MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/best-practices.md
Lines changed: 2 additions & 1 deletion b/‎articles/active-directory-b2c/best-practices.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/ai-services/translator/document-translation/quickstarts/includes/rest-api/rest-api.md
Lines changed: 2 additions & 2 deletions b/‎articles/ai-services/translator/document-translation/quickstarts/includes/rest-api/rest-api.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/monitor-control-plane-metrics.md
Lines changed: 6 additions & 1 deletion b/‎articles/aks/monitor-control-plane-metrics.md
Lines changed: 6 additions & 1 deletion
diff --git a/‎articles/api-management/backends.md
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/backends.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-cache-for-redis/TOC.yml
Lines changed: 2 additions & 2 deletions b/‎articles/azure-cache-for-redis/TOC.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-cache-for-redis/cache-azure-active-directory-for-authentication.md
Lines changed: 39 additions & 45 deletions b/‎articles/azure-cache-for-redis/cache-azure-active-directory-for-authentication.md
Lines changed: 39 additions & 45 deletions
@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: conceptual
-ms.date: 01/11/2024
+ms.date: 02/05/2024
 ms.subservice: B2C
 
 
@@ -25,6 +25,7 @@ The following best practices and recommendations cover some of the primary aspec
 
 | Best practice | Description |
 |--|--|
+| Create emergency access account | This emergency access account helps you gain access to your Azure AD B2C tenant in circumstances such as the only administrator is unreachable when the credential is needed. [Learn how to create an emergency access account](tenant-management-emergency-access-account.md#create-emergency-access-account)  |
 | Choose user flows for most scenarios | The Identity Experience Framework of Azure AD B2C is the core strength of the service. Policies fully describe identity experiences such as sign-up, sign-in, or profile editing. To help you set up the most common identity tasks, the Azure AD B2C portal includes predefined, configurable policies called user flows. With user flows, you can create great user experiences in minutes, with just a few clicks. [Learn when to use user flows vs. custom policies](user-flow-overview.md#comparing-user-flows-and-custom-policies).|
 | App registrations | Every application (web, native) and API that is being secured must be registered in Azure AD B2C. If an app has both a web and native version of iOS and Android, you can register them as one application in Azure AD B2C with the same client ID. Learn how to [register OIDC, SAML, web, and native apps](./tutorial-register-applications.md?tabs=applications). Learn more about [application types that can be used in Azure AD B2C](./application-types.md). |
 | Move to monthly active users billing | Azure AD B2C has moved from monthly active authentications to monthly active users (MAU) billing. Most customers will find this model cost-effective. [Learn more about monthly active users billing](https://azure.microsoft.com/updates/mau-billing/). |
 
@@ -5,7 +5,7 @@ author: laujan
 manager: nitinme
 ms.service: azure-ai-translator
 ms.topic: include
-ms.date: 01/17/2024
+ms.date: 02/14/2024
 ms.author: lajanuar
 recommendations: false
 ---
@@ -35,7 +35,7 @@ If cURL isn't installed, here are links for your platform:
 
 1. Copy and paste the document translation **request sample** into your `document-translation.json` file. Replace **`{your-source-container-SAS-URL}`** and **`{your-target-container-SAS-URL}`** with values from your Azure portal Storage account containers instance.
 
-    `**Request sample**`
+    ***Request sample***
 
     ```json
     {
 
@@ -23,7 +23,6 @@ This article helps you understand this new feature, how to implement it, and how
 - [Private link](../azure-monitor/logs/private-link-security.md) isn't supported.
 - Only the default [ama-metrics-settings-config-map](../azure-monitor/containers/prometheus-metrics-scrape-configuration.md#configmaps) can be customized. All other customizations are not supported.
 - The cluster must use [managed identity authentication](use-managed-identity.md).
-- This feature is currently available in the following regions:  West Central US, East Asia, UK South, East US, Australia Central, Australia East, Brazil South, Canada Central, Central India, East US 2, France Central, and Germany West Central, Israel Central, Italy North, Japan East, JioIndia West, Korea Central, Malaysia South, Mexico Central, North Central US, North Europe, Norway East, Qatar Central, South Africa North, Sweden Central, Switzerland North, Taiwan North, UAE North, UK West, West US 2, Australia Central 2, Austrial South East, Austria East, Belgium Central, Brazil South East, Canada East, Central US, Chile Central, France South, Germany North, Israel North West, Japan West, Jio India Central.
 
