Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vscref

Author: gitName

articles/active-directory-b2c/force-password-reset.md

@@ -2,14 +2,11 @@
 title: Configure a force password reset flow in Azure AD B2C
 titleSuffix: Azure AD B2C
 description: Learn how to set up a forced password reset flow in Azure Active Directory B2C.
-
 author: kengaderdus
 manager: CelesteDG
-
 ms.service: azure-active-directory
-
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 10/11/2024
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: b2c-support, has-azure-ad-ps-ref,azure-ad-ref-level-one-done
@@ -160,16 +157,13 @@ Connect-MgGraph  -Scopes 'Domain.ReadWrite.All'
 $domainId = "contoso.com"
 $params = @{
 	passwordValidityPeriodInDays = 90
-	passwordNotificationWindowInDays = 15
 }
 
 Update-MgDomain -DomainId $domainId -BodyParameter $params
 ```
 
-> [!NOTE] 
-> `passwordValidityPeriodInDays` indicates the length of time in days that a password remains valid before it must be changed. `passwordNotificationWindowInDays` indicates the length of time in days before the password expiration date when users receive their first notification to indicate that their password is about to expire.
-
-## Next steps
+- `passwordValidityPeriodInDays` is the length of time in days that a password remains valid before it must be changed. 
 
-Set up a [self-service password reset](add-password-reset-policy.md).
+## Related content
 
+Set up a [self-service password reset](add-password-reset-policy.md).

articles/cost-management-billing/manage/avoid-unused-subscriptions.md

@@ -1,19 +1,23 @@
 ---
 title: Avoid unused subscriptions
-description: Learn how to avoid having an unused subscription that gets automatically deleted.
+description: Learn how to prevent unused subscriptions from getting automatically blocked or deleted due to inactivity.
 author: bandersmsft
 ms.reviewer: mijeffer
 ms.service: cost-management-billing
 ms.subservice: billing
-ms.topic: conceptual
-ms.date: 07/25/2024
+ms.topic: concept-article
+ms.date: 10/08/2024
 ms.author: banders
+# customer intent: As a billing administrator, I want to prevent my subscriptions from getting blocked or deleted.
 ---
 
 # Avoid unused subscriptions
 
 Unused and abandoned subscriptions can increase potential security risks to your Azure account. To reduce this risk, Microsoft takes measures to secure, protect, and ultimately delete unused Azure subscriptions.
 
+>[!NOTE]
+> This article only applies to Microsoft Online Service Program (MOSP) and Cloud Solution Provider (CSP) subscriptions.
+
 ## What is an unused subscription?
 
 Unused subscriptions don’t have usage, activity, or open support requests in more than one year (12 months). When a subscription enters the unused state, you receive a notification from Microsoft stating that your unused subscriptions will get blocked in 30 days.

articles/firewall/firewall-copilot.md

@@ -24,7 +24,7 @@ Microsoft Copilot for Security is a generative AI-powered security solution that
 
 Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
 
-The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS and/or threat intelligence features of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
+The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
 
 This article introduces you to Copilot and includes sample prompts that can help Azure Firewall users.
 
@@ -51,17 +51,17 @@ For more information about writing effective Copilot for Security prompts, see [
     - [Azure Structured Firewall Logs](firewall-structured-logs.md#resource-specific-mode) – the Azure Firewalls to be used with Copilot for Security must be configured with resource specific structured logs for IDPS and these logs must be sent to a Log Analytics workspace.
     - [Role Based Access Control for Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/role-based-access-control-for-azure-firewall/ba-p/2245598) – the users using the Azure Firewall plugin in Copilot for Security must have the appropriate Azure RBAC roles to access the Firewall and associated Log Analytics workspace(s).
 2.	Go to [Microsoft Copilot for Security](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
-3.	Ensure that the Azure Firewall plugin is turned on. In the prompt bar, select the **Sources** icon.
+1. In the prompt bar, select the **Sources** icon.
 
-    :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
+  :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
 
-  
-    In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window.
 
-    :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::    
+   In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window. No additional configuration is necessary, as long as structured logs are being sent to a Log Analytics workspace and you have the right RBAC permissions, Copilot will find the data it needs to answer your questions.
+   
+  :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::    
 
-    > [!NOTE]
-    > Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
+  > [!NOTE]
+  > Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
 
 
 4. Enter your prompt in the prompt bar.
@@ -105,9 +105,7 @@ Get **additional details** to enrich the threat information/profile of an IDPS s
 - I see that the third signature ID is associated with CVE _\<CVE number\>_, tell me more about this CVE.
 
 > [!NOTE]
->The Microsoft Defender Threat Intelligence plugin is another source that Copilot for Security may use to provide threat intelligence for IDPS signatures.
-
-
+> The Microsoft Threat Intelligence plugin is another source that Copilot for Security may use to provide threat intelligence for IDPS signatures.
 ### Look for a given IDPS signature across your tenant, subscription, or resource group
 
 Perform a **fleet-wide search** (over any scope) for a threat across all your Firewalls instead of searching for the threat manually.
@@ -148,4 +146,4 @@ When you interact with Copilot for Security to get Azure Firewall data, Copilot
 
 ## Related content
 
-- [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
+- [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)

articles/internet-peering/media/walkthrough-monitoring-telemetry/peering-received-routes.png

@@ -7,7 +7,7 @@ ms.subservice: azure-mqtt-broker
 ms.topic: how-to
 ms.custom:
   - ignite-2023
-ms.date: 08/29/2024
+ms.date: 10/08/2024
 
 #CustomerIntent: As an operator, I want understand options to secure MQTT communications for my IoT Operations solution.
 ---
@@ -38,7 +38,24 @@ For a list of the available settings, see the [Broker Listener](/rest/api/iotope
 
 When you deploy Azure IoT Operations Preview, the deployment also creates a *BrokerListener* resource named `listener` in the `azure-iot-operations` namespace. This listener is linked to the default Broker resource named `broker` that's also created during deployment. The default listener exposes the broker on port 18883 with TLS and SAT authentication enabled. The TLS certificate is [automatically managed](howto-configure-tls-auto.md) by cert-manager. Authorization is disabled by default.
 
-To inspect the listener, run:
+To view or edit the listener:
+
+# [Portal](#tab/portal)
+
+1. In the Azure portal, navigate to your IoT Operations instance.
+1. Under **Azure IoT Operations resources**, select **MQTT Broker**.
+
+    :::image type="content" source="media/howto-configure-brokerlistener/configure-broker-listener.png" alt-text="Screenshot using Azure portal to view Azure IoT Operations MQTT configuration.":::
+
+1. From the broker listener list, select the **default** listener.
+
+    :::image type="content" source="media/howto-configure-brokerlistener/default-broker-listener.png" alt-text="Screenshot using Azure portal to view or edit the default broker listener.":::
+
+1. Review the listener settings and make any changes as needed.
+
+# [Kubernetes](#tab/kubernetes)
+
+To view the default *BrokerListener* resource, use the following command:
 
