MicrosoftDocs
diff --git a/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 10 additions & 0 deletions b/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/custom-policies-series-overview.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/custom-policies-series-overview.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-domain-services/migrate-from-classic-vnet.md
Lines changed: 5 additions & 4 deletions b/‎articles/active-directory-domain-services/migrate-from-classic-vnet.md
Lines changed: 5 additions & 4 deletions
diff --git a/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 9 additions & 5 deletions b/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎articles/active-directory-domain-services/tutorial-configure-ldaps.md
Lines changed: 6 additions & 3 deletions b/‎articles/active-directory-domain-services/tutorial-configure-ldaps.md
Lines changed: 6 additions & 3 deletions
diff --git a/‎articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md
Lines changed: 7 additions & 2 deletions b/‎articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md
Lines changed: 7 additions & 2 deletions
diff --git a/‎articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory/authentication/TOC.yml
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/authentication/TOC.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/authentication/concept-authentication-default-enablement.md
Lines changed: 2 additions & 3 deletions b/‎articles/active-directory/authentication/concept-authentication-default-enablement.md
Lines changed: 2 additions & 3 deletions
diff --git a/‎articles/active-directory/authentication/concept-authentication-methods.md
Lines changed: 7 additions & 5 deletions b/‎articles/active-directory/authentication/concept-authentication-methods.md
Lines changed: 7 additions & 5 deletions
@@ -35,6 +35,16 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/source-map-support.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk-advanced",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
             "redirect_url": "/azure/azure-monitor/app/app-insights-overview",
 
@@ -22,7 +22,7 @@ In Azure Active Directory B2C (Azure AD B2C), you can create user experiences by
 
 User flows are already customizable such as [changing UI](customize-ui.md), [customizing language](language-customization.md) and using [custom attributes](user-flow-custom-attributes.md). However, these customizations might not cover all your business specific needs, which is the reason why you need custom policies.   
 
-While you can use pre-made [custom policy starter pack](/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#custom-policy-starter-pack), it's important for you understand how custom policy is built from scratch. In this how-to guide series, you'll learn what you need to understand for you to customize the behavior of your user experience by using custom policies. At the end of this how-to guide series, you should be able to read and understand existing custom policies or write your own from scratch.
+While you can use pre-made [custom policy starter pack](./tutorial-create-user-flows.md?pivots=b2c-custom-policy#custom-policy-starter-pack), it's important for you understand how custom policy is built from scratch. In this how-to guide series, you'll learn what you need to understand for you to customize the behavior of your user experience by using custom policies. At the end of this how-to guide series, you should be able to read and understand existing custom policies or write your own from scratch.
 
 ## Prerequisites
 
@@ -48,4 +48,4 @@ This how-to guide series consists of multiple articles. We recommend that you st
 
 - Learn about [Azure AD B2C TrustFrameworkPolicy BuildingBlocks](buildingblocks.md)
 
-- [Write your first Azure Active Directory B2C custom policy - Hello World!](custom-policies-series-hello-world.md)
+- [Write your first Azure Active Directory B2C custom policy - Hello World!](custom-policies-series-hello-world.md)
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/10/2023
+ms.date: 03/14/2023
 ms.author: justinha 
 ---
 
@@ -177,10 +177,11 @@ Before you begin the migration process, complete the following initial checks an
     | Source      | Source service tag                 | Source port ranges |  Destination  | Service | Destination port ranges | Protocol | Action | Required | Purpose |
     |:-----------:|:----------------------------------:|:------------------:|:-------------:|:-------:|:-----------------------:|:--------:|:------:|:--------:|:--------|
     | Service tag | AzureActiveDirectoryDomainServices | *                  | Any           | WinRM   | 5986        | TCP       | Allow  | Yes       | Management of your domain |
-    | Service tag | CorpNetSaw                         | *                  | Any           | WinRM   | 3389        | TCP       | Allow  | Optional  | Debugging for support |
-    | Service tag | AzureActiveDirectoryDomainServices | *                  | Any           | WinRM   | 636         | TCP       | Allow  | Optional  | Secure LDAP |
+    | Service tag | CorpNetSaw                         | *                  | Any           | RDP   | 3389        | TCP       | Allow  | Optional  | Debugging for support |
+    
+    Make a note of the target resource group, target virtual network, and target virtual network subnet. These resource names are used during the migration process.
 
