Merge pull request #238030 from barclayn/2023-may-freshness

freshness work

Author: American-Dipper

articles/active-directory/enterprise-users/media/users-restrict-guest-permissions/external-collaboration-settings.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: msi
 ms.topic: how-to
 ms.workload: identity
-ms.date: 03/08/2022
+ms.date: 05/10/2023
 ms.author: barclayn
 ms.custom: devx-track-azurecli
 zone_pivot_groups: identity-mi-methods
@@ -57,7 +57,7 @@ To list or read a user-assigned managed identity, your account needs to have eit
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. In the search box, enter **Managed Identities**. Under **Services**, select **Managed Identities**.
 1. A list of the user-assigned managed identities for your subscription is returned. To see the details of a user-assigned managed identity, select its name.
-1. You can now view the details about the managed identity as shown in the image below.
+1. You can now view the details about the managed identity as shown in the image.
 
    :::image type="content" source="media/how-manage-user-assigned-managed-identities/list-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the list of user-assigned managed identity.":::
 
@@ -76,7 +76,7 @@ Deleting a user-assigned identity doesn't remove it from the VM or resource it w
 
 ## Manage access to user-assigned managed identities
 
-In some environments, administrators choose to limit who can manage user-assigned managed identities. You do this by using [built-in](../../role-based-access-control/built-in-roles.md#identity) RBAC roles. You can use these roles to grant a user or group in your organization rights over a user-assigned managed identity.
+In some environments, administrators choose to limit who can manage user-assigned managed identities. Administrators can implement this limitation using [built-in](../../role-based-access-control/built-in-roles.md#identity) RBAC roles. You can use these roles to grant a user or group in your organization rights over a user-assigned managed identity.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. In the search box, enter **Managed Identities**. Under **Services**, select **Managed Identities**.

articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md

@@ -12,7 +12,7 @@ ms.subservice: msi
 ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/18/2022
+ms.date: 05/15/2023
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ---
@@ -36,7 +36,7 @@ If you plan to use the Azure PowerShell examples in this article, be sure to ins
 > - All sample code/script in this article assumes the client is running on a virtual machine with managed identities for Azure resources. Use the virtual machine "Connect" feature in the Azure portal, to remotely connect to your VM. For details on enabling managed identities for Azure resources on a VM, see [Configure managed identities for Azure resources on a VM using the Azure portal](qs-configure-portal-windows-vm.md), or one of the variant articles (using PowerShell, CLI, a template, or an Azure SDK). 
 
 > [!IMPORTANT]
-> - The security boundary of managed identities for Azure resources, is the resource it's being used on. All code/scripts running on a virtual machine can request and retrieve tokens for any managed identities available on it. 
+> - The security boundary of managed identities for Azure resources, is the resource where the identity is used. All code/scripts running on a virtual machine can request and retrieve tokens for any managed identities available on it. 
 
 ## Overview
 
@@ -145,8 +145,10 @@ For .NET applications and functions, the simplest way to work with managed ident
 
 To learn more about Microsoft.Azure.Services.AppAuthentication and the operations it exposes, see the [Microsoft.Azure.Services.AppAuthentication reference](/dotnet/api/overview/azure/service-to-service-authentication) and the [App Service and KeyVault with managed identities for Azure resources .NET sample](https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet).
 
+
 ## Get a token using C#
 
+
 ```csharp
 using System;
 using System.Collections.Generic;
@@ -395,7 +397,7 @@ This section documents the possible error responses. A "200 OK" status is a succ
 
 It's recommended to retry if you receive a 404, 429, or 5xx error code (see [Error handling](#error-handling) above). If you receive a 410 error, it indicates that IMDS is going through updates and will be available in a maximum of 70 seconds.  
 
-Throttling limits apply to the number of calls made to the IMDS endpoint. When the throttling threshold is exceeded, IMDS endpoint limits any further requests while the throttle is in effect. During this period, the IMDS endpoint will return the HTTP status code 429 ("Too many requests"), and the requests fail. 
+Throttling limits apply to the number of calls made to the IMDS endpoint. When the throttling threshold is exceeded, IMDS endpoint limits any further requests while the throttle is in effect. During this period, the IMDS endpoint returns the HTTP status code 429 ("Too many requests"), and the requests fail. 
 
 For retry, we recommend the following strategy: 
 

articles/active-directory/managed-identities-azure-resources/how-to-use-vm-token.md

@@ -4,7 +4,7 @@ description: List of services supporting managed identities
 services: active-directory
 author: barclayn
 ms.author: barclayn
-ms.date: 05/10/2023
+ms.date: 05/25/2023
 ms.topic: conceptual
 ms.service: active-directory
 ms.subservice: msi

articles/active-directory/managed-identities-azure-resources/managed-identities-status.md

@@ -9,7 +9,7 @@ ms.subservice: msi
 ms.topic: quickstart
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 06/24/2022
+ms.date: 05/10/2023
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ms.custom: devx-track-azurepowershell, mode-api
@@ -35,7 +35,7 @@ In this article, using PowerShell, you learn how to perform the following manage
 
 ## System-assigned managed identity
 
-In this section, you'll learn how to enable and disable the system-assigned managed identity using Azure PowerShell.
+In this section, we go over how to enable and disable the system-assigned managed identity using Azure PowerShell.
 
 ### Enable system-assigned managed identity during creation of an Azure VM
 
@@ -151,7 +151,7 @@ To assign a user-assigned identity to a VM, your account needs the [Virtual Mach
 
 To remove a user-assigned identity to a VM, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role assignment.
 
-If your VM has multiple user-assigned managed identities, you can remove all but the last one using the following commands. Be sure to replace the `<RESOURCE GROUP>` and `<VM NAME>` parameter values with your own values. The `<USER ASSIGNED IDENTITY NAME>` is the user-assigned managed identity's name property, which should remain on the VM. This information can be found by querying the `Identity` property of the VM object.  For example, `$vm.Identity`:
+If your VM has multiple user-assigned managed identities, you can remove all but the last one using the following commands. Be sure to replace the `<RESOURCE GROUP>` and `<VM NAME>` parameter values with your own values. The `<USER ASSIGNED IDENTITY NAME>` is the user-assigned managed identity's name property, which should remain on the VM. This information is discoverable using a query to search for the `Identity` property of the VM object.  For example, `$vm.Identity`:
 