 ```bash
 kubectl get brokerlistener listener -n azure-iot-operations -o yaml
@@ -71,33 +88,59 @@ spec:
 
 To learn more about the default BrokerAuthentication resource linked to this listener, see [Default BrokerAuthentication resource](howto-configure-authentication.md#default-brokerauthentication-resource).
 
-### Update the default BrokerListener
+### Update the default broker listener
 
 The default *BrokerListener* uses the service type *ClusterIp*. You can have only one listener per service type. If you want to add more ports to service type *ClusterIp*, you can update the default listener to add more ports. For example, you could add a new port 1883 with no TLS and authentication off with the following kubectl patch command:
 
 ```bash
 kubectl patch brokerlistener listener -n azure-iot-operations --type='json' -p='[{"op": "add", "path": "/spec/ports/", "value": {"port": 1883, "protocol": "Mqtt"}}]'
 ```
 
-## Create new BrokerListeners
+---
+
+## Create new broker listeners
 
-This example shows how to create a new *BrokerListener* resource for a *Broker* resource named *my-broker*. The *BrokerListener* resource defines a two ports that accept MQTT connections from clients.
+This example shows how to create a new *BrokerListener* resource named *loadbalancer-listener* for a *Broker* resource. The *BrokerListener* resource defines a two ports that accept MQTT connections from clients.
 
