Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into connector-health

Author: batamig

.github/workflows/stale.yml

@@ -19,8 +19,7 @@ jobs:
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
         operations-per-run: 1200
-        ascending: true
-        start-date: '2021-07-29'
+        ascending: false
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.active-directory.json

@@ -10,6 +10,11 @@
           "redirect_url": "/azure/active-directory/manage-apps/what-is-application-management",
           "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/authentication/how-to-nudge-authenticator-app.md",
+            "redirect_url": "/azure/active-directory/authentication/how-to-mfa-registration-campaign",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/develop/active-directory-v2-limitations.md",
             "redirect_url": "/azure/active-directory/azuread-dev/azure-ad-endpoint-comparison",
@@ -1670,6 +1675,26 @@
             "redirect_url": "/azure/active-directory/authentication/tutorial-enable-azure-mfa",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/require-managed-devices.md",
+            "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-grant",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/untrusted-networks.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/app-based-conditional-access.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/app-protection-based-conditional-access.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/active-directory/authentication/quickstart-sspr.md",
             "redirect_url": "/azure/active-directory/authentication/tutorial-enable-sspr",
@@ -9888,7 +9913,7 @@
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-workplacebyfacebook-provisioning-tutorial.md",
             "redirect_url": "/azure/active-directory/saas-apps/workplace-by-facebook-provisioning-tutorial",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-workplacebyfacebook-tutorial.md",

articles/active-directory-b2c/TOC.yml

@@ -53,6 +53,7 @@
       href: ../active-directory/develop/v2-app-types.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
     - name: Authentication library
       href: ../active-directory/develop/msal-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
+      displayName: MSAL, client library, Microsoft Authentication Library
   - name: Azure AD B2C best practices
     href: best-practices.md
   - name: Application types
@@ -595,6 +596,7 @@
     href: app-registrations-training-guide.md
   - name: Billing model
     href: billing.md
+    displayName: pricing model
   - name: Code samples
     href: /samples/browse/?terms=b2c
   - name: Cookie definitions

articles/active-directory-b2c/billing.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
-ms.date: 11/11/2021
+ms.date: 11/16/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -48,7 +48,7 @@ MAU billing went into effect for Azure AD B2C tenants on **November 1, 2019**. A
 
 Your Azure AD B2C tenant must also be linked to the appropriate Azure pricing tier based on the features you want to use. Premium features require Azure AD B2C [Premium P1 or P2 pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/). You might need to upgrade your pricing tier as you use new features. For example, for risk-based Conditional Access policies, you’ll need to select the Azure AD B2C Premium P2 pricing tier for your tenant.
 > [!NOTE]
->  Your first 50,000 MAUs per month are free for both Premium P1 and Premium P2 features, but **this free tier doesn’t apply to subscriptions with free trial credits**. To determine the total number of MAUs, we combine MAUs from all your tenants (both Azure AD and Azure AD B2C) that are linked to the same subscription.
+>  Your first 50,000 MAUs per month are free for both Premium P1 and Premium P2 features, but the **free tier doesn’t apply to free trial, credit-based, or sponsorship subscriptions**. Once the free trial period or credits expire for these types of subscriptions, you'll begin to be charged for Azure AD B2C MAUs. To determine the total number of MAUs, we combine MAUs from all your tenants (both Azure AD and Azure AD B2C) that are linked to the same subscription.
 ## Link an Azure AD B2C tenant to a subscription
 
 Usage charges for Azure Active Directory B2C (Azure AD B2C) are billed to an Azure subscription. You need to explicitly link an Azure AD B2C tenant to an Azure subscription by creating an Azure AD B2C *resource* within the target Azure subscription. Several Azure AD B2C resources can be created in a single Azure subscription, along with other Azure resources like virtual machines, Storage accounts, and Logic Apps. You can see all of the resources within a subscription by going to the Azure Active Directory (Azure AD) tenant that the subscription is associated with.

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/07/2021
+ms.date: 11/15/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -253,6 +253,7 @@ The request format in the PATCH and POST differ. To ensure that POST and PATCH a
   - **Things to consider**
     - All roles will be provisioned as primary = false.
     - The POST contains the role type. The PATCH request does not contain type. We are working on sending the type in both POST and PATCH requests.
+    - AppRoleAssignmentsComplex is not compatible with setting scope to "Sync All users and groups." 
 
