Merge pull request #173813 from MicrosoftDocs/master

9/28 AM Publish

Author: huypub

articles/active-directory/authentication/concept-sspr-writeback.md

@@ -101,7 +101,7 @@ Password writeback is a highly secure service. To ensure your information is pro
 After a user submits a password reset, the reset request goes through several encryption steps before it arrives in your on-premises environment. These encryption steps ensure maximum service reliability and security. They are described as follows:
 
 1. **Password encryption with 2048-bit RSA Key**: After a user submits a password to be written back to on-premises, the submitted password itself is encrypted with a 2048-bit RSA key.
-1. **Package-level encryption with AES-GCM**: The entire package, the password plus the required metadata, is encrypted by using AES-GCM. This encryption prevents anyone with direct access to the underlying Service Bus channel from viewing or tampering with the contents.
+1. **Package-level encryption with 256-bit AES-GCM**: The entire package, the password plus the required metadata, is encrypted by using AES-GCM (with a key size of 256 bits). This encryption prevents anyone with direct access to the underlying Service Bus channel from viewing or tampering with the contents.
 1. **All communication occurs over TLS/SSL**: All the communication with Service Bus happens in an SSL/TLS channel. This encryption secures the contents from unauthorized third parties.
 1. **Automatic key rollover every six months**: All keys roll over every six months, or every time password writeback is disabled and then re-enabled on Azure AD Connect, to ensure maximum service security and safety.
 

articles/active-directory/develop/msal-net-migration.md

@@ -49,9 +49,10 @@ For details about the decision tree below, read [MSAL.NET or Microsoft.Identity.
 
 ## Next steps
 
+- Learn about [public client and confidential client applications](msal-client-applications.md).
 - Learn how to [migrate confidential client applications built on top of ASP.NET MVC or .NET classic from ADAL.NET to MSAL.NET](msal-net-migration-confidential-client.md).
 - Learn how to [migrate public client applications built on top of .NET or .NET classic from ADAL.NET to MSAL.NET](msal-net-migration-public-client.md).
 - Learn more about the [Differences between ADAL.NET and MSAL.NET apps](msal-net-differences-adal-net.md).
 - Learn how to migrate confidential client applications built on top of ASP.NET Core from ADAL.NET to Microsoft.Identity.Web:
   -  [Web apps](https://github.com/AzureAD/microsoft-identity-web/wiki/web-apps#migrating-from-previous-versions--adding-authentication)
-  -  [Web APIs](https://github.com/AzureAD/microsoft-identity-web/wiki/web-apis)
+  -  [Web APIs](https://github.com/AzureAD/microsoft-identity-web/wiki/web-apis)