 ### Install or update the `aks-preview` Azure CLI extension
 
@@ -65,6 +64,12 @@ az provider register --namespace "Microsoft.ContainerService"
 
 You can enable control plane metrics with the Azure Monitor managed service for Prometheus add-on during cluster creation or for an existing cluster. To collect Prometheus metrics from your Kubernetes cluster, see [Enable Prometheus and Grafana for Kubernetes clusters][enable-monitoring-kubernetes-cluster] and follow the steps on the **CLI** tab for an AKS cluster. On the command-line, be sure to include the parameters `--generate-ssh-keys` and `--enable-managed-identity`.
 
+If your cluster already has the Prometheus addon deployed, then you can simply run an `az aks update` to ensure the cluster updates to start collecting control plane metrics.
+
+```azurecli
+az aks update -n <cluster-name> -g <resource-group>
+```
+
 >[!NOTE]
 > Unlike the metrics collected from cluster nodes, control plane metrics are collected by a component which isn't part of the **ama-metrics** add-on. Enabling the `AzureMonitorMetricsControlPlanePreview` feature flag and the managed prometheus add-on ensures control plane metrics are collected. After enabling metric collection, it can take several minutes for the data to appear in the workspace.
 
 
@@ -103,7 +103,7 @@ resource symbolicname 'Microsoft.ApiManagement/service/backends@2023-03-01-previ
   name: 'myAPIM/myBackend'
   properties: {
     url: 'https://mybackend.com'
-    protocol: 'http'
+    protocol: 'https'
     circuitBreaker: {
       rules: [
         {
@@ -140,7 +140,7 @@ Include a JSON snippet similar to the following in your ARM template for a backe
   "name": "myAPIM/myBackend",
   "properties": {
     "url": "https://mybackend.com",
-    "protocol": "http",
+    "protocol": "https",
     "circuitBreaker": {
       "rules": [
         {
 
@@ -131,10 +131,10 @@
 
 - name: Authentication and authorization
   items:
-  - name: Role-based access control
-    href: cache-configure-role-based-access-control.md
   - name: Microsoft Entra ID for authentication
     href: cache-azure-active-directory-for-authentication.md
+  - name: Role-based access control
+    href: cache-configure-role-based-access-control.md
   - name: Managed identity for storage accounts
     href: cache-managed-identity.md
 
 
@@ -7,22 +7,21 @@ author: flang-msft
 ms.custom: references_regions
 ms.service: cache
 ms.topic: conceptual
-ms.date: 06/23/2023
+ms.date: 02/07/2024
 ms.author: franlanglois
 
 ---
 
-# Use Microsoft Entra ID for cache authentication
+# Use Microsoft Entra ID (preview) for cache authentication
 
 Azure Cache for Redis offers two methods to authenticate to your cache instance:
 
-- [access key](cache-configure.md#access-keys)
+- [Access keys](cache-configure.md#access-keys)
+- [Microsoft Entra ID (preview)](cache-configure.md#preview-microsoft-entra-authentication)
 
-- [Microsoft Entra token](/azure/active-directory/develop/access-tokens)
+Although access key authentication is simple, it comes with a set of challenges around security and password management. For contrast, in this article, you learn how to use a Microsoft Entra token for cache authentication.
 
-Although access key authentication is simple, it comes with a set of challenges around security and password management. In this article, you learn  how to use a Microsoft Entra token for cache authentication.
-
-Azure Cache for Redis offers a password-free authentication mechanism by integrating with [Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-whatis). This integration also includes [role-based access control](/azure/role-based-access-control/) functionality provided through [access control lists (ACLs)](https://redis.io/docs/management/security/acl/) supported in open source Redis.
+Azure Cache for Redis offers a password-free authentication mechanism by integrating with [Microsoft Entra ID (preview)](/azure/active-directory/fundamentals/active-directory-whatis). This integration also includes [role-based access control](/azure/role-based-access-control/) functionality provided through [access control lists (ACLs)](https://redis.io/docs/management/security/acl/) supported in open source Redis.
 
 To use the ACL integration, your client application must assume the identity of a Microsoft Entra entity, like service principal or managed identity, and connect to your cache. In this article, you learn how to use your service principal or managed identity to connect to your cache, and how to grant your connection predefined permissions based on the Microsoft Entra artifact being used for the connection.
 
