Merge branch 'main' of https://github.com/KimForss/azure-docs-pr

Author: Kimmo Forss

.openpublishing.publish.config.json

@@ -755,7 +755,7 @@
     {
       "path_to_root": "azure-spring-apps-reference-architecture",
       "url": "https://github.com/Azure/azure-spring-apps-reference-architecture",
-      "branch": "main",
+      "branch": "reference-architecture",
       "branch_mapping": {}
     },
     {

articles/active-directory-b2c/configure-authentication-sample-ios-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 07/29/2021
+ms.date: 01/06/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -110,10 +110,10 @@ This sample acquires an access token with the relevant scopes that the mobile ap
 
 ## Step 4: Get the iOS mobile app sample
 
-1. [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/archive/refs/heads/vNext.zip), or clone the sample web app from the [GitHub repo](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal). 
+1. [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/archive/refs/heads/master.zip), or clone the sample web app from the [GitHub repo](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal). 
 
     ```bash
-    git clone https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/tree/vNext.git
+    git clone https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal
     ``` 
 
 1. Use [CocoaPods](https://cocoapods.org/) to install the MSAL library. In a terminal window, go to the project root folder. This folder contains the *podfile* file. Run the following command:

articles/active-directory-b2c/whats-new-docs.md

@@ -15,6 +15,30 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+## December 2022
+
+### New articles
+
+- [Build a global identity solution with funnel-based approach](azure-ad-b2c-global-identity-funnel-based-design.md)
+- [Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration](azure-ad-b2c-global-identity-proof-of-concept-funnel.md)
+- [Azure Active Directory B2C global identity framework proof of concept for region-based configuration](azure-ad-b2c-global-identity-proof-of-concept-regional.md)
+- [Build a global identity solution with region-based approach](azure-ad-b2c-global-identity-region-based-design.md)
+- [Azure Active Directory B2C global identity framework](azure-ad-b2c-global-identity-solutions.md)
+
+### Updated articles
+
+- [Set up a resource owner password credentials flow in Azure Active Directory B2C](add-ropc-policy.md)
+- [Use API connectors to customize and extend sign-up user flows and custom policies with external identity data sources](api-connectors-overview.md)
+- [Azure Active Directory B2C: Region availability & data residency](data-residency.md)
+- [Tutorial: Configure Experian with Azure Active Directory B2C](partner-experian.md)
+- [Tutorial: Configure Microsoft Dynamics 365 Fraud Protection with Azure Active Directory B2C](partner-dynamics-365-fraud-protection.md)
+- [Tutorial: Configure Azure Active Directory B2C with Datawiza to provide secure hybrid access](partner-datawiza.md)
+- [Configure TheAccessHub Admin Tool with Azure Active Directory B2C](partner-n8identity.md)
+- [Tutorial: Configure Cloudflare Web Application Firewall with Azure Active Directory B2C](partner-cloudflare.md)
+- [Set up a password reset flow in Azure Active Directory B2C](add-password-reset-policy.md)
+- [What is Azure Active Directory B2C?](overview.md)
+- [Technical and feature overview of Azure Active Directory B2C](technical-overview.md)
+
 ## November 2022
 
 ### New articles
@@ -138,4 +162,4 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 - [Application types that can be used in Active Directory B2C](application-types.md)
 - [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
 - [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](quickstart-native-app-desktop.md)
-- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)
+- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -104,11 +104,11 @@ When you install the extension, you need the *Tenant ID* and admin credentials f
 
 ### Network requirements
 
-The NPS server must be able to communicate with the following URLs over ports 80 and 443:
+The NPS server must be able to communicate with the following URLs over TCP port 443:
 
-* *https:\//strongauthenticationservice.auth.microsoft.com*
-* *https:\//strongauthenticationservice.auth.microsoft.us*
-* *https:\//strongauthenticationservice.auth.microsoft.cn*
+* *https:\//strongauthenticationservice.auth.microsoft.com* (for Azure Public cloud customers).
+* *https:\//strongauthenticationservice.auth.microsoft.us* (for Azure Government customers).
+* *https:\//strongauthenticationservice.auth.microsoft.cn* (for Azure China 21Vianet customers). 
 * *https:\//adnotifications.windowsazure.com*
 * *https:\//login.microsoftonline.com*
 * *https:\//credentials.azure.com*

articles/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: troubleshooting
-ms.date: 06/09/2022
+ms.date: 01/05/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -35,7 +35,7 @@ There are multiple sign-in requests for each authentication. Some will be shown
 
 ### Searching for specific sign-in attempts
 
-Use filters to narrow your search. For example, if a user signed in to Teams, use the Application filter and set it to Teams. Admins may need to check the sign-ins from both interactive and non-interactive tabs to locate the specific sign-in. To further narrow the search, admins may apply multiple filters.
+Sign in logs contain information on Success as well as failure events. Use filters to narrow your search. For example, if a user signed in to Teams, use the Application filter and set it to Teams. Admins may need to check the sign-ins from both interactive and non-interactive tabs to locate the specific sign-in. To further narrow the search, admins may apply multiple filters.
 