articles/aks/private-clusters.md

@@ -151,7 +151,7 @@ Perform a Helm install and pass the specific values manifest
 az aks command invoke -g <resourceGroup> -n <clusterName> -c "helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update && helm install my-release -f values.yaml bitnami/nginx" -f values.yaml
 ```
 > [!NOTE]
-> Secure access to the AKS Run Command by assigning the "AKS Run Command role" to specific users and/or groups in combination with Just-in-Time access or Conditional Access policies. 
+> Secure access to the AKS Run Command by creating a Custom role with the "Microsoft.ContainerService/managedClusters/runcommand/action" permissions and assign to specific users and/or groups in combination with Just-in-Time access or Conditional Access policies. 
 
 ## Virtual network peering
 

articles/api-management/api-management-howto-aad-b2c.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: how-to
-ms.date: 07/07/2021
+ms.date: 09/28/2021
 ms.author: danlep
 ---
 
@@ -16,20 +16,20 @@ ms.author: danlep
 
 Azure Active Directory B2C is a cloud identity management solution for consumer-facing web and mobile applications. You can use it to manage access to your API Management developer portal. 
 
-This guide shows you the configuration that's required in your API Management service to integrate with Azure Active Directory B2C. If you are using the deprecated legacy developer portal, some steps differ, as noted in this article.
+In this tutorial, you'll learn the configuration required in your API Management service to integrate with Azure Active Directory B2C. As noted later in this article, if you are using the deprecated legacy developer portal, some steps will differ.
 
 For information about enabling access to the developer portal by using classic Azure Active Directory, see [How to authorize developer accounts using Azure Active Directory](api-management-howto-aad.md).
 
 ## Prerequisites
 
-* An Azure Active Directory B2C tenant to create an application in. For more information, see [Azure Active Directory B2C overview](../active-directory-b2c/overview.md).
-* If you don't already have an API Management service, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)
+* An Azure Active Directory B2C tenant in which to create an application. For more information, see [Azure Active Directory B2C overview](../active-directory-b2c/overview.md).
+* An API Management instance. If you don't already have one, [create an Azure API Management instance](get-started-create-service-instance.md).
 
 [!INCLUDE [premium-dev-standard.md](../../includes/api-management-availability-premium-dev-standard.md)]
 
 ## Configure sign up and sign in user flow
 
-In this section, create a user flow in your Azure Active Directory B2C tenant containing both sign up and sign in policies. For detailed steps, see [Create user flows and custom policies in Azure Active Directory B2C](../active-directory-b2c/tutorial-create-user-flows.md?pivots=b2c-us).
+In this section, you'll create a user flow in your Azure Active Directory B2C tenant containing both sign up and sign in policies. For detailed steps, see [Create user flows and custom policies in Azure Active Directory B2C](../active-directory-b2c/tutorial-create-user-flows.md?pivots=b2c-us).
 
 1. In the [Azure portal](https://portal.azure.com), access your Azure Active Directory B2C tenant.
 1. Under **Policies**, select **User flows** > **+ New user flow**.
@@ -72,11 +72,11 @@ In this section, create a user flow in your Azure Active Directory B2C tenant co
    * Record the key in a safe location. This secret value is never displayed again after you leave this page.
 1. Switch back to the API Management **Add identity provider** page, and paste the key into the **Client secret** text box.
 1. Switch back to the B2C app registration. In the left menu, under **Manage**, select **Authentication**.
-    * Under **Implicit grant**, select the **Access tokens** check box.
+    * Under **Implicit grant and hybrid flows**, select both the **Access tokens** and **ID tokens** check boxes.
     * Select **Save**.
 1. Switch back in the API Management **Add identity provider** page.
     * In **Signin tenant**, specify the domain name of the Azure Active Directory B2C tenant.
-    * The **Authority** field lets you control the Azure AD B2C login URL to use. Set the value to **<your_b2c_tenant_name>.b2clogin.com**.
+    * The **Authority** field lets you control the Azure Active Directory B2C login URL to use. Set the value to **<your_b2c_tenant_name>.b2clogin.com**.
     * Specify the **Signup Policy** and **Signin Policy** from the B2C tenant policies.
     * Optionally provide the **Profile Editing Policy** and **Password Reset Policy**.
 
@@ -85,12 +85,12 @@ In this section, create a user flow in your Azure Active Directory B2C tenant co
 
 After the changes are saved, developers will be able to create new accounts and sign in to the developer portal by using Azure Active Directory B2C.
 
-## Developer portal - add Azure AD B2C account authentication
+## Developer portal - add Azure Active Directory B2C account authentication
 
 > [!IMPORTANT]
 > You need to [republish the developer portal](api-management-howto-developer-portal-customize.md#publish) when you create or update Azure Active Directory B2C configuration settings for the changes to take effect.
 
