Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into Patch-Update-defender-for-containers-vulnerability-assessment-azure

Author: AlizaBernstein

.gitattributes

@@ -6,6 +6,9 @@
 *.c text
 *.h text
 
+# Include Markdown in the GitHub language breakdown statistics
+*.md linguist-detectable
+
 # Denote all files that are truly binary and should not be modified.
 *.gif   binary
 *.ico   binary

.openpublishing.redirection.active-directory.json

@@ -1,5 +1,30 @@
 {
   "redirections": [
+    {
+      "source_path_from_root": "/articles/app-service/scenario-secure-app-authentication-app-service-as-user.md",
+      "redirect_url": "/azure/app-service/scenario-secure-app-authentication-app-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/deploy-resource-manager-template.md",
+      "redirect_url": "/azure/app-service/quickstart-arm-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/deploy-complex-application-predictably.md",
+      "redirect_url": "/azure/app-service/quickstart-arm-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/quickstart-html.md",
+      "redirect_url": "/azure/static-web-apps/get-started-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/quickstart-html-uiex.md",
+      "redirect_url": "/azure/static-web-apps/get-started-portal",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/app-service-web/web-sites-restore.md",
       "redirect_url": "/azure/app-service/manage-backup",

.openpublishing.redirection.app-service.json

@@ -1593,6 +1593,12 @@
             "redirect_url": "/azure/frontdoor/how-to-configure-origin",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/frontdoor/front-door-application-security.md",
+            "redirect_url": "/azure/frontdoor/web-application-firewall",
+            "redirect_document_id": false
+        },
+
         {
             "source_path_from_root": "/articles/aks/aks-resource-health.md",
             "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
@@ -6488,6 +6494,11 @@
             "redirect_url": "/azure/automation/change-tracking/manage-inventory-vms",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/automation/create-run-as-account.md",
+            "redirect_url": "/azure/automation/enable-managed-identity-for-automation",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/automation/automation-scope-configurations-change-tracking.md",
             "redirect_url": "/azure/automation/change-tracking/manage-scope-configurations.md",
@@ -13583,6 +13594,16 @@
             "redirect_url": "/azure/notification-hubs/ios-sdk-legacy",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/notification-hubs/availability-zones.md",
+            "redirect_url": "/azure/notification-hubs/notification-hubs-high-availability",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/notification-hubs/cross-region-recovery.md",
+            "redirect_url": "/azure/notification-hubs/notification-hubs-high-availability",
+            "redirect_document_id": false
+        },                
         {
             "source_path_from_root": "/articles/open-datasets/service/how-to-create-dataset-from-open-dataset.md",
             "redirect_url": "/azure/open-datasets/how-to-create-azure-machine-learning-dataset-from-open-dataset",

.openpublishing.redirection.json

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/13/2023
+ms.date: 05/01/2023
 ms.custom: project-no-code
 ms.author: godonnell
 ms.subservice: B2C
@@ -30,14 +30,6 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-customization-prerequisites](../../includes/active-directory-b2c-customization-prerequisites.md)]
 
-### Verify the application's publisher domain
-As of November 2020, new application registrations show up as unverified in the user consent prompt unless [the application's publisher domain is verified](../active-directory/develop/howto-configure-publisher-domain.md) ***and*** the company’s identity has been verified with the Microsoft Partner Network and associated with the application. ([Learn more](../active-directory/develop/publisher-verification-overview.md) about this change.) Note that for Azure AD B2C user flows, the publisher’s domain appears only when using a Microsoft account or other [Azure AD](../active-directory-b2c/identity-provider-azure-ad-single-tenant.md) tenant as the identity provider. To meet these new requirements, do the following:
-
-1. [Verify your company identity using your Microsoft Partner Network (MPN) account](/partner-center/verification-responses). This process verifies information about your company and your company’s primary contact.
-1. Complete the publisher verification process to associate your MPN account with your app registration using one of the following options:
-   - If the app registration for the Microsoft account identity provider is in an Azure AD tenant, [verify your app in the App Registration portal](../active-directory/develop/mark-app-as-publisher-verified.md).
-   - If your app registration for the Microsoft account identity provider is in an Azure AD B2C tenant, [mark your app as publisher verified using Microsoft Graph APIs](../active-directory/develop/troubleshoot-publisher-verification.md#making-microsoft-graph-api-calls) (for example, using Graph Explorer). The UI for setting an app’s verified publisher is currently disabled for Azure AD B2C tenants.
-
 ## Create a Microsoft account application
 
