Merge pull request #182986 from MicrosoftDocs/master

12/15 PM Publish

Author: huypub

.openpublishing.redirection.data-factory.json

@@ -19,6 +19,11 @@
             "source_path_from_root": "/articles/data-factory/continuous-integration-deployment-improvements.md",
             "redirect_url": "/azure/data-factory/continuous-integration-delivery-improvements",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/data-factory/transform-data-using-dotnet-custom-activity.md",
+            "redirect_url": "/azure/data-factory/transform-data-using-custom-activity",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-domain-services/troubleshoot-account-lockout.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 07/06/2020
+ms.date: 12/15/2021
 ms.author: justinha
 
 #Customer intent: As a directory administrator, I want to troubleshoot why user accounts are locked out in an Azure Active Directory Domain Services managed domain.
@@ -82,10 +82,10 @@ AADDomainServicesAccountManagement
 | sort by TimeGenerated asc
 ```
 
-**Note**
-
 You may find on 4776 and 4740 event details of "Source Workstation: " empty. This is because the bad password happened over Network logon via some other devices.
-For Example: If you have RADIUS server, which can forward the auth to AAD DS. To confirm that Enable RDP to DC backend configure netlogon logs.
+
+For example, a RADIUS server can forward the authentication to Azure AD DS. 
+
 
 03/04 19:07:29 [LOGON] [10752] contoso: SamLogon: Transitive Network logon of contoso\Nagappan.Veerappan from  (via LOB11-RADIUS) Entered 
 
@@ -95,14 +95,13 @@ For Example: If you have RADIUS server, which can forward the auth to AAD DS. To
 
 03/04 19:07:35 [LOGON] [10753] contoso: SamLogon: Transitive Network logon of contoso\Nagappan.Veerappan from  (via LOB11-RADIUS) Returns 0xC000006A
 
-Enable RDP to your DCs in NSG to backend to configure diagnostics capture (i.e netlogon).
-[Inbound security rules](alert-nsg.md#inbound-security-rules)
 
-If you have modified the default NSG already, follow these steps:
-[Port 3389 - management using remote desktop](network-considerations.md#port-3389---management-using-remote-desktop)
+Enable RDP to your DCs in NSG to backend to configure diagnostics capture (netlogon). For more information about requirements, see
+[Inbound security rules](alert-nsg.md#inbound-security-rules).
+
+If you have modified the default NSG already, follow [Port 3389 - management using remote desktop](network-considerations.md#port-3389---management-using-remote-desktop).
 
-To enable Netlogon log on any server, follow these steps:
-[Enabling debug logging for the Netlogon service](/troubleshoot/windows-client/windows-security/enable-debug-logging-netlogon-service)
+To enable Netlogon log on any server, follow [Enabling debug logging for the Netlogon service](/troubleshoot/windows-client/windows-security/enable-debug-logging-netlogon-service).
 
 ## Next steps
 

articles/active-directory-domain-services/tutorial-create-instance.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/15/2021
+ms.date: 12/15/2021
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -157,7 +157,7 @@ To authenticate users on the managed domain, Azure AD DS needs password hashes i
 >
 > Synchronized credential information in Azure AD can't be re-used if you later create a managed domain - you must reconfigure the password hash synchronization to store the password hashes again. Previously domain-joined VMs or users won't be able to immediately authenticate - Azure AD needs to generate and store the password hashes in the new managed domain.
 >
-> [Azure AD Connect Cloud Sync is not supported with Azure AD DS][/azure/active-directory/cloud-sync/what-is-cloud-sync#comparison-between-azure-ad-connect-and-cloud-sync]. On-premises users need to be synced using Azure AD Connect in order to be able to access domain-joined VMs. For more information, see [Password hash sync process for Azure AD DS and Azure AD Connect][password-hash-sync-process].
+> [Azure AD Connect Cloud Sync is not supported with Azure AD DS](../active-directory/cloud-sync/what-is-cloud-sync.md#comparison-between-azure-ad-connect-and-cloud-sync). On-premises users need to be synced using Azure AD Connect in order to be able to access domain-joined VMs. For more information, see [Password hash sync process for Azure AD DS and Azure AD Connect][password-hash-sync-process].
 
 The steps to generate and store these password hashes are different for cloud-only user accounts created in Azure AD versus user accounts that are synchronized from your on-premises directory using Azure AD Connect.
 

articles/active-directory/app-proxy/what-is-application-proxy.md

@@ -181,7 +181,7 @@ Up to this point, we've focused on using Application Proxy to publish on-premise
 * **Securely publish REST APIs**. When you have business logic or APIs running on-premises or hosted on virtual machines in the cloud, Application Proxy provides a public endpoint for API access. API endpoint access lets you control authentication and authorization without requiring incoming ports. It provides additional security through Azure AD Premium features such as multi-factor authentication and device-based Conditional Access for desktops, iOS, MAC, and Android devices using Intune. To learn more, see [How to enable native client applications to interact with proxy applications](./application-proxy-configure-native-client-application.md) and [Protect an API by using OAuth 2.0 with Azure Active Directory and API Management](../../api-management/api-management-howto-protect-backend-with-aad.md).
 * **Remote Desktop Services** **(RDS)**. Standard RDS deployments require open inbound connections. However, the [RDS deployment with Application Proxy](./application-proxy-integrate-with-remote-desktop-services.md) has a permanent outbound connection from the server running the connector service. This way, you can offer more applications to end users by publishing on-premises applications through Remote Desktop Services. You can also reduce the attack surface of the deployment with a limited set of two-step verification and Conditional Access controls to RDS.
 * **Publish applications that connect using WebSockets**. Support with [Qlik Sense](./application-proxy-qlik.md) is in Public Preview and will be expanded to other apps in the future.
-* **Enable native client applications to interact with proxy applications**. You can use Azure AD Application Proxy to publish web apps, but it also can be used to publish [native client applications](./application-proxy-configure-native-client-application.md) that are configured with the Azure AD Authentication Library (ADAL). Native client applications differ from web apps because they're installed on a device, while web apps are accessed through a browser.
+* **Enable native client applications to interact with proxy applications**. You can use Azure AD Application Proxy to publish web apps, but it also can be used to publish [native client applications](./application-proxy-configure-native-client-application.md) that are configured with Microsoft Authentication Library (MSAL). Native client applications differ from web apps because they're installed on a device, while web apps are accessed through a browser.
 
 ## Conclusion
 

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/12/2021
+ms.date: 12/15/2021
 
 ms.author: justinha
 author: mjsantani
@@ -78,7 +78,7 @@ To enable a registration campaign in the Azure AD portal, complete the following
 
 ## Enable the registration campaign policy using Graph Explorer
 
-To enable the the registration campaign policy, you must use the Authentication Methods Policy using Graph APIs. **Global administrators** and **Authentication Method Policy administrators** can update the policy. 
+In addition to using the Azure portal, you can also enable the registration campaign policy using Graph Explorer. To enable the the registration campaign policy, you must use the Authentication Methods Policy using Graph APIs. **Global administrators** and **Authentication Method Policy administrators** can update the policy. 
 
 To configure the policy using Graph Explorer: