Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into tamram-209586a

Author: tamram

articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 08/30/2022
+ms.date: 08/31/2022
 
 ms.author: gasinh
 author: gargi-sinha
@@ -241,11 +241,6 @@ Microsoft Authenticator can be used as a passwordless sign-in method and a secon
 ### Register for combined security registration (recommended)
 
 We recommend having your users register for combined security information, which is a single place to register their authentication methods and devices for both MFA and SSPR. 
-While it's possible to migrate data from the MFA Server to Azure AD MFA, you face these challenges:
-
-* Only phone numbers can be migrated.
-* Authenticator apps will need to be reregistered.
-* Stale data can be migrated.
 
 Microsoft provides communication templates that you can provide to your users to guide them through the combined registration process. 
 These include templates for email, posters, table tents, and various other assets. Users register their information at `https://aka.ms/mysecurityinfo`, which takes them to the combined security registration screen. 

articles/active-directory/external-identities/index.yml

@@ -10,7 +10,7 @@ metadata:
    ms.subservice: B2B
    ms.workload: identity
    ms.topic: landing-page
-   ms.date: 05/19/2020
+   ms.date: 08/31/2022
    author: msmimart
    ms.author: mimart
    manager: celested
@@ -28,11 +28,11 @@ landingContent:
             url: b2b-direct-connect-overview.md
           - text: What is Azure AD B2C (business-to-consumer) identity?
             url: ../../active-directory-b2c/overview.md
-  - title: Collaborate with users outside your org (B2B collaboration)
+  - title: Collaborate with users outside your org (B2B)
     linkLists:
       - linkListType: concept
         links:
-          - text: Cross-tenant access settings
+          - text: Overview of cross-tenant access settings
             url: cross-tenant-access-overview.md
           - text: B2B collaboration user properties
             url: user-properties.md
@@ -42,14 +42,14 @@ landingContent:
         links:
           - text: Configure your external collaboration settings
             url: external-collaboration-settings-configure.md
+          - text: Configure cross-tenant access for B2B collaboration
+            url: cross-tenant-access-settings-b2b-collaboration.md
           - text: Set up SAML/WS-Fed IdP federation
             url: direct-federation.md
           - text: Set up One-time passcodes
             url: one-time-passcode.md
           - text: Add and invite guest users
             url: add-users-administrator.md
-          - text: Leave an organization as a guest user
-            url: leave-the-organization.md
   - title: Scale apps to consumers and customers (Azure AD B2C)
     linkLists:
       - linkListType: overview

articles/aks/cluster-configuration.md

@@ -3,7 +3,7 @@ title: Cluster configuration in Azure Kubernetes Services (AKS)
 description: Learn how to configure a cluster in Azure Kubernetes Service (AKS)
 services: container-service
 ms.topic: article
-ms.date: 08/05/2022
+ms.date: 08/31/2022
 ms.author: jpalma
 author: palma21
 ---
@@ -140,6 +140,53 @@ As you work with the node resource group, keep in mind that you can't:
 - Specify names for the managed resources within the node resource group.
 - Modify or delete Azure-created tags of managed resources within the node resource group.
 
+## Node Restriction (Preview)
+
+The [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission controller limits the Node and Pod objects a kubelet can modify. Node Restriction is on by default in AKS 1.24+ clusters.  If you are using an older version use the below commands to create a cluster with Node Restriction or Update an existing cluster to add Node Restriction.
+
+[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
+
+### Before you begin
+
+You must have the following resource installed:
+
+* The Azure CLI
+* The `aks-preview` extension version 0.5.95 or later
+
+#### Install the aks-preview CLI extension
+
+```azurecli-interactive
+# Install the aks-preview extension
+az extension add --name aks-preview
+
+# Update the extension to make sure you have the latest version installed
+az extension update --name aks-preview
+```
+
+### Create an AKS cluster with Node Restriction
+
+To create a cluster using Node Restriction.
+
+```azurecli-interactive
+az aks create -n aks -g myResourceGroup --enable-node-restriction
+```
+
+### Update an AKS cluster with Node Restriction
+
+To update a cluster to use Node Restriction.
+
+```azurecli-interactive
+az aks update -n aks -g myResourceGroup --enable-node-restriction
+```
+
+### Remove Node Restriction from an AKS cluster
+
+To remove Node Restriction from a cluster.
+
+```azurecli-interactive
+az aks update -n aks -g myResourceGroup --disable-node-restriction
+```
+
 ## OIDC Issuer (Preview)
 
 This enables an OIDC Issuer URL of the provider which allows the API server to discover public signing keys. 

articles/api-management/api-management-howto-aad-b2c.md

@@ -42,9 +42,10 @@ In this section, you'll create a user flow in your Azure Active Directory B2C te
     1. Enter a unique name for the user flow.
     1. In **Identity providers**, select **Email signup**.
     1. In **User attributes and token claims**, select the attributes and claims needed for the API Management developer portal (not needed for the legacy developer portal).
-         ![Application claims](./media/api-management-howto-aad-b2c/api-management-application-claims.png)
         * **Attributes**: Given Name, Surname
-        * **Claims**: Email Addresses, Given Name, Surname, User’s ObjectID
+        * **Claims**: Given Name, Surname, Email Addresses, User’s ObjectID
+
+             ![Application claims](./media/api-management-howto-aad-b2c/api-management-application-claims.png)
 1. Select **Create**.
 
 ## Configure identity provider for developer portal