Merge pull request #236017 from MicrosoftDocs/main

4/26 PM Publish

Author: huypub

.openpublishing.redirection.azure-productivity.json

@@ -149,6 +149,11 @@
       "source_path": "articles/lab-services/classroom-labs-faq.yml",
       "redirect_url": "/azure/lab-services/lab-services-overview",
       "redirect_document_id": false
-    }
+    },
+	{
+		"source_path": "articles/lab-services/how-to-enable-nested-virtualization-template-vm-ui.md",
+		"redirect_url": "/azure/lab-services/how-to-enable-nested-virtualization-template-vm-using-script",
+		"redirect_document_id": false
+	}
   ]
 }

articles/active-directory/authentication/how-to-mfa-authenticator-lite.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/15/2023
+ms.date: 04/25/2023
 
 ms.author: justinha
 author: sabina-smith
@@ -30,6 +30,10 @@ Users receive a notification in Outlook mobile to approve or deny sign-in, or th
 ## Prerequisites
 
 - Your organization needs to enable Microsoft Authenticator (second factor) push notifications for some users or groups by using the Authentication methods policy. You can edit the Authentication methods policy by using the Azure portal or Microsoft Graph API.
+
+  >[!TIP]
+  >We recommend that you also enable [system-preferred multifactor authentication (MFA)](concept-system-preferred-multifactor-authentication.md) when you enable Authenticator Lite. With system-preferred MFA enabled, users try to sign-in with Authenticator Lite before they try less secure telephony methods like SMS or voice call. 
+
 - If your organization is using the Active Directory Federation Services (AD FS) adapter or Network Policy Server (NPS) extensions, upgrade to the latest versions for a consistent experience.
 - Users enabled for shared device mode on Outlook mobile aren't eligible for Authenticator Lite.
 - Users must run a minimum Outlook mobile version.
@@ -125,7 +129,7 @@ If enabled for Authenticator Lite, users are prompted to register their account
 :::image type="content" border="true" source="./media/how-to-mfa-authenticator-lite/registration.png" alt-text="Screenshot of how to register Authenticator Lite.":::
 
 >[!NOTE]
->Users with no MFA methods registered will be prompted to download the Authenticator App when they begin registration flow. For the most seamless Authenticator Lite registration experience, [provision your users a TAP](https://learn.microsoft.com/azure/active-directory/authentication/howto-authentication-temporary-access-pass) (temporary access pass) which they can use during registration.
+>If they don't have any MFA methods registered, users are prompted to download Authenticator when they begin the registration flow. For the most seamless experience, provision users with a [Temporary Access Pass (TAP)](howto-authentication-temporary-access-pass.md) that they can use during Authenticator Lite registration.
 
 
 ## Monitoring Authenticator Lite usage

articles/active-directory/authentication/howto-sspr-authenticationdata.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 04/26/2023
 
 ms.author: justinha
 author: justinha
@@ -82,45 +82,46 @@ The following fields can be set through PowerShell:
 > [!IMPORTANT]
 > Azure AD PowerShell is planned for deprecation. You can start using [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview) to interact with Azure AD as you would in Azure AD PowerShell, or use the [Microsoft Graph REST API for managing authentication methods](/graph/api/resources/authenticationmethods-overview).
 
-### Use Azure AD PowerShell version 1
+### Use Microsoft Graph PowerShell
 
-To get started, [download and install the Azure AD PowerShell module](/previous-versions/azure/jj151815(v=azure.100)#bkmk_installmodule). After it's installed, use the following steps to configure each field.
+To get started, [download and install the Microsoft Graph PowerShell module](/powershell/microsoftgraph/overview).
 
