Merge pull request #288350 from MicrosoftDocs/main

10/14/2024 AM Publish

Author: Taojunshen

articles/active-directory-b2c/secure-rest-api.md

@@ -6,7 +6,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 10/14/2024
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -276,7 +276,10 @@ A claim provides temporary storage of data during an Azure AD B2C policy executi
 
 ### Acquiring an access token 
 
-You can obtain an access token in one of several ways, for the [from a federated identity provider](idp-pass-through-user-flow.md), by calling a REST API that returns an access token, by using an [ROPC flow](../active-directory/develop/v2-oauth-ropc.md), or by using the [client credentials flow](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md). The client credentials flow is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user.
+You can obtain an access token in one of several ways, for the [from a federated identity provider](idp-pass-through-user-flow.md), by calling a REST API that returns an access token, by using an [ROPC flow](/entra/identity-platform/v2-oauth-ropc), or by using the [client credentials flow](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md). The client credentials flow is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user.
+
+> [!WARNING]
+> Microsoft recommends you do *not* use the ROPC flow. This flow requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows aren't viable.
 
 <a name='acquiring-an-azure-ad-access-token-'></a>
 
@@ -577,12 +580,12 @@ The following XML snippet is an example of a RESTful technical profile configure
 ```
 ::: zone-end
 
-## Next steps
+## Related content
 
 ::: zone pivot="b2c-user-flow"
 - Get started with our [samples](api-connector-samples.md#api-connector-rest-api-samples).
 ::: zone-end
 
 ::: zone pivot="b2c-custom-policy"
 - Learn more about the [Restful technical profile](restful-technical-profile.md) element in the custom policy reference.
-::: zone-end
+::: zone-end

articles/api-management/validate-jwt-policy.md

@@ -85,7 +85,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
 | Element             | Description                                                                                                                                                                                                                                                                                                                                           | Required |
 | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
 | openid-config       |Add one or more of these elements to specify a compliant OpenID configuration endpoint URL from which signing keys and issuer can be obtained.<br/><br/>Configuration including the JSON Web Key Set (JWKS) is pulled from the endpoint every 1 hour and cached. If the token being validated references a validation key (using `kid` claim) that is missing in cached configuration, or if retrieval fails, API Management pulls from the endpoint at most once per 5 min. These intervals are subject to change without notice.                                                                                                                                              <br/><br/>The response should be according to specs as defined at URL: `https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata`. <br/><br/>For Microsoft Entra ID use the OpenID Connect [metadata endpoint](../active-directory/develop/v2-protocols-oidc.md#find-your-apps-openid-configuration-document-uri) configured in your app registration such as:<br/>- v2 `https://login.microsoftonline.com/{tenant-name}/v2.0/.well-known/openid-configuration`<br/>- v2 Multi-Tenant ` https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration`<br/>- v1 `https://login.microsoftonline.com/{tenant-name}/.well-known/openid-configuration` <br/>- Customer tenant (preview) `https://{tenant-name}.ciamlogin.com/{tenant-id}/v2.0/.well-known/openid-configuration` <br/><br/> Substituting your directory tenant name or ID, for example `contoso.onmicrosoft.com`, for `{tenant-name}`.                                                                                                                                                                                            | No       |
-| issuer-signing-keys | A list of Base64-encoded security keys, in [`key`](#key-attributes) subelements, used to validate signed tokens. If multiple security keys are present, then each key is tried until either all are exhausted (in which case validation fails) or one succeeds (useful for token rollover). <br/><br/>Optionally specify a key by using the `id` attribute to match a `kid` claim. To validate a token signed with an asymmetric key, optionally specify the public key using a `certificate-id` attribute with value set to the identifier of a certificate uploaded to API Management, or the RSA modulus `n` and exponent `e` pair of the signing key in Base64url-encoded format.               | No       |
+| issuer-signing-keys | A list of Base64-encoded security keys, in [`key`](#key-attributes) subelements, used to validate signed tokens. If multiple security keys are present, then each key is tried until either all are exhausted (in which case validation fails) or one succeeds (useful for token rollover). <br/><br/>Optionally, specify a key by using the `id` attribute to match the token's `kid` claim. To validate a token signed with an asymmetric key, optionally specify the public key using a `certificate-id` attribute with value set to the identifier of a certificate uploaded to API Management, or the RSA modulus `n` and exponent `e` pair of the signing key in Base64url-encoded format.               | No       |
 | decryption-keys     | A list of Base64-encoded keys, in [`key`](#key-attributes) subelements, used to decrypt the tokens. If multiple security keys are present, then each key is tried until either all keys are exhausted (in which case validation fails) or a key succeeds.<br/><br/> To decrypt a token encrypted with an asymmetric key, optionally specify the public key using a `certificate-id` attribute with value set to the identifier of a certificate uploaded to API Management.         | No       |
