MicrosoftDocs
diff --git a/‎CODEOWNERS
Lines changed: 0 additions & 68 deletions b/‎CODEOWNERS
Lines changed: 0 additions & 68 deletions
diff --git a/‎articles/active-directory/fundamentals/custom-security-attributes-manage.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/fundamentals/custom-security-attributes-manage.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/fundamentals/custom-security-attributes-overview.md
Lines changed: 21 additions & 16 deletions b/‎articles/active-directory/fundamentals/custom-security-attributes-overview.md
Lines changed: 21 additions & 16 deletions
diff --git a/‎articles/advisor/advisor-reference-reliability-recommendations.md
Lines changed: 22 additions & 9 deletions b/‎articles/advisor/advisor-reference-reliability-recommendations.md
Lines changed: 22 additions & 9 deletions
diff --git a/‎articles/ai-services/LUIS/app-schema-definition.md
Lines changed: 2 additions & 2 deletions b/‎articles/ai-services/LUIS/app-schema-definition.md
Lines changed: 2 additions & 2 deletions
@@ -4,74 +4,6 @@
 # Background: https://github.blog/2017-07-06-introducing-code-owners/
 # NOTE: The people you choose as code owners must have _write_ permissions for the repository. When the code owner is a team, that team must be _visible_ and it must have _write_ permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.
 
-# Azure Monitor
-articles/azure-monitor/* @bwren
-articles/azure-monitor/agents @guywi-ms @bwren
-articles/azure-monitor/alerts @abbyMSFT
-articles/azure-monitor/app @AaronMaxwell 
-articles/azure-monitor/autoscale @EdB-MSFT
-articles/azure-monitor/containers @bwren
-articles/azure-monitor/essentials @bwren @rboucher @EdB-MSFT
-articles/azure-monitor/insights @bwren @rboucher 
-articles/azure-monitor/logs @guywi-ms
-articles/azure-monitor/visualize @abbyMSFT @rboucher
-articles/azure-monitor/vm @bwren
-articles/advisor @rboucher
-articles/service-health @rboucher
-
-# Azure Synapse Analytics
-/articles/synapse-analytics/ @SnehaGunda @WilliamDAssafMSFT @ryanmajidi @saveenr 
-/articles/synapse-analytics/backuprestore/ @joannapea @WilliamDAssafMSFT 
-/articles/synapse-analytics/catalog-governance/@djpmsft @chanuengg 
-/articles/synapse-analytics/ccid/ @liudan66
-/articles/synapse-analytics/data-integration/ @kromerm @jonburchel 
-/articles/synapse-analytics/machine-learning/ @garyericson @NelGson @midesa 
-/articles/synapse-analytics/metadata/@MikeRys @jocaplan
-/articles/synapse-analytics/security/ @RonyMSFT @meenalsri 
-/articles/synapse-analytics/spark/ @euangms @mlee3gsd @midesa 
-/articles/synapse-analytics/sql/ @filippopovic @azaricstefan @WilliamDAssafMSFT @jovanpop-msft
-/articles/synapse-analytics/sql-data-warehouse/ @SnehaGunda @WilliamDAssafMSFT
-/articles/synapse-analytics/synapse-link/ @Rodrigossz @SnehaGunda @jovanpop-msft
-
-# Cognitive Services
-/articles/ai-services/ @aahill @patrickfarley @nitinme @mrbullwinkle @laujan @eric-urban @jboback
-
-# DevOps
-/articles/ansible/ @TomArcherMsft
-/articles/chef/ @TomArcherMsft
-/articles/jenkins/ @TomArcherMsft
-/articles/terraform/ @TomArcherMsft
-
-# compute
-/articles/virtual-machines/ @cynthn @mimckitt
-/articles/virtual-machine-scale-sets/ @ju-shim @mimckitt
-/articles/cloud-services/ @mimckitt
-/articles/cloud-services-extended-support/ @mimckitt
-/articles/service-fabric/ @sukanyamsft @mimckitt
-/articles/container-instances/ @macolso @mimckitt
-/articles/container-registry/ @dlepow @mimckitt
-
-# Security
-/articles/security/fundamentals/feature-availability.md @msmbaldwin @terrylanfear
-
-# Azure Security Center
-/articles/security-center/ @memildin
-/includes/*security-controls*.md @memildin
-
-# Defender for Cloud
-
-/articles/defender-for-cloud @dcurwin @ElazarK
-
-# DDOS Protection
-/articles/ddos-protection @aletheatoh @anupamvi
-
-# Lighthouse
-/articles/lighthouse/ @JnHs
-
-# Healthcare APIs
-/articles/healthcare-apis/ @ranvijaykumar @chachachachami
-
 # Configuration
 *.json @SyntaxC4 @snoviking
-.acrolinx-config.edn @MonicaRush 
 articles/zone-pivot-groups.yml @SyntaxC4 @snoviking
@@ -60,12 +60,12 @@ The following table provides a high-level comparison of the custom security attr
 
