Merge pull request #213596 from MicrosoftDocs/main

10/04 AM Publish

Author: huypub

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 08/01/2022
+ms.date: 10/04/2022
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference
@@ -15,6 +15,12 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+## September
+
+### New articles
+
+- [Tutorial: Configure the Grit IAM B2B2C solution with Azure Active Directory B2C](partner-grit-iam.md)
+
 ## August 2022
 
 ### New articles

articles/active-directory/authentication/howto-mfa-reporting.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 06/20/2022
+ms.date: 10/04/2022
 
 ms.author: justinha
 author: justinha
@@ -24,7 +24,7 @@ This article shows you how to view the Azure AD sign-ins report in the Azure por
 
 ## View the Azure AD sign-ins report
 
-The sign-ins report provides you with information about the usage of managed applications and user sign-in activities, which includes information about multi-factor authentication (MFA) usage. The MFA data gives you insights into how MFA is working in your organization. It lets you answer questions like the following:
+The sign-ins report provides you with information about the usage of managed applications and user sign-in activities, which includes information about multi-factor authentication (MFA) usage. The MFA data gives you insights into how MFA is working in your organization. It answers questions like:
 
 - Was the sign-in challenged with MFA?
 - How did the user complete MFA?
@@ -59,7 +59,7 @@ This information allows admins to troubleshoot each step in a user’s sign-in,
 - Volume of sign-ins protected by multi-factor authentication 
 - Usage and success rates for each authentication method 
 - Usage of passwordless authentication methods (such as Passwordless Phone Sign-in, FIDO2, and Windows Hello for Business) 
-- How frequently authentication requirements are satisfied by token claims (where users are not interactively prompted to enter a password, enter an SMS OTP, and so on)
+- How frequently authentication requirements are satisfied by token claims (where users aren't interactively prompted to enter a password, enter an SMS OTP, and so on)
 
 While viewing the sign-ins report, select the **Authentication Details** tab: 
 
@@ -71,7 +71,7 @@ While viewing the sign-ins report, select the **Authentication Details** tab:
 >[!IMPORTANT]
 >The **Authentication details** tab can initially show incomplete or inaccurate data, until log information is fully aggregated. Known examples include: 
 >- A **satisfied by claim in the token** message is incorrectly displayed when sign-in events are initially logged. 
->- The **Primary authentication** row is not initially logged. 
+>- The **Primary authentication** row isn't initially logged. 
 
 The following details are shown on the **Authentication Details** window for a sign-in event that show if the MFA request was satisfied or denied:
 
@@ -103,8 +103,8 @@ The following details are shown on the **Authentication Details** window for a s
    * unable to send the mobile app notification to the device
    * unable to send the mobile app notification
    * user declined the authentication
-   * user did not respond to mobile app notification
-   * user does not have any verification methods registered
+   * user didn't respond to mobile app notification
+   * user doesn't have any verification methods registered
    * user entered incorrect code
    * user entered incorrect PIN
    * user hung up the phone call without succeeding the authentication
@@ -117,13 +117,13 @@ The following details are shown on the **Authentication Details** window for a s
 
 First, ensure that you have the [MSOnline V1 PowerShell module](/powershell/azure/active-directory/overview) installed.
 
-Identify users who have registered for MFA using the PowerShell that follows. This set of commands excludes disabled users since these accounts cannot authenticate against Azure AD:
+Identify users who have registered for MFA using the PowerShell that follows. This set of commands excludes disabled users since these accounts can't authenticate against Azure AD:
 
 ```powershell
 Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods -ne $null -and $_.BlockCredential -eq $False} | Select-Object -Property UserPrincipalName
 ```
 
