Merge branch 'main' of https://github.com/microsoftdocs/azure-docs-pr into akv-misc

Author: msmbaldwin

.openpublishing.publish.config.json

@@ -986,7 +986,6 @@
     ".openpublishing.redirection.azure-percept.json",
     ".openpublishing.redirection.azure-productivity.json",
     ".openpublishing.redirection.azure-australia.json",
-    ".openpublishing.redirection.aks.json",
     "articles/azure-fluid-relay/.openpublishing.redirection.fluid-relay.json",
     "articles/azure-netapp-files/.openpublishing.redirection.azure-netapp-files.json",
     "articles/azure-relay/.openpublishing.redirection.relay.json",

.openpublishing.redirection.active-directory.json

@@ -10831,11 +10831,6 @@
       "redirect_url": "/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/active-directory/manage-apps/howto-enforce-signed-saml-authentication.md",
-      "redirect_url": "/azure/active-directory/manage-apps/howto-saml-token-encryption",
-      "redirect_document_id": true
-    },
     {
       "source_path": "articles/active-directory/manage-apps/recover-deleted-apps-faq.md",
       "redirect_url": "/azure/active-directory/manage-apps/delete-recover-faq",

.openpublishing.redirection.aks.json

@@ -23123,6 +23123,11 @@
     "redirect_url":  "/azure/storage/files/storage-files-quick-create-use-windows",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/virtual-machines/virtual-machines-windows-sizes.md",
+    "redirect_url":  "/azure/virtual-machines/acu",
+    "redirect_document_id":  true
+},
 {
     "source_path_from_root":  "/articles/storage/storage-file-how-to-create-file-share.md",
     "redirect_url":  "/azure/storage/files/storage-how-to-create-file-share",
@@ -34248,6 +34253,11 @@
     "redirect_url":  "/azure/virtual-machines/windows/connect-winrm",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/azure-arc/servers/data-residency.md",
+    "redirect_url":  "/azure/azure-arc/servers/overview",
+    "redirect_document_id":  false
+},
 {
   "source_path_from_root": "/articles/virtual-machines/linux/copy-files-to-linux-vm-using-scp.md",
   "redirect_url": "/azure/virtual-machines/copy-files-to-vm-using-scp",

.openpublishing.redirection.json

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/29/2022
+ms.date: 09/05/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -181,7 +181,7 @@ Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZn
 Access tokens and ID tokens are short-lived. After they expire, you must refresh them to continue to access resources. When you refresh the access token, Azure AD B2C returns a new token. The refreshed access token will have updated `nbf` (not before), `iat` (issued at), and `exp` (expiration) claim values. All other claim values will be the same as the originally issued access token. 
 
