Merge pull request #248920 from MicrosoftDocs/main

8/21/2023 PM Publish

Author: Taojunshen

.openpublishing.redirection.azure-monitor.json

@@ -6310,11 +6310,6 @@
             "redirect_url": "/azure/azure-monitor/agents/solution-agenthealth",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-hybrid-setup.md",
-            "redirect_url": "/azure/azure-monitor/containers/container-insights-enable-arc-enabled-clusters",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v3.md",
             "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
@@ -6324,11 +6319,6 @@
             "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v4.md",
             "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
             "redirect_document_id": false
-        },
-        {
-            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-hybrid.md",
-            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
-            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/authentication/concept-authentication-oath-tokens.md

@@ -40,7 +40,7 @@ OATH TOTP hardware tokens typically come with a secret key, or seed, pre-program
 
 Programmable OATH TOTP hardware tokens that can be reseeded can also be set up with Azure AD in the software token setup flow.
 
-OATH hardware tokens are supported as part of a public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+OATH hardware tokens are supported as part of a public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://aka.ms/EntraPreviewsTermsOfUse).
 
 :::image type="content" border="true" source="./media/concept-authentication-methods/oath-tokens.png" alt-text="Screenshot of OATH token management." lightbox="./media/concept-authentication-methods/oath-tokens.png":::
 

articles/active-directory/authentication/howto-authentication-use-email-signin.md

@@ -17,7 +17,7 @@ ms.reviewer: calui
 # Sign-in to Azure AD with email as an alternate login ID (Preview)
 
 > [!NOTE]
-> Sign-in to Azure AD with email as an alternate login ID is a public preview feature of Azure Active Directory. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> Sign-in to Azure AD with email as an alternate login ID is a public preview feature of Azure Active Directory. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://aka.ms/EntraPreviewsTermsOfUse).
 
 Many organizations want to let users sign in to Azure Active Directory (Azure AD) using the same credentials as their on-premises directory environment. With this approach, known as hybrid authentication, users only need to remember one set of credentials.
 

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -139,7 +139,7 @@ OATH TOTP hardware tokens typically come with a secret key, or seed, pre-program
 
 Programmable OATH TOTP hardware tokens that can be reseeded can also be set up with Azure AD in the software token setup flow.
 
-OATH hardware tokens are supported as part of a public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms).
+OATH hardware tokens are supported as part of a public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://aka.ms/EntraPreviewsTermsOfUse).
 
 ![Screenshot that shows the OATH tokens section.](media/concept-authentication-methods/mfa-server-oath-tokens-azure-ad.png)
 

articles/active-directory/devices/assign-local-admin.md

@@ -44,9 +44,9 @@ To view and update the membership of the [Global Administrator](/azure/active-di
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-In the Azure portal, you can manage the [Azure AD Joined Device Local Administrator](/azure/active-directory/roles/permissions-reference#azure-ad-joined-device-local-administrator) role from **Device settings**. 
+You can manage the [Azure AD Joined Device Local Administrator](/azure/active-directory/roles/permissions-reference#azure-ad-joined-device-local-administrator) role from **Device settings**. 
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator.
+1. Sign in to the [Azure portal](https://portal.azure.com) as at least a [Cloud Device Administrator](../roles/permissions-reference.md#cloud-device-administrator).
 1. Browse to **Azure Active Directory** > **Devices** > **Device settings**.
 1. Select **Manage Additional local administrators on all Azure AD joined devices**.
 1. Select **Add assignments** then choose the other administrators you want to add and select **Add**.
@@ -111,5 +111,5 @@ Additionally, you can also add users using the command prompt:
 
 ## Next steps
 
-- To get an overview of how to manage device in the Azure portal, see [managing devices using the Azure portal](manage-device-identities.md).
+- To get an overview of how to manage devices, see [managing devices using the Azure portal](manage-device-identities.md).
 - To learn more about device-based Conditional Access, see [Conditional Access: Require compliant or hybrid Azure AD joined device](../conditional-access/howto-conditional-access-policy-compliant-device.md).

