Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into opentelemetry-enable-2

Author: paulth1

.openpublishing.redirection.healthcare-apis.json

@@ -72,11 +72,6 @@
         "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/azure-api-for-fhir-additional-settings",
         "redirect_document_id": false
     },
-    {
-        "source_path_from_root": "/articles/healthcare-apis/configure-azure-rbac.md",
-        "redirect_url": "/azure/healthcare-apis/fhir/configure-azure-rbac",
-        "redirect_document_id": true
-    },
     {
         "source_path_from_root": "/articles/healthcare-apis/configure-cross-origin-resource-sharing.md",
         "redirect_url": "/azure/healthcare-apis/fhir/configure-cross-origin-resource-sharing",
@@ -222,12 +217,7 @@
         "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/access-fhir-postman-tutorial",
         "redirect_document_id": true
     },
-    {
-        "source_path_from_root": "/articles/healthcare-apis/fhir/configure-azure-rbac.md",
-        "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/configure-azure-rbac",
-        "redirect_document_id": true
-    },
-    {
+   {
         "source_path_from_root": "/articles/healthcare-apis/fhir/configure-database.md",
         "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/configure-database",
         "redirect_document_id": true
@@ -457,5 +447,50 @@
         "redirect_url": "/azure/healthcare-apis/security-controls-policy",
         "redirect_document_id": true
     },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/fhir/azure-active-directory-identity-configuration.md",
+        "redirect_url": "/azure/healthcare-apis/authentication-authorization",
+        "redirect_document_id": true
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/fhir/fhir-service-access-token-validation.md",
+        "redirect_url": "/azure/healthcare-apis/get-access-token",
+        "redirect_document_id": true
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/fhir/get-healthcare-apis-access-token-cli.md",
+        "redirect_url": "/azure/healthcare-apis/get-access-token",
+        "redirect_document_id": false
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-get-access-token-azure-cli.md",
+        "redirect_url": "/azure/healthcare-apis/get-access-token",
+        "redirect_document_id": false
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-register-service-client-application.md",
+        "redirect_url": "/azure/healthcare-apis/register-application",
+        "redirect_document_id": true
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-register-public-application.md",
+        "redirect_url": "/azure/healthcare-apis/register-application",
+        "redirect_document_id": false
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-register-confidential-client-application.md",
+        "redirect_url": "/azure/healthcare-apis/register-application",
+        "redirect_document_id": false
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-configure-azure-rbac.md",
+        "redirect_url": "/azure/healthcare-apis/configure-azure-rbac",
+        "redirect_document_id": true
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/fhir/configure-azure-rbac-for-fhir.md",
+        "redirect_url": "/azure/healthcare-apis/configure-azure-rbac",
+        "redirect_document_id": false
+    }
   ]
 }

.openpublishing.redirection.json

@@ -47313,7 +47313,12 @@
     },
     {
       "source_path_from_root": "/articles/aks/open-service-mesh-disable-add-on.md",
-      "redirect_url": "/azure/aks/open-service-mesh-deploy-addon-az-cli",
+      "redirect_url": "/azure/aks/oopen-service-mesh-uninstall-add-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/aks/open-service-mesh-open-source-observability.md",
+      "redirect_url": "/azure/aks/open-service-mesh-azure-monitor",
       "redirect_document_id": false
     },
     {

articles/active-directory-b2c/TOC.yml

@@ -639,7 +639,7 @@
   - name: Getting help
     href: ../active-directory/develop/developer-support-help-options.md
   - name: Pricing
-    href: https://azure.microsoft.com/pricing/details/active-directory-b2c/
+    href: https://azure.microsoft.com/pricing/details/active-directory/external-identities/
   - name: Pricing calculator
     href: https://azure.microsoft.com/pricing/calculator/
   - name: Service updates

articles/active-directory-b2c/error-codes.md

@@ -1,5 +1,6 @@
 ---
 title: Extensions app in Azure Active Directory B2C  
+titleSuffix: Azure AD B2C
 description: Restoring the b2c-extensions-app.
 services: active-directory-b2c
 author: kengaderdus
@@ -13,7 +14,7 @@ ms.author: kengaderdus
 ms.subservice: B2C
 ---
 
