Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into app-articles-batch-14

Author: paulth1

.openpublishing.redirection.json

@@ -27757,7 +27757,72 @@
             "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_sapase.md",
             "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-sapase",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_general.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-general",
+            "redirect_document_id": false
         },  
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_ibm.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-ibm",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_maxdb.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-maxdb",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_oracle.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-oracle",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/dbms_guide_sqlserver.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-sqlserver",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-supported-product-on-azure.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/supported-product-on-azure",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-rise-integration.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/rise-integration",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-proximity-placement-scenarios.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/proximity-placement-scenarios",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-planning-supported-configurations.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/planning-supported-configurations",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-iq-deployment-guide.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/dbms-guide-sapiq",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-certifications.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/certifications",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-ha-availability-zones.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/high-availability-zones",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-deployment-checklist.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/deployment-checklist",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/migrate/how-to-scale-assessment.md",
             "redirect_url": "scale-hyper-v-assessment",

articles/active-directory/authentication/concept-mfa-data-residency.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/29/2022
+ms.date: 12/13/2022
 
 ms.author: justinha
 author: justinha
@@ -24,7 +24,7 @@ Cloud-based Azure AD multifactor authentication and MFA Server process and store
 
 The Azure AD multifactor authentication service has datacenters in the United States, Europe, and Asia Pacific. The following activities originate from the regional datacenters except where noted:
 
-* Multifactor authentication phone calls originate from datacenters in the customer's region and are routed by global providers. Phone calls using custom greetings always originate from data centers in the United States.
+* Multifactor authentication SMS and phone calls originate from datacenters in the customer's region and are routed by global providers. Phone calls using custom greetings always originate from data centers in the United States.
 * General purpose user authentication requests from other regions are currently processed based on the user's location.
 * Push notifications that use the Microsoft Authenticator app are currently processed in regional datacenters based on the user's location. Vendor-specific device services, such as Apple Push Notification Service or Google Firebase Cloud Messaging, might be outside the user's location.
 
@@ -102,22 +102,12 @@ Standard voice calls may failover to a different region.
 >[!NOTE]
 >The multifactor authentication activity reports contain personal data such as User Principal Name (UPN) and complete phone number.
 
-### NPS extension and AD FS adapter
-
-| Authentication method                                                             | Customer region                      | Activity report location | Service log location |
-|-----------------------------------------------------------------------------------|--------------------------------------|--------------------------|----------------------|
-| OATH software and hardware tokens                                                 | Australia and New Zealand            | Australia/New Zealand    | Cloud in-region      |
-| OATH software and hardware tokens                                                 | Outside of Australia and New Zealand | United States            | Cloud in-region      |
-| Voice calls without custom greetings and all other authentication methods except OATH software and hardware tokens  | Any                               | United States            | Cloud in-region      |
-| Voice calls with custom greetings                                         | Any                                  | United States            | MFA backend in United States |
-
 ### MFA server and cloud-based MFA
 
 | Component  | Authentication method                          | Customer region                      | Activity report location        | Service log location         |
 |------------|------------------------------------------------|--------------------------------------|---------------------------------|------------------------------|
 | MFA server | All methods                                    | Any                                  | United States                   | MFA backend in United States |
-| Cloud MFA  | Standard voice calls and all other methods     | Any                                  | Azure AD Sign-in logs in region | Cloud in-region              |
-| Cloud MFA  | Voice calls with custom greetings              | Any                                  | Azure AD Sign-in logs in region | MFA backend in United States |
+| Cloud MFA  | All methods     | Any                                  | Azure AD Sign-in logs in region | Cloud in-region              |
 
 ## Multifactor authentication activity reports for sovereign clouds
 

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 12/06/2022
+ms.date: 12/28/2022
 
 
 ms.author: justinha
@@ -32,17 +32,14 @@ People who enabled phone sign-in from Microsoft Authenticator see a message that
 1. Choose **Approve**.
 1. Provide their PIN or biometric.
 
-## Multiple accounts on iOS (preview)
+## Multiple accounts on iOS 
 
 You can enable passwordless phone sign-in for multiple accounts in Microsoft Authenticator on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. 
 