-    Make a note of this target resource group, target virtual network, and target virtual network subnet. These resource names are used during the migration process.
+    Note that the **CorpNetSaw** service tag isn't available by using Azure portal, and the network security group rule for **CorpNetSaw** has to be added by using [PowerShell](powershell-create-instance.md#create-a-network-security-group).
 
 1. Check the managed domain health in the Azure portal. If you have any alerts for the managed domain, resolve them before you start the migration process.
 1. Optionally, if you plan to move other resources to the Resource Manager deployment model and virtual network, confirm that those resources can be migrated. For more information, see [Platform-supported migration of IaaS resources from Classic to Resource Manager][migrate-iaas].
 
@@ -9,8 +9,9 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 03/14/2023
 ms.author: justinha
+ms.reviewer: xyuan
 
 ---
 # Virtual network design considerations and configuration options for Azure Active Directory Domain Services
@@ -110,10 +111,13 @@ The following sections cover network security groups and Inbound and Outbound po
 
 The following network security group Inbound rules are required for the managed domain to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet for your managed domain.
 
-| Inbound port number | Protocol | Source                             | Destination | Action | Required | Purpose |
-|:-----------:|:--------:|:----------------------------------:|:-----------:|:------:|:--------:|:--------|
-| 5986        | TCP      | AzureActiveDirectoryDomainServices | Any         | Allow  | Yes      | Management of your domain. |
-| 3389        | TCP      | CorpNetSaw                         | Any         | Allow  | Optional      | Debugging for support. |
+| Source      | Source service tag                 | Source port ranges |  Destination  | Service | Destination port ranges | Protocol | Action | Required | Purpose |
+|:-----------:|:----------------------------------:|:------------------:|:-------------:|:-------:|:-----------------------:|:--------:|:------:|:--------:|:--------|
+| Service tag | AzureActiveDirectoryDomainServices | *                  | Any           | WinRM   | 5986            | TCP | Allow | Yes | Management of your domain. |
+| Service tag | CorpNetSaw                         | *                  | Any           | RDP     | 3389            | TCP | Allow | Optional | Debugging for support |
+
+
+Note that the **CorpNetSaw** service tag isn't available by using Azure portal, and the network security group rule for **CorpNetSaw** has to be added by using [PowerShell](powershell-create-instance.md#create-a-network-security-group).
 
 Azure AD DS also relies on the Default Security rules AllowVnetInBound and AllowAzureLoadBalancerInBound.
 
 
@@ -8,8 +8,9 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 01/29/2023
+ms.date: 03/14/2023
 ms.author: justinha
+ms.reviewer: xyuan
 
 #Customer intent: As an identity administrator, I want to secure access to an Azure Active Directory Domain Services managed domain using secure lightweight directory access protocol (LDAPS)
 ---
@@ -236,11 +237,13 @@ Let's create a rule to allow inbound secure LDAP access over TCP port 636 from a
 
     | Setting                           | Value        |
     |-----------------------------------|--------------|
-    | Source                            | IP Addresses |
-    | Source IP addresses / CIDR ranges | A valid IP address or range for your environment |
+    | Source                            | Service tag  |
+    | Source service tag                | AzureActiveDirectoryDomainServices  |
+    | Source IP addresses/CIDR ranges   | A valid IP address or range for your environment |
     | Source port ranges                | *            |
     | Destination                       | Any          |
     | Destination port ranges           | 636          |
+    | Service                           | WinRM        |
     | Protocol                          | TCP          |
     | Action                            | Allow        |
     | Priority                          | 401          |
 