-In the developer portal, sign-in with Azure AD B2C is possible with the **Sign-in button: OAuth** widget. The widget is already included on the sign-in page of the default developer portal content.
+In the developer portal, sign-in with Azure Active Directory B2C is possible with the **Sign-in button: OAuth** widget. The widget is already included on the sign-in page of the default developer portal content.
 
 1. To sign in by using Azure Active Directory B2C, open a new browser window and go to the developer portal. Select **Sign in**.
 
@@ -103,30 +103,36 @@ When the signup is complete, you're redirected back to the developer portal. You
 
 :::image type="content" source="media/api-management-howto-aad-b2c/developer-portal-home.png" alt-text="Sign in to developer portal complete":::
 
-Although a new account is automatically created whenever a new user signs in with Azure AD B2C, you may consider adding the same widget to the sign-up page.
+Although a new account is automatically created whenever a new user signs in with Azure Active Directory B2C, you may consider adding the same widget to the signup page.
 
 The **Sign-up form: OAuth** widget represents a form used for signing up with OAuth.
 
-## Legacy developer portal - how to sign up with Azure AD B2C
+## Legacy developer portal - how to sign up with Azure Active Directory B2C
 
 [!INCLUDE [api-management-portal-legacy.md](../../includes/api-management-portal-legacy.md)]
 
-1. To sign up for a developer account by using Azure AD B2C, open a new browser window and go to the legacy developer portal. Click the **Sign up** button.
+> [!NOTE]
+> To properly integrate B2C with the legacy developer portal, use **standard v1** user flows, in combination with enabling [password reset](/active-directory-b2c/user-flow-self-service-password-reset.md) before signing up/signing into a developer account using Azure Active Directory B2C. 
+
+1. Open a new browser window and go to the legacy developer portal. Click the **Sign up** button.
 
     :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal.png" alt-text="Sign up in legacy developer portal":::
+
 1. Choose to sign up with **Azure Active Directory B2C**.
 
     :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal-b2c-button.png" alt-text="Sign up  with Azure Active Directory B2C":::
 
-3. You're redirected to the signup policy that you configured in the previous section. Choose to sign up by using your email address or one of your existing social accounts.
+1. You're redirected to the signup policy you configured in the previous section. Choose to sign up by using your email address or one of your existing social accounts.
 
    > [!NOTE]
-   > If Azure Active Directory B2C is the only option that's enabled on the **Identities** tab in the publisher portal, you'll be redirected to the signup policy directly.
+   > If Azure Active Directory B2C is the only option enabled on the **Identities** tab in the publisher portal, you'll be redirected to the signup policy directly.
 
    :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal-b2c-options.png" alt-text="Sign up options in legacy developer portal":::
 
    When the signup is complete, you're redirected back to the developer portal. You're now signed in to the developer portal for your API Management service instance.
 
+
+
 ## Next steps
 
 *  [Azure Active Directory B2C overview]

articles/azure-monitor/app/snapshot-collector-release-notes.md

@@ -17,7 +17,7 @@ For bug reports and feedback, open an issue on GitHub at https://github.com/micr
 
 ## Release notes
 
-## [1.4.2](https://www.nuget.org/packages/Microsoft.ApplicationInsights.SnapshotCollector/1.4.1)
+## [1.4.2](https://www.nuget.org/packages/Microsoft.ApplicationInsights.SnapshotCollector/1.4.2)
 A point release to address a user-reported bug.
 ### Bug fixes
 - Fix [ArgumentException: Delegates must be of the same type.](https://github.com/microsoft/ApplicationInsights-SnapshotCollector/issues/16)

articles/azure-netapp-files/enable-continuous-availability-existing-SMB.md

@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: how-to
-ms.date: 08/18/2021
+ms.date: 09/28/2021
 ms.author: b-juche
 ---
 # Enable Continuous Availability on existing SMB volumes
@@ -33,7 +33,7 @@ You can enable the SMB Continuous Availability (CA) feature when you [create a n
 3. On the Edit window that appears, select the **Enable Continuous Availability** checkbox.   
     ![Snapshot that shows the Enable Continuous Availability option.](../media/azure-netapp-files/enable-continuous-availability.png)
 
-4. Reboot the server.   
+4. Reboot the Windows systems connecting to the existing SMB share.   
 
     > [!NOTE]
     > Selecting the **Enable Continuous Availability** option alone does not automatically make the existing SMB sessions continuously available. After selecting the option, be sure to reboot the server for the change to take effect.  
@@ -50,4 +50,4 @@ You can enable the SMB Continuous Availability (CA) feature when you [create a n
 
 ## Next steps  
 
-* [Create an SMB volume for Azure NetApp Files](azure-netapp-files-create-volumes-smb.md)
+* [Create an SMB volume for Azure NetApp Files](azure-netapp-files-create-volumes-smb.md)

articles/azure-resource-manager/management/delete-resource-group.md

@@ -2,7 +2,7 @@
 title: Delete resource group and resources