@@ -34,77 +33,74 @@ To use the ACL integration, your client application must assume the identity of
 
 ## Prerequisites and limitations
 
-- To enable Microsoft Entra token-based authentication for your Azure Cache for Redis instance, at least one Redis user must be configured under the **Data Access Policy** setting in the Resource menu.
-- Microsoft Entra ID-based authentication is supported for SSL connections and TLS 1.2 only.
-- Microsoft Entra ID-based authentication isn't supported on Azure Cache for Redis instances that run Redis version 4.
+- Microsoft Entra ID-based authentication is supported for SSL connections and TLS 1.2 or higher.
 - Microsoft Entra ID-based authentication isn't supported on Azure Cache for Redis instances that [depend on Cloud Services](./cache-faq.yml#caches-with-a-dependency-on-cloud-services--classic).
 - Microsoft Entra ID based authentication isn't supported in the Enterprise tiers of Azure Cache for Redis Enterprise.
 - Some Redis commands are blocked. For a full list of blocked commands, see [Redis commands not supported in Azure Cache for Redis](cache-configure.md#redis-commands-not-supported-in-azure-cache-for-redis).
 
 > [!IMPORTANT]
-> Once a connection is established using Microsoft Entra token, client applications must periodically refresh Microsoft Entra token before expiry, and send an `AUTH` command to Redis server to avoid disruption of connections. For more information, see [Configure your Redis client to use Microsoft Entra ID](#configure-your-redis-client-to-use-azure-active-directory).
-
-<a name='enable-azure-ad-token-based-authentication-on-your-cache'></a>
+> Once a connection is established using Microsoft Entra token, client applications must periodically refresh Microsoft Entra token before expiry, and send an `AUTH` command to Redis server to avoid disruption of connections. For more information, see [Configure your Redis client to use Microsoft Entra ID](#configure-your-redis-client-to-use-microsoft-entra-id).
 
-## Enable Microsoft Entra token based authentication on your cache
+## Enable Microsoft Entra ID authentication on your cache
 
 1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to configure Microsoft Entra token-based authentication.
 
-1. Select **(PREVIEW) Data Access Configuration** from the Resource menu.
+1. Select **Authentication** from the Resource menu.
 
-1. Select "**Add**" and choose **New Redis User**.
+1. In the working pane, select **(PREVIEW) Enable Microsoft Entra Authentication**.
 
-1. On the **Access Policy** tab, select one the available policies in the table: **Owner**, **Contributor**, or **Reader**. Then, select the **Next:Redis Users**.
+1. Select **Enable Microsoft Entra Authentication**, and enter the name of a valid user. The user you enter is automatically assigned _Data Owner Access Policy_ by default when you select **Save**. You can also enter a managed identity or service principal to connect to your cache instance.
 
-   :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-new-redis-user.png" alt-text="Screenshot showing the available Access Policies.":::
+    :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-enable-microsoft-entra.png" alt-text="Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.":::
 
-1. Choose either the **User or service principal** or **Managed Identity** to determine how you want to use for authenticate to your Azure Cache for Redis instance.
+1. A popup dialog box displays asking if you want to update your configuration, and informing you that it takes several minutes. Select **Yes.**
 
-1. Then, select **Select members** and select  **Select**. Then, select **Next : Review + Design**.
-   :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-select-members.png" alt-text="Screenshot showing members to add as New Redis Users.":::
+   > [!IMPORTANT]
+   > Once the enable operation is complete, the nodes in your cache instance reboots to load the new configuration. We recommend performing this operation during your maintenance window or outside your peak business hours. The operation can take up to 30 minutes.
+
+## Using data access configuration with your cache
+
+If you would like to use a custom access policy instead of Redis Data Owner, go to the **Data Access Configuration** on the Resource menu. For more information, see [Configure a custom data access policy for your application](cache-configure-role-based-access-control.md#configure-a-custom-data-access-policy-for-your-application).
+
+1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to add to the Data Access Configuration.
+
+1. Select **(PREVIEW) Data Access Configuration** from the Resource menu.
 
-1. From the Resource menu, select **Advanced settings**.
+1. Select **Add** and choose **New Redis User**.
 
-1. Check the box labeled **(PREVIEW) Enable Microsoft Entra Authorization** and select **OK**. Then, select **Save**.
+1. On the **Access Policy** tab, select one the available policies in the table: **Data Owner**, **Data Contributor**, or **Data Reader**. Then, select the **Next:Redis Users**.
 
