Merge pull request #178725 from MicrosoftDocs/master

11/04 AM Publish

Author: huypub

.openpublishing.redirection.azure-web-pubsub.json

@@ -4,6 +4,16 @@
             "source_path_from_root": "/articles/azure-web-pubsub/howto-troubleshoot-diagnostic-logs.md",
             "redirect_url": "/azure/azure-web-pubsub/howto-troubleshoot-resource-logs",
             "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/azure-web-pubsub/reference-server-sdk-csharp.md",
+          "redirect_url": "/dotnet/api/overview/azure/webpubsub/client",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/azure-web-pubsub/reference-server-sdk-java.md",
+          "redirect_url": "/java/api/overview/azure/webpubsub/client",
+          "redirect_document_id": false
         }
     ]
 }

articles/active-directory/enterprise-users/licensing-service-plan-reference.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory external identities"
 description: "New and updated documentation for the Azure Active Directory external identities."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: reference
@@ -15,6 +15,15 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory external identities documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the external identities service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### Updated articles
+
+- [Email one-time passcode authentication](one-time-passcode.md)
+- [Azure Active Directory B2B collaboration FAQs](faq.yml)
+- [Reset redemption status for a guest user (Preview)](reset-redemption-status.md)
+- [Add Google as an identity provider for B2B guest users](google-federation.md)
+
 ## September 2021
 
 ### Updated articles

articles/active-directory/external-identities/whats-new-docs.md

@@ -30,7 +30,7 @@ Your custom branding won't immediately appear when your users go to sites such a
 > [!NOTE]
 > **All branding elements are optional and will remain default when unchanged.** For example, if you specify a banner logo with no background image, the sign-in page will show your logo with a default background image from the destination site such as Microsoft 365.<br><br>Additionally, sign-in page branding doesn't carry over to personal Microsoft accounts. If your users or business guests sign in using a personal Microsoft account, the sign-in page won't reflect the branding of your organization.
 
-### To customize your branding
+### To configure your branding for the first time
 1. Sign in to the [Azure portal](https://portal.azure.com/) using a Global administrator account for the directory.
 
 2. Select **Azure Active Directory**, and then select **Company branding**, and then select **Configure**.
@@ -98,7 +98,7 @@ Your custom branding won't immediately appear when your users go to sites such a
 
 3. After you've finished adding your branding, select **Save**.
 
-    If this process creates your first custom branding configuration, it becomes the default for your tenant. If you have additional configurations, you'll be able to choose your default configuration.
+    This process creates your first custom branding configuration, and it becomes the default for your tenant. The default custom branding configuration serves as a fallback option for all language-specific branding configurations. The configuration can't be removed after you create it.
 
     >[!IMPORTANT]
     >To add more corporate branding configurations to your tenant, you must choose **New language** on the **Contoso - Company branding** page. This opens the **Configure company branding** page, where you can follow the same steps as above.

articles/active-directory/fundamentals/customize-branding.md

@@ -136,6 +136,8 @@
       items:
       - name: Secure hybrid access with Azure AD 
         href: secure-hybrid-access.md
+      - name: Secure hybrid access partner integrations
+        href: secure-hybrid-access-integrations.md
       - name: Datawiza
         href: datawiza-with-azure-ad.md 
       - name: F5

articles/active-directory/manage-apps/toc.yml

@@ -14,7 +14,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 07/16/2021
+ms.date: 10/25/2021
 ms.author: markvi
 ms.reviewer: besiler
 
@@ -279,13 +279,15 @@ On the **Users** page, you get a complete overview of all user sign-ins by click
 The **Authentication Details** tab located within the sign-ins report provides the following information, for each authentication attempt:
 
 - A list of authentication policies applied (such as Conditional Access, per-user MFA, Security Defaults)
+- A list of session lifetime policies applied (such as Sign-in frequency, Remember MFA, Configurable Token lifetime)
 - The sequence of authentication methods used to sign-in
 - Whether or not the authentication attempt was successful
 - Detail about why the authentication attempt succeeded or failed
 
 This information allows admins to troubleshoot each step in a user’s sign-in, and track:
 
 - Volume of sign-ins protected by multi-factor authentication 
+- Reason for authentication prompt based on the session lifetime policies
 - Usage and success rates for each authentication method 
 - Usage of passwordless authentication methods (such as Passwordless Phone Sign-in, FIDO2, and Windows Hello for Business) 
 - How frequently authentication requirements are satisfied by token claims (where users are not interactively prompted to enter a password, enter an SMS OTP, and so on)
@@ -329,7 +331,7 @@ The **Sign-ins** option gives you a complete overview of all sign-in events to y
 
