Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into mwahl-aad-em-co

Author: markwahl-msft

.openpublishing.redirection.active-directory.json

@@ -1025,6 +1025,26 @@
       "redirect_url": "/azure/active-directory/active-directory-b2b-admin-add-users",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-browserless-app-dotnet-sign-in-overview.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-browserless-app-dotnet-sign-in-prepare-tenant",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-browserless-app-dotnet-sign-in-prepare-app.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-browserless-app-dotnet-sign-in-build-app",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-browserless-app-dotnet-sign-in-prepare-tenant.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-browserless-app-dotnet-sign-in-prepare-tenant",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-browserless-app-dotnet-sign-in-sign-in.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-browserless-app-dotnet-sign-in-build-app",
+      "redirect_document_id": false 
+    },
     {
       "source_path_from_root": "/articles/active-directory/external-identities/delegate-invitations.md",
       "redirect_url": "/azure/active-directory/external-identities/external-collaboration-settings-configure",
@@ -1055,6 +1075,26 @@
       "redirect_url": "/azure/active-directory/external-identities/customers/web-app-quickstart-portal-node-js-ciam",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-daemon-node-call-api-overview.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-daemon-node-call-api-prepare-app.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-daemon-node-call-api-prepare-tenant.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-daemon-node-call-api-call-api.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
+      "redirect_document_id": false 
+    },
     {
       "source_path_from_root": "/articles/active-directory/external-identities/conditional-access.md",
       "redirect_url": "/azure/active-directory/external-identities/authentication-conditional-access",

.openpublishing.redirection.json

@@ -1,5 +1,15 @@
 {
     "redirections": [
+        {
+            "source_path": "articles/route-server/tutorial-protect-route-server.md",
+            "redirect_URL": "/azure/route-server/tutorial-protect-route-server-ddos",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/route-server/routing-preference.md",
+            "redirect_url": "/azure/route-server/overview",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/cloud-services-extended-support/deploy-visual-studio.md",
             "redirect_url": "/visualstudio/azure/cloud-services-extended-support?context=%2Fazure%2Fcloud-services-extended-support%2Fcontext%2Fcontext",
@@ -860,11 +870,6 @@
             "redirect_url": "/azure/ddos-protection/ddos-protection-sku-comparison#limitations",
             "redirect_document_id": false
         },
-        {
-            "source_path": "articles/route-server/routing-preference.md",
-            "redirect_url": "/azure/route-server/overview",
-            "redirect_document_id": false
-        },
         {
             "source_path": "articles/storage/queues/storage-ruby-how-to-use-queue-storage.md",
             "redirect_url": "/previous-versions/azure/storage/queues/storage-ruby-how-to-use-queue-storage",
@@ -23558,11 +23563,6 @@
             "redirect_URL": "/azure/firewall/tutorial-protect-firewall-ddos",
             "redirect_document_id": false
         },
-        {
-            "source_path": "articles/route-server/tutorial-protect-route-server.md",
-            "redirect_URL": "/azure/route-server/tutorial-protect-route-server-ddos",
-            "redirect_document_id": false
-        },
         {
             "source_path": "articles/external-attack-surface-management/data-connections-overview.md",
             "redirect_URL": "/azure/external-attack-surface-management/index",

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 07/18/2023
+ms.date: 07/25/2023
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/authentication/fido2-compatibility.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 07/26/2023
 
 author: justinha
 ms.author: justinha
@@ -21,32 +21,84 @@ Azure Active Directory allows [FIDO2 security keys](./concept-authentication-pas
 
 ## Supported browsers
 
-This table shows support for authenticating Azure Active Directory (Azure AD) and Microsoft Accounts (MSA). Microsoft accounts are created by consumers for services such as Xbox, Skype, or Outlook.com. Supported device types include **USB**, near-field communication (**NFC**), and bluetooth low energy (**BLE**).
+This table shows support for authenticating Azure Active Directory (Azure AD) and Microsoft Accounts (MSA). Microsoft accounts are created by consumers for services such as Xbox, Skype, or Outlook.com. 
 