-   :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-azure-ad-access-authorization.png" alt-text="Screenshot of Microsoft Entra ID access authorization.":::
+   :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-new-redis-user.png" alt-text="Screenshot showing the available Access Policies.":::
+
+1. Choose either the **User or service principal** or **Managed Identity** to determine how to assign access to your Azure Cache for Redis instance. If you select **User or service principal**,and you want to add a _user_, you must first [enable Microsoft Entra Authentication](#enable-microsoft-entra-id-authentication-on-your-cache).
+
+1. Then, select **Select members** and select  **Select**. Then, select **Next : Review + Assign**.
+   :::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-select-members.png" alt-text="Screenshot showing members to add as New Redis Users.":::
 
 1. A dialog box displays a popup notifying you that upgrading is permanent and might cause a brief connection blip. Select **Yes.**
 
    > [!IMPORTANT]
    > Once the enable operation is complete, the nodes in your cache instance reboots to load the new configuration. We recommend performing this operation during your maintenance window or outside your peak business hours. The operation can take up to 30 minutes.
 
-<a name='configure-your-redis-client-to-use-azure-active-directory'></a>
-
 ## Configure your Redis client to use Microsoft Entra ID
 
-Because most Azure Cache for Redis clients assume that a password/access key is used for authentication, you likely need to update your client workflow to support authentication using Microsoft Entra ID. In this section, you learn how to configure your client applications to connect to Azure Cache for Redis using a Microsoft Entra token.
-
-:::image type="content" source="media/cache-azure-active-directory-for-authentication/azure-ad-token.png" alt-text="Architecture diagram showing the flow of a token from Microsoft Entra ID to a customer application to a cache.":::
+Because most Azure Cache for Redis clients assume that a password and access key are used for authentication, you likely need to update your client workflow to support authentication using Microsoft Entra ID. In this section, you learn how to configure your client applications to connect to Azure Cache for Redis using a Microsoft Entra token.
 
-<a name='azure-ad-client-workflow'></a>
+<!-- :::image type="content" source="media/cache-azure-active-directory-for-authentication/azure-ad-token.png" alt-text="Architecture diagram showing the flow of a token from Microsoft Entra ID to a customer application to a cache."::: -->
 
 ### Microsoft Entra Client Workflow
 
-1. Configure your client application to acquire a Microsoft Entra token for scope  `https://redis.azure.com/.default` or `acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default` using the [Microsoft Authentication Library (MSAL)](/azure/active-directory/develop/msal-overview).
-
-   <!-- (ADD code snippet) -->
+1. Configure your client application to acquire a Microsoft Entra token for scope,  `https://redis.azure.com/.default` or `acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default`, using the [Microsoft Authentication Library (MSAL)](/azure/active-directory/develop/msal-overview).
 
 1. Update your Redis connection logic to use following `UserName` and `Password`:
 
-   - `UserName` = Object ID of your managed identity or service principal
-
-   - `Password` = Microsoft Entra token that you acquired using MSAL
-
-   <!-- (ADD code snippet) -->
+    `UserName` = Object ID of your managed identity or service principal
+    `Password` = Microsoft Entra token that you acquired using MSAL
 
 1. Ensure that your client executes a Redis [AUTH command](https://redis.io/commands/auth/) automatically before your Microsoft Entra token expires using:
 
-   - `UserName` = Object ID of your managed identity or service principal
-
-   - `Password` = Microsoft Entra token refreshed periodically
-
-   <!-- (ADD code snippet) -->
+    `UserName` = Object ID of your managed identity or service principal
+    `Password` = Microsoft Entra token refreshed periodically
 
 ### Client library support
 
@@ -124,8 +120,6 @@ The following table includes links to code samples, which demonstrate how to con
 | ioredis             | Node.js        | [ioredis code sample](https://aka.ms/redis/aad/sample-code/js-ioredis)    |
 | node-redis          | Node.js        | [node-redis code sample](https://aka.ms/redis/aad/sample-code/js-noderedis)  |
 
-<a name='best-practices-for-azure-ad-authentication'></a>
-
 ### Best practices for Microsoft Entra authentication
 
 - Configure private links or firewall rules to protect your cache from a Denial of Service attack.