Merge pull request #245380 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/active-directory/cloud-infrastructure-entitlement-management/all-reports.md

@@ -37,13 +37,13 @@ This article provides you with a list and description of the system reports avai
 | Report name                | Type of the report                | File format              | Description               | Availability                | Collated report?                 |
 |----------------------------|-----------------------------------|--------------------------|---------------------------| ----------------------------|----------------------------------|
 | Access Key Entitlements and Usage Report                | Summary </p>Detailed                | CSV                 | This report displays: </p> - Access key age, last rotation date, and last usage date availability in the summary report. Use this report to decide when to rotate access keys. </p> - Granted task and Permissions creep index (PCI) score. This report provides supporting information when you want to take the action on the keys.                | AWS</p>Azure</p>GCP                 | Yes      |
-| All Permissions for Identity                 | Detailed                 | CSV                | This report lists all the assigned permissions for the selected identities.                | AWS</p>Azure</p>GCP            | N/A      |
+| All Permissions for Identity                 | Summary                 | CSV                | This report lists all the assigned permissions for the selected identities.                | AWS</p>Azure</p>GCP            | N/A      |
 | Group Entitlements and Usage       | Summary                | CSV                | This report tracks all group level entitlements and the permission assignment, PCI. The number of members is also listed as part of this report.                 | AWS</p>Azure</p>GCP                 | Yes      |
 | Identity Permissions                 | Summary                | CSV                 | This report tracks any, or specific, task usage per **User**, **Group**, **Role**, or **App**.                 | AWS</p>Azure</p>GCP                 | N/A      |
 | AWS Role Policy Audit       | Detailed | CSV | This report gives the list of AWS roles, which can be assumed by **User**, **Group**, **resource** or **AWS Role**.                | AWS | N/A      |
 | Cross Account Access Details| Detailed                 | CSV                 | This report helps track **User**, **Group** from other AWS accounts have cross account access to the specified AWS account.                | AWS                | N/A      |
 | PCI History                 | Summary                 | CSV                 | This report helps track **Monthly PCI History** for each authorized system. It can be used to plot the trend of the PCI.                 | AWS</p>Azure</p>GCP                 | Yes      |
-| Permissions Analytics Report (PAR)  |     Detailed                 | CSV                 | This report lists the different key findings in the selected authorized systems. The key findings include **Super identities**, **Inactive identities**, **Over-provisioned active identities**, **Storage bucket hygiene**, **Access key age (AWS)**, and so on. </p>This report helps administrators to visualize the findings across the organization and make decisions.                    | AWS</p>Azure</p>GCP                | Yes      |
+| Permissions Analytics Report (PAR)  |     Detailed                 | XSLX, PDF                 | This report lists the different key findings in the selected authorized systems. The key findings include **Super identities**, **Inactive identities**, **Over-provisioned active identities**, **Storage bucket hygiene**, **Access key age (AWS)**, and so on. </p>This report helps administrators to visualize the findings across the organization and make decisions.                    | AWS</p>Azure</p>GCP                | Yes for XSLX     |
 | Role/Policy Details                 | Summary                 | CSV                | This report captures **Assigned/Unassigned** and **Custom/system policy with used/unused condition** for specific or all AWS accounts. </p>Similar data can be captured for Azure and GCP for assigned and unassigned roles.                | AWS</p>Azure</p>GCP                 | No      |
 | User Entitlements and Usage     | Detailed <p>Summary <p> Permissions                | CSV                 | **Summary** This report provides the summary view of all the identities with Permissions Creep Index (PCI), granted and executed tasks per Azure subscription, AWS account, GCP project.     </p>**Detailed** This report provides a detailed view of Azure role assignments, GCP role assignments and AWS policy assignment along with Permissions Creep Index (PCI), tasks used by each identity. </p>**Permissions** This report provides the list of role assignments for Azure, GCP and policy assignments in AWS per identity.                 | AWS</p>Azure</p>GCP                | Yes      |
 

articles/active-directory/cloud-infrastructure-entitlement-management/ui-triggers.md

@@ -1,6 +1,6 @@
 ---
-title: View information about activity triggers in Permissions Management
-description: How to view information about activity triggers in the Activity triggers dashboard in Permissions Management.
+title: View information about alerts and alert triggers in Permissions Management
+description: How to view information about alerts and alert triggers in the Alerts dashboard in Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
@@ -55,6 +55,9 @@ The **Rule-Based Anomaly** tab and the **Statistical Anomaly** tab both have one
 - **Columns**: Select the columns you want to display: **Task**, **Resource**, and **Identity**.
     - To return to the system default settings, select **Reset to default**.
 
+Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
+
+
 ## View information about alert triggers
 
 The **Alert Triggers** subtab in the **Activity**, **Rule-Based Anomaly**, **Statistical Anomaly**, and **Permission Analytics** tab displays the following information:

articles/active-directory/develop/msal-net-token-cache-serialization.md

@@ -228,10 +228,12 @@ public static async Task<AuthenticationResult> GetTokenAsync(string clientId, X5
 Instead of `app.AddInMemoryTokenCache();`, you can use different caching serialization technologies. For example, you can use no-serialization, in-memory, and distributed token cache storage provided by .NET.
 
 <a id="no-token-cache-serialization"></a>
-#### Token cache without serialization
+#### Token cache without serialization 
 
-You can specify that you don't want to have any token cache serialization and instead rely on the MSAL.NET internal cache. Use `.WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` when building the application and don't add any serializer.
-r.
+Use `.WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` when building the application and don't add any serializer.
+
+> [!IMPORTANT]
+> There is no way to control the size of the cache with this option. If you are building a website, a web API, or a multi-tenant S2S app, then use the `In-memory token cache` option.
 
 ```CSharp
     // Create the confidential client application

articles/active-directory/develop/publisher-verification-overview.md

@@ -56,7 +56,7 @@ App developers must meet a few requirements to complete the publisher verificati
 
 - The Azure AD tenant where the app is registered must be associated with the PGA. If the tenant where the app is registered isn't the primary tenant associated with the PGA, complete the steps to [set up the MPN PGA as a multitenant account and associate the Azure AD tenant](/partner-center/multi-tenant-account#add-an-azure-ad-tenant-to-your-account).
 
-- The app must be registered in an Azure AD tenant and have a [publisher domain](howto-configure-publisher-domain.md) set.
+- The app must be registered in an Azure AD tenant and have a [publisher domain](howto-configure-publisher-domain.md) set. The feature is not supported in Azure AD B2C tenant.
 
 - The domain of the email address that's used during MPN account verification must either match the publisher domain that's set for the app or be a DNS-verified [custom domain](../fundamentals/add-custom-domain.md) that's added to the Azure AD tenant. (**NOTE**__: the app's publisher domain can't be *.onmicrosoft.com to be publisher verified) 
 

articles/active-directory/enterprise-users/licensing-groups-resolve-problems.md

@@ -62,11 +62,9 @@ To see which users and groups are consuming licenses, select a product. Under **
 
 **Problem:** One of the products that's specified in the group contains a service plan that conflicts with another service plan that's already assigned to the user via a different product. Some service plans are configured in a way that they can't be assigned to the same user as another, related service plan.
 
-Consider the following example. A user has a license for Office 365 Enterprise *E1* assigned directly, with all the plans enabled. The user has been added to a group that has the Office 365 Enterprise *E3* product assigned to it. The E3 product contains service plans that can't overlap with the plans that are included in E1, so the group license assignment fails with the “Conflicting service plans” error. In this example, the conflicting service plans are:
-
-- Exchange Online (Plan 2) conflicts with Exchange Online (Plan 1).
-
-To solve this conflict, you need to disable one of the plans. You can disable the E1 license that's directly assigned to the user. Or, you need to modify the entire group license assignment and disable the plans in the E3 license. Alternatively, you might decide to remove the E1 license from the user if it's redundant in the context of the E3 license.
+> [!TIP]
+> Exchange Online Plan1 and Plan2 were previously non-duplicable service plans. However, now they are service plans that can be duplicated.
+> If you are experiencing conflicts with these service plans, please try reprocessing them.
 
 The decision about how to resolve conflicting product licenses always belongs to the administrator. Azure AD doesn't automatically resolve license conflicts.
 

articles/active-directory/enterprise-users/licensing-powershell-graph-examples.md

@@ -249,7 +249,7 @@ foreach ($userId in $skus.Keys) {
 
     Write-Host ""
 }
-
+```
 
 
 ## Remove direct licenses for users with group licenses

articles/active-directory/fundamentals/users-default-permissions.md

@@ -143,6 +143,10 @@ Users can perform the following actions on owned enterprise applications. An ent
 | microsoft.directory/servicePrincipals/permissions/update | Update the `servicePrincipals.permissions` property in Azure AD. |
 | microsoft.directory/servicePrincipals/policies/update | Update the `servicePrincipals.policies` property in Azure AD. |
 | microsoft.directory/signInReports/allProperties/read | Read all properties (including privileged properties) on sign-in reports in Azure AD. |
+| microsoft.directory/servicePrincipals/synchronizationCredentials/manage |	Manage application provisioning secrets and credentials |
+| microsoft.directory/servicePrincipals/synchronizationJobs/manage |	Start, restart, and pause application provisioning synchronization jobs |
+| microsoft.directory/servicePrincipals/synchronizationSchema/manage |	Create and manage application provisioning synchronization jobs and schema |
+| microsoft.directory/servicePrincipals/synchronization/standard/read |	Read provisioning settings associated with your service principal |
 
 #### Owned devices
 

articles/active-directory/hybrid/connect/how-to-connect-syncservice-features.md

@@ -38,7 +38,7 @@ Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectory
 Get-MgDirectoryOnPremisSynchronization | Select-Object -ExpandProperty Features | Format-List
 ```
 
-The output looks similar to `Get-MsolDireSyncFeatures`:
+The output looks similar to `Get-MsolDirSyncFeatures`:
 ```powershell
 BlockCloudObjectTakeoverThroughHardMatchEnabled  : False
 BlockSoftMatchEnabled                            : False

articles/app-service/deploy-zip.md

@@ -66,18 +66,26 @@ Publish-AzWebApp -ResourceGroupName Default-Web-WestUS -Name MyApp -ArchivePath
 
 # [Kudu API](#tab/api)
 
-The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders `<username>`, `<zip-package-path>`, and `<app-name>`. When prompted by cURL, type in the [deployment password](deploy-configure-credentials.md).
+The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders `<username>`, `<password>`, `<zip-package-path>`, and `<app-name>`. Use the [deployment credentials](deploy-configure-credentials.md) for authentication.
 
 ```bash
-curl -X POST -u <username:password> -T "@<zip-package-path>" https://<app-name>.scm.azurewebsites.net/api/publish?type=zip
+curl -X POST \
+     -H "Content-Type: application/octet-stream" \
+     -u '<username>:<password>' \
+     -T "<zip-package-path>" \
+     "https://<app-name>.scm.azurewebsites.net/api/zipdeploy"
 ```
 
 [!INCLUDE [deploying to network secured sites](../../includes/app-service-deploy-network-secured-sites.md)]
 
 The following example uses the `packageUri` parameter to specify the URL of an Azure Storage account that the web app should pull the ZIP from.
 
 ```bash
-curl -X POST -u <username:password> https://<app-name>.scm.azurewebsites.net/api/publish -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}'
+curl -X PUT \
+     -H "Content-Type: application/json" \
+     -u '<username>:<password>' \
+     -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}' \
+     "https://<app-name>.scm.azurewebsites.net/api/zipdeploy"
 ```
 
 # [Kudu UI](#tab/kudu-ui)

articles/azure-app-configuration/pull-key-value-devops-pipeline.md

@@ -1,6 +1,6 @@
 ---
-title: Pull settings to App Configuration with Azure Pipelines
-description: Learn to use Azure Pipelines to pull key-values to an App Configuration Store
+title: Pull settings from App Configuration with Azure Pipelines
+description: Learn how to use Azure Pipelines to pull key-values from an App Configuration Store
 services: azure-app-configuration
 author: mcleanbyron
 ms.service: azure-app-configuration
@@ -9,7 +9,7 @@ ms.date: 11/17/2020
 ms.author: mcleans
 ---
 
-# Pull settings to App Configuration with Azure Pipelines
+# Pull settings from App Configuration with Azure Pipelines
 
 The [Azure App Configuration](https://marketplace.visualstudio.com/items?itemName=AzureAppConfiguration.azure-app-configuration-task) task pulls key-values from your App Configuration store and sets them as Azure pipeline variables, which can be consumed by subsequent tasks. This task complements the [Azure App Configuration Push](https://marketplace.visualstudio.com/items?itemName=AzureAppConfiguration.azure-app-configuration-task-push) task that pushes key-values from a configuration file into your App Configuration store. For more information, see [Push settings to App Configuration with Azure Pipelines](push-kv-devops-pipeline.md).