fixing merge conflicts

Author: BCS2022

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 06/29/2022
+ms.date: 08/05/2022
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: karenhoran
@@ -188,6 +188,10 @@ The following restrictions apply when you configure a policy by using the passwo
 
 If your organization has created terms of use, other options might be visible under grant controls. These options allow administrators to require acknowledgment of terms of use as a condition of accessing the resources that the policy protects. You can find more information about terms of use in [Azure Active Directory terms of use](terms-of-use.md).
 
+### Custom controls (preview)
+
+Custom controls is a preview capability of the Azure Active Directory. When using custom controls, your users are redirected to a compatible service to satisfy authentication requirements outside of Azure Active Directory. For more information, check out the [Custom controls](controls.md) article.
+
 ## Next steps
 
 - [Conditional Access: Session controls](concept-conditional-access-session.md)

articles/active-directory/conditional-access/concept-conditional-access-policies.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 01/11/2022
+ms.date: 08/05/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -29,18 +29,21 @@ If a policy where "Require one of the selected controls" is selected, we prompt
 
 All policies are enforced in two phases:
 
-- Phase 1: Collect session details 
+- **Phase 1**: Collect session details 
    - Gather session details, like network location and device identity that will be necessary for policy evaluation. 
    - Phase 1 of policy evaluation occurs for enabled policies and policies in [report-only mode](concept-conditional-access-report-only.md).
-- Phase 2: Enforcement 
+- **Phase 2**: Enforcement 
    - Use the session details gathered in phase 1 to identify any requirements that haven't been met. 
    - If there's a policy that is configured to block access, with the block grant control, enforcement will stop here and the user will be blocked. 
    - The user will be prompted to complete more grant control requirements that weren't satisfied during phase 1 in the following order, until policy is satisfied:  
-      - Multi-factor authentication​ 
-      - Approved client app/app protection policy​ 
-      - Managed device (compliant or hybrid Azure AD join)​ 
-      - Terms of use 
-      - Custom controls  
+      - [Multi-factor authentication​](concept-conditional-access-grant.md#require-multifactor-authentication)
+      - [Device to be marked as compliant](./concept-conditional-access-grant.md#require-device-to-be-marked-as-compliant)
+      - [Hybrid Azure AD joined device](./concept-conditional-access-grant.md#require-hybrid-azure-ad-joined-device)
+      - [Approved client app](./concept-conditional-access-grant.md#require-approved-client-app)
+      - [App protection policy](./concept-conditional-access-grant.md#require-app-protection-policy)
+      - [Password change](./concept-conditional-access-grant.md#require-password-change)
+      - [Terms of use](concept-conditional-access-grant.md#terms-of-use)
+      - [Custom controls](./concept-conditional-access-grant.md#custom-controls-preview)
    - Once all grant controls have been satisfied, apply session controls (App Enforced, Microsoft Defender for Cloud Apps, and token Lifetime) 
    - Phase 2 of policy evaluation occurs for all enabled policies. 
 
@@ -76,7 +79,7 @@ Location data is provided by IP geolocation data. Administrators can choose to d
 
 #### Client apps
 
-By default, all newly created Conditional Access policies will apply to all client app types even if the client apps condition isn't configured.
+The software the user is employing to access the cloud app. For example, 'Browser', and 'Mobile apps and desktop clients'. By default, all newly created Conditional Access policies will apply to all client app types even if the client apps condition isn't configured.
 
 The behavior of the client apps condition was updated in August 2020. If you have existing Conditional Access policies, they'll remain unchanged. However, if you select on an existing policy, the configure toggle has been removed and the client apps the policy applies to are selected.
 
@@ -104,7 +107,7 @@ Block access does just that, it will block access under the specified assignment
 
 The grant control can trigger enforcement of one or more controls. 
 
-- Require multi-factor authentication (Azure AD Multi-Factor Authentication)
+- Require multi-factor authentication
 - Require device to be marked as compliant (Intune)
 - Require Hybrid Azure AD joined device
 - Require approved client app
@@ -123,7 +126,7 @@ Administrators can choose to require one of the previous controls or all selecte
 
 - Use app enforced restrictions
    - Currently works with Exchange Online and SharePoint Online only.
-      - Passes device information to allow control of experience granting full or limited access.
+   - Passes device information to allow control of experience granting full or limited access.
 - Use Conditional Access App Control
    - Uses signals from Microsoft Defender for Cloud Apps to do things like: 
       - Block download, cut, copy, and print of sensitive documents.
@@ -133,6 +136,8 @@ Administrators can choose to require one of the previous controls or all selecte
    - Ability to change the default sign in frequency for modern authentication.
 - Persistent browser session
    - Allows users to remain signed in after closing and reopening their browser window.
+- Customize continuous access evaluation
+- Disable resilience defaults 
 