-Identify users who have not registered for MFA using the PowerShell that follows. This set of commands excludes disabled users since these accounts cannot authenticate against Azure AD:
+Identify users who aren't registered for MFA by running the following PowerShell commands. This set of commands excludes disabled users since these accounts can't authenticate against Azure AD:
 
 ```powershell
 Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods.Count -eq 0 -and $_.BlockCredential -eq $False} | Select-Object -Property UserPrincipalName
@@ -143,10 +143,23 @@ The following additional information and reports are available for MFA events, i
 | Report | Location | Description |
 |:--- |:--- |:--- |
 | Blocked User History | Azure AD > Security > MFA > Block/unblock users | Shows the history of requests to block or unblock users. |
-| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA Server through the NPS extension, ADFS, and MFA Server. |
+| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA Server through the NPS extension, AD FS, and MFA Server. |
 | Bypassed User History | Azure AD > Security > MFA > One-time bypass | Provides a history of MFA Server requests to bypass MFA for a user. |
 | Server status | Azure AD > Security > MFA > Server status | Displays the status of MFA Servers associated with your account. |
 
+Cloud MFA sign-in events from an on-premises AD FS adapter or NPS extension won't have all fields in the sign-in logs populated due to limited data returned by the on-premises component. You can identify these events by the resourceID _adfs_ or _radius_ in the event properties. They include:
+- resultSignature
+- appID
+- deviceDetail
+- conditionalAccessStatus
+- authenticationContext
+- isInteractive
+- tokenIssuerName
+- riskDetail, riskLevelAggregated,riskLevelDuringSignIn, riskState,riskEventTypes, riskEventTypes_v2
+- authenticationProtocol
+- incomingTokenType
+
+Organizations that run the latest version of NPS extension or use Azure AD Connect Health will have location IP address in events.
 
 ## Next steps
 

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -8,8 +8,8 @@
   - name: How-to guides
     expanded: true
     items:
-    - name: Trial Playbook - Microsoft Entra Permissions Management
-      href: permissions-management-trial-playbook.md  
+    - name: Trial user guide - Microsoft Entra Permissions Management
+      href: permissions-management-trial-user-guide.md  
     - name: Onboard Permissions Management on the Azure AD tenant
       expanded: true
       items:

articles/active-directory/enterprise-users/licensing-service-plan-reference.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory External Identities"
 description: "New and updated documentation for the Azure Active Directory External Identities."
-ms.date: 08/31/2022
+ms.date: 10/04/2022
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: reference
@@ -15,6 +15,25 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory External Identities documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the External Identities service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## September 2022
+
+### Updated articles
+
+- [Self-service sign-up](self-service-sign-up-overview.md)
+- [Properties of an Azure Active Directory B2B collaboration user](user-properties.md)
+- [Azure Active Directory (Azure AD) identity provider for External Identities](azure-ad-account.md)
+- [Add Google as an identity provider for B2B guest users](google-federation.md)
+- [Email one-time passcode authentication](one-time-passcode.md)
+- [Add B2B collaboration guest users without an invitation link or email](add-user-without-invite.md)
+- [Identity Providers for External Identities](identity-providers.md)
+- [Tutorial: Use PowerShell to bulk invite Azure AD B2B collaboration users](bulk-invite-powershell.md)
+- [B2B collaboration user claims mapping in Azure Active Directory](claims-mapping.md)
+- [Azure Active Directory External Identities: What's new](whats-new-docs.md)
+- [Azure Active Directory B2B collaboration invitation redemption](redemption-experience.md)
+- [Add Azure Active Directory B2B collaboration users in the Azure portal](add-users-administrator.md)
+- [Leave an organization as an external user](leave-the-organization.md)
+- [Grant B2B users in Azure AD access to your on-premises applications](hybrid-cloud-to-on-premises.md)
+
 ## August 2022
 
 ### Updated articles
@@ -44,21 +63,3 @@ Welcome to what's new in Azure Active Directory External Identities documentatio
 - [Overview: Cross-tenant access with Azure AD External Identities](cross-tenant-access-overview.md)
 - [B2B direct connect overview](b2b-direct-connect-overview.md)
 - [Azure Active Directory B2B collaboration invitation redemption](redemption-experience.md)
-
-## June 2022
-
-### Updated articles
-
-- [B2B direct connect overview](b2b-direct-connect-overview.md)
-- [Configure Microsoft cloud settings for B2B collaboration (Preview)](cross-cloud-settings.md)
-- [Overview: Cross-tenant access with Azure AD External Identities](cross-tenant-access-overview.md)
-- [Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.md)
-- [Configure cross-tenant access settings for B2B direct connect](cross-tenant-access-settings-b2b-direct-connect.md)
-- [External Identities in Azure Active Directory](external-identities-overview.md)
-- [Azure Active Directory B2B collaboration FAQs](faq.yml)
-- [External Identities documentation](index.yml)
-- [Leave an organization as an external user](leave-the-organization.md)
-- [B2B collaboration overview](what-is-b2b.md)
-- [Azure Active Directory External Identities: What's new](whats-new-docs.md)
-- [Quickstart: Add a guest user and send an invitation](b2b-quickstart-add-guest-users-portal.md)
-- [Authentication and Conditional Access for External Identities](authentication-conditional-access.md)

articles/active-directory/external-identities/whats-new-docs.md

@@ -3,7 +3,7 @@ title: Center for Internet Security (CIS) Kubernetes benchmark