 ## Continuous access evaluation workbooks
 

articles/active-directory/develop/authentication-vs-authorization.md

@@ -2,17 +2,17 @@
 title: Authentication vs. authorization
 description: Learn about the basics of authentication and authorization in the Microsoft identity platform.
 services: active-directory
-author: rwike77
+author: cilwerner
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
 ms.date: 11/02/2022
-ms.author: ryanwi
+ms.author: cwerner
 ms.reviewer: jmprieur, saeeda, sureshja, ludwignick
-ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
+ms.custom: aaddev, identityplatformtop40, microsoft-identity-platform, scenarios:getting-started
 #Customer intent: As an application developer, I want to understand the basic concepts of authentication and authorization in the Microsoft identity platform.
 ---
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: how-to
-ms.date: 06/16/2022
+ms.date: 01/05/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -416,7 +416,7 @@ Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequir
 If you haven't deployed Windows Hello for Business and if that isn't an option for now, you can configure a Conditional Access policy that excludes the Azure Windows VM Sign-In app from the list of cloud apps that require MFA. To learn more about Windows Hello for Business, see [Windows Hello for Business overview](/windows/security/identity-protection/hello-for-business/hello-identity-verification).
 
 > [!NOTE]
-> Windows Hello for Business PIN authentication with RDP has been supported for several versions of Windows 10. Support for biometric authentication with RDP was added in Windows 10 version 1809. Using Windows Hello for Business authentication during RDP is available only for deployments that use a certificate trust model. It's currently not available for a key trust model.
+> Windows Hello for Business PIN authentication with RDP has been supported for several versions of Windows 10. Support for biometric authentication with RDP was added in Windows 10 version 1809. Using Windows Hello for Business authentication during RDP is available for deployments that use a certificate trust model or key trust model.
  
 Share your feedback about this feature or report problems with using it on the [Azure AD feedback forum](https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789).
 

articles/active-directory/enterprise-users/groups-dynamic-rule-member-of.md

@@ -37,7 +37,6 @@ Only administrators in the Global Administrator, Intune Administrator, or User A
 - MemberOf can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
 - Dynamic group rule builder and validate feature can't be used for memberOf at this time.
 - MemberOf can't be used with other operators. For example, you can't create a rule that states “Members Of group A can't be in Dynamic group B.”
-- The objects specified in the rule can't be administrative units.
 
 ## Getting started
 

articles/active-directory/fundamentals/active-directory-data-storage-eu.md

@@ -79,7 +79,7 @@ Administrators can choose to enable or disable certain Azure AD features. If the
 
 * **Azure Active Directory Multi Tenant Collaboration** - With multi tenant collaboration scenarios enabled, customers can configure their tenant to collaborate with users from a different tenant. For example, a customer can invite users to their tenant in a B2B context. A customer can create a multi-tenant SaaS application that allows other third party tenants to provision the application in the third party tenant. Or, the customer can make two or more tenants affiliated with one another and act as a single tenant in certain scenarios, such as multi-tenant organization (MTO) formation, tenant to tenant sync, and shared e-mail domain sharing. Customer configuration and use of multi tenant collaboration may occur with tenants outside of the EU Data Residency and EU Data Boundary resulting in some customer data, such as user and device account data, usage data, and service configuration (application, policy, and group) stored and processed in the location of the collaborating tenant.
 * **Application Proxy** - Allows customers to access their on-premises web applications externally. Customers may choose advanced routing configurations that allow customer data to egress outside of the EU Data Residency and EU Data Boundary, including user account data, usage data, and application configuration data.
-* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions/countries within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
+* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic countries/regions within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
 
 ### Other EU Data Boundary online services
 

articles/active-directory/hybrid/how-to-connect-health-agent-install.md

@@ -319,7 +319,7 @@ To configure the Azure AD Connect Health agent to use an HTTP proxy, you can:
 > [!NOTE]
 > To update the proxy settings, you must restart all Azure AD Connect Health agent services. Run the following command:
 >
-> `Restart-Service AzureADConnectHealth*`
+> `Restart-Service AdHealthAdfs*`
 
 #### Import existing proxy settings