Merge pull request #289795 from MicrosoftDocs/main

11/4/2024 AM Publish

Author: Taojunshen

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 10/01/2024
+ms.date: 11/04/2024
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: whats-new
@@ -19,6 +19,16 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Microsoft Entra ID](../active-directory/fundamentals/whats-new.md), [Azure AD B2C developer release notes](custom-policy-developer-notes.md) and [What's new in Microsoft Entra External ID](/entra/external-id/whats-new-docs).
 
+## October 2024
+
+### Updated articles
+
+- [Secure APIs used for API connectors in Azure AD B2C](secure-rest-api.md) - ROPC flow updates
+- [Application types that can be used in Active Directory B2C](application-types.md) - Implicit grant flow updates
+- [Configure authentication in a sample single-page application by using Azure AD B2C](configure-authentication-sample-spa-app.md) - Implicit grant flow updates
+- [Single-page application sign-in using the OAuth 2.0 implicit flow in Azure Active Directory B2C](implicit-flow-single-page-application.md) - Implicit grant flow updates
+- [Register a single-page application in Azure Active Directory B2C](tutorial-register-spa.md) - Implicit grant flow updates
+
 ## September 2024
 
 ### Updated articles
@@ -33,9 +43,3 @@ This month, we changed Twitter to X in numerous articles and code samples.
 
 - [Tutorial: Configure Keyless with Azure Active Directory B2C](partner-keyless.md) - Editorial updates
 
-## July 2024
-
-### Updated articles
-
-- [Developer notes for Azure Active Directory B2C](custom-policy-developer-notes.md) - Updated Twitter to X
-- [Custom email verification with SendGrid](custom-email-sendgrid.md) - Updated the localization script

articles/api-management/limit-concurrency-policy.md

@@ -16,6 +16,8 @@ ms.author: danlep
 
 The `limit-concurrency` policy prevents enclosed policies from executing by more than the specified number of requests at any time. When that number is exceeded, new requests will fail immediately with the `429` Too Many Requests status code.
 
+[!INCLUDE [api-management-rate-limit-accuracy](../../includes/api-management-rate-limit-accuracy.md)]
+
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 
 ## Policy statement
@@ -40,6 +42,10 @@ The `limit-concurrency` policy prevents enclosed policies from executing by more
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API, operation
 -  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
 
+### Usage notes
+
+* The maximum number of requests enforced by API Management is lower when multiple capacity units are deployed in a region.
+
 ## Example
 
 The following example demonstrates how to limit number of requests forwarded to a backend based on the value of a context variable.

articles/app-service/configure-vnet-integration-routing.md

@@ -17,7 +17,7 @@ Your app is already integrated using the regional virtual network integration fe
 
 ## Configure application routing
 
-Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the `vnetRouteAllEnabled` site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F33228571-70a4-4fa1-8ca1-26d0aba8d6ef). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
+Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the `vnetRouteAllEnabled` site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff5c0bfb3-acea-47b1-b477-b0edcdf6edc1). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
 
 ### Configure in the Azure portal
 
@@ -75,4 +75,4 @@ az resource update --resource-group <group-name> --name <app-name> --resource-ty
 ## Next steps
 
 - [Enable virtual network integration](./configure-vnet-integration-enable.md)
-- [General networking overview](./networking-features.md)
+- [General networking overview](./networking-features.md)