-# Azure AD B2C: Extensions app 
+# Extensions app in Azure AD B2C
 
 When an Azure AD B2C directory is created, an app called **b2c-extensions-app** is automatically created inside the new directory. This app is visible in *App registrations*. It is used by the Azure AD B2C service to store information about users and custom attributes. If the app is deleted, Azure AD B2C will not function correctly and your production environment will be affected.
 

articles/active-directory-b2c/extensions-app.md

@@ -427,7 +427,7 @@ The following SAML application scenarios are supported via your own metadata end
 * Specify multiple logout URLs or POST binding for the logout URL in the application or service principal object.
 * Specify a signing key to verify relying party requests in the application or service principal object.
 * Specify a token encryption key in the application or service principal object.
-* Specify IdP-initiated sign-on, where the identity provider is Azure AD B2C.
+* [Specify IdP-initiated sign-on, where the identity provider is Azure AD B2C](saml-service-provider-options.md#configure-idp-initiated-flow).
 
 ## Next steps
 

articles/active-directory-b2c/saml-service-provider.md

@@ -27,11 +27,11 @@ A *forest* is a logical construct used by Active Directory Domain Services (AD D
 
 In an Azure AD DS managed domain, the forest only contains one domain. On-premises AD DS forests often contain many domains. In large organizations, especially after mergers and acquisitions, you may end up with multiple on-premises forests that each then contain multiple domains.
 
-By default, a managed domain is created as a *user* forest. This type of forest synchronizes all objects from Azure AD, including any user accounts created in an on-premises AD DS environment. User accounts can directly authenticate against the managed domain, such as to sign in to a domain-joined VM. A user forest works when the password hashes can be synchronized and users aren't using exclusive sign-in methods like smart card authentication.
+By default, a managed domain is created as a *user* forest. This type of forest synchronizes all objects from Azure AD, including any user accounts created in an on-premises AD DS environment. User accounts can directly authenticate against the managed domain, such as to sign in to a domain-joined VM. A user forest works when the password hashes can be synchronized, and users aren't using exclusive sign-in methods like smart card authentication.
 
 In a managed domain *resource* forest, users authenticate over a one-way forest *trust* from their on-premises AD DS. With this approach, the user objects and password hashes aren't synchronized to the managed domain. The user objects and credentials only exist in the on-premises AD DS. This approach lets enterprises host resources and application platforms in Azure that depend on classic authentication such LDAPS, Kerberos, or NTLM, but any authentication issues or concerns are removed.
 
-Resource forests also provide the capability to lift-and-shift your applications one component at a time. Many legacy on-premises applications are multi-tiered, often using a web server or front end and many database-related components. These tiers make it hard to lift-and-shift the entire application to the cloud in one step. With resource forests, you can lift your application to the cloud in phased approach, which makes it easier to move your application to Azure.
+Resource forests also provide the capability to lift-and-shift your applications one component at a time. Many legacy on-premises applications are multi-tiered, often using a web server or front end and many database-related components. These tiers make it hard to lift-and-shift the entire application to the cloud in one step. With resource forests, you can lift your application to the cloud in a phased approach, which makes it easier to move your application to Azure.
 
 ## What are trusts?
 
@@ -49,7 +49,7 @@ Trusts are also be configured to handle additional trust relationships in one of
 * **Nontransitive** - The trust exists only between the two trust partner domains.
 * **Transitive** - Trust automatically extends to any other domains that either of the partners trusts.
 
