Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

.openpublishing.publish.config.json

@@ -913,6 +913,12 @@
       "url": "https://github.com/Azure-Samples/azure-cosmos-db-mongodb-python-getting-started",
       "branch": "main",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "azure-cache-redis-samples",
+      "url": "https://github.com/Azure-Samples/azure-cache-redis-samples",
+      "branch": "main",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 02/27/2023
+ms.date: 02/28/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -166,7 +166,7 @@ There are several endpoints defined in the SCIM RFC. You can start with the `/Us
 
 ## Understand the Azure AD SCIM implementation
 
-To support a SCIM 2.0 user management API, this section describes how the Azure AD Provisioning Service is implemented and shows how to model your SCIM protocol request handling and responses.
+The Azure AD Provisioning Services is designed to support a SCIM 2.0 user management API.
 
 > [!IMPORTANT]
 > The behavior of the Azure AD SCIM implementation was last updated on December 18, 2018. For information on what changed, see [SCIM 2.0 protocol compliance of the Azure AD User Provisioning service](application-provisioning-config-problem-scim-compatibility.md).
@@ -190,7 +190,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 ### General:
 
 * `id` is a required property for all resources. Every response that returns a resource should ensure each resource has this property, except for `ListResponse` with zero elements.
-* Values sent should be stored in the same format as what they were sent in. Invalid values should be rejected with a descriptive, actionable error message. Transformations of data shouldn't happen between data being sent by Azure AD and data being stored in the SCIM application. (for example. A phone number sent as 55555555555 shouldn't be saved/returned as +5 (555) 555-5555)
+* Values sent should be stored in the same format they were sent. Invalid values should be rejected with a descriptive, actionable error message. Transformations of data shouldn't happen between data from Azure AD and data stored in the SCIM application. (for example. A phone number sent as 55555555555 shouldn't be saved/returned as +5 (555) 555-5555)
 * It isn't necessary to include the entire resource in the **PATCH** response.
 * Don't require a case-sensitive match on structural elements in SCIM, in particular **PATCH** `op` operation values, as defined in [section 3.5.2](https://tools.ietf.org/html/rfc7644#section-3.5.2). Azure AD emits the values of `op` as **Add**, **Replace**, and **Remove**.
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
@@ -222,7 +222,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * If a value isn't present, don't send null values.
 * Property values should be camel cased (for example, readWrite).
 * Must return a list response.
-* The /schemas request will be made by the Azure AD Provisioning Service every time someone saves the provisioning configuration in the Azure portal or every time a user lands on the edit provisioning page in the Azure portal. Other attributes discovered will be surfaced to customers in the attribute mappings under the target attribute list. Schema discovery only leads to more target attributes being added. It will not result in attributes being removed. 
+* The Azure AD Provisioning Service makes the /schemas request every time someone saves the provisioning configuration in the Azure portal or every time a user lands on the edit provisioning page in the Azure portal. Other attributes discovered are surfaced to customers in the attribute mappings under the target attribute list. Schema discovery only leads to more target attributes being added. Attributes aren't removed. 
 
 ### User provisioning and deprovisioning
 

articles/active-directory/conditional-access/location-condition.md

@@ -21,6 +21,9 @@ Conditional Access policies are at their most basic an if-then statement combini
 
 ![Conceptual Conditional signal plus decision to get enforcement](./media/location-condition/conditional-access-signal-decision-enforcement.png)
 
+> [!IMPORTANT]
+> [IPv6 is coming to Azure Active Directory (Azure AD)](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451). We will begin introducing IPv6 support into Azure AD services in a phased approach, starting April 3, 2023. Organizations that use named locations in Conditional Access or Identity Protection must [take action to avoid possible service impact](/troubleshoot/azure/active-directory/azure-ad-ipv6-support#what-does-my-organization-have-to-do).
+
 Organizations can use this location for common tasks like: 
 
 - Requiring multifactor authentication for users accessing a service when they're off the corporate network.
@@ -75,7 +78,7 @@ To define a named location by country, you need to provide:
 
 ![Country as a location in the Azure portal](./media/location-condition/new-named-location-country-region.png)
 
-If you select **Determine location by IP address**, the system collects the IP address of the device the user is signing into. When a user signs in, Azure AD resolves the user's IPv4 or [IPv6](/troubleshoot/azure/active-directory/azure-ad-ipv6-support) address to a country or region, and the mapping updates periodically. Organizations can use named locations defined by countries to block traffic from countries where they don't do business. 
+If you select **Determine location by IP address**, the system collects the IP address of the device the user is signing into. When a user signs in, Azure AD resolves the user's IPv4 or [IPv6](/troubleshoot/azure/active-directory/azure-ad-ipv6-support) address (starting April 3, 2023) to a country or region, and the mapping updates periodically. Organizations can use named locations defined by countries to block traffic from countries where they don't do business. 
 