 To enable sign-in for users with a Microsoft account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). If you don't already have a Microsoft account, you can get one at [https://www.live.com/](https://www.live.com/).
@@ -209,4 +201,4 @@ You've now configured your policy so that Azure AD B2C knows how to communicate
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/identity-provider-microsoft-account.md

@@ -46,7 +46,7 @@ The following is an example of a user flow for gathering parental consent:
 
 2. The application processes the JSON token and shows a screen to the minor, notifying them that parental consent is required and requesting the consent of a parent online.
 
-3. Azure AD B2C shows a sign-in journey that the user can sign in to normally and issues a token to the application that is set to include **legalAgeGroupClassification = "minorWithParentalConsent"**. The application collects the email address of the parent and verifies that the parent is an adult. To do so, it uses a trusted source, such as a national ID office, license verification, or credit card proof. If verification is successful, the application prompts the minor to sign in by using the Azure AD B2C user flow. If consent is denied (for example, if **legalAgeGroupClassification = "minorWithoutParentalConsent"**), Azure AD B2C returns a JSON token (not a login) to the application to restart the consent process. It is optionally possible to customize the user flow so that a minor or an adult can regain access to a minor's account by sending a registration code to the minor's email address or the adult's email address on record.
+3. Azure AD B2C shows a sign-in journey that the user can sign in to normally and issues a token to the application that is set to include **legalAgeGroupClassification = "minorWithParentalConsent"**. The application collects the email address of the parent and verifies that the parent is an adult. To do so, it uses a trusted source, such as a national/regional ID office, license verification, or credit card proof. If verification is successful, the application prompts the minor to sign in by using the Azure AD B2C user flow. If consent is denied (for example, if **legalAgeGroupClassification = "minorWithoutParentalConsent"**), Azure AD B2C returns a JSON token (not a login) to the application to restart the consent process. It is optionally possible to customize the user flow so that a minor or an adult can regain access to a minor's account by sending a registration code to the minor's email address or the adult's email address on record.
 
 4. The application offers an option to the minor to revoke consent.
 

articles/active-directory-b2c/manage-user-access.md

@@ -1,113 +1,118 @@
 ---
-title: Configure Azure Active Directory B2C with Akamai Web Application Firewall
+title: Configure Azure Active Directory B2C with Akamai Web Application Protector
 titleSuffix: Azure AD B2C
-description: Configure Akamai Web application firewall with Azure AD B2C
+description: Configure Akamai Web Application Protector with Azure AD B2C
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.reviewer: kengaderdus
-
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/03/2022
+ms.date: 05/04/2023
 ms.author: gasinh
 ms.subservice: B2C
 ---
 
-# Configure Akamai with Azure Active Directory B2C
-
-In this sample article, learn how to enable [Akamai Web Application Firewall (WAF)](https://www.akamai.com/us/en/resources/web-application-firewall.jsp) solution for Azure Active Directory B2C (Azure AD B2C) tenant using custom domains. Akamai WAF helps organization protect their web applications from malicious attacks that aim to exploit vulnerabilities such as SQL injection and Cross site scripting.
+# Configure Azure Active Directory B2C with Akamai Web Application Protector
 
->[!NOTE]
->This feature is in public preview.
+Learn to enable Akamai Web Application Protector (WAP) for Azure Active Directory B2C (Azure AD B2C) tenant using custom domains. Akamai WAP helps organization protect their web applications from malicious attacks that aim to exploit vulnerabilities such as SQL injection and Cross site scripting.
 
-Benefits of using Akamai WAF solution:
+Learn more on akamai.com: [What Is a Web Application Firewall (WAF)?](https://www.akamai.com/glossary/what-is-a-waf)
 
-- An edge platform that allows traffic management to your services.
+Benefits of using WAF:
 
-- Can be configured in front of your Azure AD B2C tenant.
+* Control traffic management to your services
+* Configure in front of an Azure AD B2C tenant
+* Manipulate traffic to protect and secure your identity infrastructure
 
-- Allows fine grained manipulation of traffic to protect and secure your identity infrastructure.
+This article applies to:
 
-This article applies to both [Web Application Protector (WAP)](https://www.akamai.com/us/en/products/security/web-application-protector-enterprise-waf-firewall-ddos-protection.jsp) and [Kona Site Defender (KSD)](https://www.akamai.com/us/en/products/security/kona-site-defender.jsp) WAF solutions that Akamai offers.
+WAP: [Web Application Protector](https://www.akamai.com/products/web-application-protector)
+KSD: [Kona Site Defender](https://www.akamai.com/us/en/products/security/kona-site-defender.jsp) 
 
 ## Prerequisites
 
-To get started, you'll need:
-
-- An Azure subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-
-- [An Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
-
-- An [Akamai WAF](https://www.akamai.com/us/en/akamai-free-trials.jsp) account.
+* An Azure subscription
+  * If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/)
+* An Azure AD B2C tenant linked to your Azure subscription
+  * See, [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md) 
+* An Akamai WAP account
+  * Go to akamai.com for [Explore all Akamai products and trials](https://www.akamai.com/us/en/akamai-free-trials.jsp)
 
 ## Scenario description
 
-Akamai WAF integration includes the following components:
+Akamai WAP integration includes the following components:
 
-- **Azure AD B2C Tenant** – The authorization server, responsible for verifying the user’s credentials using the custom policies defined in the tenant.  It's also known as the identity provider.
-
-- [**Azure Front Door**](../frontdoor/front-door-overview.md) – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Akamai WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
-
-- [**Akamai WAF**](https://www.akamai.com/us/en/resources/waf.jsp) – The web application firewall, which manages all traffic that is sent to the authorization server.
+* **Azure AD B2C** – the authorization server that verifies user credentials with custom policies in the tenant. Also known as the identity provider (IdP).
+* **Azure Front Door** – enables custom domains for the Azure B2C tenant
+  * Traffic from Akamai WAP routs to Azure Front Door then goes to the Azure AD B2C tenant
+  * [What is Azure Front Door?](../frontdoor/front-door-overview.md) 
+* **Akamai WAP** – The web application firewall that manages traffic sent to the authorization server
+  * See, [Web Application Protector](https://www.akamai.com/us/en/resources/waf.jsp)
 
 ## Integrate with Azure AD B2C
 
-1. To use custom domains in Azure AD B2C, it's required to use custom domain feature provided by Azure Front Door. Learn how to [enable Azure AD B2C custom domains](./custom-domain.md?pivots=b2c-user-flow).  
+For custom domains in Azure AD B2C, use the custom domain feature in Azure Front Door. 
 
-1. After custom domain for Azure AD B2C is successfully configured using Azure Front Door, [test the custom domain](./custom-domain.md?pivots=b2c-custom-policy#test-your-custom-domain) before proceeding further.  
+See, [Enable custom domains for Azure AD B2C](./custom-domain.md?pivots=b2c-user-flow).  
 
-## Onboard with Akamai
+When the custom domain for Azure AD B2C is configured using Azure Front Door, use the following instructions to test the custom domain.
 
-[Sign-up](https://www.akamai.com) and create an Akamai account.
+See, [Test your custom domain](./custom-domain.md?pivots=b2c-custom-policy#test-your-custom-domain), then proceed to the next section.  
 
-### Create and configure property
+## Create an Akamai account
 
-1. [Create a new property](https://control.akamai.com/wh/CUSTOMER/AKAMAI/en-US/WEBHELP/property-manager/property-manager-help/GUID-14BB87F2-282F-4C4A-8043-B422344884E6.html).
+1. Go to [akamai.com](https://www.akamai.com).
+2. Select **Learn more**.
+3. On the **Cloud Computing Services** page, select **Create account**.
 
-1. Configure the property settings as:
+### Create and configure a property
 
-    | Property | Value |
-    |:---------------|:---------------|
-    |Property version | Select Standard or Enhanced TLS (preferred) |
-    |Property hostnames | Add a property hostname. This is the name of your custom domain, for example, `login.domain.com`. <BR> Create or modify a certificate with the appropriate settings for the custom domain name. Learn more about [creating a certificate](https://learn.akamai.com/en-us/webhelp/property-manager/https-delivery-with-property-manager/GUID-9EE0EB6A-E62B-4F5F-9340-60CBD093A429.html). |
+A property is a configuration file that tells our edge servers how to handle and respond to incoming requests from your end users. Properties are created and maintained in Property Manager.
 
