Merge pull request #196922 from MicrosoftDocs/main

5/03 AM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -5,6 +5,11 @@
             "redirect_url": "/azure/azure-monitor/app/overview-dashboard",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/essentials/activity-logs-insights.md",
+            "redirect_url": "/azure/azure-monitor/essentials/activity-log",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/application-insights/app-insights-performance-counters.md",
             "redirect_url": "/azure/azure-monitor/app/performance-counters",
@@ -59,6 +64,16 @@
             "source_path_from_root": "/articles/azure-monitor/logs/data-ingestion-from-file.md",
             "redirect_url": "/azure/azure-monitor/agents/data-sources-custom-logs",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-service-manager-script.md",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections.md",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections-scsm.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections.md",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -133,7 +133,8 @@ The Microsoft Azure Management application includes multiple services.
 
 For more information on how to set up a sample policy for Microsoft Azure Management, see [Conditional Access: Require MFA for Azure management](howto-conditional-access-policy-azure-management.md).
 
-For Azure Government, you should target the Azure Government Cloud Management API application.
+>[!NOTE]
+>For Azure Government, you should target the Azure Government Cloud Management API application.
 
 ### Other applications
 

articles/active-directory/conditional-access/concept-conditional-access-users-groups.md

@@ -62,7 +62,7 @@ The following options are available to exclude when creating a Conditional Acces
 - Directory roles
    - Allows administrators to select specific Azure AD directory roles used to determine assignment. For example, organizations may create a more restrictive policy on users assigned the global administrator role.
 - Users and groups
-   - Allows targeting of specific sets of users. For example, organizations can select a group that contains all members of the HR department when an HR app is selected as the cloud app. A group can be any type of group in Azure AD, including dynamic or assigned security and distribution groups.
+   - Allows targeting of specific sets of users. For example, organizations can select a group that contains all members of the HR department when an HR app is selected as the cloud app. A group can be any type of group in Azure AD, including dynamic or assigned security and distribution groups. Policy will be applied to nested users and groups.
 
 ### Preventing administrator lockout
 

articles/active-directory/conditional-access/howto-conditional-access-policy-risk.md

@@ -19,10 +19,12 @@ ms.collection: M365-identity-device-management
 
 Most users have a normal behavior that can be tracked, when they fall outside of this norm it could be risky to allow them to just sign in. You may want to block that user or maybe just ask them to perform multi-factor authentication to prove that they are really who they say they are. 
 
-A sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner. Organizations with Azure AD Premium P2 licenses can create Conditional Access policies incorporating [Azure AD Identity Protection sign-in risk detections](../identity-protection/concept-identity-protection-risks.md#sign-in-risk).
+A sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner. Organizations with Azure AD Premium P2 licenses can create Conditional Access policies incorporating [Azure AD Identity Protection sign-in risk detections](../identity-protection/concept-identity-protection-risks.md#sign-in-risk). 
 
 There are two locations where this policy may be configured, Conditional Access and Identity Protection. Configuration using a Conditional Access policy is the preferred method providing more context including enhanced diagnostic data, report-only mode integration, Graph API support, and the ability to utilize other Conditional Access attributes in the policy.
 
+The Sign-in risk-based policy protects users from registering MFA in risky sessions. For example. If the users are not registered for MFA, their risky sign-ins will get blocked and presented with the AADSTS53004 error.
+
 ## Template deployment
 
 Organizations can choose to deploy this policy using the steps outlined below or using the [Conditional Access templates (Preview)](concept-conditional-access-policy-common.md#conditional-access-templates-preview). 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -286,7 +286,7 @@ The AADLoginForWindows extension must install successfully in order for the VM t
 1. The Device State can be viewed by running `dsregcmd /status`. The goal is for Device State to show as `AzureAdJoined : YES`.
 
    > [!NOTE]
-   > Azure AD join activity is captured in Event viewer under the `User Device Registration\Admin` log.
+   > Azure AD join activity is captured in Event viewer under the `User Device Registration\Admin` log at `Event Viewer (local)\Applications` and `Services Logs\Windows\Microsoft\User Device Registration\Admin`.
 
 If the AADLoginForWindows extension fails with certain error code, you can perform the following steps:
 

articles/active-directory/external-identities/b2b-direct-connect-overview.md

@@ -66,7 +66,7 @@ Then Contoso adds the Fabrikam organization and configures the following **Organ
 - Allow all Contoso users and groups to have outbound access to Fabrikam using B2B direct connect.
 - Allow Contoso B2B direct connect users to have outbound access to all Fabrikam applications.
 
-For this scenario to work, Fabrikam also needs to allow B2B direct connect with Contoso by configuring these same cross-tenant access settings for Contoso and for their own users and applications. Contoso users who manage Teams shared channels in your organizations will be able to add Fabrikam users by searching for their full Fabrikam email addresses.
+For this scenario to work, Fabrikam also needs to allow B2B direct connect with Contoso by configuring these same cross-tenant access settings for Contoso and for their own users and applications. When configuration is complete, Contoso users who manage Teams shared channels will be able to add Fabrikam users by searching for their full Fabrikam email addresses.
 