 If you select **Determine location by GPS coordinates**, the user needs to have the Microsoft Authenticator app installed on their mobile device. Every hour, the system contacts the user’s Microsoft Authenticator app to collect the GPS location of the user’s mobile device.
 
@@ -130,7 +133,7 @@ With this option, you can select one or more named locations. For a policy with
 
 ## IPv6 traffic
 
-Conditional Access policies apply to all IPv4 **and** IPv6 traffic.
+Conditional Access policies apply to all IPv4 **and** [IPv6](/troubleshoot/azure/active-directory/azure-ad-ipv6-support) traffic (starting April 3, 2023).
 
 ### Identifying IPv6 traffic with Azure AD Sign-in activity reports
 

articles/active-directory/develop/developer-guide-conditional-access-authentication-context.md

@@ -215,6 +215,7 @@ Don't use auth context where the app itself is going to be a target of Condition
 
 - [Use the Conditional Access auth context to perform step-up authentication for high-privilege operations in a web app](https://github.com/Azure-Samples/ms-identity-dotnetcore-ca-auth-context-app/blob/main/README.md)
 - [Use the Conditional Access auth context to perform step-up authentication for high-privilege operations in a web API](https://github.com/Azure-Samples/ms-identity-ca-auth-context/blob/main/README.md)
+- [Use the Conditional Access auth context to perform step-up authentication for high-privilege operations in a React single-page application and an Express web API](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/6-AdvancedScenarios/3-call-api-acrs)
 
 ## Authentication context [ACRs] in Conditional Access expected behavior
 

articles/active-directory/develop/index-web-app.yml

@@ -6,12 +6,12 @@ summary: >
   our quickstarts, tutorials, and in-depth how-to guides.
 
 metadata:
-   author: Dickson-Mwendia
-   ms.author: dmwendia
-   ms.date: 04/01/2022
-   ms.service: active-directory
-   ms.subservice: develop
-   ms.topic: landing-page
+  author: Dickson-Mwendia
+  ms.author: dmwendia
+  ms.date: 04/01/2022
+  ms.service: active-directory
+  ms.subservice: develop
+  ms.topic: landing-page
 
 landingContent:
 

articles/active-directory/external-identities/index.yml

@@ -3,17 +3,17 @@
 title: External Identities documentation
 summary: External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.
 
-metadata: 
-   title: External Identities documentation
-   description: External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.
-   ms.service: active-directory
-   ms.subservice: B2B
-   ms.workload: identity
-   ms.topic: landing-page
-   ms.date: 08/31/2022
-   author: msmimart
-   ms.author: mimart
-   manager: celested
+metadata:
+  title: External Identities documentation
+  description: External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.
+  ms.service: active-directory
+  ms.subservice: B2B
+  ms.workload: identity
+  ms.topic: landing-page
+  ms.date: 08/31/2022
+  author: msmimart
+  ms.author: mimart
+  manager: celested
 
 landingContent:
   - title: About External Identities

articles/active-directory/fundamentals/9-secure-access-teams-sharepoint.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 02/23/2023
+ms.date: 02/28/2023
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
@@ -27,7 +27,7 @@ This article is number 9 in a series of 10 articles. We recommend you review the
 
 Sharing in Microsoft 365 is partially governed by the **External Identities, External collaboration settings** in Azure Active Directory (Azure AD). If external sharing is disabled or restricted in Azure AD, it overrides sharing settings configured in Microsoft 365. An exception is if Azure AD B2B integration isn't enabled. You can configure SharePoint and OneDrive to support ad-hoc sharing via one-time password (OTP). The following screenshot shows the External Identities, External collaboration settings dialog. 
 
-   ![Screenshot of options and entries under External Identities, External collaboration settings.](media/secure-external-access/9-external-collaboration-settings.png)
+:::image type="content" source="media/secure-external-access/9-external-collaboration-settings-new.png" alt-text="Screenshot of options and entries under External Identities, External collaboration settings.":::
 
 Learn more:
 
@@ -43,9 +43,8 @@ Guest users are invited to have access to resources.
 3. Under **Categories**, select **Identity**.
 4. From the list, select **External Identities**.
 5. Select **External collaboration settings**.
-6. Find the **Guest user access** option. 
-
-To prevent guest-user access to other guest-user details, and to prevent enumeration of group membership, select **Guest users have limited access to properties and memberships of directory objects**.
+6. Find the **Guest user access** options. 
+7. To prevent guest-user access to other guest-user details, and to prevent enumeration of group membership, select **Guest users have limited access to properties and memberships of directory objects**.
 
 ### Guest invite settings
 
@@ -64,16 +63,16 @@ Guest invite settings determine who invites guests and how guests are invited. T
   * Confirms access reviews occur
   * Removes users added to SharePoint
 
-1. Select **Email one-time passcodes for guests**. 
+1. Select the banner for **Email one-time passcodes for guests**. 
 2. For **Enable guest self-service sign up via user flows**, select **Yes**. 
 
 ### Collaboration restrictions
 
 For the Collaboration restrictions option, the organization's business requirements dictate the choice of invitation.
 
-* **Allow invitations to be sent to any domain** - any user can be invited
+* **Allow invitations to be sent to any domain (most inclusive)** - any user can be invited
 * **Deny invitations to the specified domains** - any user outside those domains can be invited
-* **Allow invitations only to the specified domains** - any user outside those domains can't be invited 
+* **Allow invitations only to the specified domains (most restrictive)** - any user outside those domains can't be invited 
 
 ## External users and guest users in Teams
 

articles/active-directory/manage-apps/index.yml

@@ -3,16 +3,16 @@
 title: Application management documentation
 summary: Azure Active Directory is an Identity and Access Management (IAM) system. It provides a single place to store information about digital identities. You can configure your software applications to use Azure AD as the place where user information is stored.
 
-metadata: 
-   title: Application management documentation
-   description: Azure AD is an Identity and Access Management (IAM) system. It provides a single place to store information about digital identities. You can configure your software applications to use Azure AD as the place where user information is stored.
-   ms.service: active-directory
-   ms.subservice: app-mgmt
-   ms.workload: identity
-   ms.topic: landing-page
-   ms.date: 07/08/2021
-   author: CelesteDG
-   ms.author: CelesteDG
+metadata:
+  title: Application management documentation
+  description: Azure AD is an Identity and Access Management (IAM) system. It provides a single place to store information about digital identities. You can configure your software applications to use Azure AD as the place where user information is stored.
+  ms.service: active-directory
+  ms.subservice: app-mgmt
+  ms.workload: identity
+  ms.topic: landing-page
+  ms.date: 07/08/2021
+  author: CelesteDG
+  ms.author: CelesteDG
 
 landingContent:
   - title: Fundamentals

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure-graph.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: multi-tenant-organizations
 ms.topic: how-to
-ms.date: 02/06/2023
+ms.date: 02/27/2023
 ms.author: rolyon
 ms.custom: it-pro
 
@@ -27,15 +27,15 @@ This article describes the key steps to configure cross-tenant synchronization u
 
 ## Prerequisites
 
-### Source tenant
+![Icon for the source tenant.](./media/common/icon-tenant-source.png)<br/>**Source tenant**
 
 - Azure AD Premium P1 or P2 license
 - [Security Administrator](../roles/permissions-reference.md#security-administrator) role to configure cross-tenant access settings
 - [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator) role to configure cross-tenant synchronization
 - [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator) or [Application Administrator](../roles/permissions-reference.md#application-administrator) role to assign users to a configuration and to delete a configuration
 - [Global Administrator](../roles/permissions-reference.md#global-administrator) role to consent to required permissions
 
-### Target tenant
+![Icon for the target tenant.](./media/common/icon-tenant-target.png)<br/>**Target tenant**
 
 - Azure AD Premium P1 or P2 license
 - [Security Administrator](../roles/permissions-reference.md#security-administrator) role to configure cross-tenant access settings
@@ -66,7 +66,7 @@ These steps describe how to use Microsoft Graph Explorer (recommended), but you
 
 1. Start another instance of [Microsoft Graph Explorer tool](https://aka.ms/ge).
 
-1. Sign in to the source tenant.
+1. Sign in to the target tenant.
 
 1. Consent to the following required permissions:
 

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure.md

@@ -35,14 +35,14 @@ By the end of this article, you'll be able to:
 
 ## Prerequisites
 
-### Source tenant
+![Icon for the source tenant.](./media/common/icon-tenant-source.png)<br/>**Source tenant**
 
 - Azure AD Premium P1 or P2 license
 - [Security Administrator](../roles/permissions-reference.md#security-administrator) role to configure cross-tenant access settings
 - [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator) role to configure cross-tenant synchronization
 - [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator) or [Application Administrator](../roles/permissions-reference.md#application-administrator) role to assign users to a configuration and to delete a configuration
 
-### Target tenant
+![Icon for the target tenant.](./media/common/icon-tenant-target.png)<br/>**Target tenant**
 
 - Azure AD Premium P1 or P2 license
 - [Security Administrator](../roles/permissions-reference.md#security-administrator) role to configure cross-tenant access settings