 
-To refresh the toke, submit another POST request to the `/token` endpoint. This time, provide the `refresh_token` instead of the `code`:
+To refresh the token, submit another POST request to the `/token` endpoint. This time, provide the `refresh_token` instead of the `code`:
 
 ```http
 POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1

articles/active-directory-b2c/authorization-code-flow.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 07/09/2020
+ms.date: 09/04/2022
 ms.author: justinha
 
 ---
@@ -34,7 +34,7 @@ To check which service principal is missing and must be recreated, complete the
 
 1. In the Azure portal, select **Azure Active Directory** from the left-hand navigation menu.
 1. Select **Enterprise applications**. Choose *All applications* from the **Application Type** drop-down menu, then select **Apply**.
-1. Search for each of the following application IDs. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
+1. Search for each of the following application IDs. For Azure Global, search for AppId value *2565bd9d-da50-47d4-8b85-4c97f669dc36*. For other Azure clouds, search for AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
 
     | Application ID | Resolution |
     | :--- | :--- |
@@ -45,7 +45,7 @@ To check which service principal is missing and must be recreated, complete the
 
 ### Recreate a missing Service Principal
 
-If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory, use Azure AD PowerShell to complete the following steps. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
+If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory in Azure Global, use Azure AD PowerShell to complete the following steps. For other Azure clouds, use AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
 
 1. If needed, install the Azure AD PowerShell module and import it as follows:
 

articles/active-directory-domain-services/alert-service-principal.md

@@ -196,7 +196,8 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
 * Support HTTPS on your SCIM endpoint.
 * Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
-* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype. 
+* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
+* The header for all the responses should be of content-Type: application/scim+json 
 
 ### Retrieving Resources:
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-proxy
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/21/2021
+ms.date: 09/02/2022
 ms.author: kenwith
 ms.reviewer: ashishj
 ---
@@ -23,7 +23,7 @@ The following diagram shows how Azure AD enables secure remote access to your on
 
 ## Security benefits
 
-Azure AD Application Proxy offers the following security benefits:
+Azure AD Application Proxy offers many security benefits including authenticated access, conditional access, traffic termination, all outbound access, cloud scale analytics and machine learning, and remote access as a service. It is important to note that even with all of the added security provided by Application Proxy, the systems being accessed must continually be updated with the latest patches.
 
 ### Authenticated access 
 

articles/active-directory/app-proxy/application-proxy-security.md

@@ -18,7 +18,7 @@ ms.custom: aaddev
 # Microsoft Enterprise SSO plug-in for Apple devices (preview)
 
 > [!IMPORTANT]
-> This feature [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]
+> This feature is in public preview. This preview is provided without a service-level agreement. For more information, see [Supplemental terms of use for Microsoft Azure public previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 The *Microsoft Enterprise SSO plug-in for Apple devices* provides single sign-on (SSO) for Azure Active Directory (Azure AD) accounts on macOS, iOS, and iPadOS across all applications that support Apple's [enterprise single sign-on](https://developer.apple.com/documentation/authenticationservices) feature. The plug-in provides SSO for even old applications that your business might depend on but that don't yet support the latest identity libraries or protocols. Microsoft worked closely with Apple to develop this plug-in to increase your application's usability while providing the best protection available.
 

articles/active-directory/develop/apple-sso-plugin.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 05/22/2020
+ms.date: 08/26/2022
 ms.author: ryanwi
 ms.reviewer: jmprieur, saeeda, sureshja, ludwignick
 ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
@@ -18,24 +18,28 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
 
 # Authentication vs. authorization
 
-This article defines authentication and authorization. It also briefly covers how you can use the Microsoft identity platform to authenticate and authorize users in your web apps, web APIs, or apps that call protected web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md) or our [Microsoft identity platform videos](identity-videos.md), which cover basic concepts.
+This article defines authentication and authorization. It also briefly covers Multi-Factor Authentication and how you can use the Microsoft identity platform to authenticate and authorize users in your web apps, web APIs, or apps that call protected web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md) or our [Microsoft identity platform videos](identity-videos.md), which cover basic concepts.
 
 ## Authentication
 
-*Authentication* is the process of proving that you are who you say you are. It's sometimes shortened to *AuthN*. The Microsoft identity platform uses the [OpenID Connect](https://openid.net/connect/) protocol for handling authentication.
+*Authentication* is the process of proving that you are who you say you are. This is achieved by verification of the identity of a person or device. It's sometimes shortened to *AuthN*. The Microsoft identity platform uses the [OpenID Connect](https://openid.net/connect/) protocol for handling authentication.
 
 ## Authorization
 
 *Authorization* is the act of granting an authenticated party permission to do something. It specifies what data you're allowed to access and what you can do with that data. Authorization is sometimes shortened to *AuthZ*. The Microsoft identity platform uses the [OAuth 2.0](https://oauth.net/2/) protocol for handling authorization.
 
+## Multifactor authentication
+
+*Multifactor authentication* is the act of providing an additional factor of authentication to an account. This is often used to protect against brute force attacks. It is sometimes shortened to *MFA* or *2FA*. The [Microsoft Authenticator](https://support.microsoft.com/account-billing/set-up-the-microsoft-authenticator-app-as-your-verification-method-33452159-6af9-438f-8f82-63ce94cf3d29) can be used as an app for handling two-factor authentication. For more information, see [multifactor authentication](../authentication/concept-mfa-howitworks.md).
+
 ## Authentication and authorization using the Microsoft identity platform
 
 Creating apps that each maintain their own username and password information incurs a high administrative burden when adding or removing users across multiple apps. Instead, your apps can delegate that responsibility to a centralized identity provider.
 
 Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating authentication and authorization to it enables scenarios such as:
 
 - Conditional Access policies that require a user to be in a specific location.
-- The use of [multi-factor authentication](../authentication/concept-mfa-howitworks.md), which is sometimes called two-factor authentication or 2FA.
+- Multi-Factor Authentication which requires a user to have a specific device.
 - Enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This capability is called *single sign-on (SSO)*.
 
 The Microsoft identity platform simplifies authorization and authentication for application developers by providing identity as a service. It supports industry-standard protocols and open-source libraries for different platforms to help you start coding quickly. It allows developers to build applications that sign in all Microsoft identities, get tokens to call [Microsoft Graph](https://developer.microsoft.com/graph/), access Microsoft APIs, or access other APIs that developers have built.
@@ -55,4 +59,4 @@ Here's a comparison of the protocols that the Microsoft identity platform uses:
 For other topics that cover authentication and authorization basics:
 
 * To learn how access tokens, refresh tokens, and ID tokens are used in authorization and authentication, see [Security tokens](security-tokens.md).
-* To learn about the process of registering your application so it can integrate with the Microsoft identity platform, see [Application model](application-model.md).
+* To learn about the process of registering your application so it can integrate with the Microsoft identity platform, see [Application model](application-model.md).