articles/backup/azure-kubernetes-service-cluster-backup-concept.md

@@ -100,7 +100,7 @@ Also, as part of the backup and restore operations, the following roles are assi
 | Reader                         | Backup vault       | Snapshot resource group | Allows the Backup vault to perform _List_ and _Read_ operations on snapshot resource group. |
 | Contributor                    | AKS cluster        | Snapshot resource group | Allows AKS cluster to store persistent volume snapshots in the resource group.              |
 | Storage Blob Data Contributor    | Extension Identity | Storage account         | Allows Backup Extension to store cluster resource backups in the blob container.            |
-| Data Operator for Managed Disk | Backup vault       | Snapshot Resource Group | Allows Backup Vault service to move incremental snapshot data to the Vault.                  |
+| Data Operator for Managed Disks | Backup vault       | Snapshot Resource Group | Allows Backup Vault service to move incremental snapshot data to the Vault.                  |
 | Disk Snapshot Contributor      | Backup vault       | Snapshot Resource Group | Allows Backup Vault to access Disks snapshots and perform Vaulting operation.                |
 | Storage Blob Data Reader       | Backup vault       | Storage Account         | Allow Backup Vault to access Blob Container with backup data stored to move to Vault.        |
 | Contributor                    | Backup vault       | Staging Resource Group  | Allows Backup Vault to hydrate backups as Disks stored in Vault Tier.                        |

articles/governance/policy/how-to/migrate-from-automanage-best-practices.md

@@ -31,33 +31,19 @@ Automanage designers created an experience for Azure customers to onboard new an
 This functionality is available in Azure Policy as an initiative with various configurable parameters, Azure services, regional availability, compliance states, and remediation actions. Configuration profiles are the main onboarding vehicle for Automanage customers. Just like Azure Policy initiatives, Automanage configuration profiles apply to VMs at the subscription and resource group level. They enable further specification of the zone of
 applicability. The following Automanage feature parities are available in Azure Policy.
 
-### Azure Monitor agent
-
-The Azure Monitor agent collects monitoring data from the guest operating system of Azure and hybrid VMs. The agent delivers the data to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. The Azure Monitor agent replaces all of the Azure Monitor legacy monitoring agents.
+### Azure Monitor Insights and analytics
 
-Deploy this extension by using the following policies:
+[Azure Monitor][13] is a suite of tools designed to enhance the performance, reliability, and quality of your applications. It offers features like application performance management, monitoring alerts, metrics analysis, diagnostic settings, and logs. With Azure Monitor Insights, you can gain valuable insights into your application's behavior, troubleshoot issues, and optimize performance.
 
-- Configure Linux VMs to run the Azure Monitor agent with user-assigned managed-identity-based authentication.
-- Configure Windows machines to associate with a data collection rule or a data collection endpoint.
-- Configure Windows VMs to run the Azure Monitor agent with user-assigned managed-identity-based authentication.
-- Configure Linux machines to associate with a data collection rule or a data collection endpoint.
-- Deploy a dependency agent for Linux VMs with Azure Monitor agent settings.
-- Deploy a dependency agent that you can enable on Windows VMs with Azure Monitor agent settings.
+The Azure Monitor agent collects monitoring data from the guest operating system of Azure and hybrid VMs. The agent delivers the data to Azure Monitor for use by features, insights, and other services, such as Microsoft Sentinel and Microsoft Defender for Cloud. The Azure Monitor agent replaces all of the Azure Monitor legacy monitoring agents like the deprecated Microsoft Monitor Agent. The new Azure Monitor Agent is unsupported in Automanage but can be configured at-scale using Azure Policy. Visit [Azure Monitor Agent Built-In Policy][12] to learn more.
 
 ### Azure Backup
 
-Azure Backup provides independent and isolated backups to guard against unintended destruction of the data on your VMs. Backups are stored in a Recovery Services vault with built-in management of recovery points. To back up Azure VMs, Backup installs an extension on the VM agent running on the machine.
-
-Configure Backup by using the following policies:
-
-- Configure backup on VMs with a specific tag to an existing Recovery Services vault in the same location.
-- Enable Backup for VMs.
-
-To configure Backup time and duration, create a custom Azure policy based on the properties of the Backup policy resource or by a REST API call. For more information, see [Create Recovery Services backup policies by using the REST API][02].
+[Azure Backup][14] provides independent and isolated backups to guard against unintended destruction of the data on your VMs. Backups are stored in a Recovery Services vault with built-in management of recovery points. To back up Azure VMs, Backup installs an extension on the VM agent running on the machine. Visit [Azure Backup Built-In Policy][11] to learn how to configure Backup at scale through Azure Policy. To configure Backup time and duration, create a custom Azure policy based on the properties of the Backup policy resource or by a REST API call. For more information, see [Create Recovery Services backup policies by using the REST API][02].
 