 ### Example 2: Enable B2B direct connect with Fabrikam's Marketing group only
 
@@ -77,7 +77,7 @@ Starting from the example above, Contoso could also choose to allow only the Fab
 - Allow all Contoso users and groups to have outbound access to Fabrikam using B2B direct connect.
 - Allow Contoso B2B direct connect users to have outbound access to all Fabrikam applications.
 
-Fabrikam will also need to configure their outbound cross-tenant access settings so that their Marketing group is allowed to collaborate with Contoso through B2B direct connect. Contoso users who manage Teams shared channels in your organizations will be able to add only Fabrikam Marketing group users by searching for their full Fabrikam email addresses.
+Fabrikam will also need to configure their outbound cross-tenant access settings so that their Marketing group is allowed to collaborate with Contoso through B2B direct connect. When configuration is complete, Contoso users who manage Teams shared channels will be able to add only Fabrikam Marketing group users by searching for their full Fabrikam email addresses.
 
 ## Authentication
 

articles/active-directory/verifiable-credentials/get-started-request-api.md

@@ -8,7 +8,7 @@ manager: karenhoran
 ms.service: active-directory
 ms.topic: how-to
 ms.subservice: verifiable-credentials
-ms.date: 10/08/2021
+ms.date: 05/03/2022
 ms.author: barclayn
 
 #Customer intent: As an administrator, I am trying to learn how to use the Request Service API and integrate it into my business application.

articles/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer.md

@@ -7,7 +7,7 @@ author: barclayn
 manager: karenhoran
 ms.author: barclayn
 ms.topic: tutorial
-ms.date: 10/08/2021
+ms.date: 05/03/2022
 # Customer intent: As an enterprise, we want to enable customers to manage information about themselves by using verifiable credentials.
 
 ---
@@ -206,7 +206,7 @@ Now that you have a new credential, you're going to gather some information abou
 The sample application is available in .NET, and the code is maintained in a GitHub repository. Download the sample code from [GitHub](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet), or clone the repository to your local machine:
 
 
-```bash
+```
 git clone https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet.git
 ```
 
@@ -277,15 +277,15 @@ The following JSON demonstrates a complete *appsettings.json* file:
 
 Now you're ready to issue your first verified credential expert card by running the sample application.
 
-1. From Visual Studio Code, run the *Verifiable_credentials_DotNet* project. Or, from the command shell, run the following commands:
+1. From Visual Studio Code, run the *Verifiable_credentials_DotNet* project. Or, from your operating system's command line, run:
 
-    ```bash
+    ```
     cd active-directory-verifiable-credentials-dotnet/1-asp-net-core-api-idtokenhint  dotnet build "AspNetCoreVerifiableCredentials.csproj" -c Debug -o .\\bin\\Debug\\netcoreapp3.  dotnet run
     ```
 
-1. In another terminal, run the following command. This command runs [ngrok](https://ngrok.com/) to set up a URL on 3000, and make it publicly available on the internet.
+1. In another command prompt window, run the following command. This command runs [ngrok](https://ngrok.com/) to set up a URL on 5000, and make it publicly available on the internet.
 
-    ```bash
+    ```
     ngrok http 5000
     ```
 

articles/aks/azure-ad-rbac.md

@@ -10,7 +10,7 @@ ms.date: 03/17/2021
 
 # Control access to cluster resources using Kubernetes role-based access control and Azure Active Directory identities in Azure Kubernetes Service
 
-Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) for user authentication. In this configuration, you sign in to an AKS cluster using an Azure AD authentication token. Once authenticated, you can use the built-in Kubernetes role-based access control (Kubernetes RBAC) to manage access to namespaces and cluster resources based a user's identity or group membership.
+Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) for user authentication. In this configuration, you sign in to an AKS cluster using an Azure AD authentication token. Once authenticated, you can use the built-in Kubernetes role-based access control (Kubernetes RBAC) to manage access to namespaces and cluster resources based on a user's identity or group membership.
 
 This article shows you how to control access using Kubernetes RBAC in an AKS cluster based on Azure AD group membership. Example groups and users are created in Azure AD, then Roles and RoleBindings are created in the AKS cluster to grant the appropriate permissions to create and view resources.
 

articles/api-management/api-management-policies.md

@@ -67,7 +67,7 @@ More information about policies:
 -  [Send message to Pub/Sub topic](api-management-dapr-policies.md#pubsub) - uses Dapr runtime to publish a message to a Publish/Subscribe topic.
 -  [Trigger output binding](api-management-dapr-policies.md#bind) - uses Dapr runtime to invoke an external system via output binding.
 
-## [Graph QL validation policy](graphql-validation-policies.md)
+## [GraphQL validation policy](graphql-validation-policies.md)
 - [Validate GraphQL request](graphql-validation-policies.md#validate-graphql-request) - Validates and authorizes a request to a GraphQL API.
 
 ##  [Transformation policies](api-management-transformation-policies.md)
@@ -94,4 +94,4 @@ For more information about working with policies, see:
 
 + [Tutorial: Transform and protect your API](transform-api.md)
 + [Set or edit policies](set-edit-policies.md)
-+ [Policy samples](./policies/index.md)	
++ [Policy samples](./policies/index.md)