Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -44154,6 +44154,11 @@
       "redirect_url": "/azure/azure-monitor/agents/azure-monitor-agent-manage",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/applied-ai-services/form-recognizer/managed-identity-byos.md",
+      "redirect_url": "/azure/applied-ai-services/form-recognizer/managed-identities",
+      "redirect_document_id": false
+    },
     {
     "source_path_from_root": "/articles/azure/virtual-desktop/azure-advisor.md",
     "redirect_url": "/azure/advisor/advisor-overview",
@@ -44178,6 +44183,25 @@
         "source_path_from_root": "/articles/governance/policy/how-to/guest-configuration-create-group-policy.md",
         "redirect_url": "/azure/governance/policy/how-to/guest-configuration-create",
         "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/azure/marketplace/co-sell-requirements.md",
+          "redirect_url": "/partner-center/co-sell-requirements",
+          "redirect_document_id": false
+      },        
+      {
+        "source_path_from_root": "/articles/azure/marketplace/co-sell-status.md",
+        "redirect_url": "/partner-center/co-sell-status",
+        "redirect_document_id": false
+      },
+      {
+          "source_path_from_root": "/articles/azure/marketplace/co-sell-configure.md",
+          "redirect_url": "/partner-center/co-sell-configure",
+          "redirect_document_id": false
+      },
+      {
+          "source_path_from_root": "/articles/azure/marketplace/co-sell-overview.md",
+          "redirect_url": "/partner-center/co-sell-overview",
+          "redirect_document_id": false
       }
   ]
 }

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Thank you for taking the time to contribute to the Microsoft Azure documentation.
 
-This guide covers some general topics related to contribution and refers to the [contributors guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
+This guide covers some general topics related to contribution and refers to the [contributors guide](/contribute) for more detailed explanations when required.
 
 ## Code of Conduct
 
@@ -21,8 +21,8 @@ Please use the Feedback tool at the bottom of any article to submit bugs and sug
 
 ### Editing in GitHub
 
-Follow the guidance for [Quick edits to existing documents](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) in our contributors guide.
+Follow the guidance for [Quick edits to existing documents](/contribute/#quick-edits-to-existing-documents) in our contributors guide.
 
 ### Pull Request
 
-Review the guidance for [Pull Requests](https://docs.microsoft.com/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.
+Review the guidance for [Pull Requests](/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.

README.md

@@ -10,7 +10,7 @@ Contributing to open source is more than just providing updates, it's also about
 
 You've decided to contribute, that's great! To contribute to the documentation, you need a few tools.
 
-Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for the [GitHub account setup](https://docs.microsoft.com/contribute/get-started-setup-github) from our contributor guide.
+Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for the [GitHub account setup](/contribute/get-started-setup-github) from our contributor guide.
 
 #### Download
 
@@ -22,7 +22,7 @@ Install the following tools:
 
 #### Install
 
-Follow the instructions provided in the [Install content authoring tools](https://docs.microsoft.com/contribute/get-started-setup-tools) from our contributor guide.
+Follow the instructions provided in the [Install content authoring tools](/contribute/get-started-setup-tools) from our contributor guide.
 
 ## License
 

articles/active-directory-b2c/faq.yml

@@ -245,12 +245,12 @@ sections:
           Follow the following steps to check if the refresh token is valid or revoked:
           1. Retrieve the `RefreshToken` and the `AccessToken` by redeeming `authorization_code`.
           1. Wait for 7 minutes.
-          1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](https://docs.microsoft.com/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](https://docs.microsoft.com/graph/api/user-invalidateallrefreshtokens?view=graph-rest-beta&tabs=http) to run the `RevokeAllRefreshToken` command.
+          1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](/graph/api/user-invalidateallrefreshtokens?tabs=http&view=graph-rest-beta) to run the `RevokeAllRefreshToken` command.
           1. Wait for 10 minutes.
           
           1. Retrieve the `RefreshToken` again.
           
       - question: |
           How do I report issues with Azure AD B2C?
         answer: |
-          See [File support requests for Azure Active Directory B2C](support-options.md).
+          See [File support requests for Azure Active Directory B2C](support-options.md).

articles/active-directory/authentication/certificate-based-authentication-faq.yml

@@ -61,7 +61,7 @@ sections:
           We highly recommend not to disable certificate revocation list (CRL) checking as you won't be able to revoke certificates. 
           However, to disable CRL checking if there are issues with CRL for a particular CA, you can update a trusted certificate authority and set the crlDistributionPoint attribute to """.
           
-          Use the [Set-AzureADTrustedCertificateAuthority](https://docs.microsoft.com/powershell/module/azuread/set-azureadtrustedcertificateauthority) cmdlet:
+          Use the [Set-AzureADTrustedCertificateAuthority](/powershell/module/azuread/set-azureadtrustedcertificateauthority) cmdlet:
           
           ```powershell
           $c=Get-AzureADTrustedCertificateAuthority
@@ -97,5 +97,4 @@ additionalContent: |
     * [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)
     * [Limitations with Azure AD CBA](concept-certificate-based-authentication-limitations.md)
     * [How to configure Azure AD CBA](how-to-certificate-based-authentication.md)
-    * [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
-
+    * [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -42,7 +42,7 @@ Make sure that the following prerequisites are in place.
 >Each CA should have a certificate revocation list (CRL) that can be referenced from internet-facing URLs. If the trusted CA does not have a CRL configured, Azure AD will not perform any CRL checking, revocation of user certificates will not work, and authentication will not be blocked.
 