 ## Simple policies
 

articles/active-directory/conditional-access/concept-conditional-access-users-groups.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 06/01/2022
+ms.date: 08/05/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -33,9 +33,9 @@ The following options are available to include when creating a Conditional Acces
    - All users that exist in the directory including B2B guests.
 - Select users and groups
    - All guest and external users
-      - This selection includes any B2B guests and external users including any user with the `user type` attribute set to `guest`. This selection also applies to any external user signed-in from a different organization like a Cloud Solution Provider (CSP). 
+      - This selection includes any [B2B guests and external users](../external-identities/external-identities-overview.md) including any user with the `user type` attribute set to `guest`. This selection also applies to any external user signed-in from a different organization like a Cloud Solution Provider (CSP). 
    - Directory roles
-      - Allows administrators to select specific built-in Azure AD directory roles used to determine policy assignment. For example, organizations may create a more restrictive policy on users assigned the global administrator role. Other role types aren't supported, including administrative unit-scoped roles and custom roles.
+      - Allows administrators to select specific [built-in Azure AD directory roles](../roles/permissions-reference.md) used to determine policy assignment. For example, organizations may create a more restrictive policy on users assigned the global administrator role. Other role types aren't supported, including administrative unit-scoped roles and custom roles.
    - Users and groups
       - Allows targeting of specific sets of users. For example, organizations can select a group that contains all members of the HR department when an HR app is selected as the cloud app. A group can be any type of user group in Azure AD, including dynamic or assigned security and distribution groups. Policy will be applied to nested users and groups.
 

articles/active-directory/conditional-access/overview.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 04/15/2022
+ms.date: 08/05/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -55,8 +55,8 @@ Common signals that Conditional Access can take in to account when making a poli
 - Application
    - Users attempting to access specific applications can trigger different Conditional Access policies. 
 - Real-time and calculated risk detection
-   - Signals integration with Azure AD Identity Protection allows Conditional Access policies to identify risky sign-in behavior. Policies can then force users to change their password, do multi-factor authentication to reduce their risk level, or block access until an administrator takes manual action.
-- Microsoft Defender for Cloud Apps
+   - Signals integration with [Azure AD Identity Protection](../identity-protection/overview-identity-protection.md) allows Conditional Access policies to identify risky sign-in behavior. Policies can then force users to change their password, do multi-factor authentication to reduce their risk level, or block access until an administrator takes manual action.
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
    - Enables user application access and sessions to be monitored and controlled in real time, increasing visibility and control over access to and activities done within your cloud environment.
 
 ## Common decisions

articles/active-directory/conditional-access/require-tou.md

@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: quickstart
-ms.date: 11/21/2019
+ms.date: 08/05/2022
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: karenhoran
@@ -52,11 +52,11 @@ This section provides you with the steps to create a sample ToU. When you create
 1. In Microsoft Word, create a new document.
 1. Type **My terms of use**, and then save the document on your computer as **mytou.pdf**.
 1. Sign in to your [Azure portal](https://portal.azure.com) as global administrator, security administrator, or a Conditional Access administrator.
-1. In the Azure portal, on the left navbar, click **Azure Active Directory**.
+1. Search for and select **Azure Active Directory**. From the menu on the left-hand side select **Security**.
 
    ![Azure Active Directory](./media/require-tou/02.png)
 
-1. On the **Azure Active Directory** page, in the **Security** section, click **Conditional Access**.
+1. Select **Conditional Access**.
 
    ![Conditional Access](./media/require-tou/03.png)
 

articles/azure-cache-for-redis/cache-high-availability.md

@@ -22,7 +22,7 @@ Various high availability options are available in the Standard, Premium, and En
 | [Zone redundancy](#zone-redundancy) | Multi-node replicated configuration across Availability Zones, with automatic failover | 99.9% in Premium; 99.99% in Enterprise (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_1/)) |-|✔|✔|
 | [Geo-replication](#geo-replication) | Linked cache instances in two regions, with user-controlled failover | Premium; Enterprise (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_1/)) |-|Passive|Active|
 | [Import/Export](#importexport) | Point-in-time snapshot of data in cache.  | 99.9% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_1/)) |-|✔|✔|
-| [Persistence](#persistence) | Periodic data saving to storage account.  | 99.9% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_1/)) |-|✔|-|
+| [Persistence](#persistence) | Periodic data saving to storage account.  | 99.9% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_1/)) |-|✔|Preview|
 
 ## Standard replication for high availability
 
@@ -81,7 +81,7 @@ When a data node becomes unavailable or a network split happens, a failover simi
 
 ## Persistence
 
-Applicable tiers: **Premium**
+Applicable tiers: **Premium**, **Enterprise (preview)**, **Enterprise Flash (preview)**
 
