Merge pull request #174826 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md

@@ -85,9 +85,6 @@ $domain = "contoso.corp.com"
 # Enter an Azure Active Directory global administrator username and password.
 $cloudCred = Get-Credential
 
-If you have MFA enabled for Global administrator, Please remove "-Cloudcredential $cloudCred"
-you will see web-based popup and complete the U/P and MFA there
-
 # Enter a domain administrator username and password.
 $domainCred = Get-Credential
 
@@ -96,6 +93,29 @@ $domainCred = Get-Credential
 Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred
 ```
 
+> [!NOTE]
+> If your organization protects password-based sign-in and enforces modern authentication methods such as MFA, FIDO2, or Smart Card, you must use the "-UserPrincipalName" parameter with the User Principal Name of a Global administrator.
+>    - Replace `contoso.corp.com` in the following example with your on-premises Active Directory domain name.
+>    - Replace `[email protected]` in the following example with the User Principal Name of a Global administrator.
+
+```powerShell
+Import-Module ".\AzureAdKerberos.psd1"
+
+# Specify the on-premises Active Directory domain. A new Azure AD
+# Kerberos Server object will be created in this Active Directory domain.
+$domain = "contoso.corp.com"
+
+# Enter a User Principal Name of Azure Active Directory global administrator
+$userPrincipalName = "[email protected]"
+
+# Enter a domain administrator username and password.
+$domainCred = Get-Credential
+
+# Create the new Azure AD Kerberos Server object in Active Directory
+# and then publish it to Azure Active Directory.
+Set-AzureADKerberosServer -Domain $domain -UserPrincipalName $userPrincipalName -DomainCredential $domainCred
+```
+
 ### Viewing and verifying the Azure AD Kerberos Server
 
 You can view and verify the newly created Azure AD Kerberos Server using the following command:

articles/active-directory/saas-apps/factset-tutorial.md

@@ -74,10 +74,10 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Set up single sign-on with SAML** page, perform the following steps:
 
     a. In the **Identifier** text box, type the URL:
-    `https://login.factset.com`
+    `https://auth.factset.com`
 
     b. In the **Reply URL** text box, type the URL:
-    `https://login.factset.com/services/saml2/`
+    `https://auth.factset.com/sp/ACS.saml2`
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the metadata file and save it on your computer.
 
@@ -129,4 +129,4 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 ## Next steps
 
-Once you configure FactSet you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
+Once you configure FactSet you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

articles/app-service/webjobs-sdk-get-started.md

@@ -196,10 +196,6 @@ Starting with version 3 of the WebJobs SDK, to connect to Azure Storage services
     {
         var builder = new HostBuilder();
         builder.UseEnvironment(EnvironmentName.Development);
-        builder.ConfigureWebJobs(b =>
-        {
-            b.AddAzureStorageCoreServices();
-        });
         builder.ConfigureLogging((context, b) =>
         {
             b.AddConsole();
@@ -549,4 +545,4 @@ Output bindings simplify code that writes data. This example modifies the previo
 This tutorial showed you how to create, run, and deploy a WebJobs SDK 3.x project.
 
 > [!div class="nextstepaction"]
-> [Learn more about the WebJobs SDK](webjobs-sdk-how-to.md)
+> [Learn more about the WebJobs SDK](webjobs-sdk-how-to.md)

articles/azure-functions/functions-how-to-azure-devops.md

@@ -241,8 +241,6 @@ When you create a new release pipeline, search for the Azure Functions release t
 
 ![Search for the Azure Functions release template](media/functions-how-to-azure-devops/release-template.png)
 
-Deploying to a deployment slot is not supported in the release template.
-
 ## Create a build pipeline by using the Azure CLI
 
 To create a build pipeline in Azure, use the `az functionapp devops-pipeline create` [command](/cli/azure/functionapp/devops-pipeline#az_functionapp_devops_pipeline_create). The build pipeline is created to build and release any code changes that are made in your repo. The command generates a new YAML file that defines the build and release pipeline and then commits it to your repo. The prerequisites for this command depend on the location of your code.

articles/governance/policy/overview.md

@@ -118,7 +118,7 @@ role includes most Azure Policy operations. **Owner** has full rights. Both **Co
 **Reader** have access to all _read_ Azure Policy operations. **Contributor** may trigger resource
 remediation, but can't _create_ definitions or assignments. **User Access Administrator** is
 necessary to grant the managed identity on **deployIfNotExists** or **modify** assignments necessary
-permissions.
+permissions. All policy objects will be readable to all roles over the scope.
 
 If none of the Built-in roles have the permissions required, create a
 [custom role](../../role-based-access-control/custom-roles.md).