-In some cases, trust relationships are automatically established when domains are created. Other times, you must choose a type of trust and explicitly establish the appropriate relationships. The specific types of trusts used and the structure of those trust relationships depend on how the AD DS directory is organized, and whether different versions of Windows coexist on the network.
+In some cases, trust relationships are automatically established when domains are created. Other times, you must choose a type of trust and explicitly establish the appropriate relationships. The specific types of trusts used and the structure of those trust relationships depend on how the AD DS directory is organized and whether different versions of Windows coexist on the network.
 
 ## Trusts between two forests
 

articles/active-directory-domain-services/concepts-resource-forest.md

@@ -17,7 +17,7 @@
     - name: Customize attribute mappings
       href: customize-application-attributes.md
     - name: App specific provisioning tutorials
-      href: /azure/active-directory/saas-apps
+      href: /azure/active-directory/saas-apps/tutorial-list
     - name: Provisioning to SQL based apps
       href: tutorial-ecma-sql-connector.md
   - name: Concepts
@@ -129,7 +129,7 @@
     - name: Microsoft Q&A question page
       href: /answers/topics/azure-active-directory.html
     - name: Pricing
-      href: https://azure.microsoft.com/pricing/details/active-directory
+      href: https://azure.microsoft.com/pricing/details/active-directory/
     - name: Service updates
       href: https://azure.microsoft.com/updates/?product=active-directory
     - name: Stack Overflow

articles/active-directory/app-provisioning/toc.yml

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: overview
 ms.workload: identity
-ms.date: 05/28/2021
+ms.date: 11/15/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -19,11 +19,9 @@ In Azure Active Directory (Azure AD), the term *app provisioning* refers to auto
 
 ![Diagram that shows provisioning scenarios.](../governance/media/what-is-provisioning/provisioning.png)
 
-Azure AD to software as a service (SaaS) application provisioning refers to automatically creating user identities and roles in the cloud ([SaaS](https://azure.microsoft.com/overview/what-is-saas/)) applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and more.
+Azure AD application provisioning refers to automatically creating user identities and roles in the applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into SaaS applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and more.
 
-Azure AD supports provisioning users into SaaS applications and applications hosted on-premises or an infrastructure as a service (IaaS) solution such as a virtual machine. You might have a legacy application that relies on an LDAP user store or a SQL database. By using the Azure AD provisioning service, you can create, update, and delete users into on-premises applications without having to open up firewalls or deal with TCP ports. 
-
-Using lightweight agents, you can provision users into on-premises applications and govern access. When Azure AD is used with the application proxy, you can manage access to your on-premises application and provide automatic user provisioning (with the provisioning service) and single sign-on (with app proxy). 
+Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If your application supports [SCIM](https://aka.ms/scimoverview), or you've built a SCIM gateway to connect to your legacy application, you can use the Azure AD Provisioning agent to [directly connect](https://docs.microsoft.com/azure/active-directory/app-provisioning/on-premises-scim-provisioning) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](https://docs.microsoft.com/azure/active-directory/app-provisioning/on-premises-ldap-connector-configure) user store or a [SQL](https://docs.microsoft.com/azure/active-directory/app-provisioning/tutorial-ecma-sql-connector) database, Azure AD can support those as well. 
 
 App provisioning lets you:
 

articles/active-directory/app-provisioning/user-provisioning.md

@@ -11,7 +11,7 @@
     expanded: true
     items:
     - name: List of app integration tutorials
-      href: /azure/active-directory/saas-apps/
+      href: /azure/active-directory/saas-apps/tutorial-list
     - name: Add an on-premises app with Application Proxy
       href: application-proxy-add-on-premises-application.md
   - name: Samples
@@ -170,7 +170,7 @@
     - name: Microsoft Q&A question page
       href: /answers/topics/azure-active-directory.html
     - name: Pricing
-      href: https://azure.microsoft.com/pricing/details/active-directory
+      href: https://azure.microsoft.com/pricing/details/active-directory/
     - name: Service updates
       href: https://azure.microsoft.com/updates/?product=active-directory
     - name: Stack Overflow