Merge pull request #179185 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
 ms.date: 10/08/2021
-ms.custom: project-no-code, ignite-fall-2021
+ms.custom: "project-no-code, ignite-fall-2021, b2c-support"
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -29,6 +29,9 @@ Watch this video to learn about Azure AD B2C user migration using Microsoft Grap
 To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-get-started.md) article to create an application registration that your management application can use. 
 
 ## User management
+> [!NOTE]
+> Azure AD B2C currently does not support advanced query capabilities on directory objects. This means that there is no support for `$count`, `$search` query parameters and Not (`not`), Not equals (`ne`), and Ends with (`endsWith`) operators in `$filter` query parameter. For more information, see [query parameters in Microsoft Graph](/graph/query-parameters) and [advanced query capabilities in Microsoft Graph](/graph/aad-advanced-queries).
+
 
 - [List users](/graph/api/user-list)
 - [Create a consumer user](/graph/api/user-post-users)

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

@@ -118,7 +118,7 @@ The following device attributes can be used with the filter for devices conditio
 | mdmAppId | Equals, NotEquals, In, NotIn | A valid MDM application ID | (device.mdmAppId -in [“0000000a-0000-0000-c000-000000000000”] |
 | model | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | Any string | (device.model -notContains “Surface”) |
 | operatingSystem | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | A valid operating system (like Windows, iOS, or Android) | (device.operatingSystem -eq “Windows”) |
-| operatingSystemVersion | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | A valid operating system version (like 6.1 for Windows 7, 6.2 for Windows 8, or 10.0 for Windows 10) | (device.operatingSystemVersion -in [“10.0.18363”, “10.0.19041”, “10.0.19042”]) |
+| operatingSystemVersion | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | A valid operating system version (like 6.1 for Windows 7, 6.2 for Windows 8, or 10.0 for Windows 10 and Windows 11) | (device.operatingSystemVersion -in [“10.0.18363”, “10.0.19041”, “10.0.19042”, “10.0.22000”]) |
 | physicalIds | Contains, NotContains | As an example all Windows Autopilot devices store ZTDId (a unique value assigned to all imported Windows Autopilot devices) in device physicalIds property. | (device.devicePhysicalIDs -contains "[ZTDId]:value") |
 | profileType | Equals, NotEquals | A valid profile type set for a device. Supported values are: RegisteredDevice (default), SecureVM (used for Windows VMs in Azure enabled with Azure AD sign in.), Printer (used for printers), Shared (used for shared devices), IoT (used for IoT devices) | (device.profileType -notIn [“Printer”, “Shared”, “IoT”] |
 | systemLabels | Contains, NotContains | List of labels applied to the device by the system. Some of the supported values are: AzureResource (used for Windows VMs in Azure enabled with Azure AD sign in), M365Managed (used for devices managed using Microsoft Managed Desktop), MultiUser (used for shared devices) | (device.systemLabels -contains "M365Managed") |

articles/active-directory/develop/msal-net-initializing-client-applications.md

@@ -97,7 +97,7 @@ The modifiers you can set on a public client or confidential client application
 
 |Modifier | Description|
 |--------- | --------- |
-|`.WithAuthority()` 7 overrides | Sets the application default authority to an Azure AD authority, with the possibility of choosing the Azure Cloud, the audience, the tenant (tenant ID or domain name), or providing directly the authority URI.|
+|[`.WithAuthority()`](/dotnet/api/microsoft.identity.client.abstractapplicationbuilder-1.withauthority)  | Sets the application default authority to an Azure AD authority, with the possibility of choosing the Azure Cloud, the audience, the tenant (tenant ID or domain name), or providing directly the authority URI.|
 |`.WithAdfsAuthority(string)` | Sets the application default authority to be an ADFS authority.|
 |`.WithB2CAuthority(string)` | Sets the application default authority to be an Azure AD B2C authority.|
 |`.WithClientId(string)` | Overrides the client ID.|

articles/active-directory/enterprise-users/groups-assign-sensitivity-labels.md

@@ -30,7 +30,7 @@ To apply published labels to groups, you must first enable the feature. These st
 1. Open a Windows PowerShell window on your computer. You can open it without elevated privileges.
 1. Run the following commands to prepare to run the cmdlets.
 
-    ```PowerShell
+    ```powershell
     Install-Module AzureADPreview
     Import-Module AzureADPreview
     Connect-AzureAD
@@ -39,8 +39,8 @@ To apply published labels to groups, you must first enable the feature. These st
     In the **Sign in to your account** page, enter your admin account and password to connect you to your service, and select **Sign in**.
 1. Fetch the current group settings for the Azure AD organization.
 
-    ```PowerShell
-    $setting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
+    ```powershell
+    $grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
     $template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
     $setting = $template.CreateDirectorySetting()
     ```
@@ -50,20 +50,26 @@ To apply published labels to groups, you must first enable the feature. These st
 
