Merge branch 'main' into yuwzho/update-doc

Author: brhamilton529

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+    {
+      "source_path": "articles/storage/tables/table-storage-design-encrypt-data.md",
+      "redirect_url": "/previous-versions/azure/storage/tables/table-storage-design-encrypt-data",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/databox-online/azure-stack-edge-zero-touch-provisioning.md",
       "redirect_url": "/azure/databox-online/azure-stack-edge-powershell-based-configuration",
@@ -22445,6 +22450,11 @@
             "source_path": "articles/private-multi-access-edge-compute-mec/metaswitch-fusion-core-overview.md",
             "redirect_URL": "/azure/private-5g-core",
             "redirect_document_id": false
+        },        
+        {
+            "source_path": "articles/private-5g-core/modify-site-plan.md",
+            "redirect_URL": "/azure/private-5g-core/modify-service-plan",
+            "redirect_document_id": false
         },
         {
             "source_path": "articles/communications-gateway/rotate-secrets.md",
@@ -22455,6 +22465,11 @@
             "source_path": "articles/batch/high-availability-disaster-recovery.md",
             "redirect_URL": "/azure/reliability/reliability-batch",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/communication-services/concepts/bring-your-own-storage.md",
+            "redirect_url": "/azure/communication-services/concepts/call-automation/call-recording/bring-your-own-storage",
+            "redirect_document_id": false
         }
 
     ]

articles/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility.md

@@ -269,7 +269,7 @@ Following the steps below will delete your existing customappsso job and create
 
 11. In the results of the last step, copy the full "ID" string that begins with "scim". Optionally, reapply your old attribute-mappings by running the command below, replacing [new-job-id] with the new job ID you copied, and entering the JSON output from step #7 as the request body.
 
- `POST https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs/[new-job-id]/schema`
+ `PUT https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs/[new-job-id]/schema`
  `{   <your-schema-json-here>   }`
 
 12. Return to the first web browser window, and select the **Provisioning** tab for your application.

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -144,7 +144,7 @@ The following design elements should increase the success of your pilot implemen
 * Restrict visibility of the pilot application’s icon to a pilot group by hiding its launch icon form the Azure MyApps portal. When ready for production you can scope the app to its respective targeted audience, either in the same pre-production tenant, or by also publishing the  application in your production tenant.
 
 **Single sign-on settings**:
-Some SSO settings have specific dependencies that can take time to set up, so avoid change control delays by ensuring dependencies are addressed ahead of time. This includes domain joining connector hosts to perform SSO using Kerberos Constrained Delegation (KCD) and taking care of other time-consuming activities. For example, Setting up a PING Access instance, if needing header-based SSO.
+Some SSO settings have specific dependencies that can take time to set up, so avoid change control delays by ensuring dependencies are addressed ahead of time. This includes domain joining connector hosts to perform SSO using Kerberos Constrained Delegation (KCD) and taking care of other time-consuming activities.
 
 **TLS Between Connector Host and Target Application**: Security is paramount, so TLS between the connector host and target applications should always be used. Particularly if the web application is configured for forms-based authentication (FBA), as user credentials are then effectively transmitted in clear text.
 

articles/active-directory/app-proxy/application-proxy-deployment-plan.md

@@ -38,9 +38,6 @@ To manage the Authentication methods policy, click **Security** > **Authenticati
 
 Only the [converged registration experience](concept-registration-mfa-sspr-combined.md) is aware of the Authentication methods policy. Users in scope of the Authentication methods policy but not the converged registration experience won't see the correct methods to register.
 
->[!NOTE]
->Some pieces of the Authentication methods policy experience are in preview. This includes management of Email OTP, third party software OATH tokens, SMS, and voice call as noted in the portal. Also, use of the authentication methods policy alone with the legacy MFA and SSPR polices disabled is a preview experience.
-
 ## Legacy MFA and SSPR policies
 
 Two other policies, located in **Multifactor authentication** settings and **Password reset** settings, provide a legacy way to manage some authentication methods for all users in the tenant. You can't control who uses an enabled authentication method, or how the method can be used. A [Global Administrator](../roles/permissions-reference.md#global-administrator) is needed to manage these policies. 
@@ -76,7 +73,7 @@ For users who are enabled for **Mobile phone** for SSPR, the independent control
 
 Similarly, let's suppose you enable **Voice calls** for a group. After you enable it, you find that even users who aren't group members can sign-in with a voice call. In this case, it's likely those users are enabled for **Mobile phone** in the legacy SSPR policy or **Call to phone** in the legacy MFA policy.  
 
-## Migration between policies (preview)
+## Migration between policies 
 
 The Authentication methods policy provides a migration path toward unified administration of all authentication methods. All desired methods can be enabled in the Authentication methods policy. Methods in the legacy MFA and SSPR policies can be disabled. Migration has three settings to let you move at your own pace, and avoid problems with sign-in or SSPR during the transition. After migration is complete, you'll centralize control over authentication methods for both sign-in and SSPR in a single place, and the legacy MFA and SSPR policies will be disabled.
 