 ### Microsoft Antimalware for Azure
 
-Microsoft Antimalware for Azure Cloud Services and Virtual Machines offers free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. The Azure Guest agent (or the Microsoft Fabric agent) opens the Microsoft Antimalware for Azure extension and applies the antimalware configuration settings that were supplied as input. This step enables the antimalware service with either default or custom configuration settings.
+[Microsoft Antimalware][10] for Azure Cloud Services and Virtual Machines offers free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. The Azure Guest agent (or the Microsoft Fabric agent) opens the Microsoft Antimalware for Azure extension and applies the antimalware configuration settings that were supplied as input. This step enables the antimalware service with either default or custom configuration settings.
 
 Deploy the following Microsoft Antimalware for Azure policies in Azure Policy:
 
@@ -73,26 +59,9 @@ You can create a custom Azure policy based on the properties of the Azure `IaaSA
 
 For more information, see [this webpage][03].
 
-### Azure Monitor Insights and analytics
-
-Azure Monitor Insights is a suite of tools within Azure Monitor designed to enhance the performance, reliability, and quality of your applications. It offers features like application performance management, monitoring alerts, metrics analysis, diagnostic settings, and logs. With Azure Monitor Insights, you can gain valuable insights into your application's behavior, troubleshoot issues, and optimize performance.
-
-The following policies provide the same capabilities as Automanage:
-
-- Assign a built-in user-assigned managed identity to VMs.
-- Configure Linux VMs to run the Azure Monitor agent with user-assigned authentication based on managed identity.
-- Configure Windows VMs to run the Azure Monitor agent with user-assigned authentication based on managed identity.
-- Deploy a dependency agent that you can enable on Windows VMs with Azure Monitor agent settings.
-- Deploy a dependency agent for Linux VMs with Azure Monitor agent settings.
-- Configure Linux machines to associate with a data collection rule or a data collection endpoint.
-- Configure Windows machines to associate with a data collection rule or a data collection endpoint.
-
-To configure all the previous options, deploy the **Enable Azure Monitor for VMs with Azure
-Monitoring Agent (AMA)** policy initiative.
-
 ### Change Tracking and Inventory
 
-Change Tracking and Inventory is a feature within Automation that monitors changes in VMs across Azure, on-premises, and in other cloud environments. It tracks modifications to installed software, files, registry keys, and services on both Windows and Linux systems. Change Tracking and Inventory uses the Log Analytics agent to collect data and then forwards it to Azure Monitor Logs for analysis. It also integrates with Microsoft Defender for Cloud File Integrity Monitoring to enhance security and operational insights.
+[Change Tracking and Inventory][15] is a feature within Automation that monitors changes in VMs across Azure, on-premises, and in other cloud environments. It tracks modifications to installed software, files, registry keys, and services on both Windows and Linux systems. Change Tracking and Inventory uses the Log Analytics agent to collect data and then forwards it to Azure Monitor Logs for analysis. It also integrates with Microsoft Defender for Cloud File Integrity Monitoring to enhance security and operational insights.
 
 Enable change tracking on VMs by using the following policies:
 
@@ -111,42 +80,15 @@ Configure the preceding Azure policies in bulk by using the following Azure Poli
 
 ### Microsoft Defender for Cloud
 
-Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads.
-
-Configure Defender for Cloud in Azure Policy through the following policy initiatives:
-
-- Configure multiple Microsoft Defender for Endpoint integration settings with Defender for Cloud.
-- Download the Microsoft cloud security benchmark.
-- Configure Defender for Cloud plans.
+[Microsoft Defender for Cloud][16] (MDC) provides unified security management and advanced threat protection across hybrid cloud workloads. Visit [Configure Defender for Cloud in Azure Policy][17] to learn more about at-scale compliance and monitoring for MDC.
 
