Syncing with main. Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into work-agent-reformatting

Author: Heidilohr

.openpublishing.redirection.azure-monitor.json

@@ -72,12 +72,12 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/app/correlation.md",
-            "redirect_url": "/previous-versions/azure/azure-monitor/app/distributed-tracing-telemetry-correlation",
+            "redirect_url": "/azure/azure-monitor/app/distributed-tracing-telemetry-correlation",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/app/distributed-tracing.md",
-            "redirect_url": "/previous-versions/azure/azure-monitor/app/distributed-tracing-telemetry-correlation",
+            "redirect_url": "/azure/azure-monitor/app/distributed-tracing-telemetry-correlation",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.json

@@ -22538,6 +22538,11 @@
             "redirect_url": "/azure/communication-services/concepts/call-automation/call-recording/bring-your-own-storage",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/openshift/howto-configure-ovn-kubernetes.md",
+            "redirect_url": "/azure/openshift/concepts-ovn-kubernetes",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/sentinel/data-connectors/microsoft-defender-threat-intelligence.md",
             "redirect_url": "/azure/sentinel/understand-threat-intelligence",
@@ -22547,6 +22552,11 @@
             "source_path_from_root": "/articles/principles-for-ai-generated-content.md",
             "redirect_url": "https://aka.ms/ai-content-principles",
             "redirect_document_id": false
-        } 
+        },
+        {
+          "source_path_from_root": "/articles/azure-monitor/app/java-standalone-arguments.md",
+          "redirect_url": "/azure/azure-monitor/app/java-get-started-supplemental",
+          "redirect_document_id": true
+        }
     ]
 }

articles/active-directory/authentication/concept-authentication-authenticator-app.md

@@ -43,6 +43,8 @@ The Authenticator app can help prevent unauthorized access to accounts and stop
 
 ![Screenshot of example web browser prompt for Authenticator app notification to complete sign-in process.](media/tutorial-enable-azure-mfa/tutorial-enable-azure-mfa-browser-prompt.png)
 
+In some rare instances where the relevant Google or Apple service responsible for push notifications is down, users may not receive their push notifications. In these cases users should manually navigate to the Microsoft Authenticator app (or relevant companion app like Outlook), refresh by either pulling down or hitting the refresh button, and approve the request. 
+
 > [!NOTE]
 > If your organization has staff working in or traveling to China, the *Notification through mobile app* method on Android devices doesn't work in that country/region as Google play services(including push notifications) are blocked in the region. However iOS notification do work. For Android devices ,alternate authentication methods should be made available for those users.
 

articles/active-directory/authentication/how-to-mfa-authenticator-lite.md

@@ -138,7 +138,7 @@ If enabled for Authenticator Lite, users are prompted to register their account
 GET auditLogs/signIns
 ```
 
-If the sign-in was done by phone app notification, under **authenticationAppDeivceDetails** the **clientApp** field returns **microsoftAuthenticator** or **Outlook**.
+If the sign-in was done by phone app notification, under **authenticationAppDeviceDetails** the **clientApp** field returns **microsoftAuthenticator** or **Outlook**.
 
 If a user has registered Authenticator Lite, the user’s registered authentication methods include **Microsoft Authenticator (in Outlook)**. 
 

articles/active-directory/develop/includes/web-app/quickstart-nodejs.md

@@ -58,6 +58,8 @@
         href: troubleshoot-device-dsregcmd.md
       - name: Troubleshoot hybrid Azure AD joined down level Windows devices
         href: troubleshoot-hybrid-join-windows-legacy.md
+  - name: Local Administrator Password Solution
+    href: howto-manage-local-admin-passwords.md
   - name: Manage device identities
     href: device-management-azure-portal.md
   - name: Troubleshooting Windows devices

articles/active-directory/devices/TOC.yml

@@ -142,7 +142,7 @@ A PRT is invalidated in the following scenarios:
 
 * **Invalid user**: If a user is deleted or disabled in Azure AD, their PRT is invalidated and can't be used to obtain tokens for applications. If a deleted or disabled user already signed in to a device before, cached sign-in would log them in, until CloudAP is aware of their invalid state. Once CloudAP determines that the user is invalid, it blocks subsequent logons. An invalid user is automatically blocked from sign in to new devices that don’t have their credentials cached.
 * **Invalid device**: If a device is deleted or disabled in Azure AD, the PRT obtained on that device is invalidated and can't be used to obtain tokens for other applications. If a user is already signed in to an invalid device, they can continue to do so. But all tokens on the device are invalidated and the user doesn't have SSO to any resources from that device.
-* **Password change**: After a user changes their password, the PRT obtained with the previous password is invalidated by Azure AD. Password change results in the user getting a new PRT. This invalidation can happen in two different ways:
+* **Password change**: If a user obtained the PRT with their password, the PRT is invalidated by Azure AD when the user changes their password. Password change results in the user getting a new PRT. This invalidation can happen in two different ways:
    * If user signs in to Windows with their new password, CloudAP discards the old PRT and requests Azure AD to issue a new PRT with their new password. If user doesn't have an internet connection, the new password can't be validated, Windows may require the user to enter their old password.
    * If a user has logged in with their old password or changed their password after signing into Windows, the old PRT is used for any WAM-based token requests. In this scenario, the user is prompted to reauthenticate during the WAM token request and a new PRT is issued.
 * **TPM issues**: Sometimes, a device’s TPM can falter or fail, leading to inaccessibility of keys secured by the TPM. In this case, the device is incapable of getting a PRT or requesting tokens using an existing PRT as it can't prove possession of the cryptographic keys. As a result, any existing PRT is invalidated by Azure AD. When Windows 10 detects a failure, it initiates a recovery flow to re-register the device with new cryptographic keys. With Hybrid Azure Ad join, just like the initial registration, the recovery happens silently without user input. For Azure AD joined or Azure AD registered devices, the recovery needs to be performed by a user who has administrator privileges on the device. In this scenario, the recovery flow is initiated by a Windows prompt that guides the user to successfully recover the device.