MicrosoftDocs
diff --git a/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 11 additions & 1 deletion b/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 11 additions & 1 deletion
diff --git a/‎articles/active-directory-domain-services/tutorial-create-instance.md
Lines changed: 11 additions & 1 deletion b/‎articles/active-directory-domain-services/tutorial-create-instance.md
Lines changed: 11 additions & 1 deletion
diff --git a/‎articles/active-directory/authentication/media/concept-authentication-strengths/authentication-methods-policy.png
90.4 KB b/‎articles/active-directory/authentication/media/concept-authentication-strengths/authentication-methods-policy.png
90.4 KB
diff --git a/‎articles/active-directory/authentication/media/concept-authentication-strengths/key.png
-11.7 KB b/‎articles/active-directory/authentication/media/concept-authentication-strengths/key.png
-11.7 KB
diff --git a/‎articles/active-directory/external-identities/customers/how-to-enable-password-reset-customers.md
Lines changed: 14 additions & 4 deletions b/‎articles/active-directory/external-identities/customers/how-to-enable-password-reset-customers.md
Lines changed: 14 additions & 4 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 4 additions & 1 deletion b/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/active-directory/governance/create-access-review.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/create-access-review.md
Lines changed: 1 addition & 1 deletion
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/14/2023
+ms.date: 07/31/2023
 ms.author: justinha
 ms.reviewer: xyuan
 
@@ -49,6 +49,16 @@ A managed domain connects to a subnet in an Azure virtual network. Design this s
 * A managed domain requires 3-5 IP addresses. Make sure that your subnet IP address range can provide this number of addresses.
     * Restricting the available IP addresses can prevent the managed domain from maintaining two domain controllers.
 
+  >[!NOTE]
+  >You shouldn't use public IP addresses for virtual networks and their subnets due to the following issues:
+  >
+  >- **Scarcity of the IP address**: IPv4 public IP addresses are limited, and their demand often exceeds the available supply. Also, there are potentially overlapping IPs with public endpoints.
+  >- **Security risks**: Using public IPs for virtual networks exposes your devices directly to the internet, increasing the risk of unauthorized access and potential attacks. Without proper security measures, your devices may become vulnerable to various threats.
+  >
+  >- **Complexity**: Managing a virtual network with public IPs can be more complex than using private IPs, as it requires dealing with external IP ranges and ensuring proper network segmentation and security.
+  >
+  >It is strongly recommended to use private IP addresses. If you use a public IP, ensure you are the owner/dedicated user of the chosen IPs in the public range you chose.
+
 The following example diagram outlines a valid design where the managed domain has its own subnet, there's a gateway subnet for external connectivity, and application workloads are in a connected subnet within the virtual network:
 
 ![Recommended subnet design](./media/active-directory-domain-services-design-guide/vnet-subnet-design.png)
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 01/29/2023
+ms.date: 07/31/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -106,6 +106,16 @@ To quickly create a managed domain, you can select **Review + create** to accept
 * Creates a subnet named *aadds-subnet* using the IP address range of *10.0.2.0/24*.
 * Synchronizes *All* users from Azure AD into the managed domain.
 
+>[!NOTE]
+>You shouldn't use public IP addresses for virtual networks and their subnets due to the following issues:
+>
+>- **Scarcity of the IP address**: IPv4 public IP addresses are limited, and their demand often exceeds the available supply. Also, there are potentially overlapping IPs with public endpoints.
+>- **Security risks**: Using public IPs for virtual networks exposes your devices directly to the internet, increasing the risk of unauthorized access and potential attacks. Without proper security measures, your devices may become vulnerable to various threats.
+>
+>- **Complexity**: Managing a virtual network with public IPs can be more complex than using private IPs, as it requires dealing with external IP ranges and ensuring proper network segmentation and security.
+>
+>It is strongly recommended to use private IP addresses. If you use a public IP, ensure you are the owner/dedicated user of the chosen IPs in the public range you chose.
+
 Select **Review + create** to accept these default configuration options.
 
 ## Deploy the managed domain
 
@@ -3,12 +3,12 @@ title: Enable self-service password reset
 description: Learn how to enable self-service password reset so your customers can reset their own passwords without admin assistance.
 services: active-directory
 author: csmulligan
-manager: celestedg
+manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: ciam
 ms.topic: how-to
-ms.date: 07/12/2023
+ms.date: 07/28/2023
 ms.author: cmulligan
 ms.custom: it-pro
 
@@ -59,9 +59,19 @@ To enable self-service password reset, you need to enable the email one-time pas
 
 1. Select **Save**.
 
-## Customize the password reset flow
+### Enable the password reset link
 
-You can configure options for showing, hiding, or customizing the self-service password reset link on the sign-in page. For details, see [To customize self-service password reset](how-to-customize-branding-customers.md#to-customize-self-service-password-reset) in the article [Customize the neutral branding in your customer tenant](how-to-customize-branding-customers.md).
+You can hide, show or customize the self-service password reset link on the sign-in page. 
+
+1. In the search bar, type and select **Company Branding**.
+1. Under **Default sign-in** select **Edit**.
+1. On the **Sign-in form** tab, scroll to the **Self-service password reset** section and select **Show self-service password reset**. 
+   
+   :::image type="content" source="media/how-to-customize-branding-customers/company-branding-self-service-password-reset.png" alt-text="Screenshot of the company branding Self-service password reset.":::
+
+1. Select **Review + save** and **Save** on the **Review** tab. 
+
+For more details, check out the [Customize the neutral branding in your customer tenant](how-to-customize-branding-customers.md#to-customize-self-service-password-reset) article.
 
 ## Test self-service password reset
 
 
@@ -195,7 +195,10 @@ Announcing API support (beta) for managing PIM security alerts for Azure AD role
 **Service category:** Other                            
 **Product capability:** End User Experiences                
 
-The Azure mobile app has been enhanced to empower admins with specific permissions to conveniently reset their users' passwords. Self Service Password Reset won't be supported at this time. However, users can still more efficiently control and streamline their authentication methods. For more information, see: [What authentication and verification methods are available in Azure Active Directory?](../authentication/concept-authentication-methods.md).
+The Azure mobile app has been enhanced to empower admins with specific permissions to conveniently reset their users' passwords. Self Service Password Reset will not be supported at this time. However, users can still more efficiently control and streamline their own sign-in and auth methods. The mobile app can be downloaded for each platform here:
+
+- Android: https://aka.ms/AzureAndroidWhatsNew
+- IOS: https://aka.ms/ReferAzureIOSWhatsNew
 
 ---
 
 
@@ -31,7 +31,7 @@ This article describes how to create one or more access reviews for group member
 ## Prerequisites
 
 - Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance licenses.  
-- Creating a review on [inactive user](review-recommendations-access-reviews.md#inactive-user-recommendations) and with [use-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations requires a Microsoft Entra ID Governance license.
+- Creating a review on inactive users and with [user-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations requires a Microsoft Entra ID Governance license.
 - Global administrator, User administrator, or Identity Governance administrator to create reviews on groups or applications.
 - Global administrators and Privileged Role administrators can create reviews on role-assignable groups. For more information, see [Use Azure AD groups to manage role assignments](../roles/groups-concept.md).
 - Microsoft 365 and Security group owner.