 ### Azure Update Manager
 
-Azure Update Manager is a service included as part of your Azure subscription. Use it to assess your update status across your environment and manage your Windows and Linux server patching from a single pane of glass, both for on-premises and Azure. It provides a unified solution to help you keep your systems up to date. Update Manager oversees update compliance, deploys critical updates, and offers flexible patching options.
-
-Configure Update Manager in Azure Policy through the following policies:
-
-- Configure periodic checking for missing system updates on servers enabled by Azure Arc.
-- Configure machines periodically to check for missing system updates.
-- Schedule recurring updates by using Update Manager.
-- [Preview]: Set prerequisites for scheduling recurring updates on Azure VMs.
-- Configure periodic checking for missing system updates on Azure VMs.
+[Azure Update Manager][19] (AUM) is a service included as part of your Azure subscription. Use it to assess your update status across your environment and manage your Windows and Linux server patching from a single pane of glass, both for on-premises and Azure. It provides a unified solution to help you keep your systems up to date. Update Manager oversees update compliance, deploys critical updates, and offers flexible patching options. Visit [Azure Update Manager Built-In Policy][18] to learn how to configure AUM at scale through Azure Policy.
 
 ### Azure Automation account
 
-Automation is a cloud-based service that provides consistent management across your Azure and non-Azure environments. Use it to automate repetitive tasks, enforce configuration consistency, and manage updates for VMs. By using runbooks and shared assets, you can streamline operations and reduce operational costs.
-
-Configure Automation in Azure Policy through the following policies:
-
-- Use managed identity for Automation accounts.
-- Configure private endpoint connections on Automation accounts.
-- Disable public network access for Automation accounts.
-- Configure Automation accounts with private DNS zones.
-- Use customer-managed keys to encrypt data at rest for Automation accounts.
-- Disable the local authentication method for the Automation account.
-- Encrypt Automation account variables.
-- Configure Automation accounts to disable local authentication.
-- Configure Automation accounts to disable public network access.
-- Enable private endpoint connections on Automation accounts.
+[Azure Automation][21] is a cloud-based service that provides consistent management across your Azure and non-Azure environments. Use it to automate repetitive tasks, enforce configuration consistency, and manage updates for VMs. By using runbooks and shared assets, you can streamline operations and reduce operational costs. Visit [Azure Automation Built-In Policy][20] to learn how to configure AUM at scale through Azure Policy.
 
 ### Boot diagnostics
 
@@ -185,3 +127,15 @@ Now that you have an overview of Azure Policy and some of the key concepts, here
 [07]: ../concepts/definition-structure-basics.md
 [08]: ../assign-policy-portal.md
 [09]: https://azure.microsoft.com/pricing/details/azure-automanage/
+[10]: https://learn.microsoft.com/azure/security/fundamentals/antimalware#antimalware-deployment-scenarios
+[11]: https://learn.microsoft.com/azure/backup/policy-reference
+[12]: https://learn.microsoft.com/azure/azure-monitor/policy-reference
+[13]: https://learn.microsoft.com/azure/azure-monitor/overview
+[14]: https://learn.microsoft.com/azure/backup/backup-overview
+[15]: https://learn.microsoft.com/azure/automation/change-tracking/overview
+[16]: https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction
+[17]: https://learn.microsoft.com/azure/defender-for-cloud/policy-reference
+[18]: https://learn.microsoft.com/azure/update-manager/periodic-assessment-at-scale
+[19]: https://learn.microsoft.com/azure/update-manager/overview
+[20]: https://learn.microsoft.com/azure/automation/policy-reference
+[21]: https://learn.microsoft.com/azure/automation/overview