articles/active-directory/devices/device-join-out-of-box.md

@@ -43,7 +43,7 @@ Your device may restart several times as part of the setup process. Your device
    :::image type="content" source="media/device-join-out-of-box/windows-11-first-run-experience-device-sign-in-info.png" alt-text="Screenshot of Windows 11 out-of-box experience showing the sign-in experience.":::
 1. Continue to follow the prompts to set up your device.
 1. Azure AD checks if an enrollment in mobile device management is required and starts the process.
-   1. Windows registers the device in the organization’s directory in Azure AD and enrolls it in mobile device management, if applicable.
+   1. Windows registers the device in the organization’s directory and enrolls it in mobile device management, if applicable.
 1. If you sign in with a managed user account, Windows takes you to the desktop through the automatic sign-in process. Federated users are directed to the Windows sign-in screen to enter your credentials.
    :::image type="content" source="media/device-join-out-of-box/windows-11-first-run-experience-complete-automatic-sign-in-desktop.png" alt-text="Screenshot of Windows 11 at the desktop after first run experience Azure AD joined.":::
 
@@ -57,7 +57,7 @@ To verify whether a device is joined to your Azure AD, review the **Access work
 
 ## Next steps
 
-- For more information about managing devices in the Azure portal, see [managing devices using the Azure portal](manage-device-identities.md).
+- For more information about managing devices, see [managing devices using the Azure portal](manage-device-identities.md).
 - [What is Microsoft Intune?](/mem/intune/fundamentals/what-is-intune)
 - [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot)
 - [Passwordless authentication options for Azure Active Directory](../authentication/concept-authentication-passwordless.md)

articles/active-directory/devices/enterprise-state-roaming-enable.md

@@ -26,7 +26,7 @@ Enterprise State Roaming provides users with a unified experience across their W
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Azure portal](https://portal.azure.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
 1. Browse to **Azure Active Directory** > **Devices** > **Enterprise State Roaming**.
 1. Select **Users may sync settings and app data across devices**. For more information, see [how to configure device settings](./manage-device-identities.md).
 
@@ -49,7 +49,7 @@ The country/region value is set as part of the Azure AD directory creation proce
 
 Follow these steps to view a per-user device sync status report.
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Azure portal](https://portal.azure.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
 1. Browse to **Azure Active Directory** > **Users** > **All users**.
 1. Select the user, and then select **Devices**.
 1. Select **View devices syncing settings and app data** to show sync status.

articles/active-directory/devices/enterprise-state-roaming-troubleshooting.md

@@ -70,7 +70,7 @@ Enterprise State Roaming requires the device to be registered with Azure AD. Alt
 
 **Potential issue**: **WamDefaultSet** and **AzureAdJoined** both have “NO” in the field value, the device was domain-joined and registered with Azure AD, and the device doesn't sync. If it's showing this, the device may need to wait for policy to be applied or the authentication for the device failed when connecting to Azure AD. The user may have to wait a few hours for the policy to be applied. Other troubleshooting steps may include retrying autoregistration by signing out and back in, or launching the task in Task Scheduler. In some cases, running “*dsregcmd.exe /leave*” in an elevated command prompt window, rebooting, and trying registration again may help with this issue.
 