 | Permission | Global Administrator | Attribute Definition Admin | Attribute Assignment Admin | Attribute Definition Reader | Attribute Assignment Reader |
 | --- | :---: | :---: | :---: | :---: | :---: |
-| Read attribute sets |  | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Read attribute definitions |  | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Read attribute assignments for users and applications (service principals) |  |  | :heavy_check_mark: |  | :heavy_check_mark: | 
-| Add or edit attribute sets |  | :heavy_check_mark: |  |  |  |
-| Add, edit, or deactivate attribute definitions |  | :heavy_check_mark: |  |  |  |
-| Assign attributes to users and applications (service principals) |  |  | :heavy_check_mark: |  |  |
+| Read attribute sets |  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| Read attribute definitions |  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| Read attribute assignments for users and applications (service principals) |  |  | :white_check_mark: |  | :white_check_mark: | 
+| Add or edit attribute sets |  | :white_check_mark: |  |  |  |
+| Add, edit, or deactivate attribute definitions |  | :white_check_mark: |  |  |  |
+| Assign attributes to users and applications (service principals) |  |  | :white_check_mark: |  |  |
 
 ## Step 4: Determine your delegation strategy
 
 
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 09/30/2023
 ms.collection: M365-identity-device-management
 ---
 
@@ -48,6 +48,11 @@ The following example shows how you can specify custom security attribute values
 
 ![Custom security attribute examples assigned to a user.](./media/custom-security-attributes-overview/attribute-values-examples.png)
 
+Custom security attributes **aren't** supported in the following scenarios:
+
+- [Microsoft Entra Domain Services](../../active-directory-domain-services/overview.md)
+- [SAML token claims](../develop/saml-claims-customization.md)
+
 ## Objects that support custom security attributes
 
 Currently, you can add custom security attributes for the following Microsoft Entra objects:
@@ -126,18 +131,18 @@ The following table lists the properties you can specify for attribute sets and
 
 | Property | Required | Can be changed later | Description |
 | --- | :---: | :---: | --- |
-| Attribute set name  | :heavy_check_mark: |  | Name of the attribute set. Must be unique within a tenant. Cannot include spaces or special characters. |
-| Attribute set description |  | :heavy_check_mark: | Description of the attribute set. |
-| Maximum number of attributes |  | :heavy_check_mark: | Maximum number of custom security attributes that can be defined in an attribute set. Default value is `null`. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. |
-| Attribute set | :heavy_check_mark: |  | A collection of related custom security attributes. Every custom security attribute must be part of an attribute set. |
-| Attribute name  | :heavy_check_mark: |  | Name of the custom security attribute. Must be unique within an attribute set. Cannot include spaces or special characters. |
-| Attribute description |  | :heavy_check_mark: | Description of the custom security attribute. |
-| Data type | :heavy_check_mark: |  | Data type for the custom security attribute values. Supported types are `Boolean`, `Integer`, and `String`. |
-| Allow multiple values to be assigned | :heavy_check_mark: |  | Indicates whether multiple values can be assigned to the custom security attribute. If data type is set to `Boolean`, cannot be set to Yes. |
-| Only allow predefined values to be assigned | :heavy_check_mark: |  | Indicates whether only predefined values can be assigned to the custom security attribute. If set to No, free-form values are allowed. Can later be changed from Yes to No, but cannot be changed from No to Yes. If data type is set to `Boolean`, cannot be set to Yes.|
+| Attribute set name  | :white_check_mark: |  | Name of the attribute set. Must be unique within a tenant. Cannot include spaces or special characters. |
+| Attribute set description |  | :white_check_mark: | Description of the attribute set. |
+| Maximum number of attributes |  | :white_check_mark: | Maximum number of custom security attributes that can be defined in an attribute set. Default value is `null`. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. |
+| Attribute set | :white_check_mark: |  | A collection of related custom security attributes. Every custom security attribute must be part of an attribute set. |
+| Attribute name  | :white_check_mark: |  | Name of the custom security attribute. Must be unique within an attribute set. Cannot include spaces or special characters. |
+| Attribute description |  | :white_check_mark: | Description of the custom security attribute. |
+| Data type | :white_check_mark: |  | Data type for the custom security attribute values. Supported types are `Boolean`, `Integer`, and `String`. |
+| Allow multiple values to be assigned | :white_check_mark: |  | Indicates whether multiple values can be assigned to the custom security attribute. If data type is set to `Boolean`, cannot be set to Yes. |
+| Only allow predefined values to be assigned | :white_check_mark: |  | Indicates whether only predefined values can be assigned to the custom security attribute. If set to No, free-form values are allowed. Can later be changed from Yes to No, but cannot be changed from No to Yes. If data type is set to `Boolean`, cannot be set to Yes.|
 | Predefined values |  |  | Predefined values for the custom security attribute of the selected data type. More predefined values can be added later. Values can include spaces, but some special characters are not allowed. |
-| Predefined value is active |  | :heavy_check_mark: | Specifies whether the predefined value is active or deactivated. If set to false, the predefined value cannot be assigned to any additional supported directory objects. |
-| Attribute is active |  | :heavy_check_mark: | Specifies whether the custom security attribute is active or deactivated. |
+| Predefined value is active |  | :white_check_mark: | Specifies whether the predefined value is active or deactivated. If set to false, the predefined value cannot be assigned to any additional supported directory objects. |
+| Attribute is active |  | :white_check_mark: | Specifies whether the custom security attribute is active or deactivated. |
 
