Merge pull request #235442 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory-b2c/enable-authentication-web-application.md

@@ -260,7 +260,7 @@ Azure AD B2C identity provider settings are stored in the *appsettings.json* fil
   "Instance": "https://<your-tenant-name>.b2clogin.com",
   "ClientId": "<web-app-application-id>",
   "Domain": "<your-b2c-domain>",
-  "SignedOutCallbackPath": "/signout/<your-sign-up-in-policy>",
+  "SignedOutCallbackPath": "/signout-oidc
   "SignUpSignInPolicyId": "<your-sign-up-in-policy>"
 }
 ```

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -167,7 +167,7 @@ For user flows, these extension properties are [managed by using the Azure porta
 Use the [Get organization details](/graph/api/organization-get) API to get your directory size quota. You need to add the `$select` query parameter as shown in the following HTTP request:
 
 ```http
-    GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
+GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
 ``` 
 Replace `organization-id` with your organization or tenant ID. 
 

articles/active-directory-b2c/user-profile-attributes.md

@@ -189,7 +189,7 @@ Extension attributes in the Graph API are named by using the convention `extensi
 Note that the **Application (client) ID** as it's represented in the extension attribute name includes no hyphens. For example:
 
 ```json
-    "extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
+"extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
 ```
 
 The following data types are supported when defining an attribute in a schema extension:

articles/active-directory/develop/configure-token-lifetimes.md

@@ -29,7 +29,7 @@ To get started, download the latest [Microsoft Graph PowerShell SDK](/powershell
 In the following steps, you'll create a policy that requires users to authenticate less frequently in your web app. This policy sets the lifetime of the access/ID tokens for your web app.
 
 ```powershell
-Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration"
+Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration","Policy.Read.All","Application.ReadWrite.All"
 
 # Create a token lifetime policy
 $params = @{
@@ -76,4 +76,4 @@ GET https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/4d2f137b-e8a
 ```
 
 ## Next steps
-Learn about [authentication session management capabilities](../conditional-access/howto-conditional-access-session-lifetime.md) in Azure AD Conditional Access.
+Learn about [authentication session management capabilities](../conditional-access/howto-conditional-access-session-lifetime.md) in Azure AD Conditional Access.

articles/active-directory/devices/device-management-azure-portal.md

@@ -90,13 +90,13 @@ If a device is managed by another management authority, like Microsoft Intune, b
 
 You can use a device ID to verify the device ID details on the device or to troubleshoot via PowerShell. To access the copy option, select the device.
 
-![Screenshot that shows a device ID and the copy button.](./media/device-management-azure-portal/35.png)
+![Screenshot that shows a device ID and the copy button.](./media/device-management-azure-portal/device-details.png)
 
 ## View or copy BitLocker keys
 
 You can view and copy BitLocker keys to allow users to recover encrypted drives. These keys are available only for Windows devices that are encrypted and store their keys in Azure AD. You can find these keys when you view a device's details by selecting **Show Recovery Key**. Selecting **Show Recovery Key** will generate an audit log, which you can find in the `KeyManagement` category.
 
-![Screenshot that shows how to view BitLocker keys.](./media/device-management-azure-portal/device-details-show-bitlocker-key.png)
+![Screenshot that shows how to view BitLocker keys.](./media/device-management-azure-portal/show-bitlocker-key.png)
 
 To view or copy BitLocker keys, you need to be the owner of the device or have one of these roles:
 
@@ -115,7 +115,7 @@ In this preview, you have the ability to infinitely scroll, reorder columns, and
 - Compliant state
 - Join type (Azure AD joined, Hybrid Azure AD joined, Azure AD registered)
 - Activity timestamp
-- OS
+- OS Type and Version
 - Device type (printer, secure VM, shared device, registered device)
 - MDM
 - Autopilot

articles/active-directory/devices/media/device-management-azure-portal/35.png

@@ -65,7 +65,9 @@ All users in your tenant must register for multifactor authentication (MFA) in t
 Administrators have increased access to your environment. Because of the power these highly privileged accounts have, you should treat them with special care. One common method to improve the protection of privileged accounts is to require a stronger form of account verification for sign-in. In Azure AD, you can get a stronger account verification by requiring multifactor authentication. 
 
 > [!TIP]
-> We recommend having separate accounts for administration and standard productivity tasks to significantly reduce the number of times your admins are prompted for MFA.
+> Recommendations for your admins:
+> - Ensure all your admins sign in after enabling security defaults so that they can register for authentication methods.
+> - Have separate accounts for administration and standard productivity tasks to significantly reduce the number of times your admins are prompted for MFA.
 
 After registration with Azure AD Multifactor Authentication is finished, the following Azure AD administrator roles will be required to do extra authentication every time they sign in: