Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into fixScreens

Author: roygara

.openpublishing.redirection.active-directory.json

@@ -255,6 +255,41 @@
       "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-create-trust",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md",
+      "redirect_url": "/azure/active-directory/fundamentals/security-defaults",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-control.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-control",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-manual.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-manual",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-plan.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-plan",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/device-management-azure-portal.md",
+      "redirect_url": "/azure/active-directory/devices/manage-device-identities",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/concept-azure-ad-register.md",
+      "redirect_url": "/azure/active-directory/devices/concept-device-registration",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/concept-azure-ad-join.md",
+      "redirect_url": "/azure/active-directory/devices/concept-directory-join",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/fundamentals/10-secure-local-guest.md",
       "redirect_url": "/azure/active-directory/architecture/10-secure-local-guest",

.openpublishing.redirection.defender-for-cloud.json

@@ -413,7 +413,7 @@
         {
             "source_path_from_root": "/articles/security-center/defender-for-dns-introduction.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/defender-for-key-vault-introduction.md",
@@ -840,6 +840,11 @@
             "redirect_url": "/azure/defender-for-cloud/enable-agentless-scanning-vms",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/tutorial-enable-dns-plan.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/defender-for-storage-exclude.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-storage-classic-enable#exclude-a-storage-account-from-a-protected-subscription-in-the-per-transaction-plan",

.openpublishing.redirection.json

@@ -9093,6 +9093,11 @@
             "redirect_url": "/azure/vpn-gateway/point-to-site-vpn-client-cert-windows",
             "redirect_document_id": false
         },
+        {
+         "source_path_from_root": "/articles/vpn-gateway/vpn-gateway-forced-tunneling-rm.md",
+         "redirect_url": "/azure/vpn-gateway/about-site-to-site-tunneling",
+         "redirect_document_id": false
+     },
         {
             "source_path_from_root": "/articles/azure-vmware/public-ip-usage.md",
             "redirect_url": "/azure/azure-vmware/enable-public-ip-nsx-edge",
@@ -23853,11 +23858,6 @@
             "redirect_url": "/azure/sentinel/data-connectors-reference",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-meraki.md",
-            "redirect_url": "/azure/sentinel/data-connectors-reference",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/networking/scripts/virtual-network-powershell-sample-peer-two-virtual-networks.md",
             "redirect_url": "/azure/virtual-network/tutorial-connect-virtual-networks-powershell",

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 06/05/2023
+ms.date: 08/01/2023
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference

articles/active-directory-domain-services/faqs.yml

@@ -11,7 +11,7 @@ metadata:
   ms.subservice: domain-services
   ms.workload: identity
   ms.topic: faq
-  ms.date: 05/09/2023
+  ms.date: 08/01/2023
   ms.author: justinha
 title: Frequently asked questions (FAQs) about Azure Active Directory (AD) Domain Services
 summary: This page answers frequently asked questions about Azure Active Directory Domain Services.
@@ -159,6 +159,10 @@ sections:
           Why do my domain controllers change names?
         answer: |
           It is possible that during the maintenance of domain controllers there is a change in their names. To avoid problems with this type of change, it is recommended to not use the names of the domain controllers hardcoded in applications and/or other domain resources, but the FQDN of the domain. This way, no matter what the names of the domain controllers are, you won't need to reconfigure anything after a name change.
+      - question: |
+          Is the password of the KRBTGT account in a managed domain rolled periodically? If so, what is the frequency?
+        answer: |
+          The password of the KRBTGT account in a managed domain is rolled over every seven (7) days.
 
   - name: Billing and availability
     questions:

articles/active-directory-domain-services/join-windows-vm-template.md

@@ -11,7 +11,7 @@ ms.subservice: domain-services
 ms.workload: identity
 ms.custom: devx-track-arm-template
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 08/01/2023
 ms.author: justinha
 ---
 
@@ -31,7 +31,7 @@ To complete this tutorial, you need the following resources and privileges:
     * If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
 * An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
     * If needed, the first tutorial [creates and configures an Azure Active Directory Domain Services managed domain][create-azure-ad-ds-instance].
-* A user account that's a part of the managed domain.
+* A user account that's a part of the *AAD DC administrators* group.
 
