Merge pull request #243081 from MicrosoftDocs/main

Publish to Live Tuesday 4AM PST, 06/27

Author: PMEds28

.openpublishing.redirection.json

@@ -14038,6 +14038,56 @@
             "redirect_url": "/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-linux-cli-sample-zone-redundant-frontend.md",
+            "redirect_url": "/azure/load-balancer/tutorial-multi-availability-sets-portal",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-linux-cli-load-balance-multiple-websites-vm.md",
+            "redirect_url": "/azure/load-balancer/load-balancer-multiple-ip",
+            "redirect_document_id": false 
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-linux-cli-sample-nlb.md",
+            "redirect_url": "/azure/load-balancer/tutorial-multi-availability-sets-portal",
+            "redirect_document_id": false 
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-linux-cli-sample-zonal-frontend.md",
+            "redirect_url": "/azure/load-balancer/tutorial-load-balancer-standard-public-zonal-portal",
+            "redirect_document_id": false 
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-windows-powershell-sample-nlb.md",
+            "redirect_url": "/azure/load-balancer/tutorial-multi-availability-sets-portal",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/scripts/load-balancer-windows-powershell-load-balance-multiple-websites-vm.md",
+            "redirect_url": "/azure/load-balancer/load-balancer-multiple-ip",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/cli-samples.md",
+            "redirect_url": "/azure/load-balancer/quickstart-load-balancer-standard-public-cli",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/powershell-samples.md",
+            "redirect_url": "/azure/load-balancer/quickstart-load-balancer-standard-public-powershell",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer/python-samples.md",
+            "redirect_url": "/samples/azure-samples/azure-samples-python-management/network-python-manage-loadbalancer/",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/load-balancer-windows-powershell-load-balance-multiple-websites-vm.md",
+            "redirect_url": "/azure/load-balancer/load-balancer-multiple-ip-powershell",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/dms/tutorial-sql-server-azure-sql-online.md",
             "redirect_url": "/azure/dms/tutorial-sql-server-to-azure-sql",

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 06/01/2023
+ms.date: 06/21/2023
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/authentication/concept-authentication-default-enablement.md

@@ -57,7 +57,7 @@ The following table lists each setting that can be set to Microsoft managed and
 | [Location in Microsoft Authenticator notifications](how-to-mfa-additional-context.md)           | Disabled      |
 | [Application name in Microsoft Authenticator notifications](how-to-mfa-additional-context.md)   | Disabled      |
 | [System-preferred MFA](concept-system-preferred-multifactor-authentication.md)                  | Disabled      |
-| [Authenticator Lite](how-to-mfa-authenticator-lite.md)                                          | Disabled      |  
+| [Authenticator Lite](how-to-mfa-authenticator-lite.md)                                          | Enabled       |  
 
 As threat vectors change, Azure AD may announce default protection for a **Microsoft managed** setting in [release notes](../fundamentals/whats-new.md) and on commonly read forums like [Tech Community](https://techcommunity.microsoft.com/). For example, see our blog post [It's Time to Hang Up on Phone Transports for Authentication](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752) for more information about the need to move away from using SMS and voice calls, which led to default enablement for the registration campaign to help users to set up Authenticator for modern authentication.
 

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -231,7 +231,7 @@ We recommend that you don't sync your on-prem Active Directory admin accounts wi
 
 ### Environments with multiple identity management systems
 
-Some environments have multiple identity management systems. On-premises identity managers like Oracle AM and SiteMinder, require synchronization with AD for passwords. You can do this using a tool like the Password Change Notification Service (PCNS) with Microsoft Identity Manager (MIM). To find information on this more complex scenario, see the article [Deploy the MIM Password Change Notification Service on a domain controller](/microsoft-identity-manager/deploying-mim-password-change-notification-service-on-domain-controller).
+Some environments have multiple identity management systems. On-premises identity managers like Oracle IAM and SiteMinder, require synchronization with AD for passwords. You can do this using a tool like the Password Change Notification Service (PCNS) with Microsoft Identity Manager (MIM). To find information on this more complex scenario, see the article [Deploy the MIM Password Change Notification Service on a domain controller](/microsoft-identity-manager/deploying-mim-password-change-notification-service-on-domain-controller).
 