   - **Example output** 
 

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: reference
-ms.date: 10/27/2021
+ms.date: 11/16/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -33,7 +33,7 @@ The syntax for Expressions for Attribute Mappings is reminiscent of Visual Basic
 
 ## List of Functions
 
-[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
+[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [Redact](#redact)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
 
 ---
 ### Append
@@ -811,7 +811,32 @@ Generates a random string with 6 characters. The string contains 3 numbers and 3
 Generates a random string with 10 characters. The string contains at least 2 numbers, 2 special characters, 2 capital letters, 1 lower case letter and excludes the characters "?" and "," (1@!2BaRg53).
 
 ---
+### Redact
+**Function:** 
+Redact()
+
+**Description:** 
+The Redact function replaces the attribute value with the string literal "[Redact]" in the provisioning logs. 
+
+**Parameters:** 
+
+| Name | Required/ Repeating | Type | Notes |
+| --- | --- | --- | --- |
+| **attribute/value** |Required |String|Specify the attribute or constant / string to redact from the logs.|
+
+**Example 1:** Redact an attribute:
+`Redact([userPrincipalName])`
+Removes the userPrincipalName from the provisioning logs.
 
+**Example 2:** Redact a string:
+`Redact("StringToBeRedacted")`
+Removes a constant string from the provisioning logs.
+
+**Example 3:** Redact a random string:
+`Redact(RandomString(6,3,0,0,3))`
+Removes the random string from the provisioning logs.
+
+---
 ### RemoveDuplicates
 **Function:** 
 RemoveDuplicates(attribute)

articles/active-directory/authentication/TOC.yml

@@ -162,8 +162,12 @@
       href: howto-password-ban-bad-on-premises-faq.yml
     - name: Agent version history
       href: howto-password-ban-bad-on-premises-agent-versions.md
-  - name: Nudge Microsoft Authenticator setup (Preview)
-    href: how-to-nudge-authenticator-app.md
+  - name: Run a registration campaign
+    href: how-to-mfa-registration-campaign.md
+  - name: Use number matching (Preview)
+    href: how-to-mfa-number-match.md
+  - name: Use additional context (Preview)
+    href: how-to-mfa-additional-context.md
   - name: Use Microsoft managed settings 
     href: how-to-mfa-microsoft-managed.md
   - name: Use a Temporary Access Pass (Preview)

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -124,7 +124,6 @@ The following providers offer FIDO2 security keys of different form factors that
 | KONA I                    | ![y]              | ![n]| ![y]| ![y]| ![n]           | https://konai.com/business/security/fido                                                            |
 | NEOWAVE                   | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://neowave.fr/en/products/fido-range/                                                          |
 | Nymi                      | ![y]              | ![n]| ![y]| ![n]| ![n]           | https://www.nymi.com/nymi-band                                                                      | 
-| Octatco                   | ![y]              | ![y]| ![n]| ![n]| ![n]           | https://octatco.com/                                                                                |
 | OneSpan Inc.              | ![n]              | ![y]| ![n]| ![y]| ![n]           | https://www.onespan.com/products/fido                                                               |
 | Thales Group              | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://cpl.thalesgroup.com/access-management/authenticators/fido-devices                           |
 | Thetis                    | ![y]              | ![y]| ![y]| ![y]| ![n]           | https://thetis.io/collections/fido2                                                                 |

articles/active-directory/authentication/how-to-authentication-find-coverage-gaps.md

@@ -47,16 +47,14 @@ Based on gaps you found, require administrators to use multi-factor authenticati
 
 - Run the [MFA enablement wizard](https://aka.ms/MFASetupGuide) to choose your MFA policy.
 
-- If you assign custom or built-in admin roles in [Privileged Identity Management](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure), require multi-factor authentication upon role activation.
+- If you assign custom or built-in admin roles in [Privileged Identity Management](../privileged-identity-management/pim-configure.md), require multi-factor authentication upon role activation.
 
 ## Use Passwordless and phishing resistant authentication methods for your administrators
 
 After your admins are enforced for multi-factor authentication and have been using it for a while, it is time to raise the bar on strong authentication and use Passwordless and phishing resistant authentication method: 
 
 - [Phone Sign-in (with Microsoft Authenticator)](concept-authentication-authenticator-app.md)
 - [FIDO2](concept-authentication-passwordless.md#fido2-security-keys)
-- [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview)
-
-You can read more about these authentication methods and their security considerations in [Azure AD authentication methods](concept-authentication-methods.md).
-
+- [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-overview)
 
+You can read more about these authentication methods and their security considerations in [Azure AD authentication methods](concept-authentication-methods.md).