Merge pull request #95580 from MicrosoftDocs/master

11/11 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/digital-twins/how-to-use-legacy-aad.md",
+      "redirect_url": "/azure/digital-twins/quickstart-view-occupancy-dotnet#set-permissions-for-your-app",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/php-download-sdk.md",
       "redirect_url": "https://github.com/Azure/azure-sdk-for-php",
@@ -41813,6 +41818,11 @@
       "redirect_url": "/azure/iot-central/preview/tutorial-define-edge-device-type/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/iot-central/core/tutorial-add-edge-as-leaf-device.md",
+      "redirect_url": "/azure/iot-central/preview/tutorial-add-edge-as-leaf-device/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/iot-central/core/tutorial-use-device-groups-pnp.md",
       "redirect_url": "/azure/iot-central/preview/tutorial-use-device-groups/",
@@ -43587,6 +43597,11 @@
       "source_path": "articles/active-directory/develop/app-registrations-training-guide.md",
       "redirect_url": "articles/active-directory/develop/app-registrations-training-guide-for-app-registrations-legacy-users.md",
       "redirect_document_id": false
+    },
+	{
+      "source_path": "articles/azure-monitor/app/powershell-script-create-resource.md",
+      "redirect_url": "/azure/azure-monitor/app/create-new-resource#creating-a-resource-automatically",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/develop/app-registrations-training-guide-for-app-registrations-legacy-users.md

@@ -1,6 +1,6 @@
 ---
-title: Azure portal app registrations training guide (legacy) - Azure
-description: An introduction to the new application registration experience in the Microsoft identity platform.
+title: Training guide for transitioning from App registrations (Legacy) to the new App registrations experience in the Azure portal
+description: An introduction to the new App registration experience in the Azure portal
 services: active-directory
 documentationcenter: ''
 author: archieag
@@ -20,7 +20,7 @@ ms.custom: aaddev
 ms.collection: M365-identity-device-management
 ---
 
-# Training guide: App registrations in the Azure portal (legacy)
+# Transitioning from App registrations (Legacy) to the new App registrations experience in the Azure portal
 
 You can find many improvements in the new [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience in the Azure portal. If you're familiar with the App registrations (legacy) experience in the Azure portal, use this training guide to get started using the new experience.
 
@@ -128,4 +128,4 @@ The new experience adds UI controls for the following properties:
 The new experience has the following limitations:
 
 - The format of client secrets (app passwords) is different than that of the legacy experience and may break CLI.
-- Changing the value for supported accounts is not supported in the UI. You need to use the app manifest unless you're switching between Azure AD single-tenant and multi-tenant.
+- Changing the value for supported accounts is not supported in the UI. You need to use the app manifest unless you're switching between Azure AD single-tenant and multi-tenant.

articles/active-directory/develop/authentication-scenarios.md

@@ -71,7 +71,7 @@ It's up to the app for which the token was generated, the web app that signed-in
 
 Tokens are only valid for a limited amount of time. Usually the STS provides a pair of tokens: an access token to access the application or protected resource, and a refresh token used to refresh the access token when the access token is close to expiring. 
 
-Access tokens are passed to a Web API as the bearer token in the `Authenticate` header. An app can provide a refresh token to the STS, and if the user access to the app wasn't revoked, it will get back a new access token and a new refresh token. This is how the scenario of someone leaving the enterprise is handled. When the STS receives the refresh token, it won't issue another valid access token if the user is no longer authorized.
+Access tokens are passed to a Web API as the bearer token in the `Authorization` header. An app can provide a refresh token to the STS, and if the user access to the app wasn't revoked, it will get back a new access token and a new refresh token. This is how the scenario of someone leaving the enterprise is handled. When the STS receives the refresh token, it won't issue another valid access token if the user is no longer authorized.
 
