Merge pull request #180231 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/develop/msal-net-token-cache-serialization.md

@@ -32,7 +32,7 @@ The recommendation is:
   -	Otherwise, if you want to use an in-memory cache
     -	If you're only using `AcquireTokenForClient`:
       - Either reuse the confidential client application instance and don’t add a serializer,
-      - Or new-up a new confidential client application and enable the [shared cache option](msal-net-token-cache-serialization.md?tabs=aspnet#no-token-cache-serialization) . This cache is faster as it's not serialized, however, the memory will grow as tokens are cached. The number of tokens is equal to the number of tenants times the number of downstream APIs. An app token is about 2KB in size. It's great for development, or if you have few users. If you need eviction, see next bullet point.
+      - Or new-up a new confidential client application and enable the [shared cache option](msal-net-token-cache-serialization.md?tabs=aspnet#no-token-cache-serialization). This cache is faster as it's not serialized, however, the memory will grow as tokens are cached. The number of tokens is equal to the number of tenants times the number of downstream APIs. An app token is about 2KB in size. It's great for development, or if you have few users. If you need eviction, see next bullet point.
       -	If you  want to use an in-memory token cache and control its size and eviction policies, use the [Microsoft.Identity.Web in memory cache option](msal-net-token-cache-serialization.md?tabs=aspnet#in-memory-token-cache-1)
 -	If you build an SDK and want to write your own token cache serializer for confidential client applications, inherit from [Microsoft.Identity.Web.MsalAsbtractTokenCacheProvider](https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.TokenCache/MsalAbstractTokenCacheProvider.cs) and override the `WriteCacheBytesAsync` and `ReadCacheBytesAsync` methods.
 
@@ -230,9 +230,10 @@ public static async Task<AuthenticationResult> GetTokenAsync(string clientId, X5
 
 Instead of `app.AddInMemoryTokenCache();` you can use different caching serialization technologies, including no serialization, in memory, and distributed token cache storage provided by .NET.
 
-#### No token cache serialization
+<a id="no-token-cache-serialization"></a>
+#### Token cache without serialization
 
-You can specify that you don't want to have any token cache serialization (using the MSAL.NET internal cache), if you:
+You can specify that you don't want to have any token cache serialization and instead rely on the MSAL.NET internal cache:
 - Use `.WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` when you build the application.
 - Don't add any serializer.
 
@@ -247,6 +248,8 @@ You can specify that you don't want to have any token cache serialization (using
        .Build();
 ```
 
+`WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` makes the internal MSAL token cache shared between different MSAL client application instances. Sharing a token cache is faster than using any token cache serialization, but the internal in-memory token cache doesn't have eviction policies. Existing tokens will be refreshed in place, but fetching tokens for different users, tenants, and resources makes the cache grow accordingly. If you use this approach and have a large number of users or tenants, make sure you monitor the memory footprint. If the memory footprint becomes an issue, consider enabling token cache serialization, which might reduce the internal cache size. Also be aware that currently, you can't use shared cache and cache serialization together.
+
 #### In memory token cache
 
 In memory token cache serialization is great in samples. It's also good in production applications if you only request app tokens (`AcquireTokenForClient`), provided you don't mind if the token cache is lost when the web app is restarted. It's not recommended in production if you request user tokens (`AcquireTokenByAuthorizationCode`, `AcquireTokenSilent`, `AcquireTokenOnBehalfOf`)

articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-identity-adoption-strategy.md

@@ -55,7 +55,7 @@ The following table helps in determining the advantages and disadvantages of eac
 ### Client experience
 The strategy that you use will dictate the user sign-in experience.  The following tables provide you with information on what the users should expect their sign-in experience to be.  Not all federated identity providers support SSO in all scenarios.
 
-**Doman-joined and private network applications**:
+**Domain-joined and private network applications**:
 
 | Application | Synchronized Identity | Federated Identity |
 | --- | --- | --- |

articles/cognitive-services/QnAMaker/Concepts/confidence-score.md

@@ -52,9 +52,9 @@ When choosing your threshold, keep in mind the balance between Accuracy and Cove
 
 ## Set threshold
 
-Set the threshold score as a property of the [GenerateAnswer API JSON body](../how-to/metadata-generateanswer-usage.md#generateanswer-request-configuration). This means you set it for each call to GenerateAnswer.
+Set the threshold score as a property of the [GenerateAnswer API JSON body](../How-To/metadata-generateanswer-usage.md#generateanswer-request-configuration). This means you set it for each call to GenerateAnswer.
 
-From the bot framework, set the score as part of the options object with [C#](../how-to/metadata-generateanswer-usage.md?#use-qna-maker-with-a-bot-in-c) or [Node.js](../how-to/metadata-generateanswer-usage.md?#use-qna-maker-with-a-bot-in-nodejs).
+From the bot framework, set the score as part of the options object with [C#](../How-To/metadata-generateanswer-usage.md?#use-qna-maker-with-a-bot-in-c) or [Node.js](../How-To/metadata-generateanswer-usage.md?#use-qna-maker-with-a-bot-in-nodejs).
 
 ## Improve confidence scores
 To improve the confidence score of a particular response to a user query, you can add the user query to the knowledge base as an alternate question on that response. You can also use case-insensitive [word alterations](/rest/api/cognitiveservices/qnamaker/alterations/replace) to add synonyms to keywords in your KB.
@@ -71,7 +71,7 @@ The test index holds all the QnA pairs of your knowledge bases. When querying th
 * organize your knowledge base using one of the following:
     * 1 resource restricted to 1 KB: restrict your single QnA resource (and the resulting Azure Cognitive Search test index) to a single knowledge base.
     * 2 resources - 1 for test, 1 for production: have two QnA Maker resources, using one for testing (with its own test and  production indexes) and one for product (also having its own test and production indexes)
-* and, always use the same parameters, such as **[top](../how-to/improve-knowledge-base.md#use-the-top-property-in-the-generateanswer-request-to-get-several-matching-answers)** when querying both your test and production knowledge base
+* and, always use the same parameters, such as **[top](../How-To/improve-knowledge-base.md#use-the-top-property-in-the-generateanswer-request-to-get-several-matching-answers)** when querying both your test and production knowledge base
 
 When you publish a knowledge base, the question and answer contents of your knowledge base moves from the test index to a production index in Azure search. See how the [publish](../Quickstarts/create-publish-knowledge-base.md#publish-the-knowledge-base) operation works.
 

articles/virtual-desktop/screen-capture-protection.md

@@ -27,8 +27,8 @@ Suppose the user attempts to use an unsupported client to connect to the protect
 
 1. To configure screen capture protection, you need to install administrative templates that add rules and settings for Azure Virtual Desktop.
 2. Download the [Azure Virtual Desktop policy templates file](https://aka.ms/avdgpo) (AVDGPTemplate.cab) and extract the contents of the cab file and zip archive.
-3. Copy the *terminalserver-avd.admx* file to *%windir%\PolicyDefinitions* folder
-4. Copy the *en-us\terminalserver-avd.adml* file to *%windir%\PolicyDefinitions\en-us* folder
+3. Copy the **terminalserver-avd.admx** file to **%windir%\PolicyDefinitions** folder.
+4. Copy the **en-us\terminalserver-avd.adml** file to **%windir%\PolicyDefinitions\en-us** folder.
 5. To confirm the files copied correctly, open the Group Policy Editor and navigate to **Computer Configuration** -> **Administrative Templates** -> **Windows Components** -> **Remote Desktop Services** -> **Remote Desktop Session Host** -> **Azure Virtual Desktop**
 6. You should see one or more Azure Virtual Desktop policies, as shown below.