 description: Learn how AKS applies the CIS Kubernetes benchmark
 services: container-service
 ms.topic: article
-ms.date: 01/18/2022
+ms.date: 10/04/2022
 ---
 
 # Center for Internet Security (CIS) Kubernetes benchmark
@@ -139,7 +139,7 @@ Recommendations can have one of the following statuses:
 |4.2.9|Ensure that the `--event-qps` argument is set to 0 or a level which ensures appropriate event capture|Not Scored|L2|Pass|
 |4.2.10|Ensure that the `--tls-cert-file`and `--tls-private-key-file` arguments are set as appropriate|Scored|L1|Equivalent Control|
 |4.2.11|Ensure that the `--rotate-certificates` argument is not set to false|Scored|L1|Pass|
-|4.2.12|Ensure that the RotateKubeletServerCertificate argument is set to true|Scored|L1|Pass|
+|4.2.12|Ensure that the RotateKubeletServerCertificate argument is set to true|Scored|L1|Fail|
 |4.2.13|Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers|Not Scored|L1|Pass|
 |5|Policies||||
 |5.1|RBAC and Service Accounts||||
@@ -196,4 +196,4 @@ For more information about AKS security, see the following articles:
 [auzre-log-analytics-agent-overview]: ../azure-monitor/platform/log-analytics-agent.md
 [cis-benchmarks]: /compliance/regulatory/offering-CIS-Benchmark
 [cis-benchmark-aks]: https://www.cisecurity.org/benchmark/kubernetes/
-[cis-benchmark-kubernetes]: https://www.cisecurity.org/benchmark/kubernetes/
+[cis-benchmark-kubernetes]: https://www.cisecurity.org/benchmark/kubernetes/

articles/aks/cis-kubernetes.md

@@ -292,7 +292,7 @@ A list of functions that the job host runs. An empty array means run all functio
 
 ## functionTimeout
 
-Indicates the timeout duration for all functions. It follows the timespan string format. 
+Indicates the timeout duration for all function executions. It follows the timespan string format. 
 
 | Plan type | Default (min) | Maximum (min) |
 | -- | -- | -- |

articles/azure-functions/functions-host-json.md

@@ -33,7 +33,6 @@ There are few exceptions to the retirement policy outlined above. Here is a list
 |Language Versions                        |EOL Date         |Retirement Date|
 |-----------------------------------------|-----------------|----------------|
 |Node 12|30 Apr 2022|13 December 2022|
-|PowerShell Core 6| 4 September 2020|30 September 2022|
 |Python 3.6 |23 December 2021|30 September 2022|
 
 ## Language version support timeline

articles/azure-functions/language-support-policy.md

@@ -20,6 +20,12 @@ A function can become large because of many Node.js dependencies. Importing depe
 
 Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response.
 
+## Make sure background tasks complete 
+
+When your function starts any tasks, callbacks, threads, processes, or tasks, they must complete before your function code returns. Because Functions doesn't track these background threads, site shutdown can occur regardless of background thread status, which can cause unintended behavior in your functions.
+
+For example, if a function starts a background task and returns a successful response before the task completes, the Functions runtime considers the execution as having completed successfully, regardless of the result of the background task. If this background task is performing essential work, it may be preempted by site shutdown, leaving that work in an unknown state.
+
 ## Cross function communication
 
 [Durable Functions](durable/durable-functions-overview.md) and [Azure Logic Apps](../logic-apps/logic-apps-overview.md) are built to manage state transitions and communication between multiple functions.

articles/azure-functions/performance-reliability.md

@@ -24,6 +24,20 @@ The following are prerequisites to enable Azure AD authenticated ingestion.
 - You have an "Owner" role to the resource group to grant access using [Azure built-in roles](../../role-based-access-control/built-in-roles.md).
 - Understand the [unsupported scenarios](#unsupported-scenarios).
 
+## Unsupported scenarios
+
+The following SDK's and features are unsupported for use with Azure AD authenticated ingestion.
+
+- [Application Insights Java 2.x SDK](java-2x-agent.md)<br>
+ Azure AD authentication is only available for Application Insights Java Agent >=3.2.0.
+- [ApplicationInsights JavaScript Web SDK](javascript.md).
+- [Application Insights OpenCensus Python SDK](opencensus-python.md) with Python version 3.4 and 3.5.
+
+- [Certificate/secret based Azure AD](../../active-directory/authentication/active-directory-certificate-based-authentication-get-started.md) isn't recommended for production. Use Managed Identities instead.
+- On-by-default Codeless monitoring (for languages) for App Service, VM/Virtual machine scale sets, Azure Functions etc.
+- [Availability tests](availability-overview.md).
+- [Profiler](profiler-overview.md).
+
 ## Configuring and enabling Azure AD based authentication 
 
 1. Create an identity, if you already don't have one, using either managed identity or service principal:
@@ -394,20 +408,6 @@ Below is an example Azure Resource Manager template that you can use to create a
 
 ```
 
-## Unsupported scenarios
-
-The following SDK's and features are unsupported for use with Azure AD authenticated ingestion.
-
-- [Application Insights Java 2.x SDK](java-2x-agent.md)<br>
- Azure AD authentication is only available for Application Insights Java Agent >=3.2.0.
-- [ApplicationInsights JavaScript Web SDK](javascript.md).
-- [Application Insights OpenCensus Python SDK](opencensus-python.md) with Python version 3.4 and 3.5.
-
-- [Certificate/secret based Azure AD](../../active-directory/authentication/active-directory-certificate-based-authentication-get-started.md) isn't recommended for production. Use Managed Identities instead.
-- On-by-default Codeless monitoring (for languages) for App Service, VM/Virtual machine scale sets, Azure Functions etc.
-- [Availability tests](availability-overview.md).
-- [Profiler](profiler-overview.md).
-
 ## Troubleshooting
 
 This section provides distinct troubleshooting scenarios and steps that users can take to resolve any issue before they raise a support ticket.