 - The first port listens on port 1883 with no TLS and authentication off. Clients can connect to the broker without encryption or authentication.
 - The second port listens on port 18883 with TLS and authentication enabled. Only authenticated clients can connect to the broker with TLS encryption. TLS is set to `automatic`, which means that the listener uses cert-manager to get and renew its server certificate.
 
+# [Portal](#tab/portal)
+
+1. In the Azure portal, navigate to your IoT Operations instance.
+1. Under **Azure IoT Operations resources**, select **MQTT Broker**.
+1. Select **MQTT broker listener for LoadBalancer** > **Create**. You can only create one listener per service type. If you already have a listener of the same service type, you can add more ports to the existing listener.
+
+    :::image type="content" source="media/howto-configure-brokerlistener/create-loadbalancer.png" alt-text="Screenshot using Azure portal to create MQTT broker for load balancer listener.":::
+
+    Enter the following settings:
+
+    | Setting        | Description                                                                                   |
+    | -------------- | --------------------------------------------------------------------------------------------- |
+    | Name           | Name of the BrokerListener resource.                                                          |
+    | Service name   | Name of the Kubernetes service associated with the BrokerListener.                            |
+    | Service type   | Type of broker service, such as *LoadBalancer*, *NodePort*, or *ClusterIP*.                   |
+    | Port           | Port number on which the BrokerListener listens for MQTT connections.                         |
+    | Authentication | The [authentication resource reference](howto-configure-authentication.md).                   |
+    | Authorization  | The [authorization resource reference](howto-configure-authorization.md).                     |
+    | TLS            | Indicates whether TLS is enabled for secure communication. Can be set to [automatic](howto-configure-tls-auto.md) or [manual](howto-configure-tls-manual.md). |
+
+1. Select **Create listener**.
+
+# [Kubernetes](#tab/kubernetes)
+
 To create these *BrokerListener* resources, apply this YAML manifest to your Kubernetes cluster:
 
 ```yaml
 apiVersion: mqttbroker.iotoperations.azure.com/v1beta1
 kind: BrokerListener
 metadata:
-  name: my-test-listener
+  name: loadbalancer-listener
   namespace: azure-iot-operations
 spec:
   brokerRef: broker
   serviceType: LoadBalancer
-  serviceName: my-new-listener
+  serviceName: aio-broker-loadbalancer
   ports:
   - port: 1883
     protocol: Mqtt
@@ -113,6 +156,10 @@ spec:
             group: cert-manager.io
 ```
 
+For more information about authentication, see [Configure MQTT broker authentication](howto-configure-authentication.md). For more information about authorization, see [Configure MQTT broker authorization](howto-configure-authorization.md). For more information about TLS, see [Configure TLS with automatic certificate management to secure MQTT communication in MQTT broker](howto-configure-tls-auto.md) or [Configure TLS with manual certificate management to secure MQTT communication in MQTT broker](howto-configure-tls-manual.md).
+
+---
+
 ## Related content
 
 - [Configure MQTT broker authorization](howto-configure-authorization.md)

articles/internet-peering/media/walkthrough-monitoring-telemetry/peering-service-prefix-events.png

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/network-watcher/connection-monitor-virtual-machine-scale-set.md",
+            "redirect_url": "/previous-versions/azure/network-watcher/connection-monitor-virtual-machine-scale-set",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/network-watcher/view-network-topology.md",
             "redirect_url": "/azure/network-watcher/network-insights-topology",