Merge pull request #200134 from MicrosoftDocs/main

6/01 AM Publish

Author: huypub

articles/active-directory-b2c/partner-asignio.md

@@ -114,7 +114,7 @@ Follow the steps mentioned in [this tutorial](tutorial-register-applications.md?
    | Property | Value |
    |:--------|:-------------|
    |Name  | Login with Asignio *(or a name of your choice)*
-   |Metadata URL |  https://authorization.asignio.com/.well-known/openid-configuration|
+   |Metadata URL |  `https://authorization.asignio.com/.well-known/openid-configuration`|
    | Client ID |  enter the client ID that you previously generated in [step 1](#step-1-configure-an-application-with-asignio)|
    |Client Secret |  enter the Client secret that you previously generated in [step 1](#step-1-configure-an-application-with-asignio)|
    | Scope | openid email profile |

articles/active-directory/identity-protection/overview-identity-protection.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: identity-protection
 ms.topic: overview
-ms.date: 06/15/2021
+ms.date: 05/31/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -31,16 +31,12 @@ The signals generated by and fed to Identity Protection, can be further fed into
 
 ## Why is automation important?
 
-In his [blog post in October of 2018](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Eight-essentials-for-hybrid-identity-3-Securing-your-identity/ba-p/275843) Alex Weinert, who leads Microsoft's Identity Security and Protection team, explains why automation is so important when dealing with the volume of events:
+In the blog post *[Cyber Signals: Defending against cyber threats with the latest research, insights, and trends](https://www.microsoft.com/security/blog/2022/02/03/cyber-signals-defending-against-cyber-threats-with-the-latest-research-insights-and-trends/)* dated February 3, 2022 we shared a thread intelligence brief including the following statistics:
 
-> Each day, our machine learning and heuristic systems provide risk scores for 18 billion login attempts for over 800 million distinct accounts, 300 million of which are discernibly done by adversaries (entities like: criminal actors, hackers).
->
-> At Ignite last year, I spoke about the top 3 attacks on our identity systems. Here is the recent volume of these attacks
->   
->   - **Breach replay**: 4.6BN attacks detected in May 2018
->   - **Password spray**: 350k in April 2018
->   - **Phishing**: This is hard to quantify exactly, but we saw 23M risk events in March 2018, many of which are phish related
+> * Analyzed ...24 trillion security signals combined with intelligence we track by monitoring more than 40 nation-state groups and over 140 threat groups...
+> * ...From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks...
 
+This scale of signals and attacks requires some level of automation to be able to keep up.
 ## Risk detection and remediation
 
 Identity Protection identifies risks of many types, including:
@@ -53,7 +49,7 @@ Identity Protection identifies risks of many types, including:
 - Password spray
 - and more...
 
-More detail on these and other risks including how or when they are calculated can be found in the article, [What is risk](concept-identity-protection-risks.md).
+More detail on these and other risks including how or when they're calculated can be found in the article, [What is risk](concept-identity-protection-risks.md).
 
 The risk signals can trigger remediation efforts such as requiring users to: perform Azure AD Multi-Factor Authentication, reset their password using self-service password reset, or blocking until an administrator takes action.
 
@@ -69,17 +65,17 @@ More information can be found in the article, [How To: Investigate risk](howto-i
 
 ### Risk levels
 
-Identity Protection categorizes risk into three tiers: low, medium, and high. 
+Identity Protection categorizes risk into tiers: low, medium, and high. 
 
-While Microsoft does not provide specific details about how risk is calculated, we will say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.
+While Microsoft doesn't provide specific details about how risk is calculated, we'll say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.
 
 ## Exporting risk data
 
 Data from Identity Protection can be exported to other tools for archive and further investigation and correlation. The Microsoft Graph based APIs allow organizations to collect this data for further processing in a tool such as their SIEM. Information about how to access the Identity Protection API can be found in the article, [Get started with Azure Active Directory Identity Protection and Microsoft Graph](howto-identity-protection-graph-api.md)
 
 Information about integrating Identity Protection information with Microsoft Sentinel can be found in the article, [Connect data from Azure AD Identity Protection](../../sentinel/data-connectors-reference.md#azure-active-directory-identity-protection).
 
-Additionally, organizations can choose to store data for longer periods by changing diagnostic settings in Azure AD to send RiskyUsers and UserRiskEvents data to a Log Analytics workspace, archive data to a storage account, stream data to an Event Hub, or send data to a partner solution. Detailed information about how to do so can be found in the article, [How To: Export risk data](howto-export-risk-data.md).
+Additionally, organizations can choose to store data for longer periods by changing diagnostic settings in Azure AD to send RiskyUsers and UserRiskEvents data to a Log Analytics workspace, archive data to a storage account, stream data to Event Hubs, or send data to a partner solution. Detailed information about how to do so can be found in the article, [How To: Export risk data](howto-export-risk-data.md).
 
 ## Permissions
 
@@ -92,25 +88,25 @@ Identity Protection requires users be a Security Reader, Security Operator, Secu
 | Security operator | View all Identity Protection reports and Overview blade <br><br> Dismiss user risk, confirm safe sign-in, confirm compromise | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts |
 | Security reader | View all Identity Protection reports and Overview blade | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts <br><br> Give feedback on detections |
 
-Currently, the security operator role cannot access the Risky sign-ins report.
+Currently, the security operator role can't access the Risky sign-ins report.
 
 Conditional Access administrators can also create policies that factor in sign-in risk as a condition. Find more information in the article [Conditional Access: Conditions](../conditional-access/concept-conditional-access-conditions.md#sign-in-risk).
 
 ## License requirements
 
 [!INCLUDE [Active Directory P2 license](../../../includes/active-directory-p2-license.md)]
 
-| Capability | Details  | Azure AD Free / Microsoft 365 Apps | Azure AD Premium P1|Azure AD Premium P2 |
+| Capability | Details | Azure AD Free / Microsoft 365 Apps | Azure AD Premium P1 | Azure AD Premium P2 |
 | --- | --- | --- | --- | --- |
-| Risk policies | User risk policy (via Identity Protection)  | No | No |Yes | 
-| Risk policies | Sign-in risk policy (via Identity Protection or Conditional Access)  | No |  No |Yes |
-| Security reports | Overview |  No | No |Yes |
-| Security reports | Risky users  | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Full access|
-| Security reports | Risky sign-ins  | Limited Information. No risk detail or risk level is shown. | Limited Information. No risk detail or risk level is shown. | Full access|
-| Security reports | Risk detections   | No | Limited Information. No details drawer.| Full access|
-| Notifications | Users at risk detected alerts  | No | No |Yes |
-| Notifications | Weekly digest| No | No | Yes | 
-| | MFA registration policy | No | No | Yes |
+| Risk policies | User risk policy (via Identity Protection) | No | No | Yes | 
+| Risk policies | Sign-in risk policy (via Identity Protection or Conditional Access) | No | No | Yes |
+| Security reports | Overview | No | No | Yes |
+| Security reports | Risky users | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Full access|
+| Security reports | Risky sign-ins | Limited Information. No risk detail or risk level is shown. | Limited Information. No risk detail or risk level is shown. | Full access |
+| Security reports | Risk detections | No | Limited Information. No details drawer.| Full access |
+| Notifications | Users at risk detected alerts | No | No | Yes |
+| Notifications | Weekly digest | No | No | Yes | 
+| MFA registration policy |   | No | No | Yes |
 
 More information on these rich reports can be found in the article, [How To: Investigate risk](howto-identity-protection-investigate-risk.md#navigating-the-reports).
 

articles/aks/control-kubeconfig-access.md

@@ -156,7 +156,7 @@ For enhanced security on access to AKS clusters, [integrate Azure Active Directo
 <!-- LINKS - internal -->
 [aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md
 [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
-[aks-quickstart-powershell]: /learn/quick-kubernetes-deploy-powershell.md
+[aks-quickstart-powershell]: /azure/aks/learn/quick-kubernetes-deploy-powershell
 [azure-cli-install]: /cli/azure/install-azure-cli
 [az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
 [azure-rbac]: ../role-based-access-control/overview.md

articles/aks/open-service-mesh-troubleshoot.md

@@ -103,7 +103,7 @@ aks-osm-webhook-osm   1      102m
 ### Check for the service and the CA bundle of the Validating webhook
 
 ```azurecli-interactive
-kubectl get ValidatingWebhookConfiguration aks-osm-webhook-osm -o json | jq '.webhooks[0].clientConfig.service'
+kubectl get ValidatingWebhookConfiguration aks-osm-validator-mesh-osm -o json | jq '.webhooks[0].clientConfig.service'
 ```
 
 A well configured Validating Webhook Configuration would look exactly like this:

articles/aks/start-stop-cluster.md

@@ -150,7 +150,7 @@ If the `ProvisioningState` shows `Starting` that means your cluster hasn't fully
 <!-- LINKS - internal -->
 [aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md
 [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
-[aks-quickstart-powershell]: /learn/quick-kubernetes-deploy-powershell.md
+[aks-quickstart-powershell]: /azure/aks/learn/quick-kubernetes-deploy-powershell
 [install-azure-cli]: /cli/azure/install-azure-cli
 [az-extension-add]: /cli/azure/extension#az_extension_add
 [az-extension-update]: /cli/azure/extension#az_extension_update

articles/api-management/api-management-howto-create-or-invite-developers.md

@@ -52,6 +52,8 @@ When a developer is invited, an email is sent to the developer. This email is ge
 
 Once the invitation is accepted, the account becomes active.
 
+Invitation link will be active for 2 days.
+
 ## <a name="block-developer"> </a> Deactivate or reactivate a developer account
 
 By default, newly created or invited developer accounts are **Active**. To deactivate a developer account, click **Block**. To reactivate a blocked developer account, click **Activate**. A blocked developer account can't access the developer portal or call any APIs. To delete a user account, click **Delete**.

articles/app-service/tutorial-connect-msi-sql-database.md

@@ -144,10 +144,9 @@ The steps you follow for your project depends on whether you're using [Entity Fr
 1. In Visual Studio, open the Package Manager Console and add the NuGet package [Azure.Identity](https://www.nuget.org/packages/Azure.Identity) and update Entity Framework:
 
     ```powershell
-    Install-Package Azure.Identity -Version 1.5.0
+    Install-Package Azure.Identity
     Update-Package EntityFramework
     ```
-
 1. In your DbContext object (in *Models/MyDbContext.cs*), add the following code to the default constructor.
 
     ```csharp

articles/azure-monitor/app/profiler-containers.md

@@ -129,7 +129,7 @@ In this article, you'll learn the various ways you can:
 
 To hit the endpoint, either:
 
-- Visit [http://localhost:8080/weatherforecast](http://localhost:8080/weatherforecast) in your browser, or
+- Visit `http://localhost:8080/weatherforecast` in your browser, or
 - Use curl:
    
   ```terraform
@@ -175,4 +175,4 @@ docker rm -f testapp
 ## Next Steps
 
 - Learn more about [Application Insights Profiler](./profiler-overview.md).
-- Learn how to enable Profiler in your [ASP.NET Core applications run on Linux](./profiler-aspnetcore-linux.md).
+- Learn how to enable Profiler in your [ASP.NET Core applications run on Linux](./profiler-aspnetcore-linux.md).

articles/azure-netapp-files/azure-netapp-files-solution-architectures.md

@@ -107,7 +107,7 @@ This section provides references to SAP on Azure solutions.
 
 ### SAP AnyDB
 
-* [SAP System on Oracle Database on Azure - Azure Architecture Center](/azure/architecture/example-scenario/apps/sap-on-oracle)
+* [SAP System on Oracle Database on Azure - Azure Architecture Center](/azure/architecture/example-scenario/apps/sap-production)
 * [Oracle Azure Virtual Machines DBMS deployment for SAP workload - Azure Virtual Machines](../virtual-machines/workloads/sap/dbms_guide_oracle.md#oracle-configuration-guidelines-for-sap-installations-in-azure-vms-on-linux)
 * [Deploy SAP AnyDB (Oracle 19c) with Azure NetApp Files](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/deploy-sap-anydb-oracle-19c-with-azure-netapp-files/ba-p/2064043)
 * [Manual Recovery Guide for SAP Oracle 19c on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-oracle-19c-on-azure-vms-from-azure/ba-p/3242408)

articles/azure-resource-manager/management/tag-resources.md

@@ -868,7 +868,6 @@ The following limitations apply to tags:
    >     * Azure Automation
    >     * Azure Content Delivery Network (CDN)
    >     * Azure DNS (Zone and A records)
-   >     * Azure Private DNS (Zone, A records, and virtual network link)
 
 ## Next steps