 Previously, admins might not require passwordless sign-in for users with multiple accounts because it requires them to carry more devices for sign-in. By removing the limitation of one user sign-in from a device, admins can more confidently encourage users to register passwordless phone sign-in and use it as their default sign-in method.
 
 The Azure AD accounts can be in the same tenant or different tenants. Guest accounts aren't supported for multiple account sign-ins from one device.
 
->[!NOTE]
->Multiple accounts on iOS is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
-
 ## Prerequisites
 
 To use passwordless phone sign-in with Microsoft Authenticator, the following prerequisites must be met:

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -89,6 +89,8 @@
     - name: Manage users, roles, and their access levels
       expanded: false
       items:
+      - name: Add or remove a user in Permissions Management
+        href: how-to-add-remove-user-to-group.md
       - name: Manage users and groups
         href: ui-user-management.md
       # - name: Define and manage users, roles, and access levels

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

@@ -0,0 +1,56 @@
+---
+title: Add or remove a user in Permissions Management through the Microsoft Entra admin center
+description: How to add or remove a user in Permissions Management through Azure Active Directory (AD).
+services: active-directory
+author: jenniferf-skc
+manager: amycolannino
+ms.service: active-directory 
+ms.subservice: ciem
+ms.workload: identity
+ms.topic: how-to
+ms.date: 12/28/2022
+ms.author: jfields
+---
+
+# Add or remove a user in Permissions Management
+
+This article describes how you can add or remove a new user for a group in Permissions Management. 
+
+> [!NOTE] 
+> Permissions Management entitlements work through group-based access. To add a new user, you must add a user to a group through Azure Active Directory (AD).
+
+## Add a user
+
+1. Navigate to the [Microsoft Entra admin center](https://entr.microsoft.com/#home). 
+1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
+1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
+1. Select the group name for the group you want to add the user to.
+1. From the group's **Manage** menu, click **Members**.
+1. Click **+ Add members**, then search for the user you want to add from the list.
+    > [!NOTE]
+    > In order to add a user to a group, you must be the group owner. If you're not the owner of the           
+      selected group, please reach out to the group owner. If you don't know who the owner of the group is, 
+      select **Owners** under the group's **Manage** menu.
+7. Click **Select**. Your user has been added. 
+8. Click the **Refresh** button to refresh your screen and view the user you've added.
+
+
+## Remove a user
+
+1. Navigate to the Microsoft [Entra admin center](https://entr.microsoft.com/#home). 
+1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
+1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
+1. Select the group name for the group you want to remove the user from.
+1. From the groups **Manage** menu, click **Members**.
+1. Search for the user you want to remove from the list, then check the box next to their name.
+    > [!NOTE]
+    > In order to remove a user from a group, you must be the group owner. If you're not the owner of the 
+    selected group, please reach out to the group owner. If you don't know who the owner of the group is, 
+    select **Owners** under the group's **Manage** menu.
+7. Click **X Remove**, then click **Yes**. The user is removed from the group.
+
+
+## Next steps
+
+- For more information on managing users and groups, see [Manage users and groups with the User management dashboard](ui-user-management.md).
+- For more information on setting group permissions, see [Select group-based permissions settings](how-to-create-group-based-permissions.md).

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

@@ -128,6 +128,9 @@ The following device attributes can be used with the filter for devices conditio
 | trustType | Equals, NotEquals | A valid registered state for devices. Supported values are: AzureAD (used for Azure AD joined devices), ServerAD (used for Hybrid Azure AD joined devices), Workplace (used for Azure AD registered devices) | (device.trustType -eq "ServerAD") |
 | extensionAttribute1-15 | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | extensionAttributes1-15 are attributes that customers can use for device objects. Customers can update any of the extensionAttributes1 through 15 with custom values and use them in the filter for devices condition in Conditional Access. Any string value can be used. | (device.extensionAttribute1 -eq "SAW") |
 
+> [!NOTE] 
+> When building complex rules or using too many individual identifiers like deviceid for device identities, keep in mind "The maximum length for the filter rule is 3072 characters".
+
 > [!NOTE] 
 > The `Contains` and the `NotContains` operators work differently depending on attribute types. For string attributes such as `operatingSystem` and `model`, the `Contains` operator indicates whether a specified substring occurs within the attribute. For string collection attributes such as `physicalIds` and `systemLabels`, the `Contains` operator indicates whether a specified string matches one of the whole strings in the collection.
 

articles/active-directory/devices/concept-azure-ad-register.md

@@ -53,7 +53,7 @@ Azure AD registration can be accomplished when accessing a work application for
 
 ## Scenarios
 
-A user in your organization wants to access your benefits enrollment tool from their home PC. Your organization requires that anyone accesses this tool from an Intune compliant device. The user registers their home PC with Azure AD and the required Intune policies are enforced giving the user access to their resources.
+A user in your organization wants to access your benefits enrollment tool from their home PC. Your organization requires that anyone accesses this tool from an Intune compliant device. The user registers their home PC with Azure AD and Enrolls the device in Intune, then the required Intune policies are enforced giving the user access to their resources.
 
 Another user wants to access their organizational email on their personal Android phone that has been rooted. Your company requires a compliant device and has created an Intune compliance policy to block any rooted devices. The employee is stopped from accessing organizational resources on this device.
 

articles/aks/node-access.md

@@ -39,13 +39,7 @@ aks-nodepool1-12345678-vmss000001   Ready    agent   13m     v1.19.9   10.240.0.
 aksnpwin000000                      Ready    agent   87s     v1.19.9   10.240.0.67   <none>        Windows Server 2019 Datacenter   10.0.17763.1935    docker://19.3.1
 ```
 
-Us the `kubectl debug` command to run a container image on the node to connect to it.
-
-```bash
-kubectl debug node/aks-nodepool1-12345678-vmss000000 -it --image=mcr.microsoft.com/dotnet/runtime-deps:6.0
-```
-
-The following command starts a privileged container on your node and connects to it.
+Use the `kubectl debug` command to run a container image on the node to connect to it. The following command starts a privileged container on your node and connects to it.
 
 ```bash
 kubectl debug node/aks-nodepool1-12345678-vmss000000 -it --image=mcr.microsoft.com/dotnet/runtime-deps:6.0

articles/application-gateway/application-gateway-autoscaling-zone-redundant.md

@@ -14,7 +14,7 @@ ms.custom: fasttrack-edit, references_regions
 
 Application Gateway and WAF can be configured to scale in two modes:
 
-- **Autoscaling** - With autoscaling enabled, the Application Gateway and WAF v2 SKUs scale out or in based on application traffic requirements. This mode offers better elasticity to your application and eliminates the need to guess the application gateway size or instance count. This mode also allows you to save cost by not requiring the gateway to run at peak-provisioned capacity for expected maximum traffic load. You must specify a minimum and optionally maximum instance count. Minimum capacity ensures that Application Gateway and WAF v2 don't fall below the minimum instance count specified, even without traffic. Each instance is roughly equivalent to 10 more reserved Capacity Units. Zero signifies no reserved capacity and is purely autoscaling in nature. You can also optionally specify a maximum instance count, which ensures that the Application Gateway doesn't scale beyond the specified number of instances. You'll only be billed for the amount of traffic served by the Gateway. The instance counts can range from 0 to 125. The default value for maximum instance count is 20 if not specified.
+- **Autoscaling** - With autoscaling enabled, the Application Gateway and WAF v2 SKUs scale out or in based on application traffic requirements. This mode offers better elasticity to your application and eliminates the need to guess the application gateway size or instance count. This mode also allows you to save cost by not requiring the gateway to run at peak-provisioned capacity for expected maximum traffic load. You must specify a minimum and optionally maximum instance count. Minimum capacity ensures that Application Gateway and WAF v2 don't fall below the minimum instance count specified, even without traffic. Each instance is roughly equivalent to 10 more reserved Capacity Units. Zero signifies no reserved capacity and is purely autoscaling in nature. You can also optionally specify a maximum instance count, which ensures that the Application Gateway doesn't scale beyond the specified number of instances. You'll only be billed for the amount of traffic served by the Gateway. The instance counts can range from 0 to 125. The default value for maximum instance count is 10 if not specified.
 - **Manual** - You can also choose Manual mode where the gateway won't autoscale. In this mode, if there's more traffic than what Application Gateway or WAF can handle, it could result in traffic loss. With manual mode, specifying instance count is mandatory. Instance count can vary from 1 to 125 instances.
 
 ## Autoscaling and High Availability