Merge pull request #245677 from MicrosoftDocs/main

7/20/2023 AM Publish

Author: Taojunshen

articles/active-directory-b2c/authorization-code-flow.md

@@ -124,7 +124,7 @@ grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&sco
 | client_id |Required |The application ID assigned to your app in the [Azure portal](https://portal.azure.com).|
 | client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, and therefore are not used in this call. If you use a client secret, please change it on a periodic basis. |
 | grant_type |Required |The type of grant. For the authorization code flow, the grant type must be `authorization_code`. |
-| scope |Required |A space-separated list of scopes. A single scope value indicates to Azure AD both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources.  You also can use the `openid` scope to request an ID token from Azure AD B2C. |
+| scope |Recommended |A space-separated list of scopes. A single scope value indicates to Azure AD both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources.  You also can use the `openid` scope to request an ID token from Azure AD B2C. |
 | code |Required |The authorization code that you acquired in from the `/authorize` endpoint. |
 | redirect_uri |Required |The redirect URI of the application where you received the authorization code. |
 | code_verifier | recommended | The same `code_verifier` used to obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). |

articles/active-directory/cloud-infrastructure-entitlement-management/ui-triggers.md

@@ -31,6 +31,9 @@ This article describes how to use the **Alerts** dashboard in Permissions Manage
 
     - **Alerts**
     - **Alert Triggers**
+      
+- Select the **Authorization system**(s) and/or **folder**(s) to display alerts and alert triggers in scope of the selected view. 
+- Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
 
 ## View information about alerts
 
@@ -55,7 +58,6 @@ The **Rule-Based Anomaly** tab and the **Statistical Anomaly** tab both have one
 - **Columns**: Select the columns you want to display: **Task**, **Resource**, and **Identity**.
     - To return to the system default settings, select **Reset to default**.
 
-Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
 
 
 ## View information about alert triggers

articles/active-directory/fundamentals/whats-new-sovereign-clouds-archive.md

@@ -20,6 +20,37 @@ The primary [What's new in sovereign clouds release notes](whats-new-sovereign-c
 
 ---
 
+## December 2022
+
+### General Availability - Risk-based Conditional Access for workload identities
+
+**Type:** New feature  
+**Service category:** Conditional Access          
+**Product capability:** Identity Security & Protection     
+
+Customers can now bring one of the most powerful forms of access control in the industry to workload identities. Conditional Access supports risk-based policies for workload identities. Organizations can block sign-in attempts when Identity Protection detects compromised apps or services. For more information, see: [Create a risk-based Conditional Access policy](../conditional-access/workload-identity.md#create-a-risk-based-conditional-access-policy).
+
+---
+
+### General Availability - API to recover accidentally deleted Service Principals
+
+**Type:** New feature  
+**Service category:** Enterprise Apps        
+**Product capability:** Identity Lifecycle Management     
+
+Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This isn't applicable to security groups, which are deleted permanently. A recently deleted item remains available for up to 30 days. After 30 days, the item is permanently deleted. For more information, see: [servicePrincipal resource type](/graph/api/resources/serviceprincipal).
+
+---
+
+### General Availability - Using Staged rollout to test Cert Based Authentication (CBA)
+
+**Type:** New feature  
+**Service category:** Authentications (Logins)     
+**Product capability:** Identity Security & Protection   
+
+We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Migrate to cloud authentication using Staged Rollout](../hybrid/how-to-connect-staged-rollout.md).
+
+---
 
 ## November 2022
 

articles/active-directory/fundamentals/whats-new-sovereign-clouds.md

@@ -372,37 +372,6 @@ Represents a tenant's customizable terms of use agreement that is created, and m
 
 ---
 
-## December 2022
-
-### General Availability - Risk-based Conditional Access for workload identities
-
-**Type:** New feature  
-**Service category:** Conditional Access          
-**Product capability:** Identity Security & Protection     
-
-Customers can now bring one of the most powerful forms of access control in the industry to workload identities. Conditional Access supports risk-based policies for workload identities. Organizations can block sign-in attempts when Identity Protection detects compromised apps or services. For more information, see: [Create a risk-based Conditional Access policy](../conditional-access/workload-identity.md#create-a-risk-based-conditional-access-policy).
-
----
-
-### General Availability - API to recover accidentally deleted Service Principals
-
-**Type:** New feature  
-**Service category:** Enterprise Apps        
-**Product capability:** Identity Lifecycle Management     
-
-Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This isn't applicable to security groups, which are deleted permanently. A recently deleted item remains available for up to 30 days. After 30 days, the item is permanently deleted. For more information, see: [servicePrincipal resource type](/graph/api/resources/serviceprincipal).
-
----
-
-### General Availability - Using Staged rollout to test Cert Based Authentication (CBA)
-
-**Type:** New feature  
-**Service category:** Authentications (Logins)     
-**Product capability:** Identity Security & Protection   
-
-We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Migrate to cloud authentication using Staged Rollout](../hybrid/how-to-connect-staged-rollout.md).
-
----
 
 ## Next steps
 <!-- Add a context sentence for the following links -->

articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md

@@ -60,7 +60,7 @@ As of now, following versions of Confluence are supported:
 
 - Confluence: 5.0 to 5.10
 - Confluence: 6.0.1 to 6.15.9
-- Confluence: 7.0.1 to 8.3.0
+- Confluence: 7.0.1 to 8.0.4
 
 > [!NOTE]
 > Please note that our Confluence Plugin also works on Ubuntu Version 16.04

articles/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide.md

@@ -64,7 +64,7 @@ The plug-in supports the following versions of Jira and Confluence:
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](./jira52microsoft-tutorial.md).
 * Confluence: 5.0 to 5.10.
 * Confluence: 6.0.1 to 6.15.9.
-* Confluence: 7.0.1 to 8.3.0.
+* Confluence: 7.0.1 to 8.0.4.
 
 ## Installation
 
@@ -148,7 +148,7 @@ Confluence:
 
 |Plugin Version   |                                   Release Notes                                           |       Supported JIRA versions       |
 |-----------------|-------------------------------------------------------------------------------------------|-------------------------------------|
-|  6.3.9          |   Bug Fixes:                                                                              | Confluence Server: 7.20.3 to 8.3.0  |
+|  6.3.9          |   Bug Fixes:                                                                              | Confluence Server: 7.20.3 to 8.0.4  |
 |                 |   System Error: Metadata link cannot be configured on SSO plugins.                        |                                     |
 |                 |                                                                                           |                                     |
 |  6.3.8          |   New Feature:                                                                            | Confluence Server: 5.0 to 7.20.1    |
@@ -212,7 +212,7 @@ The plug-in supports these versions:
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](./jira52microsoft-tutorial.md).
 * Confluence: 5.0 to 5.10.
 * Confluence: 6.0.1 to 6.15.9.
-* Confluence: 7.0.1 to 8.3.0.
+* Confluence: 7.0.1 to 8.0.4.
 
 ### Is the plug-in free or paid?
 

articles/ai-services/document-intelligence/faq.yml

@@ -445,6 +445,12 @@ sections:
 
           - Switching subscriptions or resources can be done under Settings -> Resource tab.
 
+      - question: |
+          Why am I receiving an AuthorizationFailure error on Auto Label or OCR Upgrade when my Storage Account is configured with a firewall?
+        answer: |
+
+          Please add our website IP address, 20.3.165.95, to the allowlist of firewall. This is Document Intelligence Studio's dedicated IP address and can be safely allowed.
+
   - name: Containers
     questions:
       - question: |

articles/ai-services/document-intelligence/toc.yml

@@ -138,13 +138,13 @@ items:
   - name: Transparency notes
     items:
     - name: Document Intelligence scenarios
-      href: /legal/cognitive-services/form-recognizer/fr-transparency-note?context=/azure/ai-services/document-intelligence/context/context
+      href: /legal/cognitive-services/document-intelligence/transparency-note
     - name: Characteristics and limitations
-      href: /legal/cognitive-services/form-recognizer/fr-characteristics-and-limitations?context=/azure/ai-services/document-intelligence/context/context
+      href: /legal/cognitive-services/document-intelligence/characteristics-and-limitations
   - name: Integration and responsible use
-    href: /legal/cognitive-services/form-recognizer/fr-guidance-integration-responsible-use?context=/azure/ai-services/document-intelligence/context/context
+    href: /legal/cognitive-services/document-intelligence/guidance-integration-responsible-use
   - name: Data, privacy, and security
-    href: /legal/cognitive-services/form-recognizer/fr-data-privacy-security?context=/azure/ai-services/document-intelligence/context/context
+    href: /legal/cognitive-services/document-intelligence/data-privacy-security
 - name: Concepts
   items:
   - name: Model overview

articles/ai-services/openai/faq.yml

@@ -8,7 +8,7 @@ metadata:
   ms.service: cognitive-services
   ms.subservice: openai
   ms.topic: faq
-  ms.date: 06/07/2023
+  ms.date: 07/20/2023
   ms.author: mbullwin
   author: mrbullwinkle
 title: Azure OpenAI Service frequently asked questions
@@ -103,7 +103,7 @@ sections:
       - question: |
           What are the SLAs for API responses in Azure OpenAI?
         answer:
-          We don't have a defined API response time Service Level Agreement (SLA) at this time. For more information about the SLA for Azure OpenAI Service, see the "Azure Cognitive Services" section of the [Service Level Agreements (SLA) for Online Services page](https://azure.microsoft.com/support/legal/sla/cognitive-services/v1_1/).  
+          We don't have a defined API response time Service Level Agreement (SLA) at this time. For more information about the SLA for Azure OpenAI Service, consult the [Service Level Agreements (SLA) for Online Services page](https://azure.microsoft.com/support/legal/sla/cognitive-services/v1_1/).  
       - question: |
           Why was my fine-tuned model deployment deleted? 
         answer: