Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into shannon-dev

Author: shanhix1

articles/active-directory/develop/scenario-web-app-sign-user-sign-in.md

@@ -54,7 +54,7 @@ In ASP.NET Core, for Microsoft identity platform applications, the **Sign in** b
 
 # [ASP.NET](#tab/aspnet)
 
-In ASP.NET MVC, the sign-out button is exposed in `Views\Shared\_LoginPartial.cshtml`. It's displayed only when there's an authenticated account. That is, it's displayed when the user has previously signed in.
+In ASP.NET MVC, the **Sign in** button is exposed in `Views\Shared\_LoginPartial.cshtml`. It's displayed only when the user isn't authenticated. That is, it's displayed when the user hasn't yet signed in or has signed out.
 
 ```html
 @if (Request.IsAuthenticated)
@@ -125,7 +125,7 @@ This controller also handles the Azure AD B2C applications.
 
 # [ASP.NET](#tab/aspnet)
 
-In ASP.NET, signing out is triggered from the `SignOut()` method on a controller (for instance, [AccountController.cs#L16-L23](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/a2da310539aa613b77da1f9e1c17585311ab22b7/WebApp/Controllers/AccountController.cs#L16-L23)). This method isn't part of the ASP.NET framework (contrary to what happens in ASP.NET Core). It sends an OpenID sign-in challenge after proposing a redirect URI.
+In ASP.NET, Sign in is triggered from the `SignIn()` method on a controller (for instance, [AccountController.cs#L16-L23](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/a2da310539aa613b77da1f9e1c17585311ab22b7/WebApp/Controllers/AccountController.cs#L16-L23)). This method isn't part of the ASP.NET framework (contrary to what happens in ASP.NET Core). It sends an OpenID sign-in challenge after proposing a redirect URI.
 
 ```csharp
 public void SignIn()

articles/active-directory/develop/troubleshoot-publisher-verification.md

@@ -235,7 +235,7 @@ Most commonly caused when the verification is being performed via Graph API, and
 
 This feature isn't supported for Microsoft consumer accounts. Only applications registered in Azure AD by an Azure AD user are supported.
 
-Occurs when a consumer account (Hotmail, Messenger, OneDrive, MSN, Xbox Live, or Microsoft 365).
+Occurs when a consumer account is used for app registration (Hotmail, Messenger, OneDrive, MSN, Xbox Live, or Microsoft 365).
 
 ### InteractionRequired
 

articles/active-directory/enterprise-users/groups-naming-policy.md

@@ -37,7 +37,7 @@ You can enforce naming policy for groups in two different ways:
 
 ### Prefix-suffix naming policy
 
-The general structure of the naming convention is ‘Prefix[GroupName]Suffix’. While you can define multiple prefixes and suffixes, you can only have one instance of the [GroupName] in the setting. The prefixes or suffixes can be either fixed strings or user attributes such as \[Department\] that are substituted based on the user who is creating the group. The total allowable number of characters for your prefix and suffix strings including group name is 53 characters.
+The general structure of the naming convention is ‘Prefix[GroupName]Suffix’. While you can define multiple prefixes and suffixes, you can only have one instance of the [GroupName] in the setting. The prefixes or suffixes can be either fixed strings or user attributes such as \[Department\] that are substituted based on the user who is creating the group. The total allowable number of characters for your prefix and suffix strings including group name is 63 characters.
 
 Prefixes and suffixes can contain special characters that are supported in group name and group alias. Any characters in the prefix or suffix that are not supported in the group alias are still applied in the group name, but removed from the group alias. Because of this restriction, the prefixes and suffixes applied to the group name might be different from the ones applied to the group alias.
 

articles/active-directory/external-identities/reset-redemption-status.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 06/16/2022
+ms.date: 11/11/2022
 
 ms.author: mimart
 author: msmimart
@@ -28,13 +28,21 @@ In this article, you'll learn how to update the [guest user's](user-properties.m
 
 To manage these scenarios previously, you had to manually delete the guest user’s account from your directory and reinvite the user. Now you can use the Azure portal, PowerShell or the Microsoft Graph invitation API to reset the user's redemption status and reinvite the user while keeping the user's object ID, group memberships, and app assignments. When the user redeems the new invitation, the [UPN](../hybrid/plan-connect-userprincipalname.md#what-is-userprincipalname) of the user doesn't change, but the user's sign-in name changes to the new email. Then the user can sign in using the new email or an email you've added to the `otherMails` property of the user object.
 
+## Required Azure AD roles
+
+To reset a user's redemption status, you'll need one of the following roles:
+
+- [Guest Inviter](../roles/permissions-reference.md#guest-inviter) (least privileged)
+- [User Administrator](../roles/permissions-reference.md#user-administrator)
+- [Global Administrator](../roles/permissions-reference.md#global-administrator)
+
 ## Use the Azure portal to reset redemption status
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) using a Global administrator or User administrator account for the directory.
-1. Search for and select **Azure Active Directory**.
-1. Select **Users**.
-1. In the list, select the user's name to open their user profile.
-1. If the user wants to sign in using a different email:
+1. Sign in to the [Azure portal](https://portal.azure.com/) using an account that has one of the [required Azure AD roles](#required-azure-ad-roles).
+2. Search for and select **Azure Active Directory**.
+3. Select **Users**.
+4. In the list, select the user's name to open their user profile.
+5. If the user wants to sign in using a different email:
    - Select **Edit properties**.
    - Select the **Contact Information** tab.
    - Next to **Email**, type the new email.

articles/active-directory/governance/lifecycle-workflow-versioning.md

@@ -47,7 +47,7 @@ Properties that will trigger the creation of a new version are as follows:
 
 
 
-While new versions of these workflows are made as soon as you make the updates in the Azure portal, making a new version of a workflow using the API with Microsoft Graph requires running the workflow creation call again with the changes included. For a step by step guide for updating either tasks, or execution conditions, see: [Manage Workflow Versions](manage-workflow-tasks.md).
+While new versions of these workflows are made as soon as you make the updates in the Azure portal, creating a new version of a workflow using the API with Microsoft Graph requires running the createNewVersion method. For a step by step guide for updating either tasks, or execution conditions, see: [Manage Workflow Versions](manage-workflow-tasks.md).
 
 > [!NOTE]
 > If the workflow is on-demand, the configure information associated with execution conditions will not be present.

articles/active-directory/hybrid/how-to-connect-create-custom-sync-rule.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na

articles/active-directory/hybrid/how-to-connect-device-writeback.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.assetid: c0ff679c-7ed5-4d6e-ac6c-b2b6392e7892
 ms.service: active-directory
 ms.workload: identity

articles/active-directory/hybrid/how-to-connect-fed-compatibility.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.assetid: 22c8693e-8915-446d-b383-27e9587988ec
 ms.service: active-directory
 ms.workload: identity

articles/active-directory/hybrid/how-to-connect-fed-o365-certs.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.assetid: 543b7dc1-ccc9-407f-85a1-a9944c0ba1be
 ms.service: active-directory
 ms.workload: identity

articles/active-directory/hybrid/how-to-connect-fix-default-rules.md

@@ -4,7 +4,6 @@ description: Learn how to fix modified default rules that come with Azure AD Con
 services: active-directory
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.reviewer: darora10
 ms.service: active-directory
 ms.workload: identity