 ## Microsoft 365 activity logs
 
-You can view Microsoft 365 activity logs from the [Microsoft 365 admin center](/office365/admin/admin-overview/about-the-admin-center). Consider the point  that, Microsoft 365 activity and Azure AD activity logs share a significant number of the directory resources. Only the Microsoft 365 admin center provides a full view of the Microsoft 365 activity logs. 
+You can view Microsoft 365 activity logs from the [Microsoft 365 admin center](/office365/admin/admin-overview/about-the-admin-center). Consider the point that, Microsoft 365 activity and Azure AD activity logs share a significant number of the directory resources. Only the Microsoft 365 admin center provides a full view of the Microsoft 365 activity logs. 
 
 You can also access the Microsoft 365 activity logs programmatically by using the [Office 365 Management APIs](/office/office-365-management-api/office-365-management-apis-overview).
 

articles/active-directory/reports-monitoring/concept-sign-ins.md

@@ -41,7 +41,7 @@ Linking a DID to a domain solves the initial trust problem by allowing any entit
 
 ## How do we link DIDs and domains?
 
-We make a link between a domain and a DID by implementing an open standard written by the Decentralized Identity Foundation called [Well-Known DID configuration](https://identity.foundation/.well-known/resources/did-configuration/). The verifiable credentials service in Azure Active Directory (Azure AD) helps your organization make the link between the DID and domain by included the domain information that you provided in your DID, and generating the well-known config file:
+We make a link between a domain and a DID by implementing an open standard written by the Decentralized Identity Foundation called [Well-Known DID configuration](https://identity.foundation/.well-known/resources/did-configuration/). The verifiable credentials service in Azure Active Directory (Azure AD) helps your organization make the link between the DID and domain by including the domain information that you provided in your DID, and generating the well-known config file:
 
 1. Azure AD uses the domain information you provide during organization setup to write a Service Endpoint within the DID Document. All parties who interact with your DID can see the domain your DID proclaims to be associated with.  
 

articles/active-directory/reports-monitoring/media/concept-sign-ins/auth-details-tab.png

@@ -3,7 +3,7 @@ title: Rotate certificates in Azure Kubernetes Service (AKS)
 description: Learn how to rotate your certificates in an Azure Kubernetes Service (AKS) cluster.
 services: container-service
 ms.topic: article
-ms.date: 7/13/2021
+ms.date: 11/03/2021
 ---
 
 # Rotate certificates in Azure Kubernetes Service (AKS)
@@ -50,6 +50,28 @@ az vm run-command invoke -g MC_rg_myAKSCluster_region -n vm-name --command-id Ru
 az vmss run-command invoke -g MC_rg_myAKSCluster_region -n vmss-name --instance-id 0 --command-id RunShellScript --query 'value[0].message' -otsv --scripts "openssl x509 -in /etc/kubernetes/certs/apiserver.crt -noout -enddate"
 ```
 
+## Certificate Auto Rotation
+
+Azure Kubernetes Service will automatically rotate non-ca certificates on both the control plane and agent nodes before they expire with no downtime for the cluster.
+
+For AKS to automatically rotate non-CA certificates, the cluster must have [TLS Bootstrapping](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/). TLS Bootstrapping is currently available in the following regions:
+
+* eastus2euap
+* centraluseuap
+* westcentralus
+* uksouth
+* eastus
+* australiacentral
+* australiaest
+
+> [!IMPORTANT]
+>Once a region is configured either create a new cluster or upgrade 'az aks upgrade -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME' an existing cluster to set that cluster for auto-cert rotation. 
+
+### Limititation
+
+Auto cert rotation won't be enabled on non-rbac cluster.
+
+
 ## Rotate your cluster certificates
 
 > [!WARNING]

articles/active-directory/verifiable-credentials/how-to-dnsbind.md

@@ -76,7 +76,7 @@ kubectl delete pod --namespace kube-system -l k8s-app=kube-dns
 ```
 
 > [!Note]
-> The command above is correct. While we're changing `coredns`, the deployment is under the **kube-dns** name.
+> The command above is correct. While we're changing `coredns`, the deployment is under the **kube-dns** label.
 
 ## Custom forward server