 1. Next, display the current group settings.
 
-    ```PowerShell
+    ```powershell
     $Setting.Values
     ```
 
-1. Then enable the feature:
+1. Enable the feature:
 
-    ```PowerShell
+    ```powershell
     $Setting["EnableMIPLabels"] = "True"
     ```
+ 
+1. Check the new applied value:
 
-1. Then save the changes and apply the settings:
+    ```powershell
+    $Setting.Values
+    ```
+    
+1. Save the changes and apply the settings:
 
-    ```PowerShell
-    New-AzureADDirectorySetting -DirectorySetting $setting
+    ```powershell
+    Set-AzureADDirectorySetting -Id grpUnifiedSetting.Id -DirectorySetting $setting
     ```
 
 You will also need to synchronize your sensitivity labels to Azure AD. For instructions, see [How to enable sensitivity labels for containers and synchronize labels](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites#how-to-enable-sensitivity-labels-for-containers-and-synchronize-labels).

articles/active-directory/manage-apps/f5-big-ip-forms-advanced.md

@@ -1,5 +1,5 @@
 ---
-title: Azure Active Directory integration with F5 BIG-IP for forms based authentication Single Sign-on 
+title: F5 BIG-IP APM and Azure AD SSO to forms based authentication applications
 description: Learn how to integrate F5's BIG-IP Access Policy Manager (APM) and Azure Active Directory for secure hybrid access to forms-based applications.
 author: gargi-sinha
 ms.service: active-directory
@@ -35,9 +35,13 @@ Instead, a BIG-IP Virtual Edition (VE) deployed between the internet and the int
 
 Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and forms-based SSO, significantly improving the overall security posture of the application, allowing the business to continue operating at pace, without interruption.
 
+User credentials cached by the BIG-IP APM are then available for SSO against other forms based-authentication applications.
+
+## Scenario Architecture
+
 The secure hybrid access solution for this scenario is made up of the following:
 
-**Application**: Backend service to be protected by Azure AD and BIG-IP secure hybrid access. This particular application validates user credentials against an open source, but this could be any directory including Active Directory, LDS, etc.
+**Application**: Backend service to be protected by Azure AD and BIG-IP secure hybrid access. This particular application validates user credentials against Active Directory (AD), but this could be any directory including LDS (AD Lightweight Directory Services), open source, etc.
 
 **Azure AD**: The SAML Identity Provider (IdP), responsible for
 verification of user credentials, Conditional Access (CA), and SSO to the BIG-IP APM.
@@ -51,13 +55,13 @@ performing forms-based SSO to the backend application.
 | Steps | Description|
 |:-------|:----------|
 | 1. | User connects to application's SAML SP endpoint (BIG-IP APM).|
-|2. | APM access policy redirects user to SAML IdP (Azure AD) for pre-authentication.|
-| 3. | SAML IdP authenticates user and applies any enforced CA policies.|
-| 4. | Azure AD redirects user back to SAML SP with issued token and claims. |
-| 5. | APM prompts for application password and stores in cache. |
-| 6. |  BIG-IP request to application receives login form.|
-| 7. | APM scripting responds filling in username and password before submitting form.|
-| 8. | Application payload is served by webserver and sent to the client. Optionally, APM detects successful logon by examining response headers, looking for cookie or redirect URI. |
+| 2. | APM access policy redirects user to SAML IdP (Azure AD) for pre-authentication.|
+| 3. | Azure AD authenticates user and applies any enforced Conditional Access policies.|
+| 4. | User is redirected back to SAML SP with issued token and claims. |
+| 5. | BIG-IP prompts user for application password and stores in cache. |
+| 6. | BIG-IP sends request to application and receives a login form.|
+| 7. | APM scripting auto responds filling in username and password before submitting form.|
+| 8. | Application payload is served by webserver and sent to the client. Optionally, APM detects successful logon by examining response headers, looking for cookie or redirect URI.|
 
 ## Prerequisites
 
@@ -91,11 +95,8 @@ Prior BIG-IP experience is not necessary, but you'll need:
 
 ## Deployment modes
 
-Several methods exist for configuring a BIG-IP for this scenario,
-including several wizard-based options or an advanced configuration.
-
-This tutorial covers the advanced approach, which provides a more
-flexible approach at implementing secure hybrid access by manually creating all BIG-IP configuration objects. You would also use this approach for scenarios not covered by the Guided Configuration.
+Several methods exist for configuring a BIG-IP for this scenario. This tutorial covers the advanced approach, which provides a more
+flexible approach at implementing secure hybrid access by manually creating all BIG-IP configuration objects. You would use this approach for scenarios not covered by the template based Guided Configuration.
 
 >[!NOTE]
 >All example strings or values referenced throughout this article should be replaced with those for your actual environment.
@@ -365,11 +366,11 @@ A virtual server is a BIG-IP data plane object represented by a virtual IP addre
 
 ## Session management
 
-A BIG-IPs session management setting are used to define the conditions under which user sessions are terminated or allowed to continue, limits for users and IP addresses, and error pages. You can create your own policy by heading to **Access Policy** > **Access Profiles** and selecting your application from the list.
+A BIG-IPs session management settings are used to define the conditions under which user sessions are terminated or allowed to continue, limits for users and IP addresses, and error pages. You can create your own policy by heading to **Access Policy** > **Access Profiles** and selecting your application from the list.
 
-With regard to SLO functionality, having defined a Single Log-out URI in Azure AD will ensure an IdP initiated sign-out from the MyApps portal also terminates the session between the client and the BIG-IP APM.
+With regard to SLO functionality, having defined a Single Log-Out URI in Azure AD will ensure an IdP initiated sign-out from the MyApps portal also terminates the session between the client and the BIG-IP APM.
 
-Having imported the application's federation metadata.xml then provides the APM with the Azure AD SAML log-out endpoint for SP initiated sign-outs. But for this to be truly effective, the APM needs to know exactly when a user signs-out.
+Having imported the application's federation metadata.xml then provides the APM with the Azure AD SAML SLO endpoint for SP initiated sign-outs. But for this to be truly effective, the APM needs to know exactly when a user signs-out.
 
 Consider a scenario where a BIG-IP web portal isn't used, the user has no way of instructing the APM to sign out. Even if the user signs-out of the application itself, the BIG-IP is technically oblivious to this, so the application session could easily be reinstated through SSO. For this reason SP initiated sign-out needs careful consideration to ensure sessions are securely terminated when no longer required.
 
@@ -388,16 +389,12 @@ For increased security, organizations using this pattern could also consider blo
 
 ## Next steps
 
-From a browser, connect to the application's external URL or select the application's icon in the MyApps portal. After authenticating to Azure AD, you'll be redirected to the BIG-IP virtual server for the application and prompted for a password.
-
->[!Note]
->The APM pre-fills the username with the UPN from Azure AD.
+From a browser, connect to the application's external URL or select the application's icon in the MyApps portal. After authenticating to Azure AD, you’ll be redirected to the BIG-IP endpoint for the application and prompted for a password. Note how the APM pre-fills the username with the UPN from Azure AD. The username pre-populated by the APM is read only to ensure session consistency between Azure AD and backend application. This field could be hidden from view with additional configuration, if necessary.
 
 ![Sceenshot shows secured sso](./media/f5-big-ip-forms-advanced/secured-sso.png)
 
 Once submitted, the user should be automatically signed into the
-application and the password cached for reuse against any other
-applications published using the FBA SSO access profile.
+application.
 
 ![Sceenshot shows welcome message](./media/f5-big-ip-forms-advanced/welcome-message.png)
 

articles/azure-app-configuration/TOC.yml

@@ -171,7 +171,7 @@
         - name: .NET Framework builder
           href: https://go.microsoft.com/fwlink/?linkid=2074663
         - name: Java Spring provider
-          href: https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/appconfiguration
+          href: https://go.microsoft.com/fwlink/?linkid=2180917
         - name: Azure SDK for .NET
           href: https://go.microsoft.com/fwlink/?linkid=2092056
         - name: Azure SDK for Java
@@ -266,4 +266,4 @@
         - name: Rolling out new features
           href: https://channel9.msdn.com/Shows/Azure-Friday/How-Azure-App-Configuration-helps-developers-roll-out-new-features?ocid=AID747781&wt.mc_id=azfr-c9-scottha&wt.mc_id=CFID0553 
     - name: Provide product feedback
-      href: https://github.com/Azure/AppConfiguration/issues
+      href: https://github.com/Azure/AppConfiguration/issues

articles/azure-sql/azure-sql-iaas-vs-paas-what-is-overview.md

@@ -29,9 +29,6 @@ Learn how each product fits into Microsoft's Azure SQL data platform to match th
 If you're new to Azure SQL, check out the *What is Azure SQL* video from our in-depth [Azure SQL video series](https://channel9.msdn.com/Series/Azure-SQL-for-Beginners?WT.mc_id=azuresql4beg_azuresql-ch9-niner):
 > [!VIDEO https://channel9.msdn.com/Series/Azure-SQL-for-Beginners/What-is-Azure-SQL-3-of-61/player]
 
-> [!TIP]
-> How can we make Azure SQL better? [Take the survey](https://microsoft.qualtrics.com/jfe/form/SV_ePOznHhP4gDKfGu?channel=456).
-
 ## Overview
 
 In today's data-driven world, driving digital transformation increasingly depends on our ability to manage massive amounts of data and harness its potential. But today's data estates are increasingly complex, with data hosted on-premises, in the cloud, or at the edge of the network. Developers who are building intelligent and immersive applications can find themselves constrained by limitations that can ultimately impact their experience. Limitations arising from incompatible platforms, inadequate data security, insufficient resources and price-performance barriers create complexity that can inhibit app modernization and development. 

articles/cognitive-services/Computer-vision/spatial-analysis-container.md

@@ -429,7 +429,7 @@ sudo az group create --name "<resource-group-name>" --location "<your-region>"
 ```
 See [Region Support](https://azure.microsoft.com/global-infrastructure/services/?products=cognitive-services) for available regions.
 ```bash
-sudo az iot hub create --name "<iothub-group-name>" --sku S1 --resource-group "<resource-group-name>"
+sudo az iot hub create --name "<iothub-name>" --sku S1 --resource-group "<resource-group-name>"
 ```
 ```bash
 sudo az iot hub device-identity create --hub-name "<iothub-name>" --device-id "<device-name>" --edge-enabled

articles/cognitive-services/Speech-Service/speech-container-faq.yml

@@ -129,9 +129,7 @@ sections:
           
           If you're training with the latest custom model, we currently don't support that. If you train with an older version, it should be possible to use. We are still working on supporting the latest versions.
           
-          Essentially, the custom containers do not support Halide or ONNX-based acoustic models (which is the default in the custom training portal). This is due to custom models not being encrypted and we don't want to expose ONNX models, however; language models are fine. The customer will need to explicitly select an older non-ONNX model for custom training. Accuracy will not be affected. The model size may be larger (by 100 MB).
-          
-          > Support model > 20190220 (v4.5 Unified)
+          Essentially, the custom containers do not support Halide or ONNX-based acoustic models (which is the default in the custom training portal). This is due to custom models not being encrypted and we don't want to expose ONNX models, however; language models are fine. The model size may be larger (by 100 MB).
           
           **Error 2:**
           

articles/cognitive-services/Translator/reference/v3-0-reference.md

@@ -115,8 +115,6 @@ When you use a multi-service secret key, you must include two authentication hea
 
 Region is required for the multi-service Text API subscription. The region you select is the only region that you can use for text translation when using the multi-service subscription key, and must be the same region you selected when you signed up for your multi-service subscription through the Azure portal.
 
-Available regions are `australiaeast`, `brazilsouth`, `canadacentral`, `centralindia`, `centralus`, `centraluseuap`, `eastasia`, `eastus`, `eastus2`, `francecentral`, `japaneast`, `japanwest`, `koreacentral`, `northcentralus`, `northeurope`, `southcentralus`, `southeastasia`, `uksouth`, `westcentralus`, `westeurope`, `westus`, `westus2`, and `southafricanorth`.
-
 If you pass the secret key in the query string with the parameter `Subscription-Key`, then you must specify the region with query parameter `Subscription-Region`.
 
 ### Authenticating with an access token