-#### Set the authentication data with Azure AD PowerShell version 1
+To quickly install from recent versions of PowerShell that support `Install-Module`, run the following commands. The first line checks to see if the module is already installed:
 
 ```PowerShell
-Connect-MsolService
-
-Set-MsolUser -UserPrincipalName [email protected] -AlternateEmailAddresses @("[email protected]")
-Set-MsolUser -UserPrincipalName [email protected] -MobilePhone "+1 4251234567"
-Set-MsolUser -UserPrincipalName [email protected] -PhoneNumber "+1 4252345678"
-
-Set-MsolUser -UserPrincipalName [email protected] -AlternateEmailAddresses @("[email protected]") -MobilePhone "+1 4251234567" -PhoneNumber "+1 4252345678"
+Get-Module Microsoft.Graph
+Install-Module Microsoft.Graph
+Select-MgProfile -Name "beta"
+Connect-MgGraph -Scopes "User.ReadWrite.All"
 ```
 
-#### Read the authentication data with Azure AD PowerShell version 1
+After the module is installed, use the following steps to configure each field.
+
+#### Set the authentication data with Microsoft Graph PowerShell
 
 ```PowerShell
-Connect-MsolService
+Connect-MgGraph -Scopes "User.ReadWrite.All"
 
-Get-MsolUser -UserPrincipalName [email protected] | select AlternateEmailAddresses
-Get-MsolUser -UserPrincipalName [email protected] | select MobilePhone
-Get-MsolUser -UserPrincipalName [email protected] | select PhoneNumber
+Update-MgUser -UserId '[email protected]' -otherMails @("[email protected]")
+Update-MgUser -UserId '[email protected]' -mobilePhone "+1 4251234567"
+Update-MgUser -UserId '[email protected]' -businessPhones "+1 4252345678"
 
-Get-MsolUser | select DisplayName,UserPrincipalName,AlternateEmailAddresses,MobilePhone,PhoneNumber | Format-Table
+Update-MgUser -UserId '[email protected]' -otherMails @("[email protected]") -mobilePhone "+1 4251234567" -businessPhones "+1 4252345678"
 ```
 
-#### Read the Authentication Phone and Authentication Email options
-
-To read the **Authentication Phone** and **Authentication Email** when you use PowerShell version 1, use the following commands:
+#### Read the authentication data with Microsoft Graph PowerShell
 
 ```PowerShell
-Connect-MsolService
-Get-MsolUser -UserPrincipalName [email protected] | select -Expand StrongAuthenticationUserDetails | select PhoneNumber
-Get-MsolUser -UserPrincipalName [email protected] | select -Expand StrongAuthenticationUserDetails | select Email
+Connect-MgGraph -Scopes "User.Read.All"
+
+Get-MgUser -UserId '[email protected]' | select otherMails
+Get-MgUser -UserId '[email protected]' | select mobilePhone
+Get-MgUser -UserId '[email protected]' | select businessPhones
+
+Get-MgUser -UserId '[email protected]' | Select businessPhones, mobilePhone, otherMails | Format-Table
 ```
 
-### Use Azure AD PowerShell version 2
+### Use Azure AD PowerShell
 
 To get started, [download and install the Azure AD version 2 PowerShell module](/powershell/module/azuread/).
 
@@ -158,45 +159,6 @@ Get-AzureADUser -ObjectID [email protected] | select TelephoneNumber
 Get-AzureADUser | select DisplayName,UserPrincipalName,otherMails,Mobile,TelephoneNumber | Format-Table
 ```
 
-### Use Microsoft Graph PowerShell
-
-To get started, [download and install the Microsoft Graph PowerShell module](/powershell/microsoftgraph/overview).
-
-To quickly install from recent versions of PowerShell that support `Install-Module`, run the following commands. The first line checks to see if the module is already installed:
-
-```PowerShell
-Get-Module Microsoft.Graph
-Install-Module Microsoft.Graph
-Select-MgProfile -Name "beta"
-Connect-MgGraph -Scopes "User.ReadWrite.All"
-```
-
-After the module is installed, use the following steps to configure each field.
-
-#### Set the authentication data with Microsoft Graph PowerShell
-
-```PowerShell
-Connect-MgGraph -Scopes "User.ReadWrite.All"
-
-Update-MgUser -UserId '[email protected]' -otherMails @("[email protected]")
-Update-MgUser -UserId '[email protected]' -mobilePhone "+1 4251234567"
-Update-MgUser -UserId '[email protected]' -businessPhones "+1 4252345678"
-
-Update-MgUser -UserId '[email protected]' -otherMails @("[email protected]") -mobilePhone "+1 4251234567" -businessPhones "+1 4252345678"
-```
-
-#### Read the authentication data with Microsoft Graph PowerShell
-
-```PowerShell
-Connect-MgGraph -Scopes "User.Read.All"
-
-Get-MgUser -UserId '[email protected]' | select otherMails
-Get-MgUser -UserId '[email protected]' | select mobilePhone
-Get-MgUser -UserId '[email protected]' | select businessPhones
-
-Get-MgUser -UserId '[email protected]' | Select businessPhones, mobilePhone, otherMails | Format-Table
-```
-
 ## Next steps
 
 Once authentication contact information is pre-populated for users, complete the following tutorial to enable self-service password reset:

articles/active-directory/fundamentals/multi-tenant-user-management-introduction.md

@@ -55,9 +55,9 @@ Most documentation for B2B refers to an external user as a guest user. It confla
 
 [Cross-tenant synchronization](../multi-tenant-organizations/cross-tenant-synchronization-overview.md) enables multi-tenant organizations to provide seamless access and collaboration experiences to end users, leveraging existing B2B external collaboration capabilities. The feature doesn't allow cross-tenant synchronization across Microsoft sovereign clouds (such as Microsoft 365 US Government GCC High, DOD or Office 365 in China). See [Common considerations for multi-tenant user management](multi-tenant-common-considerations.md#cross-tenant-synchronization) for help with automated and custom cross-tenant synchronization scenarios.
 
-Watch John Savill talk about the cross-tenant sync capability in Azure AD (embedded below).
+Watch Arvind Harinder talk about the cross-tenant sync capability in Azure AD (embedded below).
 
-> [!VIDEO https://www.youtube.com/embed/z0J5kteqUVQ]
+> [!VIDEO https://www.youtube.com/embed/7B-PQwNfGBc]
 
 The following conceptual and how-to articles provide information about Azure AD B2B collaboration and cross-tenant synchronization.
 
@@ -119,7 +119,7 @@ Organizations initially focus on requirements that they want in place for immedi
 - **Single Sign On:** Enable users to access resources across the organization without the need to enter more credentials.
 ### Patterns for account creation 
 
-Microsoft mechanisms for creating and managing the lifecycle of your external user accounts follow three common patterns. You can use these patterns to help define and implement your requirements. Choose the pattern that best aligns with your scenario and then focus on the pattern details.
+Microsoft mechanisms for creating and managing the lifecycle of your external user accounts follow three common patterns. You can use these patterns to help define and implement your requirements. Choose the pattern that best aligns with your scenario and then focus on the pattern details.  
 
 | Mechanism |  Description | Best when |
 | - | - | - |

articles/active-directory/reports-monitoring/howto-manage-inactive-user-accounts.md

@@ -22,16 +22,16 @@ This article explains a method to handle obsolete user accounts in Azure Active
 
 ## What are inactive user accounts?
 
-Inactive accounts are user accounts that aren't required anymore by members of your organization to gain access to your resources. One key identifier for inactive accounts is that they haven't been used *for a while* to sign in to your environment. Because inactive accounts are tied to the sign-in activity, you can use the timestamp of the last sign-in that was successful to detect them. 
+Inactive accounts are user accounts that aren't required anymore by members of your organization to gain access to your resources. One key identifier for inactive accounts is that they haven't been used *for a while* to sign in to your environment. Because inactive accounts are tied to the sign-in activity, you can use the timestamp of the last time an account attempted to sign in to detect inactive accounts. 
 
 The challenge of this method is to define what *for a while* means for your environment. For example, users might not sign in to an environment *for a while*, because they are on vacation. When defining what your delta for inactive user accounts is, you need to factor in all legitimate reasons for not signing in to your environment. In many organizations, the delta for inactive user accounts is between 90 and 180 days. 
 