-1. Set the origin server property configuration settings as:
+To learn more, go to techdocs.akamai.com for [What is a Property?](https://techdocs.akamai.com/start/docs/prop)
 
-    |Property| Value |
-    |:-----------|:-----------|
-    | Origin type | Your origin |
-    | Origin server hostname | yourafddomain.azurefd.net |
-    | Forward host header | Incoming Host Header |
-    | Cache key hostname| Incoming Host Header |
+1. Go to control.akamai.com to sign in: [Akamai Control Center sign in page](https://control.akamai.com/wh/CUSTOMER/AKAMAI/en-US/WEBHELP/property-manager/property-manager-help/GUID-14BB87F2-282F-4C4A-8043-B422344884E6.html).
+2. Go to Property Manager.
+3. For **Property version**, select **Standard** or **Enhanced TLS** (recommended).
+4. For **Property hostnames**, add a property hostname, your custom domain. For example, `login.domain.com`. 
 
-### Configure DNS
+  > [!IMPORTANT]
+  > Create or modify certificates with correct custom domain name settings. </br> Go to techdocs.akamai.com for [Configure HTTPS hostnames](https://learn.akamai.com/en-us/webhelp/property-manager/https-delivery-with-property-manager/GUID-9EE0EB6A-E62B-4F5F-9340-60CBD093A429.html). 
 
-Create a CNAME record in your DNS such as `login.domain.com` that points to the Edge hostname in the Property hostname field.
+#### Origin server property configuration settings
 
-### Configure Akamai WAF
+Use the following settings for origin server.
 
-1. [Configure Akamai WAF](https://learn.akamai.com/en-us/webhelp/kona-site-defender/kona-site-defender-quick-start/GUID-6294B96C-AE8B-4D99-8F43-11B886E6C39A.html#GUID-6294B96C-AE8B-4D99-8F43-11B886E6C39A).
+1. For **Origin type**, enter your type.
+2. For **Origin server hostname** enter your hostname. For example, `yourafddomain.azurefd.net`
+3. For **Forward host header**, use **Incoming Host Header**.
+4. For **Cache key hostname** use **Incoming Host Header**.
+
+### Configure DNS
 
-1. Ensure that **Rule Actions** for all items listed under the **Attack Group** are set to **Deny**.
+Create a Canonical Name (CNAME) record in your DNS, such as `login.domain.com`, which points to the Edge hostname in the **Property hostname** field.
 
-    ![Image shows rule action set to deny](./media/partner-akamai/rule-action-deny.png)
+### Configure Akamai WAP
 
-Learn more about [how the control works and configuration options](https://control.akamai.com/dl/security/GUID-81C0214B-602A-4663-839D-68BCBFF41292.html).
+1. To get started with WAP configuration, go to techdocs.akamai.com for [App & API Protector](https://techdocs.akamai.com/cloud-security/docs/app-api-protector).
+2. During configuration, for items in **Attack Group**, under **Rule Actions**, select **Deny**.
 
-<!-- docutune:ignore "Security Center" -->
+    ![Screenshot of denied attack groups, in the Rule Action column.](./media/partner-akamai/rule-action-deny.png)
 
 ### Test the settings
 
-Check the following to ensure all traffic to Azure AD B2C is going through the custom domain:
+To ensure traffic to Azure AD B2C goes through the custom domain:
 
-- Make sure all incoming requests to Azure AD B2C custom domain are routed via Akamai WAF and using valid TLS connection.
-- Ensure all cookies are set correctly by Azure AD B2C for the custom domain.
-- The Akamai WAF dashboard available under Defender for Cloud console display charts for all traffic that pass through the WAF along with any attack traffic.
+* Confirm WAP routes incoming requests to the Azure AD B2C custom domain
+  * Ensure a valid TLS connection
+* Ensure Azure AD B2C sets cookies correctly for the custom domain
+* The WAP dashboard in Defender for Cloud console has WAP traffic charts
+  * Attack traffic also appears
 
 ## Next steps
 
-- [Configure a custom domain in Azure AD B2C](./custom-domain.md?pivots=b2c-user-flow)
+* [Enable custom domains for Azure Active Directory B2C](./custom-domain.md?pivots=b2c-user-flow)
+* [Tutorial: Create user flows and custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy&tabs=applications)
 
-- [Get started with custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy&tabs=applications)