@@ -379,7 +379,7 @@ The SuccessFactors connector supports expansion of the position object. To expan
 | positionNameDE | $.employmentNav.results[0].jobInfoNav.results[0].positionNav.externalName_de_DE |
 
 ### Provisioning users in the Onboarding module
-Inbound user provisioning from SAP SuccessFactors to on-premises Active Directory and Azure AD now supports advance provisioning of pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. Upon encountering a new hire profile with future start date, the Azure AD provisioning service queries SAP SuccessFactors to get new hires with one of the following status codes: `active`, `inactive`, `active_external`. The status code `active_external` corresponds to pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. For a description of these status codes, refer to [SAP support note 2736579](https://launchpad.support.sap.com/#/notes/0002736579).
+Inbound user provisioning from SAP SuccessFactors to on-premises Active Directory and Azure AD now supports advance provisioning of pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. Upon encountering a new hire profile with future start date, the Azure AD provisioning service queries SAP SuccessFactors to get new hires with one of the following status codes: `active`, `inactive`, `active_external_suite`. The status code `active_external_suite` corresponds to pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. For a description of these status codes, refer to [SAP support note 2736579](https://launchpad.support.sap.com/#/notes/0002736579).
 
 The default behavior of the provisioning service is to process pre-hires in the Onboarding module. 
 
@@ -388,7 +388,12 @@ If you want to exclude processing of pre-hires in the Onboarding module, update
 1. Under show advanced options, edit the SuccessFactors attribute list to add a new attribute called `userStatus`.
 1. Set the JSONPath API expression for this attribute as: `$.employmentNav.results[0].userNav.status`
 1. Save the schema to return back to the attribute mapping blade. 
-1. Edit the Source Object scope to apply a scoping filter `userStatus NOT EQUALS active_external`
+1. Edit the Source Object scope to apply a scoping filter `userStatus NOT EQUALS 
+
+
+
+
+`
 1. Save the mapping and validate that the scoping filter works using provisioning on demand. 
 
 ### Enabling OData API Audit logs in SuccessFactors
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/14/2023
+ms.date: 03/15/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -1202,7 +1202,7 @@ In the example of a request, to retrieve the current state of a user, the values
 
 ***Example 4. Query the value of a reference attribute to be updated*** 
 
-If a reference attribute is to be updated, then Azure AD queries the service to determine whether the current value of the reference attribute in the identity store fronted by the service already matches the value of that attribute in Azure AD. For users, the only attribute of which the current value is queried in this way is the manager attribute. Here's an example of a request to determine whether the manager attribute of a user object currently has a certain value: 
+Azure AD checks the current attribute value in the identity store before updating it. However, only the manager attribute is the checked first for users. Here's an example of a request to determine whether the manager attribute of a user object currently has a certain value: 
 In the sample code, the request is translated into a call to the QueryAsync method of the service’s provider. The value of the properties of the object provided as the value of the parameters argument are as follows: 
 
 * parameters.AlternateFilters.Count: 2
@@ -1304,7 +1304,7 @@ Check with your application provider, or your application provider's documentati
 
 ### Getting started
 
-Applications that support the SCIM profile described in this article can be connected to Azure AD using the "non-gallery application" feature in the Azure AD application gallery. Once connected, Azure AD runs a synchronization process every 40 minutes where it queries the application's SCIM endpoint for assigned users and groups, and creates or modifies them according to the assignment details.
+Applications that support the SCIM profile described in this article can be connected to Azure AD using the "non-gallery application" feature in the Azure AD application gallery. Once connected, Azure AD runs a synchronization process. The process runs every 40 minutes. The process queries the application's SCIM endpoint for assigned users and groups, and creates or modifies them according to the assignment details.
 
 **To connect an application that supports SCIM:**
 
@@ -1398,7 +1398,7 @@ The provisioning service supports the [authorization code grant](https://tools.i
 > [!NOTE]
 > OAuth v1 is not supported due to exposure of the client secret. OAuth v2 is supported.  
 
-It is recommended, but not required, that you support multiple secrets for easy renewal without downtime.
+It's recommended, but not required, that you support multiple secrets for easy renewal without downtime.
 
