Merge pull request #239714 from MicrosoftDocs/main

5/30 PM Publish

Author: huypub

.openpublishing.publish.config.json

@@ -1007,7 +1007,7 @@
     {
       "path_to_root": "azure-actions-workflow-samples",
       "url": "https://github.com/Azure/actions-workflow-samples",
-      "branch": "main",
+      "branch": "master",
       "branch_mapping": {}
     }  
   ],

.openpublishing.redirection.json

@@ -22861,12 +22861,12 @@
         },
         {
             "source_path_from_root": "/articles/networking/scripts/virtual-network-cli-sample-multi-tier-application.md",
-            "redirect_url": "/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
+            "redirect_url": "/azure/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/networking/scripts/virtual-network-powershell-sample-multi-tier-application.md",
-            "redirect_url": "/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
+            "redirect_url": "/azure/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
             "redirect_document_id": false
         },
         {
@@ -22886,7 +22886,7 @@
         },
         {
             "source_path_from_root": "/articles/virtual-network/scripts/virtual-network-cli-sample-multi-tier-application.md",
-            "redirect_url": "/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
+            "redirect_url": "/azure/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery",
             "redirect_document_id": false
         },
         {

articles/active-directory-b2c/TOC.yml

@@ -89,6 +89,7 @@
         href: azure-ad-b2c-global-identity-proof-of-concept-regional.md
   - name: Azure AD B2C best practices
     href: best-practices.md
+    displayName: cache, caching, plan, planning
   - name: Application types
     href: application-types.md
   - name: Authentication protocols

articles/active-directory-b2c/best-practices.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/29/2022
+ms.date: 05/29/2023
 ms.subservice: B2C
 ---
 
@@ -77,7 +77,8 @@ Manage your Azure AD B2C environment.
 | Use version control for your custom policies | Consider using GitHub, Azure Repos, or another cloud-based version control system for your Azure AD B2C custom policies. |
 | Use the Microsoft Graph API to automate the management of your B2C tenants | Microsoft Graph APIs:<br/>Manage [Identity Experience Framework](/graph/api/resources/trustframeworkpolicy?preserve-view=true&view=graph-rest-beta) (custom policies)<br/>[Keys](/graph/api/resources/trustframeworkkeyset?preserve-view=true&view=graph-rest-beta)<br/>[User Flows](/graph/api/resources/identityuserflow?preserve-view=true&view=graph-rest-beta) |
 | Integrate with Azure DevOps | A [CI/CD pipeline](deploy-custom-policies-devops.md) makes moving code between different environments easy and ensures production readiness always.   |
-| Custom policy deployment | Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to **30 minutes** for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies: <br> - If you're deploying to a development environment, set the `DeploymentMode` attribute to `Development` in your custom policy file's `<TrustFrameworkPolicy>` element. <br> - Deploy your updated policy files to a production environment when traffic in your app is low. <br> - When you deploy to a production environment to update existing policy files, upload the updated files with new name(s), and then update your app reference to the new name(s). You can then remove the old policy files afterwards.<br> - You can set the `DeploymentMode` to `Development` in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you [Collect Azure AD B2C logs with Application Insights](troubleshoot-with-application-insights.md), all claims sent to and from identity providers are collected, which is a security and performance risk. |
+| Deploy custom policy | Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to **30 minutes** for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies: <br> - If you're deploying to a development environment, set the `DeploymentMode` attribute to `Development` in your custom policy file's `<TrustFrameworkPolicy>` element. <br> - Deploy your updated policy files to a production environment when traffic in your app is low. <br> - When you deploy to a production environment to update existing policy files, upload the updated files with new name(s), and then update your app reference to the new name(s). You can then remove the old policy files afterwards.<br> - You can set the `DeploymentMode` to `Development` in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you [Collect Azure AD B2C logs with Application Insights](troubleshoot-with-application-insights.md), all claims sent to and from identity providers are collected, which is a security and performance risk. |
+| Deploy app registration updates | When you modify your application registration in your Azure AD B2C tenant, such as updating the application's redirect URI, expect a delay of up to **2 hours (3600s)** for the changes to take effect in the production environment. We recommend that you modify your application registration in your production environment when traffic in your app is low.|
 | Integrate with Azure Monitor | [Audit log events](view-audit-logs.md) are only retained for seven days. [Integrate with Azure Monitor](azure-monitor.md) to retain the logs for long-term use, or integrate with third-party security information and event management (SIEM) tools to gain insights into your environment. |
 | Setup active alerting and monitoring | [Track user behavior](./analytics-with-application-insights.md) in Azure AD B2C using Application Insights. |
 