 ## Limits and constraints
 
@@ -195,11 +200,11 @@ Depending on whether you have a Microsoft Entra ID P1 or P2 license, here are th
 
 | Role assignment task | Premium P1 | Premium P2 |
 | --- | :---: | :---: |
-| Permanent role assignments | :heavy_check_mark: | :heavy_check_mark: |
-| Eligible role assignments | n/a | :heavy_check_mark: |
-| Permanent role assignments at attribute set scope | :heavy_check_mark: | :heavy_check_mark: |
+| Permanent role assignments | :white_check_mark: | :white_check_mark: |
+| Eligible role assignments | n/a | :white_check_mark: |
+| Permanent role assignments at attribute set scope | :white_check_mark: | :white_check_mark: |
 | Eligible role assignments at attribute set scope | n/a | :x: |
-| **Assigned roles** page lists permanent role assignments at attribute set scope | :heavy_check_mark: | :warning:<br/>Role assignments exist, but aren't listed  |
+| **Assigned roles** page lists permanent role assignments at attribute set scope | :white_check_mark: | :warning:<br/>Role assignments exist, but aren't listed  |
 
 ## License requirements
 
 
@@ -1,9 +1,11 @@
 ---
 title: Reliability recommendations
 description: Full list of available reliability recommendations in Advisor.
+author: mabrahms
+ms.author: v-mabrahms
+ms.service: azure
 ms.topic: article
-ms.custom: ignite-2022
-ms.date: 02/04/2022
+ms.date: 09/27/2023
 ---
 
 # Reliability recommendations
@@ -50,7 +52,6 @@ Learn more about [Azure FarmBeats - FarmBeatsPythonSdkVersion (Upgrade to the la
 
 ## API Management
 
-
 ### SSL/TLS renegotiation blocked
 
 SSL/TLS renegotiation attempt blocked. Renegotiation happens when a client certificate is requested over an already established connection. When it is blocked, reading 'context.Request.Certificate' in policy expressions returns 'null'. To support client certificate authentication scenarios, enable 'Negotiate client certificate' on listed hostnames. For browser-based clients, enabling this option might result in a certificate prompt being presented to the client.
@@ -69,7 +70,19 @@ Learn more about [Api Management - HostnameCertRotationFail (Hostname certificat
 
 We detected the minimal replica count set for your container app may be lower than optimal. Consider increasing the minimal replica count for better availability.
 
-Learn more about [Resource - ContainerAppMinimalReplicaCountTooLow (Increase the minimal replica count for your container app)](https://aka.ms/containerappscalingrules).
+Learn more about [Microsoft App Container App - ContainerAppMinimalReplicaCountTooLow (Increase the minimal replica count for your container app)](https://aka.ms/containerappscalingrules).
+
+### Renew custom domain certificate
+
+We detected the custom domain certificate you uploaded is near expiration. Please renew your certificate and upload the new certificate for your container apps.
+
+Learn more about [Microsoft App Container App - ContainerAppCustomDomainCertificateNearExpiration (Renew custom domain certificate)](https://aka.ms/containerappcustomdomaincert).
+
+### A potential networking issue has been identified with your Container Apps Environment that requires it to be re-created to avoid DNS issues
+
+A potential networking issue has been identified for your Container Apps Environments. To prevent this potential networking issue from impacting your Container Apps Environment, create a new Container Apps Environment, re-create your Container Apps in the new environment, and delete the old Container Apps Environment
+
+Learn more about [Managed Environment - CreateNewContainerAppsEnvironment (A potential networking issue has been identified with your Container Apps Environment that requires it to be re-created to avoid DNS issues)](https://aka.ms/createcontainerapp).
 
 ## Cache for Redis
 
@@ -90,7 +103,7 @@ Learn more about [Front Door Profile - SwitchVersionBYOC (Switch Secret version
 
 ### Migrate Virtual Machines to Availability Zones
 
-By migrating virtual machines to Availability Zones, you can ensure the isolation of your VMs from potential failures in other zones. With this, you can expect enhanced resiliency in your workload by avoiding downtime and business interruptions. 
+By migrating virtual machines to Availability Zones, you can ensure the isolation of your VMs from potential failures in other zones, and you can expect enhanced resiliency in your workload by avoiding downtime and business interruptions. 
 
 Learn more about [Availability Zones](../reliability/availability-zones-overview.md).
 
@@ -108,7 +121,7 @@ Learn more about [Virtual machine - MigrateStandardStorageAccountToPremium (Upgr
 
 ### Enable virtual machine replication to protect your applications from regional outage
 
-Virtual machines which do not have replication enabled to another region are not resilient to regional outages. Replicating the machines drastically reduce any adverse business impact during the time of an Azure region outage. We highly recommend enabling replication of all the business critical virtual machines from the below list so that in an event of an outage, you can quickly bring up your machines in remote Azure region.
+Virtual machines that do not have replication enabled to another region, are not resilient to regional outages. Replicating the machines drastically reduce any adverse business impact during the time of an Azure region outage. We highly recommend enabling replication of all the business critical virtual machines from the below list so that in an event of an outage, you can quickly bring up your machines in remote Azure region.
 Learn more about [Virtual machine - ASRUnprotectedVMs (Enable virtual machine replication to protect your applications from regional outage)](https://aka.ms/azure-site-recovery-dr-azure-vms).
 
 ### Upgrade VM from Premium Unmanaged Disks to Managed Disks at no extra cost
@@ -131,21 +144,21 @@ Learn more about [Availability set - ManagedDisksAvSet (Use Managed Disks to imp
 
 ### Check Point Virtual Machine may lose Network Connectivity.
 
-We have identified that your Virtual Machine might be running a version of Check Point image that has been known to lose network connectivity in the event of a platform servicing operation. It is recommended that you upgrade to a newer version of the image that addresses this issue. Contact Check Point for further instructions on how to upgrade your image.
+We have identified that your Virtual Machine might be running a version of Check Point image that has been known to lose network connectivity in the event of a platform servicing operation. It is recommended that you upgrade to a newer version of the image. Contact Check Point for further instructions on how to upgrade your image.
 
 Learn more about [Virtual machine - CheckPointPlatformServicingKnownIssueA (Check Point Virtual Machine may lose Network Connectivity.)](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk151752&partition=Advanced&product=CloudGuard).
 
 ### Access to mandatory URLs missing for your Azure Virtual Desktop environment
 
-In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting the "Learn More" link, you see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
+In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to the allowed list, in case your virtual machine runs in a restricted environment. After visiting the "Learn More" link, you see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
 
 Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Azure Virtual Desktop environment)](../virtual-desktop/safe-url-list.md).
 
 ## PostgreSQL
 
 ### Improve PostgreSQL availability by removing inactive logical replication slots
 
-Our internal telemetry indicates that your PostgreSQL server may have inactive logical replication slots. THIS NEEDS IMMEDIATE ATTENTION. This can result in degraded server performance and unavailability due to WAL file retention and buildup of snapshot files. To improve performance and availability, we STRONGLY recommend that you IMMEDIATELY either delete the inactive replication slots, or start consuming the changes from these slots so that the slots' Log Sequence Number (LSN) advances and is close to the current LSN of the server.
+Our internal telemetry indicates that your PostgreSQL server may have inactive logical replication slots. THIS NEEDS IMMEDIATE ATTENTION. Inactive logical replication can result in degraded server performance and unavailability due to WAL file retention and buildup of snapshot files. To improve performance and availability, we STRONGLY recommend that you IMMEDIATELY either delete the inactive replication slots, or start consuming the changes from these slots so that the slots' Log Sequence Number (LSN) advances and is close to the current LSN of the server.
 
 Learn more about [PostgreSQL server - OrcasPostgreSqlLogicalReplicationSlots (Improve PostgreSQL availability by removing inactive logical replication slots)](https://aka.ms/azure_postgresql_logical_decoding).
 
 
@@ -1,8 +1,8 @@
 ---
 title: App schema definition
 description: The LUIS app is represented in either the `.json` or `.lu` and includes all intents, entities, example utterances, features, and settings.
-ms.service: cognitive-services
-ms.subservice: language-understanding
+ms.service: azure-ai-language
+ms.subservice: azure-ai-luis
 ms.author: aahi
 author: aahill
 manager: nitinme