Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into pauljewell-dev-guide-python-blobs

Author: pauljewellmsft

.openpublishing.publish.config.json

@@ -999,6 +999,7 @@
     "articles/iot-dps/.openpublishing.redirection.iot-dps.json",
     "articles/cloud-shell/.openpublishing.redirection.cloud-shell.json",
     ".openpublishing.redirection.azure-vmware.json",
-    ".openpublishing.redirection.openshift.json"
+    ".openpublishing.redirection.openshift.json",
+    ".openpublishing.redirection.dev-box.json"
   ]
 }

.openpublishing.redirection.active-directory.json

@@ -11058,12 +11058,12 @@
     },
     {
       "source_path_from_root": "/articles/active-directory/privileged-identity-management/concept-privileged-access-versus-role-assignable.md",
-      "redirect_url": "azure/active-directory/privileged-identity-management/concept-pim-for-groups",
+      "redirect_url": "/azure/active-directory/privileged-identity-management/concept-pim-for-groups",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/privileged-identity-management/groups-features.md",
-      "redirect_url": "azure/active-directory/privileged-identity-management/concept-pim-for-groups",
+      "redirect_url": "/azure/active-directory/privileged-identity-management/concept-pim-for-groups",
       "redirect_document_id": false
     },
     {

.openpublishing.redirection.azure-productivity.json

@@ -30,11 +30,6 @@
       "redirect_url": "/azure/devtest-labs/samples-powershell",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/dev-box/tutorial-connect-to-dev-box-with-remote-desktop-app.md",
-      "redirect_url": "/azure/dev-box/quickstart-connect-to-dev-box-with-remote-desktop-app",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/lab-services/how-to-create-schedules-within-teams.md",
       "redirect_url": "/azure/lab-services/how-to-manage-labs-within-teams",

.openpublishing.redirection.dev-box.json

@@ -0,0 +1,14 @@
+{
+  "redirections": [
+    {
+      "source_path": "articles/dev-box/tutorial-connect-to-dev-box-with-remote-desktop-app.md",
+      "redirect_url": "/azure/dev-box/quickstart-connect-to-dev-box-with-remote-desktop-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/dev-box/quickstart-configure-dev-box-project.md",
+      "redirect_url": "/azure/dev-box/quickstart-configure-dev-box-service",
+      "redirect_document_id": false
+    }
+  ]
+}

articles/active-directory-b2c/azure-ad-b2c-global-identity-solutions.md

@@ -122,13 +122,15 @@ The approach you choose will be based on the number of applications you host and
 
 The performance advantage of using multiple tenants, in either the regional or funnel-based configuration, will be an improvement over using a single Azure AD B2C tenant for globally operating businesses.
 
-When using the funnel-based approach, although the funnel tenant will be located in one region, but serve users globally, performance improvements will be maintained.
+When using the funnel-based approach, the funnel tenant will be located in one specific region and serve users globally. Since the funnel tenants operation utilizes a global component of the Azure AD B2C service, it will maintain a consistant level of performance regardless of where users login from.
 
 ![Screenshot shows the Azure AD B2C architecture.](./media/azure-ad-b2c-global-identity-solutions/azure-ad-b2c-architecture.png)
 
-As shown in the diagram, the Azure AD B2C tenant in the funnel-based approach will only utilize the Policy Engine to perform the redirection to regional Azure AD B2C tenants. The Azure AD B2C Policy Engine component is globally distributed. Therefore, the funnel isn't constrained from a performance perspective, regardless of where the Azure AD B2C funnel tenant is provisioned. A performance loss is encountered due to the extra redirect between funnel and regional tenants in the funnel-based approach.
+As shown in the diagram above, the Azure AD B2C tenant in the funnel-based approach will only utilize the Policy Engine to perform the redirection to regional Azure AD B2C tenants. The Azure AD B2C Policy Engine component is globally distributed. Therefore, the funnel isn't constrained from a performance perspective, regardless of where the Azure AD B2C funnel tenant is provisioned. A performance loss is encountered due to the extra redirect between funnel and regional tenants in the funnel-based approach.
 
-The regional tenants will perform directory calls into the Directory Store, which is the regionalized component.
+In the regional-based approach, since each user is directed to their most local Azure AD B2C, performance is consistant for all users logging in.
+
+The regional tenants will perform directory calls into the Directory Store, which is the only regionalized component in both the funnel-based and regional-based architectures.
 
 Additional latency is only encountered when the user has performed an authentication in a different region from which they had signed-up in. This is because, calls will be made across regions to reach the Directory Store where their profile lives to complete their authentication.
 

articles/active-directory-b2c/enable-authentication-react-spa-app.md

@@ -77,7 +77,7 @@ The sample code is made up of the following components. Add these components fro
   > [!IMPORTANT]
   > If the App component file name is `App.js`, change it to `App.jsx`.
 