articles/active-directory-b2c/customize-ui-with-html.md

@@ -233,7 +233,7 @@ To create a public container in Blob storage, perform the following steps:
 1. Under **Data storage** in the left-hand menu, select **Containers**.
 1. Select **+ Container**.
 1. For **Name**, enter *root*. The name can be a name of your choosing, for example *contoso*, but we use *root* in this example for simplicity.
-1. For **Public access level**, select **Blob**.
+1. For **Public access level**, select **Blob**. By selecting the **Blob** option, you allow an anonymous public read-only access for this container.
 1. Select **Create** to create the container.
 1. Select **root** to open the new container.
 

articles/active-directory/develop/reference-error-codes.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/14/2023
+ms.date: 05/23/2023
 ms.author: ryanwi
 ms.reviewer: ludwignick
 ms.custom: aaddev
@@ -362,6 +362,7 @@ The `error` field has several possible values - review the protocol documentatio
 | AADSTS7000215 | Invalid client secret is provided. Developer error - the app is attempting to sign in without the necessary or correct authentication parameters.|
 | AADSTS7000218 | The request body must contain the following parameter: 'client_assertion' or 'client_secret'. |
 | AADSTS7000222 | InvalidClientSecretExpiredKeysProvided - The provided client secret keys are expired. Visit the Azure portal to create new keys for your app, or consider using certificate credentials for added security: [https://aka.ms/certCreds](./active-directory-certificate-credentials.md) |
+| AADSTS700229 | ForbiddenTokenType- Only app-only tokens may be used as Federated Identity Credentials for AAD issuer.  Use an app-only access token (generated during a client credentials flow) instead of a user-delegated access token (representing a request coming from a user context).  |
 | AADSTS700005 | InvalidGrantRedeemAgainstWrongTenant - Provided Authorization Code is intended to use against other tenant, thus rejected. OAuth2 Authorization Code must be redeemed against same tenant it was acquired for (/common or /{tenant-ID} as appropriate) |
 | AADSTS1000000 | UserNotBoundError - The Bind API requires the Azure AD user to also authenticate with an external IDP, which hasn't happened yet. |
 | AADSTS1000002 | BindCompleteInterruptError - The bind completed successfully, but the user must be informed. |

articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md

@@ -44,6 +44,9 @@ Security defaults make it easier to help protect your organization from these id
 
 If your tenant was created on or after October 22, 2019, security defaults may be enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants at creation. 
 
+> [!NOTE]
+> To help protect organizations, we're always working to improve the security of Microsoft account services. As part of this, free tenants not actively using multifactor authentication for all their users will be periodically notified for the automatic enablement of the security defaults setting. After this setting is enabled, all users in the organization will need to register for multifactor authentication. To avoid confusion, please refer to the email you received and alternatively you can [disable security defaults](#disabling-security-defaults) after it's enabled.
+
 To enable security defaults in your directory:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as a security administrator, Conditional Access administrator, or global administrator.

articles/active-directory/reports-monitoring/reports-faq.yml

@@ -61,7 +61,7 @@ sections:
       - question: |
           How many records I can download from the Azure portal?
         answer: |
-          You can download up to 250,000 records from the Azure portal. To download data sets larger than 250,000 records, use the [reporting API](/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0) to download the data.
+          How many logs you can download from the Azure portal is determined by a few factors, including browser memory size, network speeds, and current load on Azure AD Reporting APIs. In general, you can expect to download up to 250,000 records from the Azure portal. To download data sets larger than 250,000 records, use the [reporting API](/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0) to download the data. The specific set of logs you download is determined by the filters active in the Azure portal when you begin the download (for example, filtering to a specific user in the Azure portal will mean your download pulls logs for that specific user). 
 
