Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rs-hrp-cli

Author: halkazwini

.openpublishing.publish.config.json

@@ -32,6 +32,12 @@
   "need_preview_pull_request": true,
   "contribution_branch_mappings": {},
   "dependent_repositories": [
+    {
+      "path_to_root": "azure-functions-dapr-extension",
+      "url": "https://github.com/Azure/azure-functions-dapr-extension",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azure-docs-snippets-pr",
       "url": "https://github.com/MicrosoftDocs/azure-docs-snippets-pr",

articles/active-directory/architecture/auth-ssh.md

@@ -51,4 +51,4 @@ The system includes the following components:
 
 ## Next steps
 
-* To implement SSH with Microsoft Entra ID, see [Log in to a Linux VM by using Microsoft Entra credentials](../devices/howto-vm-sign-in-azure-ad-linux.md). 
+* To implement SSH with Microsoft Entra ID for your users or guest users, see [Log in to a Linux VM by using Microsoft Entra credentials](../devices/howto-vm-sign-in-azure-ad-linux.md). 

articles/active-directory/external-identities/customers/overview-customers-ciam.md

@@ -37,10 +37,11 @@ If you've worked with Microsoft Entra ID, you're already familiar with using a M
 
 - **Extensions**: If you need to add user attributes and data from external systems, you can create custom authentication extensions for your user flows.
 
-- **Sign-in methods**: You can enable various options for signing in to your app, including username and password, one-time passcode, and Google or Facebook identities. Learn more
+- **Sign-in methods**: You can enable various options for signing in to your app, including username and password, one-time passcode, and Google or Facebook identities. 
 
 - **Encryption keys**: Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords.
 
+Learn more about [password and one-time passcode](how-to-enable-password-reset-customers.md) login, and about [Google](how-to-google-federation-customers.md) and [Facebook](how-to-facebook-federation-customers.md) federation.
 
 There are two types of user accounts you can manage in your customer tenant:
 

articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 11/17/2022
+ms.date: 10/06/2023
 
 ms.author: cmulligan
 author: csmulligan
@@ -87,4 +87,3 @@ Make sure that you have the correct Client Access Licenses (CALs) or External Co
 
 - [Grant local users access to cloud apps](hybrid-on-premises-to-cloud.md)
 - [Microsoft Entra B2B collaboration for hybrid organizations](hybrid-organizations.md)
-- For an overview of Microsoft Entra Connect, see [Integrate your on-premises directories with Microsoft Entra ID](../hybrid/whatis-hybrid-identity.md).

articles/active-directory/external-identities/media/self-service-sign-up-user-flow/enable-self-service-sign-up.png

@@ -29,7 +29,7 @@ Microsoft Entra ID (previously known as Azure AD) receives improvements on an on
 - Deprecated functionality
 - Plans for changes
 
-> ![NOTE] 
+> [!NOTE] 
 > If you're currently using Azure AD today or are have previously deployed Azure AD in your organizations, you can continue to use the service without interruption. All existing deployments, configurations, and integrations continue to function as they do today without any action from you.
 
 This page updates monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Active Directory](whats-new-archive.md).

articles/active-directory/fundamentals/whats-new.md

@@ -125,7 +125,7 @@ For more information, see [Compare groups](/office365/admin/create-groups/compar
 
 You can have Microsoft Entra ID automatically assign users access to a Microsoft Entra enterprise application, including both SaaS applications and your organization's applications integrated with Microsoft Entra ID, when a user is assigned an access package. For applications that integrate with Microsoft Entra ID through federated single sign-on, Microsoft Entra ID issues federation tokens for users assigned to the application.
 
-Applications can have multiple app roles defined in their manifest. When you add an application to an access package, if that application has more than one app role, you need to specify the appropriate role for those users in each access package. If you're developing applications, you can read more about how those roles are added to your applications in [How to: Configure the role claim issued in the SAML token for enterprise applications](../develop/enterprise-app-role-management.md).
+Applications can have multiple app roles defined in their manifest. When you add an application to an access package, if that application has more than one app role, you need to specify the appropriate role for those users in each access package. If you're developing applications, you can read more about how those roles are added to your applications in [How to: Configure the role claim issued in the SAML token for enterprise applications](../develop/enterprise-app-role-management.md). If you're using the Microsoft Authentication Libraries, there is also a [code sample](../develop/sample-v2-code.md) for how to use app roles for access control.
 