 >[!IMPORTANT]
->Make sure the PKI is secure and cannot be easily compromised. In the event of a compromise, the attacker can create and sign client certificates and compromise any user in the tenant, both synced and cloud-only users. However, a strong key protection strategy, along with other physical and logical controls such as HSM activation cards or tokens for the secure storage of artifacts, can provide defense-in-depth to prevent external attackers or insider threats from compromising the integrity of the PKI. For more information, see [Securing PKI](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786443(v=ws.11)).
+>Make sure the PKI is secure and cannot be easily compromised. In the event of a compromise, the attacker can create and sign client certificates and compromise any user in the tenant, both synced and cloud-only users. However, a strong key protection strategy, along with other physical and logical controls such as HSM activation cards or tokens for the secure storage of artifacts, can provide defense-in-depth to prevent external attackers or insider threats from compromising the integrity of the PKI. For more information, see [Securing PKI](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786443(v=ws.11)).
 
 ## Steps to configure and test Azure AD CBA
 
@@ -331,5 +331,4 @@ To enable the certificate-based authentication and configure username bindings u
 - [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)   
 - [Limitations with Azure AD CBA](concept-certificate-based-authentication-limitations.md)
 - [FAQ](certificate-based-authentication-faq.yml)
-- [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
-
+- [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)

articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md

@@ -31,7 +31,7 @@ Take note of the *object ID* of the app (not the application (client) ID) which
 
 ## Grant your app permissions to resources
 
-Grant your app the permissions necessary to access the Azure AD protected resources targeted by your software workload running in Google Cloud.  For example, [assign the Storage Blob Data Contributor role](/azure/storage/blobs/assign-azure-role-data-access) to your app if your application needs to read, write, and delete blob data in [Azure Storage](/azure/storage/blobs/storage-blobs-introduction).
+Grant your app the permissions necessary to access the Azure AD protected resources targeted by your software workload running in Google Cloud.  For example, [assign the Storage Blob Data Contributor role](../../storage/blobs/assign-azure-role-data-access.md) to your app if your application needs to read, write, and delete blob data in [Azure Storage](../../storage/blobs/storage-blobs-introduction.md).
 
 ## Set up an identity in Google Cloud
 

articles/active-directory/develop/workload-identity-federation-create-trust-github.md

@@ -206,6 +206,6 @@ az rest -m DELETE  -u 'https://graph.microsoft.com/beta/applications/f6475511-fd
 Before configuring your GitHub Actions workflow, get the *tenant-id* and *client-id* values of your app registration.  You can find these values in the Azure portal. Go to the list of [registered applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) and select your app registration.  In **Overview**->**Essentials**, find the **Application (client) ID** and **Directory (tenant) ID**. Set these values in your GitHub environment to use in the Azure login action for your workflow.  
 
 ## Next steps
-For an end-to-end example, read [Deploy to App Service using GitHub Actions](/azure/app-service/deploy-github-actions?tabs=openid).
+For an end-to-end example, read [Deploy to App Service using GitHub Actions](../../app-service/deploy-github-actions.md?tabs=openid).
 
 Read the [GitHub Actions documentation](https://docs.github.com/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure) to learn more about configuring your GitHub Actions workflow to get an access token from Microsoft identity provider and access Azure resources.

articles/active-directory/devices/assign-local-admin.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: how-to
-ms.date: 02/08/2022
+ms.date: 02/15/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -71,7 +71,7 @@ Currently, there's no UI in Intune to manage these policies and they need to be
 
 - Adding Azure AD groups through the policy requires the group's SID that can be obtained by executing the [Microsoft Graph API for Groups](/graph/api/resources/group). The SID is defined by the property `securityIdentifier` in the API response.
 
-- Administrator privileges using this policy are evaluated only for the following well-known groups on a Windows 10 device - Administrators, Users, Guests, Power Users, Remote Desktop Users and Remote Management Users. 
+- Administrator privileges using this policy are evaluated only for the following well-known groups on a Windows 10 or newer device - Administrators, Users, Guests, Power Users, Remote Desktop Users and Remote Management Users. 
 
 - Managing local administrators using Azure AD groups isn't applicable to Hybrid Azure AD joined or Azure AD Registered devices.
 

articles/active-directory/devices/azuread-join-sso.md

@@ -41,7 +41,7 @@ If you have a hybrid environment, with both Azure AD and on-premises AD, it's li
 > [!NOTE]
 > Windows Hello for Business requires additional configuration to enable on-premises SSO from an Azure AD joined device. For more information, see [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base). 
 >
-> FIDO2 security key based passwordless authentication with Windows 10 requires additional configuration to enable on-premises SSO from an Azure AD joined device. For more information, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md). 
+> FIDO2 security key based passwordless authentication with Windows 10 or newer requires additional configuration to enable on-premises SSO from an Azure AD joined device. For more information, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md). 
 
 During an access attempt to a resource requesting Kerberos or NTLM in the user's on-premises environment, the device:
 
@@ -57,7 +57,7 @@ With SSO, on an Azure AD joined device you can:
 - Access a UNC path on an AD member server
 - Access an AD member web server configured for Windows-integrated security 
 
-If you want to manage your on-premises AD from a Windows device, install the [Remote Server Administration Tools for Windows 10](https://www.microsoft.com/download/details.aspx?id=45520).
+If you want to manage your on-premises AD from a Windows device, install the [Remote Server Administration Tools](https://www.microsoft.com/download/details.aspx?id=45520).
 
 You can use: