Merge pull request #250215 from MicrosoftDocs/main

Publish to live, Monday 4 AM PST, 9/4

Author: ttorble

articles/active-directory/develop/howto-add-app-roles-in-apps.md

@@ -63,6 +63,17 @@ To create an app role by using the Azure portal's user interface:
 
 When the app role is set to enabled, any users, applications or groups who are assigned has it included in their tokens. These can be access tokens when your app is the API being called by an app or ID tokens when your app is signing in a user. If set to disabled, it becomes inactive and no longer assignable. Any previous assignees will still have the app role included in their tokens, but it has no effect as it is no longer actively assignable. 
 
+## Assign application owner 
+
+If you have not already done so, you'll need to assign yourself as the application owner.
+
+1. In your app registration, under **Manage**, select **Owners**, and **Add owners**.
+1. In the new window, find and select the owner(s) that you want to assign to the application. Selected owners appear in the right panel. Once done, confirm with **Select**. The app owner(s) will now appear in the owner's list.
+
+>[!NOTE]
+>
+> Ensure that both the API application and the application you want to add permissions to both have an owner, otherwise the API will not be listed when requesting API permissions.
+
 ## Assign users and groups to roles
 
 Once you've added app roles in your application, you can assign users and groups to the roles. Assignment of users and groups to roles can be done through the portal's UI, or programmatically using [Microsoft Graph](/graph/api/user-post-approleassignments). When the users assigned to the various app roles sign in to the application, their tokens will have their assigned roles in the `roles` claim.

articles/active-directory/develop/quickstart-configure-app-expose-web-apis.md

@@ -17,7 +17,7 @@ ms.reviewer: aragra, lenalepa, sureshja
 
 # Quickstart: Configure an application to expose a web API
 
-In this quickstart, you'll register a web API with the Microsoft identity platform and expose it to client apps by adding a scope. By registering your web API and exposing it through scopes, you can provide permissions-based access to its resources to authorized users and client apps that access your API.
+In this quickstart, you'll register a web API with the Microsoft identity platform and expose it to client apps by adding a scope. By registering your web API and exposing it through scopes, assigning an owner and app role, you can provide permissions-based access to its resources to authorized users and client apps that access your API.
 
 ## Prerequisites
 
@@ -34,7 +34,30 @@ Perform the steps in the **Register an application** section of [Quickstart: Reg
 
 Skip the **Redirect URI (optional)** section. You don't need to configure a redirect URI for a web API since no user is logged in interactively.
 
-With the web API registered, you can add scopes to the API's code so it can provide granular permission to consumers.
+## Assign application owner 
+
+1. In your app registration, under **Manage**, select **Owners**, and **Add owners**.
+1. In the new window, find and select the owner(s) that you want to assign to the application. Selected owners appear in the right panel. Once done, confirm with **Select**. The app owner(s) will now appear in the owner's list.
+
+>[!NOTE]
+>
+> Ensure that both the API application and the application you want to add permissions to both have an owner, otherwise the API will not be listed when requesting API permissions.
+
+## Assign app role
+
+1. In your app registration, under **Manage**, select **App roles**, and **Create app role**.
+1. Next, specify the app role's attributes in the **Create app role** pane. For this walk-through, you can use the example values or specify your own. 
+
+   | Field | Description | Example |
+   |-------|-------------|---------|
+   | **Display name** | The name of your app role | *Employee Records* |
+   | **Allowed member types** | Specifies whether the app role can be assigned to users/groups and/or applications | *Applications* |
+   | **Value** | The value displayed in the "roles" claim of a token | `Employee.Records` |
+   | **Description** | A more detailed description of the app role | *Applications have access to employee records* |
+
+1. Select the checkbox to enable the app role.
+
+With the web API registered, assigned an app role and owner, you can add scopes to the API's code so it can provide granular permission to consumers.
 
 ## Add a scope
 
@@ -44,9 +67,9 @@ The code in a client application requests permission to perform operations defin
 
 First, follow these steps to create an example scope named `Employees.Read.All`:
 
-1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a>.
-1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="./media/quickstart-configure-app-expose-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration.
-1. Select **Azure Active Directory** > **App registrations**, and then select your API's app registration.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="./media/quickstart-configure-app-access-web-apis/portal-01-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant containing your client app's registration.
+1. Browse to **Identity** > **Applications** > **App registrations**, and then select your API's app registration.
 1. Select **Expose an API**
 1. Select **Add** next to **Application ID URI** if you haven't yet configured one.
 
@@ -56,7 +79,6 @@ First, follow these steps to create an example scope named `Employees.Read.All`:
     :::image type="content" source="media/quickstart-configure-app-expose-web-apis/portal-02-expose-api.png" alt-text="An app registration's Expose an API pane in the Azure portal":::
 
 
-
 1. Next, specify the scope's attributes in the **Add a scope** pane. For this walk-through, you can use the example values or specify your own.
 
     | Field | Description | Example |

articles/active-directory/develop/whats-new-docs.md

@@ -5,7 +5,7 @@ services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
 
-ms.date: 08/01/2023
+ms.date: 09/04/2023
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -18,6 +18,16 @@ ms.custom: has-adal-ref
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new docs that have been added and those that have had significant updates in the last three months.
 
+## August 2023
+
+### Updated articles
+
+- [Call an ASP.NET Core web API with cURL](howto-call-a-web-api-with-curl.md) - Updated sign-in steps for admin center
+- [Troubleshoot publisher verification](troubleshoot-publisher-verification.md) - Removed references to aad.portal.azure.com and terminology updates for partner program updates
+- [Configure a custom claim provider token issuance event (preview)](custom-extension-get-started.md) - Updated MS Graph sections - custom claim provider token issuance event tutorial and custom authentication extensions references
+- [Customize claims issued in the JSON web token (JWT) for enterprise applications](jwt-claims-customization.md) - Updated sign-in steps for admin center
+- [Access tokens in the Microsoft identity platform](access-tokens.md) - Updated details about issuer validation
+
 ## July 2023
 
 ### New articles
@@ -51,33 +61,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Tokens and claims overview](security-tokens.md) - Editorial review of security tokens
 - [Tutorial: Sign in users and call Microsoft Graph from an iOS or macOS app](tutorial-v2-ios.md) - Editorial review
 - [What's new for authentication?](reference-breaking-changes.md) - Identity breaking change: omission of unverified emails by default
-
-## May 2023
-
-### New articles
-
-- [Access token claims reference](access-token-claims-reference.md)
-- [Directory extension attributes in claims](schema-extensions.md)
-- [Provide optional claims to your app](optional-claims.md)
-
-### Updated articles
-
-- [Application and service principal objects in Azure Active Directory](app-objects-and-service-principals.md)
-- [What's new for authentication?](reference-breaking-changes.md)
-- [A web app that calls web APIs: Acquire a token for the app](scenario-web-app-call-api-acquire-token.md)
-- [A web app that calls web APIs: Code configuration](scenario-web-app-call-api-app-configuration.md)
-- [A web app that calls web APIs: Call a web API](scenario-web-app-call-api-call-api.md)
-- [A web API that calls web APIs: Acquire a token for the app](scenario-web-api-call-api-acquire-token.md)
-- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
-- [A web API that calls web APIs: Call an API](scenario-web-api-call-api-call-api.md)
-- [Confidential client assertions](msal-net-client-assertions.md)
-- [Customize claims issued in the JSON web token (JWT) for enterprise applications (Preview)](jwt-claims-customization.md)
-- [Customize claims issued in the SAML token for enterprise applications](saml-claims-customization.md)
-- [Desktop app that calls web APIs: Acquire a token by using WAM](scenario-desktop-acquire-token-wam.md)
-- [Desktop app that calls web APIs: Acquire a token interactively](scenario-desktop-acquire-token-interactive.md)
-- [Handle errors and exceptions in MSAL for Python](msal-error-handling-python.md)
-- [Protected web API: Code configuration](scenario-protected-web-api-app-configuration.md)
-- [Shared device mode for iOS devices](msal-ios-shared-devices.md)
-- [Tutorial: Sign in users and call the Microsoft Graph API from an Android application](tutorial-v2-android.md)
-- [Tutorial: Sign in users and call the Microsoft Graph API from an Angular single-page application (SPA) using auth code flow](tutorial-v2-angular-auth-code.md)
-- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)

articles/ai-services/openai/includes/fine-tuning-python.md

@@ -189,9 +189,7 @@ create_args = {
     "training_file": training_id,
     "validation_file": validation_id,
     "model": "curie",
-    "hyperparams": {
-    "n_epochs": 1
-    },
+    "n_epochs": 1,
     "compute_classification_metrics": True,
     "classification_n_classes": 3
 }

articles/ai-services/speech-service/includes/language-support/pronunciation-assessment.md

@@ -19,12 +19,13 @@ ms.author: eur
 |French (Canada)|`fr-CA`| 
 |French (France)|`fr-FR`|  
 |German (Germany)|`de-DE`|
+|Hindi (India)|`hi-IN`<sup>1</sup>|
 |Italian (Italy)|`it-IT`<sup>1</sup>|
 |Japanese (Japan)|`ja-JP`|
 |Korean (Korea)|`ko-KR`<sup>1</sup>|
 |Malay (Malaysia)|`ms-MY`<sup>1</sup>|
 |Norwegian Bokmål (Norway)|`nb-NO`<sup>1</sup>|
-|Portuguese (Brazil)|`pt-BR`<sup>1</sup>|
+|Portuguese (Brazil)|`pt-BR`|
 |Russian (Russia)|`ru-RU`<sup>1</sup>|
 |Spanish (Mexico)|`es-MX` | 
 |Spanish (Spain)|`es-ES` | 

articles/ai-services/speech-service/language-support.md

@@ -96,7 +96,7 @@ With the cross-lingual feature, you can transfer your custom neural voice model
 
 # [Pronunciation assessment](#tab/pronunciation-assessment)
 
-The table in this section summarizes the 21 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 20 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. 
+The table in this section summarizes the 22 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 21 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. 
 
 [!INCLUDE [Language support include](includes/language-support/pronunciation-assessment.md)]
 

articles/azure-functions/errors-diagnostics/net-worker-rules/azfw0001.md

@@ -2,8 +2,8 @@
 title: "AZFW0001: Invalid binding attributes"
 titleSuffix: "Azure Functions"
 description: "Learn about code analysis rule AZFW0001: Invalid binding attributes"
-author: kashimiz
-ms.author: kashimiz
+author: ggailey777
+ms.author: glenga
 ms.topic: troubleshooting
 ms.date: 05/10/2021
 ---

articles/azure-functions/errors-diagnostics/sdk-rules/azf0001.md

@@ -2,8 +2,8 @@
 title: "AZFW0001: Avoid async void"
 titleSuffix: "Azure Functions"
 description: "Learn about code analysis rule AZF0001: Avoid async void"
-author: kashimiz
-ms.author: kashimiz
+author: ggailey777
+ms.author: glenga
 ms.topic: troubleshooting
 ms.date: 05/10/2021
 ---

articles/azure-functions/errors-diagnostics/sdk-rules/azf0002.md

@@ -2,8 +2,8 @@
 title: "AZF0002: Inefficient HttpClient usage"
 titleSuffix: "Azure Functions"
 description: "Learn about code analysis rule AZF0002: Inefficient HttpClient usage"
-author: kashimiz
-ms.author: kashimiz
+author: ggailey777
+ms.author: glenga
 ms.topic: troubleshooting
 ms.date: 09/29/2021
 ---

articles/defender-for-cloud/defender-for-sql-usage.md

@@ -5,7 +5,7 @@ ms.topic: how-to
 ms.custom: ignite-2022
 ms.author: dacurwin
 author: dcurwin
-ms.date: 06/29/2023
+ms.date: 09/04/2023
 ---
 
 # Enable Microsoft Defender for SQL servers on machines
@@ -45,7 +45,7 @@ Learn more about [vulnerability assessment for Azure SQL servers on machines](de
 |----|:----|
 |Release state:|General availability (GA)|
 |Pricing:|**Microsoft Defender for SQL servers on machines** is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/)|
-|Protected SQL versions:|SQL Server version: 2012 R2, 2014, 2016, 2017, 2019, 2022 <br>- [SQL on Azure virtual machines](/azure/azure-sql/virtual-machines/windows/sql-server-on-azure-vm-iaas-what-is-overview)<br>- [SQL Server on Azure Arc-enabled servers](/sql/sql-server/azure-arc/overview)<br>- On-premises SQL servers on Windows machines without Azure Arc<br>|
+|Protected SQL versions:|SQL Server version: 2012, 2014, 2016, 2017, 2019, 2022 <br>- [SQL on Azure virtual machines](/azure/azure-sql/virtual-machines/windows/sql-server-on-azure-vm-iaas-what-is-overview)<br>- [SQL Server on Azure Arc-enabled servers](/sql/sql-server/azure-arc/overview)<br>- On-premises SQL servers on Windows machines without Azure Arc<br>|
 |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Microsoft Azure operated by 21Vianet **(Advanced Threat Protection Only)**|
 
 ## Set up Microsoft Defender for SQL servers on machines