 > [!NOTE]
 > If an application has multiple roles, and more than one role of that application are in an access package, then the user will receive all those application's roles.  If instead you want users to only have some of the application's roles, then you will need to create multiple access packages in the catalog, with separate access packages for each of the application roles.

articles/active-directory/governance/entitlement-management-access-package-resources.md

@@ -26,7 +26,7 @@ ms.collection: M365-identity-device-management
 In Microsoft Entra ID, you can use role models to manage access at scale through identity governance.
 
  * You can use access packages to represent [organizational roles](identity-governance-organizational-roles.md) in your organization, such as "sales representative". An access package representing that organizational role would include all the access rights that a sales representative might typically need, across multiple resources.
- * Applications [can define their own roles](../develop/howto-add-app-roles-in-apps.md). For example, if you had a sales application, and that application included the app role "salesperson", you could then [include that role in an access package](entitlement-management-access-package-resources.md).
+ * Applications [can define their own roles](../develop/howto-add-app-roles-in-apps.md). For example, if you had a sales application, and that application included the app role "salesperson" in its manifest, you could then [include that role from the app manifest in an access package](entitlement-management-access-package-resources.md).  Applications can also use security groups in scenarios where a user could have multiple application-specific roles simultaneously.
  * You can use roles for delegating administrative access.  If you have a catalog for all the access packages needed by sales, you could assign someone to be responsible for that catalog, by assigning them a catalog-specific role.
 
 This article discusses how to use roles to manage aspects within Microsoft Entra entitlement management, for controlling access to the entitlement management resources.

articles/active-directory/governance/entitlement-management-delegate.md

@@ -76,7 +76,7 @@ Once an access package is configured with a verified ID requirement, end-users w
 
 The requestor steps are as follows:
 
-1. Go to [myaccess.microsoft.com](../develop/configure-app-multi-instancing.md) and sign in.
+1. Go to [myaccess.microsoft.com](HTTPS://myaccess.microsoft.com) and sign in.
 
 1. Search for the access package you want to request access to (you can browse the listed packages or use the search bar at the top of the page) and select **Request**.
 

articles/active-directory/governance/entitlement-management-verified-id-settings.md

@@ -63,7 +63,7 @@ Next, if the application implements a provisioning protocol, then you should con
      | Integrated Windows Auth (IWA) | Deploy the [application proxy](../app-proxy/application-proxy.md), configure an application for [Integrated Windows authentication SSO](../app-proxy/application-proxy-configure-single-sign-on-with-kcd.md), and set firewall rules to prevent access to the application's endpoints except via the proxy.|
      | header-based authentication | Deploy the [application proxy](../app-proxy/application-proxy.md) and configure an application for [header-based SSO](../app-proxy/application-proxy-configure-single-sign-on-with-headers.md) |
 
-1. If your application has multiple roles, and relies upon Microsoft Entra ID to send a user's application-specific role as a claim of a user signing into the application, then configure those application roles in Microsoft Entra ID on your application.  You can use  the [app roles UI](../develop/howto-add-app-roles-in-apps.md#app-roles-ui) to add those roles to the application manifest.
+1. If your application has multiple roles, each user has only one role in the application, and the application relies upon Microsoft Entra ID to send a user's single application-specific role as a claim of a user signing into the application, then configure those application roles in Microsoft Entra ID on your application, and then assign each user to the application role. You can use  the [app roles UI](../develop/howto-add-app-roles-in-apps.md#app-roles-ui) to add those roles to the application manifest.  If you're using the Microsoft Authentication Libraries, there is a [code sample](../develop/sample-v2-code.md) for how to use app roles inside your application for access control.  If a user could have multiple roles simultaneously, then you may wish to implement the application to check security groups, either in the token claims or available via Microsoft Graph, instead of using application roles from the app manifest for access control.
 
 1. If the application supports provisioning, then [configure provisioning](../app-provisioning/configure-automatic-user-provisioning-portal.md) of assigned users and groups from Microsoft Entra ID to that application.  If this is a private or custom application, you can also select the integration that's most appropriate, based on the location and capabilities of the application.