq]: faq.md
 [azure-cli-install]: /cli/azure/install-azure-cli
 [dedicated-hosts]: ../virtual-machines/dedicated-hosts.md
-[az-vm-host-group-create]: /cli/azure/vm/host/group#az_vm_host_group_create
+[az-vm-host-group-create]: /cli/azure/vm/host/group#az_vm_host_group_create

articles/app-service/environment/how-to-migrate.md

@@ -3,7 +3,7 @@ title: Use the migration feature to migrate App Service Environment v2 to App Se
 description: Learn how to migrate your App Service Environment v2 to App Service Environment v3 using the migration feature
 author: seligj95
 ms.topic: tutorial
-ms.date: 2/2/2022
+ms.date: 4/5/2022
 ms.author: jordanselig
 zone_pivot_groups: app-service-cli-portal
 ---
@@ -109,21 +109,21 @@ az appservice ase show --name $ASE_NAME --resource-group $ASE_RG
 
 From the [Azure portal](https://portal.azure.com), navigate to the **Overview** page for the App Service Environment you'll be migrating. The platform will validate if migration is supported for your App Service Environment. Wait a couple seconds after the page loads for this validation to take place.
 
-If migration is supported for your App Service Environment, there are three ways to access the migration feature. These methods include a banner at the top of the Overview page, a new item in the left-hand side menu called **Migration (preview)**, and an info box on the **Configuration** page. Select any of these methods to move on to the next step in the migration process.
+If migration is supported for your App Service Environment, there are three ways to access the migration feature. These methods include a banner at the top of the Overview page, a new item in the left-hand side menu called **Migration**, and an info box on the **Configuration** page. Select any of these methods to move on to the next step in the migration process.
 
 ![migration access points](./media/migration/portal-overview.png)
 
 ![configuration page view](./media/migration/configuration-migration-support.png)
 
-If you don't see these elements, your App Service Environment isn't supported for migration at this time or your environment is in an unhealthy or suspended state (which blocks migration). If your environment [won't be supported for migration](migrate.md#supported-scenarios) or you want to migrate to App Service Environment v3 without using the migration feature, see the [manual migration options](migration-alternatives.md).
+If you don't see these elements, your App Service Environment isn't supported for migration at this time or your environment is in an unhealthy or suspended state (which blocks migration). If your environment [won't be supported for migration with the migration feature](migrate.md#supported-scenarios) or you want to migrate to App Service Environment v3 without using the migration feature, see the [manual migration options](migration-alternatives.md).
 
 The migration page will guide you through the series of steps to complete the migration.
 
 ![migration page sample](./media/migration/migration-ux-pre.png)
 
 ## 2. Generate IP addresses for your new App Service Environment v3
 
-Under **Generate new IP addresses**, confirm you understand the implications and start the process. This step will take about 15 minutes to complete. Don't scale or make changes to your existing App Service Environment during this time. If you may see a message a few minutes after starting this step asking you to refresh the page, select refresh as shown in the sample to allow your new IP addresses to appear.
+Under **Get new IP addresses**, confirm you understand the implications and start the process. This step will take about 15 minutes to complete. You won't be able to scale or make changes to your existing App Service Environment during this time. If after 15 minutes you don't see your new IP addresses, select refresh as shown in the sample to allow your new IP addresses to appear.
 
 ![pre-migration request to refresh](./media/migration/pre-migration-refresh.png)
 
@@ -135,7 +135,7 @@ When the previous step finishes, you'll be shown the IP addresses for your new A
 
 ## 4. Delegate your App Service Environment subnet
 
-App Service Environment v3 requires the subnet it's in to have a single delegation of `Microsoft.Web/hostingEnvironments`. Previous versions didn't require this delegation. You'll need to confirm your subnet is delegated properly and update the delegation if needed before migrating. A link to your subnet is given so that you can confirm and update as needed.
+App Service Environment v3 requires the subnet it's in to have a single delegation of `Microsoft.Web/hostingEnvironments`. Previous versions didn't require this delegation. You'll need to confirm your subnet is delegated properly and/or update the delegation if needed before migrating. A link to your subnet is given so that you can confirm and update as needed.
 
 ![ux subnet delegation sample](./media/migration/subnet-delegation-ux.png)