Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into azuread-accessreviews-multistagereview

Author: ajburnle

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 1/11/2022
+ms.date: 02/16/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -47,6 +47,8 @@ The following table lists the claim resolvers with information about the languag
 | {Culture:RegionName} | The two letter ISO code for the region. | US |
 | {Culture:RFC5646} | The RFC5646 language code. | en-US |
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver#culture) of the culture claim resolvers.
+
 ## Policy
 
 The following table lists the claim resolvers with information about the policy used in the authorization request:
@@ -58,6 +60,7 @@ The following table lists the claim resolvers with information about the policy
 | {Policy:TenantObjectId} | The tenant object ID of the relying party policy. | 00000000-0000-0000-0000-000000000000 |
 | {Policy:TrustFrameworkTenantId} | The tenant ID of the trust framework. | your-tenant.onmicrosoft.com |
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver#policy) of the policy claim resolvers.
 
 ## Context
 
@@ -73,6 +76,8 @@ The following table lists the contextual claim resolvers of the authorization re
 | {Context:IPAddress} | The user IP address. | 11.111.111.11 |
 | {Context:KMSI} | Indicates whether [Keep me signed in](session-behavior.md?pivots=b2c-custom-policy#enable-keep-me-signed-in-kmsi) checkbox is selected. |  true |
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver#context) of the context claim resolvers.
+
 ## Claims 
 
 This section describes how to get a claim value as a claim resolver.
@@ -100,6 +105,8 @@ The following table lists the claim resolvers with information about the OpenID
 | {OIDC:Scope} |The `scope`  query string parameter. | openid |
 | {OIDC:Username}| The [resource owner password credentials flow](add-ropc-policy.md) user's username.| [email protected]|
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver#openid-connect-relying-party-application) of the OpenID Connect claim resolvers.
+
 ## OAuth2 key-value parameters
 
 Any parameter name included as part of an OIDC or OAuth2 request can be mapped to a claim in the user journey. For example, the request from the application might include a query string parameter with a name of `app_session`, `loyalty_number`, or any custom query string.
@@ -127,6 +134,8 @@ The following table lists the claim resolvers  with information about the SAML a
 | {SAML:Subject} | The `Subject` from the NameId element of the SAML AuthN request.| 
 | {SAML:Binding} | The `ProtocolBinding` attribute value, from the `AuthnRequest` element of the SAML request. | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver#saml-service-provider) of the SAML claim resolvers.
+
 ## OAuth2 identity provider
 
 The following table lists the [OAuth2 identity provider](oauth2-technical-profile.md) claim resolvers:
@@ -157,7 +166,6 @@ To use the OAuth2 identity provider claim resolvers, set the output claim's `Par
 </ClaimsProvider>
 ```
 
-
 ## Using claim resolvers
 
 You can use claims resolvers with the following elements:
@@ -287,3 +295,7 @@ In a [Relying party](relyingparty.md) policy technical profile, you may want to
     </TechnicalProfile>
   </RelyingParty>
 ```
+
+## Next steps
+
+- Find more [claims resolvers samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver) on the Azure AD B2C community GitHub repo

articles/active-directory-b2c/claimsschema.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/05/2020
+ms.date: 02/16/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -238,6 +238,8 @@ The Identity Experience Framework renders the email address claim with email for
 
 Azure AD B2C supports a variety of user input types, such as a textbox, password, and dropdown list that can be used when manually entering claim data for the claim type. You must specify the **UserInputType** when you collect information from the user by using a [self-asserted technical profile](self-asserted-technical-profile.md) and [display controls](display-controls.md).
 
+Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims#user-input-types) of the user input type.
+
 The **UserInputType** element available user input types:
 
 | UserInputType | Supported ClaimType | Description |

articles/active-directory/authentication/active-directory-certificate-based-authentication-android.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 11/21/2019
+ms.date: 02/16/2022
 
 ms.author: justinha
 author: justinha
@@ -24,9 +24,6 @@ Android devices can use certificate-based authentication (CBA) to authenticate t
 
 Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
 
-This topic provides you with the requirements and the supported scenarios for configuring CBA on an Android device for users of tenants in Office 365 Enterprise, Business, Education, US Government, China, and Germany plans.
-
-This feature is available in preview in Office 365 US Government Defense and Federal plans.
 
 ## Microsoft mobile applications support
 

articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 04/17/2020
+ms.date: 02/16/2022
 
 ms.author: justinha
 author: justinha
@@ -23,7 +23,6 @@ To improve security, iOS devices can use certificate-based authentication (CBA)
 
 Using certificates eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
 
-This article details the requirements and the supported scenarios for configuring CBA on an iOS device. CBA for iOS is available across Azure public clouds, Microsoft Government Cloud, Microsoft Cloud Germany, and Microsoft Azure China 21Vianet.
 
 ## Microsoft mobile applications support
 

articles/active-directory/authentication/concept-mfa-data-residency.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/03/2021
+ms.date: 02/16/2021
 
 ms.author: justinha
 author: justinha
@@ -53,7 +53,7 @@ For Azure public clouds, excluding Azure AD B2C authentication, the NPS Extensio
 | Voice call                           | Multifactor authentication logs<br/>Multifactor authentication activity report data store<br/>Blocked users (if fraud was reported) |
 | Microsoft Authenticator notification | Multifactor authentication logs<br/>Multifactor authentication activity report data store<br/>Blocked users (if fraud was reported)<br/>Change requests when the Microsoft Authenticator device token changes |
 
-For Microsoft Azure Government, Microsoft Azure Germany, Microsoft Azure operated by 21Vianet, Azure AD B2C authentication, the NPS extension, and the Windows Server 2016 or 2019 AD FS adapter, the following personal data is stored:
+For Microsoft Azure Government, Microsoft Azure operated by 21Vianet, Azure AD B2C authentication, the NPS extension, and the Windows Server 2016 or 2019 AD FS adapter, the following personal data is stored:
 
 | Event type                           | Data store type |
 |--------------------------------------|-----------------|
@@ -125,7 +125,6 @@ The following table shows the location for service logs for sovereign clouds.
 
 | Sovereign cloud                      | Sign-in logs                         | Multifactor authentication activity report | Multifactor authentication service logs |
 |--------------------------------------|--------------------------------------|--------------------------------------------|-----------------------------------------|
-| Microsoft Azure Germany              | Germany                              | United States                              | United States                           |
 | Azure China 21Vianet                 | China                                | United States                              | United States                           |
 | Microsoft Government Cloud           | United States                        | United States                              | United States                           |
 

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 07/29/2021
+ms.date: 02/16/2022
 
 ms.author: justinha
 author: justinha
@@ -31,7 +31,7 @@ This article outlines what combined security registration is. To get started wit
 
 Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the [user documentation](https://support.microsoft.com/account-billing/set-up-your-security-info-from-a-sign-in-prompt-28180870-c256-4ebf-8bd7-5335571bf9a8) to prepare your users for the new experience and help to ensure a successful rollout.
 
-Azure AD combined security information registration is available for Azure US Government but not Azure Germany or Azure China 21Vianet.
+Azure AD combined security information registration is available for Azure US Government but not Azure China 21Vianet.
 
 > [!IMPORTANT]
 > Users that are enabled for both the original preview and the enhanced combined registration experience see the new behavior. Users that are enabled for both experiences see only the My Account experience. The *My Account* aligns with the look and feel of combined registration and provides a seamless experience for users. Users can see My Account by going to [https://myaccount.microsoft.com](https://myaccount.microsoft.com).

articles/azure-arc/kubernetes/faq.md

@@ -4,15 +4,13 @@ services: azure-arc
 ms.service: azure-arc
 ms.date: 02/15/2022
 ms.topic: conceptual
-author: csand-msft
-ms.author: csand
 description: "This article contains a list of frequently asked questions related to Azure Arc-enabled Kubernetes and Azure GitOps"
-keywords: "Kubernetes, Arc, Azure, containers, configuration, GitOps, Flux, faq"
+keywords: "Kubernetes, Arc, Azure, containers, configuration, GitOps, faq"
 ---
 
-# Frequently Asked Questions - Azure Arc-enabled Kubernetes
+# Frequently Asked Questions - Azure Arc-enabled Kubernetes and GitOps
 
-This article addresses frequently asked questions about Azure Arc-enabled Kubernetes.
+This article addresses frequently asked questions about Azure Arc-enabled Kubernetes and GitOps.
 
 ## What is the difference between Azure Arc-enabled Kubernetes and Azure Kubernetes Service (AKS)?
 
@@ -81,32 +79,6 @@ This feature applies baseline configurations (like network policies, role bindin
 
 The compliance state of each GitOps configuration is reported back to Azure. This lets you keep track of any failed deployments.
 
-## Error installing the microsoft.flux extension (Flux v2)
-
-The `microsoft.flux` extension installs the Flux controllers and Azure GitOps agents into your Azure Arc-enabled Kubernetes or AKS clusters. If you experience an error during installation below are some troubleshooting actions.
-
-* Error message
-
-    ```console
-    {'code':'DeploymentFailed','message':'At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.','details':[{'code':'ExtensionCreationFailed','message':' Request failed to https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.ContainerService/managedclusters/<CLUSTER_NAME>/extensionaddons/flux?api-version=2021-03-01. Error code: BadRequest. Reason: Bad Request'}]}
-    ```
-    
-* For AKS cluster, assure that the subscription has the following feature flag enabled: `Microsoft.ContainerService/AKS-ExtensionManager`.
-
-     ```console
-     az feature register --namespace Microsoft.ContainerService --name AKS-ExtensionManager
-    ```
-    
-* Force delete the extension.
-
-    ```console
-    az k8s-extension delete --force -g <RESOURCE_GROUP> -c <CLUSTER_NAME> -n flux -t <managedClusters OR connectedClusters>
-    ```
-
-* Assure that the cluster does not have any policies that restrict creation of the `flux-system` namespace or resources in that namespace.
-    
-After you have verified the above, you can re-install the extension.
-
 ## Does Azure Arc-enabled Kubernetes store any customer data outside of the cluster's region?
 
 The feature to enable storing customer data in a single region is currently only available in the Southeast Asia Region (Singapore) of the Asia Pacific Geo and Brazil South (Sao Paulo State) Region of Brazil Geo. For all other regions, customer data is stored in Geo. For more information, see [Trust Center](https://azure.microsoft.com/global-infrastructure/data-residency/).

articles/azure-arc/kubernetes/troubleshooting.md

@@ -3,15 +3,15 @@ title: "Troubleshoot common Azure Arc-enabled Kubernetes issues"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
-ms.date: 12/07/2021
+ms.date: 02/15/2022
 ms.topic: article
-description: "Troubleshooting common issues with Azure Arc-enabled Kubernetes clusters."
-keywords: "Kubernetes, Arc, Azure, containers"
+description: "Troubleshooting common issues with Azure Arc-enabled Kubernetes clusters and GitOps."
+keywords: "Kubernetes, Arc, Azure, containers, GitOps, Flux"
 ---
 
-# Azure Arc-enabled Kubernetes troubleshooting
+# Azure Arc-enabled Kubernetes and GitOps troubleshooting
 
-This document provides troubleshooting guides for issues with connectivity, permissions, and agents.
+This document provides troubleshooting guides for issues with Azure Arc-enabled Kubernetes connectivity, permissions, and agents.  It also provides troubleshooting guides for Azure GitOps, which can be used in either Azure Arc-enabled Kubernetes or Azure Kubernetes Service (AKS) clusters.
 
 ## General troubleshooting
 
@@ -216,12 +216,15 @@ metadata:
 
 ### Installing the `microsoft.flux` extension (Flux v2)
 
-If the `microsoft.flux` extension is in a failed state, you can run a script to investigate.  The cluster-type parameter can be set to `connectedClusters` for Arc cluster or `managedClusters` for AKS cluster. The name of the `microsoft.flux` extension will be "flux" if the extension was installed automatically during creation of a `fluxConfigurations` resource. Look in the "statuses" object for information.
+The `microsoft.flux` extension installs the Flux controllers and Azure GitOps agents into your Azure Arc-enabled Kubernetes or Azure Kubernetes Service (AKS) clusters. If the extension is not already installed in a cluster and you create a GitOps configuration resource for that cluster, the extension will be installed automatically.
+
+If you experience an error during installation or if the extension is in a failed state, you can first run a script to investigate.  The cluster-type parameter can be set to `connectedClusters` for an Arc-enabled cluster or `managedClusters` for an AKS cluster. The name of the `microsoft.flux` extension will be "flux" if the extension was installed automatically during creation of a GitOps configuration. Look in the "statuses" object for information.
 