 ## Azure Resource Manager template overview
 

articles/active-directory-domain-services/network-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/31/2023
+ms.date: 08/01/2023
 ms.author: justinha
 ms.reviewer: xyuan
 
@@ -149,7 +149,7 @@ If needed, you can [create the required network security group and rules using A
 
 ### Outbound connectivity
 
-For Outbound connectivity, you can either keep **AllowVnetOutbound** and **AllowInternetOutBound** or restrict Outbound traffic by using ServiceTags listed in the following table. The ServiceTag for AzureUpdateDelivery must be added via [PowerShell](powershell-create-instance.md).
+For Outbound connectivity, you can either keep **AllowVnetOutbound** and **AllowInternetOutBound** or restrict Outbound traffic by using ServiceTags listed in the following table. The ServiceTag for AzureUpdateDelivery must be added via [PowerShell](powershell-create-instance.md). Make sure no other NSG with higher priority denies the Outbound connectivity. If Outbound connectivity is denied, replication won't work between replica sets. 
 
 
 | Outbound port number | Protocol | Source | Destination   | Action | Required | Purpose |

articles/active-directory-domain-services/tutorial-create-instance.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/31/2023
+ms.date: 08/01/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -67,7 +67,7 @@ When you create a managed domain, you specify a DNS name. There are some conside
 * **Non-routable domain suffixes:** We generally recommend that you avoid a non-routable domain name suffix, such as *contoso.local*. The *.local* suffix isn't routable and can cause issues with DNS resolution.
 
 > [!TIP]
-> If you create a custom domain name, take care with existing DNS namespaces. It's recommended to use a domain name separate from any existing Azure or on-premises DNS name space.
+> If you create a custom domain name, take care with existing DNS namespaces. Although it's supported, you may want to use a domain name separate from any existing Azure or on-premises DNS namespace.
 >
 > For example, if you have an existing DNS name space of *contoso.com*, create a managed domain with the custom domain name of *aaddscontoso.com*. If you need to use secure LDAP, you must register and own this custom domain name to generate the required certificates.
 >

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -29,7 +29,7 @@ With [Azure AD Application Proxy](application-proxy.md), you can address this is
 :::image type="content" source="./media/application-proxy-configure-complex-application/complex-app-flow-1.png" alt-text="Diagram of a Complex application with multiple application segments definition.":::
 
 A complex app has multiple app segments, with each app segment being a pair of an internal & external URL.
-There is one conditional access policy associated with the app and access to any of the external URLs work with pre-authentication with the same set of policies that are enforced for all.
+There is one Conditional Access policy associated with the app and access to any of the external URLs work with pre-authentication with the same set of policies that are enforced for all.
 
 This solution that allows user to:
 

articles/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers.md

@@ -36,7 +36,7 @@ The following table lists common capabilities required for header-based authenti
 |Federated SSO |In pre-authenticated mode, all applications are protected with Azure AD authentication and enable users to have single sign-on. |
 |Remote access |Application Proxy enables remote access to the app. Users can access the application from the internet on any browser using the External URL. Application Proxy is not intended for corporate access use. |
 |Header-based integration |Application Proxy does the SSO integration with Azure AD and then passes identity or other application data as HTTP headers to the application. |
-|Application authorization |Common policies can be specified based on the application being accessed, the user’s group membership and other policies. In Azure AD, policies are implemented using [conditional access](../conditional-access/overview.md). Application authorization policies only apply to the initial authentication request. |
+|Application authorization |Common policies can be specified based on the application being accessed, the user’s group membership and other policies. In Azure AD, policies are implemented using [Conditional Access](../conditional-access/overview.md). Application authorization policies only apply to the initial authentication request. |
 |Step-up authentication |Policies can be defined to force added authentication, for example, to gain access to sensitive resources. |
 |Fine grained authorization |Provides access control at the URL level. Added policies can be enforced based on the URL being accessed. The internal URL configured for the app, defines the scope of app that the policy is applied to. The policy configured for the most granular path is enforced.  |