 ## Application model
 

articles/active-directory/develop/sample-v2-code.md

@@ -102,6 +102,18 @@ The following samples show how to protect a web API with the Microsoft identity
 | ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core 2.2 | ASP.NET Core web API (service) of [dotnet-native-aspnetcore-v2](https://aka.ms/msidentity-aspnetcore-webapi-calls-msgraph)  |
 | ![This image shows the ASP.NET logo](media/sample-v2-code/logo_NET.png)</p>ASP.NET MVC | Web API (service) of [ms-identity-aspnet-webapi-onbehalfof](https://github.com/Azure-Samples/ms-identity-aspnet-webapi-onbehalfof) |
 
+## Azure Functions as web APIs
+
+The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform endpoint, and how to call a downstream API from the web API.
+
+| Platform | Sample |
+| -------- | ------------------- |
+| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core 2.2 | ASP.NET Core web API (service) Azure Function of [dotnet-native-aspnetcore-v2](https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions)  |
+| ![This image shows the Node.js logo](media/sample-v2-code/logo_nodejs.png)</p>NodeJS | Web API (service) of [NodeJS and passport-azure-ad](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-azurefunctions) |
+| ![This image shows the Python logo](media/sample-v2-code/logo_python.png)</p>Python | Web API (service) of [Python](https://github.com/Azure-Samples/ms-identity-python-webapi-azurefunctions) |
+| ![This image shows the Node.js logo](media/sample-v2-code/logo_nodejs.png)</p>NodeJS | Web API (service) of [NodeJS and passport-azure-ad using on behalf of](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-onbehalfof-azurefunctions) |
+
+
 ## Other Microsoft Graph samples
 
 To learn about [samples](https://github.com/microsoftgraph/msgraph-community-samples/tree/master/samples#aspnet) and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see [Microsoft Graph Community samples & tutorials](https://github.com/microsoftgraph/msgraph-community-samples).

articles/active-directory/develop/v2-app-types.md

@@ -86,7 +86,7 @@ In addition to simple sign-in, a web server app might need to access another web
 
 ## Web APIs
 
-You can use the Microsoft identity platform endpoint to secure web services, such as your app's RESTful Web API. Instead of ID tokens and session cookies, a Web API uses an OAuth 2.0 access token to secure its data and to authenticate incoming requests. The caller of a Web API appends an access token in the authorization header of an HTTP request, like this:
+You can use the Microsoft identity platform endpoint to secure web services, such as your app's RESTful Web API. Web APIs can be implemented in numerous platforms and languages. They can also be implemented using HTTP Triggers in Azure Functions. Instead of ID tokens and session cookies, a Web API uses an OAuth 2.0 access token to secure its data and to authenticate incoming requests. The caller of a Web API appends an access token in the authorization header of an HTTP request, like this:
 
 ```
 GET /api/items HTTP/1.1

articles/active-directory/develop/v2-permissions-and-consent.md

@@ -183,18 +183,18 @@ When you're ready to request permissions from your organization's admin, you can
 
 ```
 // Line breaks are for legibility only.
-	GET https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?
+  GET https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?
   client_id=6731de76-14a6-49ae-97bc-6eba6914391e
   &state=12345
   &redirect_uri=http://localhost/myapp/permissions
-	&scope=
-	https://graph.microsoft.com/calendars.read 
-	https://graph.microsoft.com/mail.send
+  &scope=
+  https://graph.microsoft.com/calendars.read 
+  https://graph.microsoft.com/mail.send
 ```
 
 
 | Parameter		| Condition		| Description																				|
-|--------------:|--------------:|:-----------------------------------------------------------------------------------------:|
+|:--------------|:--------------|:-----------------------------------------------------------------------------------------|
 | `tenant` | Required | The directory tenant that you want to request permission from. Can be provided in GUID or friendly name format OR generically referenced with `common` as seen in the example. |
 | `client_id` | Required | The **Application (client) ID** that the [Azure portal – App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience assigned to your app. |
 | `redirect_uri` | Required |The redirect URI where you want the response to be sent for your app to handle. It must exactly match one of the redirect URIs that you registered in the app registration portal. |