 ## Plan Testing and Support
 

articles/active-directory/develop/migrate-off-email-claim-authorization.md

@@ -43,7 +43,7 @@ This risk of unauthorized access has only been found in multi-tenant apps, as a
 
 To secure applications from mistakes with unverified email addresses, all new multi-tenant applications are automatically opted-in to a new default behavior that removes email addresses with unverified domain owners from tokens as of June 2023. This behavior is not enabled for single-tenant applications and multi-tenant applications with previous sign-in activity with domain-owner unverified email addresses. 
 
-Depending on your scenario, you may determine that your application's tokens should continue receiving unverified emails. While not recommended for most applications, you may disable the default behavior by setting the `removeUnverifiedEmailClaim` property in the [Authentication Behaviors Microsoft Graph API](/graph/api/resources/authenticationbehaviors).
+Depending on your scenario, you may determine that your application's tokens should continue receiving unverified emails. While not recommended for most applications, you may disable the default behavior by setting the `removeUnverifiedEmailClaim` property in the [authenticationBehaviors object of the applications API in Microsoft Graph](/graph/applications-authenticationbehaviors).
 
 By setting `removeUnverifiedEmailClaim` to `false`, your application will receive `email` claims that are potentially unverified and subject users to account takeover risk. If you're disabling this behavior in order to not break user login flows, it's highly recommended to migrate to a uniquely identifying token claim mapping as soon as possible, as described in the guidance below. 
 
@@ -125,4 +125,4 @@ If your application uses `email` (or any other mutable claim) for authorization
 ## Next steps
 
 - To learn more about using claims-based authorization securely, see [Secure applications and APIs by validating claims](claims-validation.md)
-- For more information about optional claims, see the [optional claims reference](./optional-claims-reference.md)
+- For more information about optional claims, see the [optional claims reference](./optional-claims-reference.md)

articles/active-directory/develop/msal-python-token-cache-serialization.md

@@ -1,6 +1,6 @@
 ---
 title: Custom token cache serialization (MSAL Python)
-description: Learn how to serializing the token cache for MSAL for Python
+description: Learn how to serialize token cache using MSAL for Python
 services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 11/13/2019
+ms.date: 06/26/2023
 ms.author: henrymbugua
 ms.reviewer: nacanuma, rayluo
 ms.custom: aaddev, devx-track-python
@@ -18,15 +18,15 @@ ms.custom: aaddev, devx-track-python
 
 # Custom token cache serialization in MSAL for Python
 
-In MSAL Python, an in-memory token cache that persists for the duration of the app session, is provided by default when you create an instance of [ClientApplication](https://msal-python.readthedocs.io/en/latest/#confidentialclientapplication).
+In Microsoft Authentication Library (MSAL) for Python, an in-memory token cache that persists for the duration of the app session, is provided by default when you create an instance of [ClientApplication](/python/api/msal/msal.application.confidentialclientapplication).
 
-Serialization of the token cache, so that different sessions of your app can access it, is not provided "out of the box." That's because MSAL Python can be used in app types that don't have access to the file system--such as Web apps. To have a persistent token cache in a MSAL Python app, you must provide custom token cache serialization.
+Serialization of the token cache, so that different sessions of your app can access it, isn't provided "out of the box." MSAL for Python can be used in app types that don't have access to the file system--such as Web apps. To have a persistent token cache in an app that uses MSAL for Python, you must provide custom token cache serialization.
 
-The strategies for serializing the token cache differ depending on whether you are writing a public client application (Desktop), or a confidential client application (web app, web API, or daemon app).
+The strategies for serializing the token cache differ depending on whether you're writing a public client application (Desktop), or a confidential client application (web app, web API, or daemon app).
 
 ## Token cache for a public client application
 
-Public client applications run on a user's device and manage tokens for a single user. In this case, you could serialize the entire cache into a file. Remember to provide file locking if your app, or another app, can access the cache concurrently. For a simple example of how to serialize a token cache to a file without locking, see the example in the [SerializableTokenCache](https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache) class reference documentation.
+Public client applications run on a user's device and manage tokens for a single user. In this case, you could serialize the entire cache into a file. Remember to provide file locking if your app, or another app, can access the cache concurrently. For a simple example of how to serialize a token cache to a file without locking, see the example in the [SerializableTokenCache](/python/api/msal/msal.token_cache.serializabletokencache) class reference documentation.
 
 ## Token cache for a Web app (confidential client application)