 Because your cache data is stored in memory, a rare and unplanned failure of multiple nodes can cause all the data to be dropped. To avoid losing data completely, [Redis persistence](https://redis.io/topics/persistence) allows you to take periodic snapshots of in-memory data, and store it to your storage account. If you experience a failure across multiple nodes causing data loss, your cache loads the snapshot from storage account. For more information, see [Configure data persistence for a Premium Azure Cache for Redis instance](cache-how-to-premium-persistence.md).
 

articles/azure-monitor/app/sdk-support-guidance.md

@@ -20,16 +20,17 @@ Support engineers are expected to provide SDK update guidance according to the f
 
 |Current SDK version in use |Alternative version available |Update policy for support |
 |---------|---------|---------|
-|Latest stable minor version of a GA SDK                                        | Newer supported stable version                 | **UPDATE REQUIRED**    |
-|Unsupported ([support policy](/lifecycle/faq/azure))                           | Any supported version                          | **UPDATE REQUIRED**    |
-|Preview                                                                        | Stable version                                 | **UPDATE REQUIRED**    |
-|Preview                                                                        | Older stable version                           | **UPDATE RECOMMENDED** |
-|Preview                                                                        | Newer preview version, no older stable version | **UPDATE RECOMMENDED** |
+|Latest GA SDK                                                                  | No newer supported stable version              | **NO UPDATE NECESSARY** |
+|Stable minor version of a GA SDK                                               | Newer supported stable version                 | **UPDATE RECOMMENDED**  |
+|Unsupported ([support policy](/lifecycle/faq/azure))                           | Any supported version                          | **UPDATE REQUIRED**     |
+|Preview                                                                        | Stable version                                 | **UPDATE REQUIRED**     |
+|Preview                                                                        | Older stable version                           | **UPDATE RECOMMENDED**  |
+|Preview                                                                        | Newer preview version, no older stable version | **UPDATE RECOMMENDED**  |
 
 > [!TIP]
 > Switching to [auto-instrumentation](codeless-overview.md) eliminates the need for manual SDK updates.
 
 > [!WARNING]
 > Only commercially reasonable support is provided for Preview versions of the SDK. If a support incident requires escalation to development for further guidance, customers will be asked to use a fully supported SDK version to continue support. Commercially reasonable support does not include an option to engage Microsoft product development resources; technical workarounds may be limited or not possible.
 
-To see the current version of Application Insights SDKs and previous versions release dates, reference the [release notes](release-notes.md).
+To see the current version of Application Insights SDKs and previous versions release dates, reference the [release notes](release-notes.md).

articles/azure-video-indexer/connect-to-azure.md

@@ -9,6 +9,8 @@ ms.custom: ignite-fall-2021
 
 # Create an Azure Video Indexer account
 
+[!INCLUDE [Gate notice](./includes/face-limited-access.md)]
+
 When creating an Azure Video Indexer account, you can choose a free trial account (where you get a certain number of free indexing minutes) or a paid option (where you're not limited by the quota). With a free trial, Azure Video Indexer provides up to 600 minutes of free indexing to users and up to 2400 minutes of free indexing to users that subscribe to the Azure Video Indexer API on the [developer portal](https://aka.ms/avam-dev-portal). With the paid options, Azure Video Indexer offers two types of accounts: classic accounts(General Availability), and ARM-based accounts(Public Preview). Main difference between the two is account management platform. While classic accounts are built on the API Management, ARM-based accounts management is built on Azure, which enables apply access control to all services with role-based access control (Azure RBAC) natively.
 
 > [!NOTE]

articles/azure-video-indexer/create-account-portal.md

@@ -8,6 +8,8 @@ ms.date: 06/10/2022
 
 # Get started with Azure Video Indexer in Azure portal
 
+[!INCLUDE [Gate notice](./includes/face-limited-access.md)]
+
 This Quickstart walks you through the steps to get started with Azure Video Indexer. You'll create an Azure Video Indexer account and its accompanying resources by using the Azure portal.
 
 To start using Azure Video Indexer, you'll need to create an Azure Video Indexer account. The account needs to be associated with a [Media Services][docs-ms] resource and a [managed identity][docs-uami]. The managed identity will need to have Contributor permissions role on the Media Services.

articles/azure-video-indexer/customize-content-models-overview.md

@@ -8,6 +8,8 @@ ms.author: kumud
 
 # Customizing content models in Azure Video Indexer
 
+[!INCLUDE [Gate notice](./includes/face-limited-access.md)]
+
 Azure Video Indexer allows you to customize some of its models to be adapted to your specific use case. These models include [brands](customize-brands-model-overview.md), [language](customize-language-model-overview.md), and [person](customize-person-model-overview.md). You can easily customize these models using the Azure Video Indexer website or API.
 
 This article gives links to articles that explain the benefits of each type of customization. The article also links to how-to guides that show how you can implement the customization of each model.