Syncing with main. Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into work-screen-backup

Author: Heidilohr

.openpublishing.redirection.azure-monitor.json

@@ -5671,6 +5671,16 @@
             "source_path_from_root": "/articles/azure-monitor/logs/azure-data-explorer-monitor-cross-service-query.md",
             "redirect_url": "/azure/azure-monitor/logs/azure-monitor-data-explorer-proxy",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/mobile-center-quickstart.md",
+            "redirect_url": "https://github.com/Microsoft/appcenter",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/windows-desktop.md",
+            "redirect_url": "https://github.com/Microsoft/appcenter",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -18384,6 +18384,11 @@
             "redirect_url": "/azure/sentinel/enable-monitoring",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/sentinel/web-normalization-schema.md",
+            "redirect_url": "/azure/sentinel/normalization-schema-web",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/sentinel/dns-normalization-schema.md",
             "redirect_url": "/azure/sentinel/normalization-schema-dns",

articles/active-directory-b2c/partner-datawiza.md

@@ -9,7 +9,7 @@ ms.reviewer: kengaderdus
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 12/12/2022
+ms.date: 01/23/2023
 ms.author: gasinh
 ms.subservice: B2C
 ---

articles/active-directory/authentication/concept-authentication-methods-manage.md

@@ -24,7 +24,7 @@ Azure Active Directory (Azure AD) allows the use of a range of authentication me
 
 ## Authentication methods policy
 
-The Authentication methods policy is the recommended way to manage authentication methods, including modern methods like passwordless authentication. [Authentication Policy Administrators](../roles/permissions-reference.md#authentication-policy-administrator) can edit this policy to enable authentication methods for specific users and groups. 
+The Authentication methods policy is the recommended way to manage authentication methods, including modern methods like passwordless authentication. [Authentication Policy Administrators](../roles/permissions-reference.md#authentication-policy-administrator) can edit this policy to enable authentication methods for all users or specific groups. 
 
 Methods enabled in the Authentication methods policy can typically be used anywhere in Azure AD - for both authentication and password reset scenarios. The exception is that some methods are inherently limited to use in authentication, such as FIDO2 and Windows Hello for Business, and others are limited to use in password reset, such as security questions. For more control over which methods are usable in a given authentication scenario, consider using the **Authentication Strengths** feature.
 
@@ -106,8 +106,9 @@ Tenants are set to either Pre-migration or Migration in Progress by default, dep
 > 
 > In the future, both of these features will be integrated with the Authentication methods policy.
 
-## Known issues
-Some customers may see the control to enable Voice call grayed out due to a licensing requirement, despite having a premium license. This is a known issue that we are actively working to fix.
+## Known issues and limitations
+- Some customers may see the control to enable Voice call grayed out due to a licensing requirement, despite having a premium license. This is a known issue that we are actively working to fix.
+- As a part of the public preview we removed the ability to target individual users. Previously targeted users will remain in the policy but we recommend moving them to a targeted group.
 
 ## Next steps
 

articles/active-directory/cloud-sync/what-is-cloud-sync.md

@@ -64,7 +64,7 @@ The following table provides a comparison between Azure AD Connect and Azure AD
 | Allow removing attributes from flowing from AD to Azure AD |● |● |
 | Allow advanced customization for attribute flows |● | |
 | Support for password writeback |● |● |
-| Support for device writeback|● | |
+| Support for device writeback|● |Customers should use [Cloud kerberose trust](https://learn.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune) for this moving forward|
 | Support for group writeback|● | |
 | Support for merging user attributes from multiple domains|● | |
 | Azure AD Domain Services support|● | |

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 09/12/2022
+ms.date: 01/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -47,6 +47,8 @@ Azure AD Conditional Access supports the following device platforms:
 
 If you block legacy authentication using the **Other clients** condition, you can also set the device platform condition.
 
+We don't support selecting macOS or Linux device platforms when selecting **Require approved client app** or **Require app protection policy** as the only grant controls or when you choose **Require all the selected controls**.
+
 > [!IMPORTANT]
 > Microsoft recommends that you have a Conditional Access policy for unsupported device platforms. As an example, if you want to block access to your corporate resources from **Chrome OS** or any other unsupported clients, you should configure a policy with a Device platforms condition that includes any device and excludes supported device platforms and Grant control set to Block access.
 

articles/active-directory/develop/consent-types-developer.md

@@ -3,8 +3,7 @@ title: Microsoft identity platform developers' guide to requesting permissions t
 description: Learn how developers can request for permissions through consent in the Microsoft identity platform endpoint.
 services: active-directory
 author: omondiatieno
-manager: mwongerapk
-
+manager: celesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity

articles/active-directory/develop/customize-webviews.md

@@ -7,52 +7,52 @@ manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
-ms.topic: how-to
+ms.topic: conceptual
 ms.workload: identity
-ms.date: 08/28/2019
+ms.date: 01/24/2023
 ms.author: henrymbugua
 ms.reviewer: oldalton
 ms.custom: aaddev, has-adal-ref
 ---
 
 # Customize browsers and WebViews for iOS/macOS
 
-A web browser is required for interactive authentication. On iOS and macOS 10.15+, the Microsoft Authentication Library (MSAL) uses the system web browser by default (which might appear on top of your app) to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the Single Sign On (SSO) state with other applications and with web applications.
+A web browser is required for interactive authentication. On iOS and macOS 10.15+, the Microsoft Authentication Library (MSAL) uses the system web browser by default (which might appear on top of your app) to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the single sign-on (SSO) state with other applications and with web applications.
 
 You can change the experience by customizing the configuration to other options for displaying web content, such as:
 
 For iOS only:
 
-- [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession?language=objc) 
+- [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession?language=objc)
 - [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller?language=objc)
 
 For iOS and macOS:
 
 - [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession?language=objc)
 - [WKWebView](https://developer.apple.com/documentation/webkit/wkwebview?language=objc).
 
-MSAL for macOS only supports `WKWebView` on older OS versions. `ASWebAuthenticationSession` is only supported on macOS 10.15 and above. 
+MSAL for macOS only supports `WKWebView` on older OS versions. `ASWebAuthenticationSession` is only supported on macOS 10.15 and above.
 
 ## System browsers
 
 For iOS, `ASWebAuthenticationSession`, `SFAuthenticationSession`, and `SFSafariViewController` are considered system browsers. For macOS, only `ASWebAuthenticationSession` is available. In general, system browsers share cookies and other website data with the Safari browser application.
 
-By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be `ASWebAuthenticationSession`. 
+By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be `ASWebAuthenticationSession`.
 
 ### Default configuration for iOS
 
-| Version | Web browser |
-|:-------------:|:-------------:|
+| Version |        Web browser         |
+| :-----: | :------------------------: |
 | iOS 12+ | ASWebAuthenticationSession |
-| iOS 11 | SFAuthenticationSession |
-| iOS 10 | SFSafariViewController |
+| iOS 11  |  SFAuthenticationSession   |
+| iOS 10  |   SFSafariViewController   |
 
 ### Default configuration for macOS
 
-| Version | Web browser |
-|:-------------:|:-------------:|
-| macOS 10.15+ | ASWebAuthenticationSession |
-| other versions | WKWebView |
+|    Version     |        Web browser         |
+| :------------: | :------------------------: |
+|  macOS 10.15+  | ASWebAuthenticationSession |
+| other versions |         WKWebView          |
 
 Developers can also select a different system browser for MSAL apps:
 
@@ -63,19 +63,19 @@ Developers can also select a different system browser for MSAL apps:
 
 [WKWebView](https://developer.apple.com/documentation/webkit/wkwebview) is an in-app browser that displays web content. It doesn't share cookies or web site data with other **WKWebView** instances, or with the Safari browser. WKWebView is a cross-platform browser that is available for both iOS and macOS.
 
-## Cookie sharing and Single sign-on (SSO) implications
+## Cookie sharing and SSO implications
 
 The browser you use impacts the SSO experience because of how they share cookies. The following tables summarize the SSO experiences per browser.
 