 One example:
 
 ```console
-az k8s-extension show --resource-group RESOURCE_GROUP --cluster-name CLUSTER_NAME --cluster-type connectedClusters -n flux
+az k8s-extension show -g <RESOURCE_GROUP> -c <CLUSTER_NAME> -n flux -t <connectedClusters or managedClusters>
+flux
 
 ...
 "statuses": [
@@ -238,7 +241,7 @@ az k8s-extension show --resource-group RESOURCE_GROUP --cluster-name CLUSTER_NAM
 Another example:
 
 ```console
-az k8s-extension show --resource-group RESOURCE_GROUP --cluster-name CLUSTER_NAME --cluster-type connectedClusters -n flux
+az k8s-extension show -g <RESOURCE_GROUP> -c <CLUSTER_NAME> -n flux -t <connectedClusters or managedClusters>
 
 "statuses": [
     {
@@ -251,19 +254,37 @@ az k8s-extension show --resource-group RESOURCE_GROUP --cluster-name CLUSTER_NAM
   ]
 ```
 
-In both of these cases, delete the `flux-system` namespace and uninstall the Helm release. This should resolve the extension installation issue.
+Another example from the portal:
 
 ```console
-kubectl delete namespaces flux-system -A
-helm uninstall flux -n -flux-system
+{'code':'DeploymentFailed','message':'At least one resource deployment operation failed. Please list 
+deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
+','details':[{'code':'ExtensionCreationFailed', 'message':' Request failed to https://management.azure.com/
+subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.ContainerService/
+managedclusters/<CLUSTER_NAME>/extensionaddons/flux?api-version=2021-03-01. Error code: BadRequest. 
+Reason: Bad Request'}]}
 ```
 
-If that doesn't resolve the issue, you can delete the extension. After deleting the extension, you can either [re-create a flux configuration](./tutorial-use-gitops-flux2.md) which will install the flux extension automatically or you can re-install the flux extension manually.
+For all these cases, possible remediation actions are to force delete the extension, uninstall the Helm release, and delete the `flux-system` namespace from the cluster.
 
 ```console
-az k8s-extension delete --resource-group RESOURCE_GROUP --cluster-name CLUSTER_NAME --cluster-type connectedClusters –name flux
+az k8s-extension delete --force -g <RESOURCE_GROUP> -c <CLUSTER_NAME> -n flux -t <managedClusters OR connectedClusters>
+helm uninstall flux -n flux-system
+kubectl delete namespaces flux-system
 ```
 
+Some other aspects to consider:
+    
+* For AKS cluster, assure that the subscription has the following feature flag enabled: `Microsoft.ContainerService/AKS-ExtensionManager`.
+
+     ```console
+     az feature register --namespace Microsoft.ContainerService --name AKS-ExtensionManager
+    ```
+
+* Assure that the cluster does not have any policies that restrict creation of the `flux-system` namespace or resources in that namespace.
+
+With these actions accomplished you can either [re-create a flux configuration](./tutorial-use-gitops-flux2.md) which will install the flux extension automatically or you can re-install the flux extension manually.
+
 ## Monitoring
 
 Azure Monitor for containers requires its DaemonSet to be run in privileged mode. To successfully set up a Canonical Charmed Kubernetes cluster for monitoring, run the following command:

articles/azure-netapp-files/azure-netapp-files-solution-architectures.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 02/10/2022
+ms.date: 02/16/2022
 ms.author: anfdocs
 ---
 # Solution architectures using Azure NetApp Files
@@ -82,7 +82,6 @@ This section provides references to SAP on Azure solutions.
 ### Generic SAP and SAP Netweaver 
 
 * [Run SAP NetWeaver in Windows on Azure - Azure Architecture Center](/azure/architecture/reference-architectures/sap/sap-netweaver)
-* [SAP applications on Microsoft Azure using Azure NetApp Files](https://www.netapp.com/us/media/tr-4746.pdf)
 * [High availability for SAP NetWeaver on Azure VMs on SUSE Linux Enterprise Server with Azure NetApp Files for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-suse-netapp-files.md)
 * [High availability for SAP NetWeaver on Azure VMs on Red Hat Enterprise Linux with Azure NetApp Files for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-rhel-netapp-files.md)
 * [High availability for SAP NetWeaver on Azure VMs on Windows with Azure NetApp Files (SMB) for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-windows-netapp-files-smb.md)

articles/communication-services/quickstarts/voice-video-calling/includes/video-calling/video-calling-windows.md

@@ -1,3 +1,5 @@
+[!INCLUDE [Public Preview](../../../../includes/public-preview-include-document.md)]
+
 In this quickstart, you'll learn how to start a 1:1 video call using the Azure Communication Services Calling SDK for Windows.
 
 ## Prerequisites