-- [src/pages/Hello.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/pages/Hello.jsx) - Demonstrate how to call a protected resource with OAuth2 bearer token.
+- [src/pages/Hello.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/6-AdvancedScenarios/1-call-api-obo/SPA/src/pages/Hello.jsx) - Demonstrate how to call a protected resource with OAuth2 bearer token.
   - It uses the [useMsal](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/hooks.md) hook that returns the PublicClientApplication instance.
   - With PublicClientApplication instance, it acquires an access token to call the REST API.
   - Invokes the [callApiWithToken](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/fetch.js) function to fetch the data from the REST API and renders the result using the **DataDisplay** component.

articles/active-directory-b2c/partner-nevis.md

@@ -29,7 +29,7 @@ To get started, you'll need:
 - An [Azure AD B2C tenant](./tutorial-create-tenant.md) linked to your Azure subscription
 
 >[!NOTE]
->To integrate Nevis into your sign-up policy flow, configure the Azure AD B2C environment to use custom policies. </br>See, [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](/tutorial-create-user-flows.md?pivots=b2c-custom-policy).
+>To integrate Nevis into your sign-up policy flow, configure the Azure AD B2C environment to use custom policies. </br>See, [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](/azure/active-directory-b2c/tutorial-create-user-flows).
 
 ## Scenario description
 
@@ -104,9 +104,9 @@ The diagram shows the implementation.
 2. In [/samples/Nevis/policy/nevis.html](https://github.com/azure-ad-b2c/partner-integrations/blob/master/samples/Nevis/policy/nevis.html) open the nevis.html file.
 3. Replace the  **authentication_cloud_url** with the Nevis Admin console URL `https://<instance_id>.mauth.nevis.cloud`.
 4. Select **Save**.
-5. [Create an Azure Blob storage account](/customize-ui-with-html.md#2-create-an-azure-blob-storage-account).
+5. [Create an Azure Blob storage account](./customize-ui-with-html.md#2-create-an-azure-blob-storage-account).
 6. Upload the nevis.html file to your Azure blob storage.
-7. [Configure CORS](/customize-ui-with-html.md#3-configure-cors).
+7. [Configure CORS](./customize-ui-with-html.md#3-configure-cors).
 8. Enable cross-origin resource sharing (CORS) for the file.
 9. In the list, select the **nevis.html** file.
 10. In the **Overview** tab, next to the **URL**, select the **copy link** icon.

articles/active-directory/cloud-sync/concept-attributes.md

@@ -71,7 +71,7 @@ To view the schema and verify it, follow these steps.
 1.  Go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
 1.  Sign in with your global administrator account.
 1.  On the left, select **modify permissions** and ensure that **Directory.ReadWrite.All** is *Consented*.
-1.  Run the query `https://graph.microsoft.com/beta/serviceprincipals/?$filter=startswith(DisplayName, ‘{sync config name}’)`. This query returns a filtered list of service principals.  This can also be acquire via the App Registration node under Azure Active Directory.
+1.  Run the query `https://graph.microsoft.com/beta/serviceprincipals/?$filter=startswith(DisplayName, ‘{sync config name}’)`. This query returns a filtered list of service principals.  This can also be acquired via the App Registration node under Azure Active Directory.
 1.  Locate `"appDisplayName": "Active Directory to Azure Active Directory Provisioning"` and note the value for `"id"`.
     ```
     "value": [
@@ -239,7 +239,7 @@ To view the schema and verify it, follow these steps.
     ```
 1. Now run the query `https://graph.microsoft.com/beta/serviceprincipals/{Service Principal Id}/synchronization/jobs/{AD2AAD Provisioning id}/schema`.
  
-    Example: https://graph.microsoft.com/beta/serviceprincipals/653c0018-51f4-4736-a3a3-94da5dcb6862/synchronization/jobs/AD2AADProvisioning.e9287a7367e444c88dc67a531c36d8ec/schema
+
 
    Replace `{Service Principal Id}` and `{AD2ADD Provisioning Id}` with your values.
 

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -86,7 +86,7 @@ The **Configure** toggle when set to **Yes** applies to checked items, when set
       - Administrators can apply policy only to supported platforms (such as iOS, Android, and Windows) through the Conditional Access Microsoft Graph API.
    - Other clients
       - This option includes clients that use basic/legacy authentication protocols that don’t support modern authentication.
-         - Authenticated SMTP - Used by POP and IMAP client's to send email messages.
+         - SMTP - Used by POP and IMAP client's to send email messages.
          - Autodiscover - Used by Outlook and EAS clients to find and connect to mailboxes in Exchange Online.
          - Exchange Online PowerShell - Used to connect to Exchange Online with remote PowerShell. If you block Basic authentication for Exchange Online PowerShell, you need to use the Exchange Online PowerShell Module to connect. For instructions, see [Connect to Exchange Online PowerShell using multifactor authentication](/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell).
          - Exchange Web Services (EWS) - A programming interface that's used by Outlook, Outlook for Mac, and third-party apps.

articles/active-directory/develop/access-tokens.md

@@ -12,6 +12,7 @@ ms.topic: conceptual
 ms.date: 12/28/2022
 ms.author: davidmu
 ms.custom: aaddev, identityplatformtop40, fasttrack-edit
+ms.reviewer: ludwignick
 ---
 
 # Microsoft identity platform access tokens