@@ -107,8 +104,7 @@ Tenants are set to either Pre-migration or Migration in Progress by default, dep
 > In the future, both of these features will be integrated with the Authentication methods policy.
 
 ## Known issues and limitations
-- Some customers may see the control to enable Voice call grayed out due to a licensing requirement, despite having a premium license. This is a known issue that we are actively working to fix.
-- As a part of the public preview we removed the ability to target individual users. Previously targeted users will remain in the policy but we recommend moving them to a targeted group.
+- In recent updates we removed the ability to target individual users. Previously targeted users will remain in the policy but we recommend moving them to a targeted group.
 
 ## Next steps
 

articles/active-directory/authentication/concept-authentication-methods-manage.md

@@ -19,27 +19,13 @@ ms.collection: M365-identity-device-management
 
 Before combined registration, users registered authentication methods for Azure AD Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for multifactor authentication and SSPR but they had to register for both features. Now, with combined registration, users can register once and get the benefits of both multifactor authentication and SSPR. We recommend this video on [How to enable and configure SSPR in Azure AD](https://www.youtube.com/watch?v=rA8TvhNcCvQ)
 
-> [!NOTE]
-> Effective Oct. 1st, 2022, we will begin to enable combined registration for all users in Azure AD tenants created before August 15th, 2020. Tenants created after this date are enabled with combined registration. 
-
-This article outlines what combined security registration is. To get started with combined security registration, see the following article:
-
-> [!div class="nextstepaction"]
-> [Enable combined security registration](howto-registration-mfa-sspr-combined.md)
 
 ![My Account showing registered Security info for a user](media/concept-registration-mfa-sspr-combined/combined-security-info-defaults-registered.png)
 
 Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the [user documentation](https://support.microsoft.com/account-billing/set-up-your-security-info-from-a-sign-in-prompt-28180870-c256-4ebf-8bd7-5335571bf9a8) to prepare your users for the new experience and help to ensure a successful rollout.
 
 Azure AD combined security information registration is available for Azure US Government but not Azure China 21Vianet.
 
-> [!IMPORTANT]
-> Users that are enabled for both the original preview and the enhanced combined registration experience see the new behavior. Users that are enabled for both experiences see only the My Account experience. The *My Account* aligns with the look and feel of combined registration and provides a seamless experience for users. Users can see My Account by going to [https://myaccount.microsoft.com](https://myaccount.microsoft.com).
->
-> You can set **Require users to register when signing in** to **Yes** to require all users to register when signing in, ensuring that all users are protected.
->
-> You might encounter an error message while trying to access the Security info option, such as, "Sorry, we can't sign you in". Confirm that you don't have any configuration or group policy object that blocks third-party cookies on the web browser.
-
 *My Account* pages are localized based on the language settings of the computer accessing the page. Microsoft stores the most recent language used in the browser cache, so subsequent attempts to access the pages continue to render in the last language used. If you clear the cache, the pages re-render.
 
 If you want to force a specific language, you can add `?lng=<language>` to the end of the URL, where `<language>` is the code of the language you want to render.
@@ -131,6 +117,10 @@ Users can access manage mode by going to [https://aka.ms/mysecurityinfo](https:/
 
 ## Key usage scenarios
 
+### Protect Security info registration with Conditional Access
+To secure when and how users register for Azure AD Multi-Factor Authentication and self-service password reset, you can use user actions in Conditional Access policy. This functionality may be enabled in organizations that want users to register for Azure AD Multi-Factor Authentication and SSPR from a central location, such as a trusted network location during HR onboarding. Learn more on how to configure [common Conditional Access policies for securing security info registration.](../conditional-access/howto-conditional-access-policy-registration.md)
+
+
 ### Set up security info during sign-in
 
 An admin has enforced registration.

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -96,7 +96,7 @@ The two-gate policy requires two pieces of authentication data, such as an email
 * A custom domain has been configured for your Azure AD tenant, such as *contoso.com*; or
 * Azure AD Connect is synchronizing identities from your on-premises directory
 
-You can disable the use of SSPR for administrator accounts using the [Set-MsolCompanySettings](/powershell/module/msonline/set-msolcompanysettings) PowerShell cmdlet. The `-SelfServePasswordResetEnabled $False` parameter disables SSPR for administrators. Policy changes to disable or enable SSPR for administrator accounts can take up to 60 minutes to take effect. 
+You can disable the use of SSPR for administrator accounts using the [Update-MgPolicyAuthorizationPolicy](/powershell/module/microsoft.graph.identity.signins/update-mgpolicyauthorizationpolicy) PowerShell cmdlet. The `-AllowedToUseSspr:$true|$false ` parameter enables/disables SSPR for administrators. Policy changes to enable or disable SSPR for administrator accounts can take up to 60 minutes to take effect. 
 
 ### Exceptions
 

articles/active-directory/authentication/concept-sspr-policy.md

@@ -4,7 +4,7 @@ description: Learn how to use system-preferred multifactor authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/20/2023
+ms.date: 03/22/2023
 ms.author: justinha
 author: justinha
 manager: amycolannino
@@ -99,12 +99,13 @@ When a user signs in, the authentication process checks which authentication met
 1. [Temporary Access Pass](howto-authentication-temporary-access-pass.md)
 1. [Certificate-based authentication](concept-certificate-based-authentication.md)
 1. [FIDO2 security key](concept-authentication-passwordless.md#fido2-security-keys)
+1. [Microsoft Authenticator push notifications](concept-authentication-authenticator-app.md)
 1. [Time-based one-time password (TOTP)](concept-authentication-oath-tokens.md)<sup>1</sup>
 1. [Telephony](concept-authentication-phone-options.md)<sup>2</sup>
 
 <sup>1</sup> Includes hardware or software TOTP from Microsoft Authenticator, Authenticator Lite, or third-party applications.
-<sup>2</sup> Includes SMS and voice calls.
 
+<sup>2</sup> Includes SMS and voice calls.
 
 ### How does system-preferred MFA affect AD FS or NPS extension?
 
@@ -113,6 +114,7 @@ System-preferred MFA doesn't affect users who sign in by using Active Directory
 ### What happens for users who aren't specified in the Authentication methods policy but enabled in the legacy MFA tenant-wide policy?
 
 The system-preferred MFA also applies for users who are enabled for MFA in the legacy MFA policy.
+
 :::image type="content" border="true" source="./media/how-to-mfa-number-match/legacy-settings.png" alt-text="Screenshot of legacy MFA settings.":::
 
 ## Next steps

articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md

@@ -7,13 +7,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 03/21/2023
 
 
 ms.author: justinha
 author: justinha
 manager: amycolannino
-ms.reviewer: librown
+ms.reviewer: librown; tilarso
 
 ms.collection: M365-identity-device-management
 ---
@@ -78,7 +78,19 @@ To enable the authentication method for passwordless phone sign-in, complete the
 
 ## User registration 
 
-Users register themselves for the passwordless authentication method of Azure AD. For users who already registered the Microsoft Authenticator app for [multi-factor authentication](./concept-mfa-howitworks.md), skip to the next section, [enable phone sign-in](#enable-phone-sign-in). To register the Microsoft Authenticator app, follow these steps:
+Users register themselves for the passwordless authentication method of Azure AD. For users who already registered the Microsoft Authenticator app for [multi-factor authentication](./concept-mfa-howitworks.md), skip to the next section, [enable phone sign-in](#enable-phone-sign-in). 
+
+### Direct phone Sign-in registration 
+Users can register for passwordless phone sign-in directly within the Microsoft Authenticator app  without the need to first registering Microsoft Authenticator with their account, all while never accruing a password. Here's how:
+1. Acquire a [Temporary Access Pass](../authentication/howto-authentication-temporary-access-pass.md) from your Admin or Organization. 
+2. Download and install the Microsoft Authenticator app on your mobile device. 
+3. Open Microsoft Authenticator and click **Add account** and then choose **Work or school account.**
+4. Choose **Sign in." 
+5. Follow the instructions to sign-in with your account using the Temporary Access Pass provided by your Admin or Organization. 
+6. Once signed-in, continue following the additional steps to set up phone sign-in. 
+
+### Guided registration with My Sign-ins 
+To register the Microsoft Authenticator app, follow these steps:
 
 1. Browse to [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo).
 1. Sign in, then select **Add method** > **Authenticator app** > **Add** to add Microsoft Authenticator.

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -156,11 +156,7 @@ A major step in every multifactor authentication deployment is getting users reg
 
 ### Combined registration for SSPR and Azure AD MFA
 
-> [!NOTE]
-> Starting on August 15th 2020, all new Azure AD tenants will be automatically enabled for combined registration. Tenants created after this date will be unable to utilize the legacy registration workflows.
-> After Sept. 30th, 2022, all existing Azure AD tenants will be automatically enabled for combined registration. 
-
-We recommend that organizations use the [combined registration experience for Azure AD Multi-Factor Authentication and self-service password reset (SSPR)](howto-registration-mfa-sspr-combined.md). SSPR allows users to reset their password in a secure way using the same methods they use for Azure AD Multi-Factor Authentication. Combined registration is a single step for end users. To make sure you understand the functionality and end-user experience, see the [Combined security information registration concepts](concept-registration-mfa-sspr-combined.md).
+[The combined registration experience for Azure AD Multi-Factor Authentication and self-service password reset (SSPR)](howto-registration-mfa-sspr-combined.md) enables users to register for both MFA and SSPR in a unified experience. SSPR allows users to reset their password in a secure way using the same methods they use for Azure AD Multi-Factor Authentication. To make sure you understand the functionality and end-user experience, see the [Combined security information registration concepts](concept-registration-mfa-sspr-combined.md).
 
 It's critical to inform users about upcoming changes, registration requirements, and any necessary user actions. We provide [communication templates](https://aka.ms/mfatemplates) and [user documentation](https://support.microsoft.com/account-billing/set-up-security-info-from-a-sign-in-page-28180870-c256-4ebf-8bd7-5335571bf9a8) to prepare your users for the new experience and help to ensure a successful rollout. Send users to https://myprofile.microsoft.com to register by selecting the **Security Info** link on that page.