-| Technology    | Browser Type  | iOS availability | macOS availability | Shares cookies and other data  | MSAL availability | SSO |
-|:-------------:|:-------------:|:-------------:|:-------------:|:-------------:|:-------------:|-------------:|
-| [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) | System | iOS12 and up | macOS 10.15 and up | Yes | iOS and macOS 10.15+ | w/ Safari instances
-| [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession) | System | iOS11 and up | N/A | Yes | iOS only |  w/ Safari instances
-| [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) | System | iOS11 and up | N/A | No | iOS only | No**
-| **SFSafariViewController** | System | iOS10 | N/A | Yes | iOS only |  w/ Safari instances
-| **WKWebView**  | In-app | iOS8 and up | macOS 10.10 and up | No | iOS and macOS | No**
+|                                                        Technology                                                         | Browser Type | iOS availability | macOS availability | Shares cookies and other data |  MSAL availability   |                 SSO |
+| :-----------------------------------------------------------------------------------------------------------------------: | :----------: | :--------------: | :----------------: | :---------------------------: | :------------------: | ------------------: |
+| [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) |    System    |   iOS12 and up   | macOS 10.15 and up |              Yes              | iOS and macOS 10.15+ | w/ Safari instances |
+|        [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession)        |    System    |   iOS11 and up   |        N/A         |              Yes              |       iOS only       | w/ Safari instances |
+|         [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller)         |    System    |   iOS11 and up   |        N/A         |              No               |       iOS only       |              No\*\* |
+|                                                **SFSafariViewController**                                                 |    System    |      iOS10       |        N/A         |              Yes              |       iOS only       | w/ Safari instances |
+|                                                       **WKWebView**                                                       |    In-app    |   iOS8 and up    | macOS 10.10 and up |              No               |    iOS and macOS     |              No\*\* |
 
-** For SSO to work, tokens need to be shared between apps. This requires a token cache, or broker application, such as Microsoft Authenticator for iOS.
+\*\* For SSO to work, tokens need to be shared between apps. This requires a token cache, or broker application, such as Microsoft Authenticator for iOS.
 
 ## Change the default browser for the request
 
@@ -94,17 +94,20 @@ Additionally, MSAL supports passing in a custom `WKWebView` by setting the `MSAL
 For example:
 
 Objective-C
+
 ```objc
 UIViewController *myParentController = ...;
 WKWebView *myCustomWebView = ...;
 MSALWebviewParameters *webViewParameters = [[MSALWebviewParameters alloc] initWithAuthPresentationViewController:myParentController];
 webViewParameters.webviewType = MSALWebviewTypeWKWebView;
 webViewParameters.customWebview = myCustomWebView;
 MSALInteractiveTokenParameters *interactiveParameters = [[MSALInteractiveTokenParameters alloc] initWithScopes:@[@"myscope"] webviewParameters:webViewParameters];
-    
+
 [app acquireTokenWithParameters:interactiveParameters completionBlock:completionBlock];
 ```
+
 Swift
+
 ```swift
 let myParentController: UIViewController = ...
 let myCustomWebView: WKWebView = ...
@@ -149,17 +152,17 @@ typedef NS_ENUM(NSInteger, MSALWebviewType)
      For older macOS versions uses WKWebView
      */
     MSALWebviewTypeDefault,
-    
+
     /** Use ASWebAuthenticationSession where available.
      On older iOS versions uses SFAuthenticationSession
      Doesn't allow any other webview type, so if either of these are not present, fails the request*/
     MSALWebviewTypeAuthenticationSession,
-    
+
 #if TARGET_OS_IPHONE
-    
+
     /** Use SFSafariViewController for all versions. */
     MSALWebviewTypeSafariViewController,
-    
+
 #endif
     /** Use WKWebView */
     MSALWebviewTypeWKWebView,

articles/active-directory/develop/delegated-access-primer.md

@@ -3,8 +3,7 @@ title: Microsoft identity platform delegated access scenario
 description: Learn about delegated access in the Microsoft identity platform endpoint.
 services: active-directory
 author: omondiatieno
-manager: mwongerapk
-
+manager: celesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity

articles/active-directory/develop/permissions-consent-overview.md

@@ -4,7 +4,6 @@ description: Learn the foundational concepts and scenarios around consent and pe
 services: active-directory
 author: omondiatieno
 manager: CelesteDG
-
 ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
@@ -52,7 +51,7 @@ There are other ways in which applications can be granted authorization for app-
 
 ### Comparison of delegated and application permissions
 
-| | Delegated permissions | Application permissions |
+| Permission types | Delegated permissions | Application permissions |
 |--|--|--|
 | Types of apps | Web / Mobile / single-page app (SPA) | Web / Daemon |
 | Access context | Get access on behalf of a user | Get access without a user |