-The last successful sign-in provides potential insights into a user's continued need for access to resources.  It can help with determining if group membership or app access is still needed or could be removed. For external user management, you can understand if an external user is still active within the tenant or should be cleaned up. 
+The last sign-in provides potential insights into a user's continued need for access to resources.  It can help with determining if group membership or app access is still needed or could be removed. For external user management, you can understand if an external user is still active within the tenant or should be cleaned up. 
 
 ## Detect inactive user accounts with Microsoft Graph
 <a name="how-to-detect-inactive-user-accounts"></a>
 
-You can detect inactive accounts by evaluating the `lastSignInDateTime` property exposed by the `signInActivity` resource type of the **Microsoft Graph API**. The `lastSignInDateTime` property shows the last time a user made a successful interactive sign-in to Azure AD. Using this property, you can implement a solution for the following scenarios:
+You can detect inactive accounts by evaluating the `lastSignInDateTime` property exposed by the `signInActivity` resource type of the **Microsoft Graph API**. The `lastSignInDateTime` property shows the last time a user attempted to make an interactive sign-in attempt in Azure AD. Using this property, you can implement a solution for the following scenarios:
 
 - **Last sign-in date and time for all users**: In this scenario, you need to generate a report of the last sign-in date of all users. You request a list of all users, and the last `lastSignInDateTime` for each respective user:
     - `https://graph.microsoft.com/v1.0/users?$select=displayName,signInActivity` 
@@ -59,11 +59,11 @@ The following details relate to the `lastSignInDateTime` property.
     - AuditLog.Read.All
     - User.Read.All
 
-- Each interactive sign-in that was successful results in an update of the underlying data store. Typically, successful sign-ins show up in the related sign-in report within 10 minutes.
+- Each interactive sign-in attempt results in an update of the underlying data store. Typically, sign-ins show up in the related sign-in report within 6 hours. 
 
-- To generate a `lastSignInDateTime` timestamp, you need a successful sign-in. The value of the `lastSignInDateTime` property may be blank if:
-    - The last successful sign-in of a user took place before April 2020.
-    - The affected user account was never used for a successful sign-in.
+- To generate a `lastSignInDateTime` timestamp, you an attempted sign-in. The value of the `lastSignInDateTime` property may be blank if:
+    - The last attempted sign-in of a user took place before April 2020.
+    - The affected user account was never used for a sign-in attempt.
 
 - The last sign-in date is associated with the user object. The value is retained until the next sign-in of the user. 
 

articles/aks/TOC.yml

@@ -490,6 +490,8 @@
                   href: azure-files-csi.md
                 - name: Provision Azure Files storage
                   href: azure-csi-files-storage-provision.md
+            - name: Azure Files and Azure NetApp Files comparison
+              href: ../storage/files/storage-files-netapp-comparison.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
             - name: Provision Azure NetApp Files storage
               href: azure-netapp-files.md
         - name: Block storage
@@ -498,6 +500,8 @@
               href: azure-disk-csi.md
             - name: Provision Azure Disks storage
               href: azure-csi-disk-storage-provision.md
+            - name: Use Azure Premium SSD v2 disks
+              href: use-premium-v2-disks.md
             - name: Use Azure ultra disks
               href: use-ultra-disks.md
         - name: Other storage options

articles/aks/azure-csi-files-storage-provision.md

@@ -9,7 +9,7 @@ ms.date: 01/18/2023
 
 # Create and use a volume with Azure Files in Azure Kubernetes Service (AKS)
 
-A persistent volume represents a piece of storage that has been provisioned for use with Kubernetes pods. A persistent volume can be used by one or many pods, and can be dynamically or statically provisioned. If multiple pods need concurrent access to the same storage volume, you can use Azure Files to connect using the [Server Message Block (SMB) protocol][smb-overview]. This article shows you how to dynamically create an Azure Files share for use by multiple pods in an Azure Kubernetes Service (AKS) cluster.
+A persistent volume represents a piece of storage that has been provisioned for use with Kubernetes pods. A persistent volume can be used by one or many pods, and can be dynamically or statically provisioned. If multiple pods need concurrent access to the same storage volume, you can use Azure Files to connect using the [Server Message Block (SMB) protocol][smb-overview]. This article shows you how to dynamically create an Azure file share for use by multiple pods in an Azure Kubernetes Service (AKS) cluster.
 
 This article shows you how to:
 
@@ -474,7 +474,7 @@ kubectl apply -f azurefiles-mount-options-pvc.yaml
 
 ## Next steps
 
-For Azure File CSI driver parameters, see [CSI driver parameters][CSI driver parameters].
+For Azure Files CSI driver parameters, see [CSI driver parameters][CSI driver parameters].
 
 For associated best practices, see [Best practices for storage and backups in AKS][operator-best-practices-storage].