 | audiences           | A list of acceptable audience claims, in `audience` subelements, that can be present on the token. If multiple audience values are present, then each value is tried until either all are exhausted (in which case validation fails) or until one succeeds. At least one audience must be specified.                                                                     | No       |
 | issuers             | A list of acceptable principals, in `issuer` subelements, that issued the token. If multiple issuer values are present, then each value is tried until either all are exhausted (in which case validation fails) or until one succeeds.                                                                                                                                         | No       |
@@ -94,7 +94,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
 ### key attributes
 | Attribute                            | Description                                                                                                                                                                                                                                                                                                                                                                                                                                            | Required                                                                         | Default                                                                           |
 | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
-| id  | (Issuer signing key only) String. Identifier used to match `kid` claim presented in JWT.  | No | N/A |
+| id  | (Issuer signing key only) String. Identifier used to match `kid` claim presented in JWT. If no keys match the claim, API Management will attempt each specified key. [Learn more about the `kid` claim in the RFC](https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4). | No | N/A |
 | certificate-id  | Identifier of a certificate entity [uploaded](/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-certificate-entity#Add) to API Management, used to specify the public key to verify a token signed with an asymmetric key.   | No | N/A |
 | n | (Issuer signing key only) Modulus of the public key used to verify the issuer of a token signed with an asymmetric key. Must be specified with the value of the exponent `e`. Policy expressions aren't allowed. | No | N/A|
 | e | (Issuer signing key only) Exponent of the public key used to verify the issuer of a token signed with an asymmetric key. Must be specified with the value of the modulus `n`. Policy expressions aren't allowed. | No | N/A|

articles/azure-maps/routing-coverage.md

@@ -399,11 +399,11 @@ The Azure Maps Routing service (preview) contains different levels of geographic
 | Bulgaria                               | Good                | ✓                     | ✓                 | ✓                         |
 | Burkina Faso                           | Fair                |                       | ✓                 |                            |
 | Burundi                                | Good                |                       | ✓                 |                            |
+| Cabo Verde                             | Good                |                       | ✓                 |                            |
 | Cambodia                               | Good                |                       | ✓                 |                            |
 | Cameroon                               | Fair                |                       | ✓                 |                            |
 | Canada                                 | Good                | ✓                     | ✓                 | ✓                         |
-| Cape Verde                             | Good                |                       | ✓                 |                            |
-| Caribbean Netherlands                  |                     |                       | ✓                 |                            |
+| Cape Verde                             |                     |                       | ✓                 |                            |
 | Cayman Islands                         | Good                |                       | ✓                 |                            |
 | Central African Republic               | Major Roads Only    |                       | ✓                 |                            |
 | Chad                                   | Major Roads Only    |                       | ✓                 |                            |
@@ -547,12 +547,12 @@ The Azure Maps Routing service (preview) contains different levels of geographic
 | Russia                                 | Good                | ✓                     | ✓                 | ✓                         |
 | Rwanda                                 | Good                |                       | ✓                 |                            |
 | Saba                                   | Good                |                       |                   |                            |
-| Saint Barthélemy                       | Good                |                       |                   |                            |
+| Saint Barthélemy                       | Good                |                       | ✓                 |                            |
 | Saint Kitts & Nevis                    | Good                |                       |                   |                            |
-| Saint Lucia                            | Good                |                       |                   |                            |
-| Saint Martin                           | Good                |                       |                   |                            |