       - question: |
           How long does Azure AD store activity logs? What is the data retention?

articles/application-gateway/configuration-frontend-ip.md

@@ -45,6 +45,11 @@ A frontend IP address is associated to a *listener*, which checks for incoming r
 > 
 > **Outbound Rule**: (no specific requirement)
 
+> [!IMPORTANT]
+> **The default domain name behavior for V1 SKU**:
+> - Deployments before 1st May 2023: These deployments will continue to have the default domain names like "string".cloudapp.net mapped to the application gateway's Public IP address.
+> - Deployments after 1st May 2023: For deployments after this date, there will NOT be any default domain name mapped to the gateway's Public IP address. You must manually configure using your domain name by mapping its DNS record to the gateway's IP address
+
 ## Next steps
 
 - [Learn about listener configuration](configuration-listeners.md)

articles/azure-government/compliance/documentation-accelerate-compliance.md

@@ -6,14 +6,14 @@ services: azure-government
 cloud: gov
 documentationcenter: ''
 author: todorgb
-manager: pathuff
+manager: vernonw
 
 ms.assetid: 
 ms.service: azure-government
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: azure-government
-ms.date: 01/05/2021
+ms.date: 05/30/2023
 ms.author: todorb
 
 ---
@@ -58,7 +58,7 @@ Microsoft is able to scale through its partners. Scale is what will allow us to
 
 ## Publishing to Azure Marketplace
 
-1. Join the Partner Network - It’s a requirement for publishing but easy to sign up. Instructions are located here: [Ensure you have a MPN ID and Partner Center Account](../../marketplace/create-account.md#create-a-partner-center-account-and-enroll-in-the-commercial-marketplace).
+1. Join the Partner Network - It’s a requirement for publishing but easy to sign up. Instructions are located here: [Ensure you have a MCPP ID and Partner Center Account](../../marketplace/create-account.md#create-a-partner-center-account-and-enroll-in-the-commercial-marketplace).
 2. Enable your partner center account as Publisher / Developer for Marketplace, follow the instructions [here](../../marketplace/create-account.md).
 3. With an enabled Partner Center Account, publish listing as a SaaS App as instructed [here](../../marketplace/create-new-saas-offer.md).
 
@@ -72,9 +72,9 @@ For a list of existing Azure Marketplace offerings in this space, visit [this pa
  * Free [training on FedRAMP](https://www.fedramp.gov/training/).
  * FedRAMP [templates](https://www.fedramp.gov/templates/) to help you with program requirements.
  * Get familiar with the [FedRAMP Marketplace](https://marketplace.fedramp.gov/#/products).
- * Are you a partner and want to join our program? Fill out the [form](https://aka.ms/partnerazcl).
- * Learn more about [Azure Blueprints](../../governance/blueprints/overview.md) and review [samples](../../governance/blueprints/samples/index.md).
- * To learn how Azure Blueprints help you when using Azure Policy review the [blog post](https://azure.microsoft.com/blog/new-azure-blueprint-simplifies-compliance-with-nist-sp-800-53/).
+ * Learn more about [Azure Compliance Offerings per market and industry](https://learn.microsoft.com/azure/compliance/).
 
 ## Next steps
-Review the documentation above. If you are still facing issues reach out to [Azure Government Partner Inquiries](mailto:[email protected]).
+Review the documentation above. 
+Review the Azure Marketplace [Publishing guide by offer type](https://learn.microsoft.com/partner-center/marketplace/publisher-guide-by-offer-type) for further tips and troubleshooting. 
+If you are still facing issues, open a ticket in Partner Center.