 #### How to set up OAuth code grant flow
 
 
@@ -108,7 +108,7 @@
             href: howto-authentication-passwordless-faqs.md
           - name: Troubleshoot hybrid
             href: howto-authentication-passwordless-troubleshoot.md
-      - name: Passwordless phone sign-in
+      - name: Microsoft Authenticator
         items:
         - name: Manage
           href: howto-authentication-passwordless-phone.md
@@ -118,6 +118,8 @@
           href: how-to-mfa-number-match.md
         - name: Use additional context 
           href: how-to-mfa-additional-context.md
+        - name: Use Authenticator Lite 
+          href: how-to-mfa-authenticator-lite.md
         - name: Use Microsoft managed settings 
           href: how-to-mfa-microsoft-managed.md
       - name: Windows Hello for Business
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/24/2023
+ms.date: 03/12/2023
 
 ms.author: justinha
 author: mjsantani
@@ -39,8 +39,6 @@ As MFA fatigue attacks rise, number matching becomes more critical to sign-in se
 >[!NOTE]
 >Number matching will begin to be enabled for all users of Microsoft Authenticator starting May 08, 2023.
 
-<!---Add link to Mayur Blog post here--->
-
 ## Microsoft managed settings
 
 In addition to configuring Authentication methods policy settings to be either **Enabled** or **Disabled**, IT admins can configure some settings in the Authentication methods policy to be **Microsoft managed**. A setting that is configured as **Microsoft managed** allows Azure AD to enable or disable the setting. 
@@ -59,6 +57,7 @@ The following table lists each setting that can be set to Microsoft managed and
 | [Location in Microsoft Authenticator notifications](how-to-mfa-additional-context.md)           | Disabled      |
 | [Application name in Microsoft Authenticator notifications](how-to-mfa-additional-context.md)   | Disabled      |
 | [System-preferred MFA](concept-system-preferred-multifactor-authentication.md)                  | Disabled      |
+| [Authenticator Lite](how-to-mfa-authenticator-lite.md)                                          | Disabled      |  
 
 As threat vectors change, Azure AD may announce default protection for a **Microsoft managed** setting in [release notes](../fundamentals/whats-new.md) and on commonly read forums like [Tech Community](https://techcommunity.microsoft.com/). 
 
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/17/2022
+ms.date: 03/13/2023
 
 ms.author: justinha
 author: justinha
@@ -38,7 +38,8 @@ The following table outlines the security considerations for the available authe
 | Authentication method          | Security | Usability | Availability |
 |--------------------------------|:--------:|:---------:|:------------:|
 | Windows Hello for Business     | High     | High      | High         |
-| Microsoft Authenticator app    | High     | High      | High         |
+| Microsoft Authenticator        | High     | High      | High         |
+| Authenticator Lite             | High     | High      | High         |
 | FIDO2 security key             | High     | High      | High         |
 | Certificate-based authentication (preview)| High | High | High       |
 | OATH hardware tokens (preview) | Medium   | Medium    | High         |
@@ -63,10 +64,11 @@ The following table outlines when an authentication method can be used during a
 
 | Method                         | Primary authentication | Secondary authentication  |
 |--------------------------------|:----------------------:|:-------------------------:|
-| Windows Hello for Business     | Yes                    | MFA\*                      |
-| Microsoft Authenticator app    | Yes                    | MFA and SSPR              |
+| Windows Hello for Business     | Yes                    | MFA\*                     |
+| Microsoft Authenticator        | Yes                    | MFA and SSPR              |
+| Authenticator Lite             | No                     | MFA                       |
 | FIDO2 security key             | Yes                    | MFA                       |
-| Certificate-based authentication (preview) | Yes        | No              |
+| Certificate-based authentication | Yes                  | No                        |
 | OATH hardware tokens (preview) | No                     | MFA and SSPR              |
 | OATH software tokens           | No                     | MFA and SSPR              |
 | SMS                            | Yes                    | MFA and SSPR              |