-| OS | Chrome | Chrome  | Chrome | Edge | Edge | Edge | Firefox | Firefox | Firefox | Safari | Safari | Safari
-|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
-| | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE |
-| **Windows**  | ![Chrome supports USB on Windows for Azure AD accounts.][y] | ![Chrome supports NFC on Windows for Azure AD accounts.][y] | ![Chrome supports BLE on Windows for Azure AD accounts.][y] | ![Edge supports USB on Windows for Azure AD accounts.][y] | ![Edge supports NFC on Windows for Azure AD accounts.][y] | ![Edge supports BLE on Windows for Azure AD accounts.][y] | ![Firefox supports USB on Windows for Azure AD accounts.][y] | ![Firefox supports NFC on Windows for Azure AD accounts.][y] | ![Firefox supports BLE on Windows for Azure AD accounts.][y] |  ![Safari supports USB on Windows for Azure AD accounts.][n] | ![Safari supports NFC on Windows for Azure AD accounts.][n] | ![Safari supports BLE on Windows for Azure AD accounts.][n] |
-| **macOS**  | ![Chrome supports USB on macOS for Azure AD accounts.][y] | ![Chrome supports NFC on macOS for Azure AD accounts.][n] | ![Chrome supports BLE on macOS for Azure AD accounts.][n] | ![Edge supports USB on macOS for Azure AD accounts.][y] | ![Edge supports NFC on macOS for Azure AD accounts.][n] | ![Edge supports BLE on macOS for Azure AD accounts.][n] | ![Firefox supports USB on macOS for Azure AD accounts.][n] | ![Firefox supports NFC on macOS for Azure AD accounts.][n] | ![Firefox supports BLE on macOS for Azure AD accounts.][n] | ![Safari supports USB on macOS for Azure AD accounts.][y] | ![Safari supports NFC on macOS for Azure AD accounts.][n] | ![Safari supports BLE on macOS for Azure AD accounts.][n] |
-| **ChromeOS**  | ![Chrome supports USB on ChromeOS for Azure AD accounts.][y] | ![Chrome supports NFC on ChromeOS for Azure AD accounts.][n] | ![Chrome supports BLE on ChromeOS for Azure AD accounts.][n] | ![Edge supports USB on ChromeOS for Azure AD accounts.][n] | ![Edge supports NFC on ChromeOS for Azure AD accounts.][n] | ![Edge supports BLE on ChromeOS for Azure AD accounts.][n] | ![Firefox supports USB on ChromeOS for Azure AD accounts.][n] | ![Firefox supports NFC on ChromeOS for Azure AD accounts.][n] | ![Firefox supports BLE on ChromeOS for Azure AD accounts.][n] | ![Safari supports USB on ChromeOS for Azure AD accounts.][n] | ![Safari supports NFC on ChromeOS for Azure AD accounts.][n] | ![Safari supports BLE on ChromeOS for Azure AD accounts.][n] |
-| **Linux**  | ![Chrome supports USB on Linux for Azure AD accounts.][y] | ![Chrome supports NFC on Linux for Azure AD accounts.][n] | ![Chrome supports BLE on Linux for Azure AD accounts.][n] | ![Edge supports USB on Linux for Azure AD accounts.][n] | ![Edge supports NFC on Linux for Azure AD accounts.][n] | ![Edge supports BLE on Linux for Azure AD accounts.][n] | ![Firefox supports USB on Linux for Azure AD accounts.][n] | ![Firefox supports NFC on Linux for Azure AD accounts.][n] | ![Firefox supports BLE on Linux for Azure AD accounts.][n] | ![Safari supports USB on Linux for Azure AD accounts.][n] | ![Safari supports NFC on Linux for Azure AD accounts.][n] | ![Safari supports BLE on Linux for Azure AD accounts.][n] |
-| **iOS**  | ![Chrome supports USB on iOS for Azure AD accounts.][y] | ![Chrome supports NFC on iOS for Azure AD accounts.][y] | ![Chrome supports BLE on iOS for Azure AD accounts.][n] | ![Edge supports USB on iOS for Azure AD accounts.][y] | ![Edge supports NFC on iOS for Azure AD accounts.][y] | ![Edge supports BLE on iOS for Azure AD accounts.][n] | ![Firefox supports USB on Linux for Azure AD accounts.][n] | ![Firefox supports NFC on iOS for Azure AD accounts.][n] | ![Firefox supports BLE on iOS for Azure AD accounts.][n] | ![Safari supports USB on iOS for Azure AD accounts.][y] | ![Safari supports NFC on iOS for Azure AD accounts.][y] | ![Safari supports BLE on iOS for Azure AD accounts.][n] |
-| **Android**  | ![Chrome supports USB on Android for Azure AD accounts.][n] | ![Chrome supports NFC on Android for Azure AD accounts.][n] | ![Chrome supports BLE on Android for Azure AD accounts.][n] | ![Edge supports USB on Android for Azure AD accounts.][n] | ![Edge supports NFC on Android for Azure AD accounts.][n] | ![Edge supports BLE on Android for Azure AD accounts.][n] | ![Firefox supports USB on Android for Azure AD accounts.][n] | ![Firefox supports NFC on Android for Azure AD accounts.][n] | ![Firefox supports BLE on Android for Azure AD accounts.][n] | ![Safari supports USB on Android for Azure AD accounts.][n] | ![Safari supports NFC on Android for Azure AD accounts.][n] | ![Safari supports BLE on Android for Azure AD accounts.][n] |
-
-- Key registration is currently not supported with ChromeOS/Chrome Browser.
-- For iOS and macOS on Safari browser, PIN requests fail if the PIN isn't already set on the security key.
-- Security key PIN for user verification isn't currently supported with Android.
+| OS  | Chrome | Edge | Firefox | Safari |
+|:---:|:------:|:----:|:-------:|:------:|
+| **Windows**  | ✅ | ✅ | ✅ | N/A |
+| **macOS**  | ✅ | ✅ | ✅ | ✅ |
+| **ChromeOS**  | ✅ | N/A | N/A | N/A |
+| **Linux**  | ✅ | ❌ | ❌ | N/A |
+| **iOS**  | ✅ | ✅ | ✅ | ✅ |
+| **Android**  | ❌ | ❌ | ❌ | N/A |
 
 >[!NOTE]
->This is the view for web support. Authentication for native apps in iOS and Android are not available yet.
+>This is the view for web support. Authentication for native apps in iOS and Android isn't available yet.
 
-## Unsupported browsers
+## Browser support for each platform
 
-The following operating system and browser combinations aren't supported, but future support and testing is being investigated. If you would like to see other operating system and browser support, please leave feedback on our [product feedback site](https://feedback.azure.com/d365community/).
+The following tables show which transports are supported for each platform. Supported device types include **USB**, near-field communication (**NFC**), and bluetooth low energy (**BLE**).
 
-| Operating system | Browser |
-| ---- | ---- |
-| Android | Chrome |
+### Windows
+
+| Browser | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | ✅ | ✅ | ✅ |
+| Chrome   | ✅ | ✅ | ✅ |
+| Firefox   | ✅ | ✅ | ✅ |
+
+### macOS
+
+| Browser | USB  | NFC<sup>1</sup> | BLE<sup>1</sup> |
+|---------|------|-----|-----|
+| Edge    | &#x2705; | N/A | N/A |
+| Chrome   | &#x2705; | N/A | N/A |
+| Firefox<sup>2</sup>   | &#x2705; | N/A | N/A |
+| Safari<sup>2</sup>   | &#x2705; | N/A | N/A |
+
+<sup>1</sup>NFC and BLE security keys aren't supported on macOS by Apple.
+
+<sup>2</sup>New security key registration doesn't work on these macOS browsers because they don't prompt to set up biometrics or PIN.
+
+### ChromeOS
+
+| Browser<sup>1</sup> | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Chrome  | &#x2705; | &#10060; | &#10060; |
+
+<sup>1</sup>Security key registration isn't supported on ChromeOS or Chrome browser.
+
+### Linux
+
+| Browser | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | &#10060; | &#10060; | &#10060; |
+| Chrome  | &#x2705; | &#10060; | &#10060; |
+| Firefox | &#10060; | &#10060; | &#10060; |
+
+
+### iOS
+
+| Browser<sup>1</sup> | Lightning  | NFC | BLE<sup>2</sup> |
+|---------|------------|-----|-----|
+| Edge    |  &#x2705;  | &#x2705; | N/A | 
+| Chrome  |  &#x2705;  | &#x2705; | N/A |
+| Firefox |  &#x2705;  | &#x2705; | N/A |
+| Safari  |  &#x2705;  | &#x2705; | N/A |
+
+<sup>1</sup>New security key registration doesn't work on iOS browsers because they don't prompt to set up biometrics or PIN.
+
+<sup>2</sup>BLE security keys aren't supported on iOS by Apple.
+
+### Android
+
+| Browser<sup>1</sup> | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | &#10060;  | &#10060; | &#10060; |
+| Chrome  | &#10060;  | &#10060; | &#10060; |
+| Firefox | &#10060;  | &#10060; | &#10060; |
+
+<sup>1</sup>Security key biometrics or PIN for user verficiation isn't currently supported on Android by Google. Azure AD requires user verification for all FIDO2 authentications.
 
 ## Minimum browser version
 
@@ -58,7 +110,7 @@ The following are the minimum browser version requirements.
 | Edge | Windows 10 version 1903<sup>1</sup> |
 | Firefox | 66 |
 
-<sup>1</sup>All versions of the new Chromium-based Microsoft Edge support Fido2. Support on Microsoft Edge legacy was added in 1903.
+<sup>1</sup>All versions of the new Chromium-based Microsoft Edge support FIDO2. Support on Microsoft Edge legacy was added in 1903.
 
 ## Next steps
 [Enable passwordless security key sign-in](./howto-authentication-passwordless-security-key.md)

articles/active-directory/cloud-infrastructure-entitlement-management/product-reports.md

@@ -77,8 +77,8 @@ Permissions Management offers the following reports for management associated wi
 - **Permissions Analytics Report**
     - **Summary of report**: Provides information about the violation of key security best practices.
     - **Applies to**: AWS, Azure, and GCP
-    - **Report output type**: CSV, PDF
-    - **Ability to collate report**: Yes
+    - **Report output type**: XSLX, PDF
+    - **Ability to collate report**: Yes (XSLX only)
     - **Type of report**: **Detailed**
     - **Use cases**:
          - This report lists the different key findings in the selected auth systems. The key findings include super identities, inactive identities, over provisioned active identities, storage bucket hygiene, and access key age (for AWS only). The report helps administrators to visualize the findings across the organization.

articles/active-directory/conditional-access/TOC.yml

@@ -68,6 +68,8 @@
     items: 
     - name: Require MFA for administrators
       href: howto-conditional-access-policy-admin-mfa.md
+    - name: Require phishing-resistant MFA for administrators
+      href: how-to-policy-phish-resistant-admin-mfa.md
     - name: Secure security info registration
       href: howto-conditional-access-policy-registration.md
     - name: Block legacy authentication
@@ -76,6 +78,8 @@
       href: howto-policy-guest-mfa.md
     - name: Require MFA for all users
       href: howto-conditional-access-policy-all-users-mfa.md
+    - name: Require MFA for Microsoft admin portals
+      href: how-to-policy-mfa-admin-portals.md
     - name: Require MFA for Azure management
       href: howto-conditional-access-policy-azure-management.md
     - name: Require MFA for risky sign-in