-| Saint Pierre & Miquelon                | Good                |                       |                   |                            |
-| Saint Vincent & the Grenadines         | Good                |                       |                   |                            |
+| Saint Lucia                            | Good                |                       | ✓                 |                            |
+| Saint Martin                           | Good                |                       | ✓                 |                            |
+| Saint Pierre & Miquelon                | Good                |                       | ✓                 |                            |
+| Saint Vincent & the Grenadines         | Good                |                       | ✓                 |                            |
 | Samoa                                  | Major Roads Only    |                       | ✓                 |                            |
 | San Marino                             | Good                | ✓                     | ✓                 | ✓                         |
 | São Tomé & Príncipe                    | Major Roads Only    |                       | ✓                 |                            |
@@ -573,13 +573,7 @@ The Azure Maps Routing service (preview) contains different levels of geographic
 | South Sudan                            | Major Roads Only    |                       | ✓                 |                            |
 | Spain                                  | Good                | ✓                     | ✓                 | ✓                         |
 | Sri Lanka                              | Major Roads Only    |                       | ✓                 |                            |
-| St. Barthélemy                         |                     |                       | ✓                 |                            |
 | St Helena, Ascension, Tristan da Cunha | Major Roads Only    |                       | ✓                 |                            |
-| St. Kitts & Nevis                      |                     |                       | ✓                 |                            |
-| St. Lucia                              |                     |                       | ✓                 |                            |
-| St. Martin                             |                     |                       | ✓                 |                            |
-| St. Pierre & Miquelon                  |                     |                       | ✓                 |                            |
-| St. Vincent & Grenadines               |                     |                       | ✓                 |                            |
 | Sudan                                  | Major Roads Only    |                       | ✓                 |                            |
 | Suriname                               | Good                |                       | ✓                 |                            |
 | Svalbard                               | Good                |                       |                   |                            |
@@ -596,7 +590,7 @@ The Azure Maps Routing service (preview) contains different levels of geographic
 | Tonga                                  | Major Roads Only    |                       | ✓                 |                            |
 | Trinidad & Tobago                      | Good                |                       | ✓                 |                            |
 | Tunisia                                | Good                |                       | ✓                 |                            |
-| Turkey                                 | Good                | ✓                     | ✓                 | ✓                         |
+| Türkiye                                | Good                | ✓                     | ✓                 | ✓                         |
 | Turkmenistan                           | Major Roads Only    |                       | ✓                 |                            |
 | Turks & Caicos Islands                 | Good                |                       | ✓                 |                            |
 | Tuvalu                                 | Major Roads Only    |                       | ✓                 |                            |

articles/azure-resource-manager/bicep/diagnostics/bcp007.md

@@ -1,32 +1,36 @@
 ---
 title: BCP007
-description: Error - This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.
+description: This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.
 ms.topic: reference
 ms.custom: devx-track-bicep
 ms.date: 08/23/2024
 ---
 
-# Bicep error code - BCP007
+# Bicep diagnostic code - BCP007
 
-This error occurs when the declaration type isn't recognized. For a list of declaration types, see [Understand the structure and syntax of Bicep files](../file.md).
+This diagnostic occurs when the declaration type isn't recognized. For a list of declaration types, see [Understand the structure and syntax of Bicep files](../file.md).
 
-## Error description
+## Description
 
-`This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.`
+This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.
+
+## Level
+
+Error
 
 ## Solution
 
 Use the correct declaration type. For more information, see [Bicep file](../file.md).
 
 ## Examples
 
-The following example raises the error because `parameter` isn't a correct declaration type:
+The following example raises the diagnostic because `parameter` isn't a correct declaration type:
 
 ```bicep
 parameter name string 
 ```
 
-You can fix the error by using the correct declaration type, `param`.  
+You can fix the diagnostic by using the correct declaration type, `param`.  
 
 ```bicep
 param name string 
@@ -36,4 +40,4 @@ For more information, see [Parameters](../parameters.md).
 
 ## Next steps
 
-For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).
+For more information about Bicep diagnostics, see [Bicep core diagnostics](../bicep-core-diagnostics.md).