 description: Describes how to delete resource groups and resources. It describes how Azure Resource Manager orders the deletion of resources when a deleting a resource group. It describes the response codes and how Resource Manager handles them to determine if the deletion succeeded. 
 ms.topic: conceptual
-ms.date: 03/18/2021
+ms.date: 09/28/2021
 ms.custom: seodec18, devx-track-azurepowershell
 ---
 
@@ -114,13 +114,13 @@ az resource delete \
 
 ---
 
-## Required access
+## Required access and deletion failures
 
 To delete a resource group, you need access to the delete action for the **Microsoft.Resources/subscriptions/resourceGroups** resource. You also need delete for all resources in the resource group.
 
 For a list of operations, see [Azure resource provider operations](../../role-based-access-control/resource-provider-operations.md). For a list of built-in roles, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md).
 
-If you have the required access, but the delete request fails, it may be because there's a [lock](lock-resources.md) on the resource group.
+If you have the required access, but the delete request fails, it may be because there's a [lock on the resources or resource group](lock-resources.md). Even if you didn't manually lock a resource group, it may have been [automatically locked by a related service](lock-resources.md#managed-applications-and-locks). Or, the deletion can fail if the resources are connected to resources in other resource groups that aren't being deleted. For example, you can't delete a virtual network with subnets that are still in use by a virtual machine.
 
 ## Next steps
 

articles/azure-sql/managed-instance/resource-limits.md

@@ -10,8 +10,8 @@ ms.devlang:
 ms.topic: reference
 author: vladai78
 ms.author: vladiv 
-ms.reviewer: mathoma, jovanpop, sachinp
-ms.date: 09/14/2020
+ms.reviewer: mathoma, vladiv, sachinp
+ms.date: 09/28/2021
 ---
 # Overview of Azure SQL Managed Instance resource limits
 [!INCLUDE[appliesto-sqlmi](../includes/appliesto-sqlmi.md)]
@@ -136,13 +136,21 @@ The following table shows the **default regional limits** for supported subscrip
 
 |Subscription type| Max number of SQL Managed Instance subnets | Max number of vCore units* |
 | :---| :--- | :--- |
-|Pay-as-you-go|3|320|
-|CSP |8 (15 in some regions**)|960 (1440 in some regions**)|
-|Pay-as-you-go Dev/Test|3|320|
-|Enterprise Dev/Test|3|320|
-|EA|8 (15 in some regions**)|960 (1440 in some regions**)|
-|Visual Studio Enterprise|2 |64|
-|Visual Studio Professional and MSDN Platforms|2|32|
+|CSP |16 (30 in some regions**)|960 (1440 in some regions**)|
+|EA|16 (30 in some regions**)|960 (1440 in some regions**)|
+|Enterprise Dev/Test|6|320|
+|Pay-as-you-go|6|320|
+|Pay-as-you-go Dev/Test|6|320|
+|Azure Pass|3|64|
+|BizSpark|3|64|
+|BizSpark Plus|3|64|
+|Microsoft Azure Sponsorship|3|64|
+|Microsoft Partner Network|3|64|
+|Visual Studio Enterprise (MPN)|3|64|
+|Visual Studio Enterprise|3|32|
+|Visual Studio Enterprise (BizSpark)|3|32|
+|Visual Studio Professional|3|32|
+|MSDN Platforms|3|32|
 
 \* In planning deployments, please take into consideration that Business Critical (BC) service tier requires four (4) times more vCore capacity than General Purpose (GP) service tier. For example: 1 GP vCore = 1 vCore unit and 1 BC vCore = 4 vCore. To simplify your consumption analysis against the default limits, summarize the vCore units across all subnets in the region where SQL Managed Instance is deployed and compare the results with the instance unit limits for your subscription type. **Max number of vCore units** limit applies to each subscription in a region. There is no limit per individual subnets except that the sum of all vCores deployed across multiple subnets must be lower or equal to **max number of vCore units**.
 

articles/cognitive-services/Anomaly-Detector/whats-new.md

@@ -17,6 +17,7 @@ We've also added links to some user-generated content. Those items will be marke
 
 ### September 2021
 * Anomaly Detector (univariate) available in Jio India West.
+* Multivariate anomaly detection APIs deployed in five more regions: East Asia, West US, Central India, Korea Central, Germany West Central.
 
 ### August 2021
 

articles/event-hubs/.openpublishing.redirection.event-hubs.json

@@ -70,14 +70,24 @@
     "redirect_url": "/azure/event-hubs/monitor-event-hubs-reference#resource-logs",
     "redirect_document_id": false
   },  
+  {
+    "source_path": "event-hubs-dotnet-framework-getstarted-send.md",
+    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-standard-getstarted-send",
+    "redirect_document_id": false
+  },
+  {
+    "source_path": "event-hubs-dotnet-standard-get-started-send-legacy.md",
+    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-standard-getstarted-send",
+    "redirect_document_id": false
+  },    
   {
     "source_path": "event-hubs-dotnet-framework-api-overview.md",
-    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-framework-getstarted-send",
+    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-standard-getstarted-send",
     "redirect_document_id": false
   },
   {
     "source_path": "event-hubs-dotnet-framework-getstarted-receive-eph.md",
-    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-framework-getstarted-send",
+    "redirect_url": "/azure/event-hubs/event-hubs-dotnet-standard-getstarted-send",
     "redirect_document_id": false
   },
   {