-**Potential issue**: The field for **SettingsUrl** is empty and the device doesn't sync. The user may have last logged in to the device before Enterprise State Roaming was enabled in the Azure portal. Restart the device and have the user login. Optionally, in the portal, try having the IT Admin navigate to **Azure Active Directory** > **Devices** > **Enterprise State Roaming** disable and re-enable **Users may sync settings and app data across devices**. Once re-enabled, restart the device and have the user login. If this doesn't resolve the issue, **SettingsUrl** may be empty if there's a bad device certificate. In this case, running “*dsregcmd.exe /leave*” in an elevated command prompt window, rebooting, and trying registration again may help with this issue.
+**Potential issue**: The field for **SettingsUrl** is empty and the device doesn't sync. The user may have last logged in to the device before Enterprise State Roaming was enabled. Restart the device and have the user login. Optionally, in the portal, try having the IT Admin navigate to **Azure Active Directory** > **Devices** > **Enterprise State Roaming** disable and re-enable **Users may sync settings and app data across devices**. Once re-enabled, restart the device and have the user login. If this doesn't resolve the issue, **SettingsUrl** may be empty if there's a bad device certificate. In this case, running “*dsregcmd.exe /leave*” in an elevated command prompt window, rebooting, and trying registration again may help with this issue.
 
 ## Enterprise State Roaming and multifactor authentication 
 

articles/active-directory/devices/faq.yml

@@ -20,10 +20,10 @@ summary: |
 sections:
   - name: General FAQ
     questions:
-      - question: I registered the device recently. Why can't I see the device under my user info in the Azure portal? Or why is the device owner marked as N/A for hybrid Azure Active Directory (Azure AD) joined devices?
+      - question: I registered the device recently. Why can't I see the device under my user info? Or why is the device owner marked as N/A for hybrid Azure Active Directory (Azure AD) joined devices?
         answer: |
           Windows 10 or newer devices that are hybrid Azure AD joined don't show up under **USER devices**.
-          Use the **All devices** view in the Azure portal. You can also use a PowerShell [Get-MsolDevice](/powershell/module/msonline/get-msoldevice) cmdlet.
+          Use the **All devices** view. You can also use a PowerShell [Get-MsolDevice](/powershell/module/msonline/get-msoldevice) cmdlet.
           
           Only the following devices are listed under **USER devices**:
           
@@ -35,7 +35,7 @@ sections:
           
       - question: How do I know what the device registration state of the client is?
         answer: |
-          In the Azure portal, go to **All devices**. Search for the device by using the device ID. Check the value under the join type column. Sometimes, the device might be reset or reimaged. So it's essential to also check the device registration state on the device:
+          Go to **All devices**. Search for the device by using the device ID. Check the value under the join type column. Sometimes, the device might be reset or reimaged. So it's essential to also check the device registration state on the device:
           
           - For Windows 10 or newer and Windows Server 2016 or later devices, run `dsregcmd.exe /status`.
           - For down-level OS versions, run `%programFiles%\Microsoft Workplace Join\autoworkplace.exe`.
@@ -47,7 +47,7 @@ sections:
           
           
           
-      - question: I see the device record under the USER info in the Azure portal. And I see the state as registered on the device. Am I set up correctly to use Conditional Access?
+      - question: I see the device record under the USER info and I see the state as registered. Am I set up correctly to use Conditional Access?
         answer: |
           The device join state, shown by **deviceID**, must match the state on Azure AD and meet any evaluation criteria for Conditional Access. 
           For more information, see [Require managed devices for cloud app access with Conditional Access](../conditional-access/concept-conditional-access-grant.md).
@@ -59,15 +59,15 @@ sections:
           On Windows 10/11 devices joined or registered with Azure AD, users are issued a [Primary refresh token (PRT)](concept-primary-refresh-token.md) which enables single sign-on. The validity of the PRT is based on the validity of the device itself. Users see this message if the device is either deleted or disabled in Azure AD without initiating the action from the device itself. A device can be deleted or disabled in Azure AD one of the following scenarios: 
           
           - User disables the device from the My Apps portal. 
-          - An administrator (or user) deletes or disables the device in the Azure portal or by using PowerShell
-          - Hybrid Azure AD joined only: An administrator removes the devices OU out of sync scope resulting in the devices being deleted from Azure AD
-          - Hybrid Azure AD joined only: An administrator disables the computer account on premises, resulting in the device being disabled in Azure AD
+          - An administrator (or user) deletes or disables the device.
+          - Hybrid Azure AD joined only: An administrator removes the devices OU out of sync scope resulting in the devices being deleted from Azure AD.
+          - Hybrid Azure AD joined only: An administrator disables the computer account on premises, resulting in the device being disabled in Azure AD.
           - Upgrading Azure AD connect to the version 1.4.xx.x. [Understanding Azure AD Connect 1.4.xx.x and device disappearance](/troubleshoot/azure/active-directory/reference-connect-device-disappearance).
 
           
           
           
-      - question: I disabled or deleted my device in the Azure portal or by using Windows PowerShell. But the local state on the device says it's still registered. What should I do?
+      - question: I disabled or deleted my device, but the local state on the device says it's still registered. What should I do?
         answer: |
           This operation is by design. In this case, the device doesn't have access to resources in the cloud. Administrators can perform this action for stale, lost, or stolen devices to prevent unauthorized access. If this action was performed unintentionally, you need to re-enable or re-register the device using the steps that follow:
           
@@ -104,7 +104,7 @@ sections:
           
           
           
-      - question: Why do I see duplicate device entries in the Azure portal?
+      - question: Why do I see duplicate device entries?
         answer: |
           - For Windows 10 or newer and Windows Server 2016 or later, repeated tries to unjoin and rejoin the same device might cause duplicate entries. 
           - Each Windows user who uses **Add Work or School Account** creates a new device record with the same device name.
@@ -116,7 +116,7 @@ sections:
       - question: Does Windows 10/11 device registration in Azure AD support TPMs in FIPS mode?
         answer: Windows 10/11 device registration is only supported for FIPS-compliant TPM 2.0 and not supported for TPM 1.2. If your devices have FIPS-compliant TPM 1.2, you must disable them before proceeding with Azure AD join or Hybrid Azure AD join. Microsoft doesn't provide any tools for disabling FIPS mode for TPMs as it is dependent on the TPM manufacturer. Contact your hardware OEM for support. 
 
-      - question: Why can a user still access resources from a device I disabled in the Azure portal?
+      - question: Why can a user still access resources from a device I disabled?
         answer: |
           It takes up to an hour for a revoke to be applied from the time the Azure AD device is marked as disabled.
           
@@ -161,7 +161,7 @@ sections:
           
       - question: Can a guest user sign in to an Azure AD joined device?
         answer: |
-          No, currently, guest users can not sign in to an Azure AD joined device.
+          No, currently, guest users can't sign in to an Azure AD joined device.
         
           
           

articles/active-directory/devices/how-to-hybrid-join-verify.md

@@ -31,10 +31,10 @@ For downlevel devices, see the article [Troubleshooting hybrid Azure Active Dire
 
 ## Using the Azure portal
 
-1. Go to the devices page using a [direct link](https://portal.azure.com/#blade/Microsoft_AAD_IAM/DevicesMenuBlade/Devices).
-2. Information on how to locate a device can be found in [How to manage device identities using the Azure portal](./manage-device-identities.md).
-3. If the **Registered** column says **Pending**, then hybrid Azure AD join hasn't completed. In federated environments, this state happens only if it failed to register and Azure AD Connect is configured to sync the devices. Wait for Azure AD Connect to complete a sync cycle.
-4. If the **Registered** column contains a **date/time**, then hybrid Azure AD join has completed.
+1. Sign in to the [Azure portal](https://portal.azure.com) as at least a [Cloud Device Administrator](../roles/permissions-reference.md#cloud-device-administrator).
+1. Browse to **Azure Active Directory** > **Devices** > **All devices**.
+1. If the **Registered** column says **Pending**, then hybrid Azure AD join hasn't completed. In federated environments, this state happens only if it failed to register and Azure AD Connect is configured to sync the devices. Wait for Azure AD Connect to complete a sync cycle.
+1. If the **Registered** column contains a **date/time**, then hybrid Azure AD join has completed.
 
 ## Using PowerShell