 ```azurepowershell-interactive
 $vm = Get-AzVm -ResourceGroupName myResourceGroup -Name myVm

articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md

@@ -6,13 +6,12 @@ documentationcenter: ''
 author: barclayn
 manager: amycolannino
 editor: daveba
-
 ms.service: active-directory
 ms.subservice: msi
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/18/2022
+ms.date: 05/25/2023
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 #Customer intent: As a developer or administrator I want to configure a Windows virtual machine to retrieve a secret from key vault using a managed identity and have a simple way to validate my configuration before using it for development

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad.md

@@ -11,13 +11,12 @@ ms.subservice: msi
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 01/11/2022
+ms.date: 05/25/2023
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ---
 # Tutorial: Use a Windows VM system-assigned managed identity to access Azure SQL
 
-[!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
 This tutorial shows you how to use a system-assigned identity for a Windows virtual machine (VM) to access Azure SQL Database. Managed Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code. You learn how to:
 
@@ -50,20 +49,21 @@ There are two steps to granting your VM access to a database:
 **To [configure Azure AD authentication](/azure/azure-sql/database/authentication-aad-configure):**
 
 1. In the Azure portal, select **SQL servers** from the left-hand navigation.
-2. Click the SQL server to be enabled for Azure AD authentication.
+2. Select the SQL server to be enabled for Azure AD authentication.
 3. In the **Settings** section of the blade, click **Active Directory admin**.
 4. In the command bar, click **Set admin**.
 5. Select an Azure AD user account to be made an administrator of the server, and click **Select.**
 6. In the command bar, click **Save.**
 
+
 ### Create contained user
 
 This section shows how to create a contained user in the database that represents the VM's system assigned identity. For this step, you need [Microsoft SQL Server Management Studio](/sql/ssms/download-sql-server-management-studio-ssms) (SSMS). Before beginning, it may also be helpful to review the following articles for background on Azure AD integration:
 
 - [Universal Authentication with SQL Database and Azure Synapse Analytics (SSMS support for MFA)](/azure/azure-sql/database/authentication-mfa-ssms-overview)
 - [Configure and manage Azure Active Directory authentication with SQL Database or Azure Synapse Analytics](/azure/azure-sql/database/authentication-aad-configure)
 
-SQL DB requires unique Azure AD display names. With this, the Azure AD accounts such as users, groups and Service Principals (applications), and VM names enabled for managed identity must be uniquely defined in Azure AD regarding their display names. SQL DB checks the Azure AD display name during T-SQL creation of such users and if it is not unique, the command fails requesting to provide a unique Azure AD display name for a given account.
+SQL DB requires unique Azure AD display names. With this, the Azure AD accounts such as users, groups and Service Principals (applications), and VM names enabled for managed identity must be uniquely defined in Azure AD regarding their display names. SQL DB checks the Azure AD display name during T-SQL creation of such users and if it isn't unique, the command fails requesting to provide a unique Azure AD display name for a given account.
 
 **To create a contained user:**
 
@@ -75,7 +75,7 @@ SQL DB requires unique Azure AD display names. With this, the Azure AD accounts
 6. In the **Connect to database** field, enter the name of the non-system database you want to configure.
 7. Click **Connect**. Complete the sign-in process.
 8. In the **Object Explorer**, expand the **Databases** folder.
-9. Right-click on a user database and click **New query**.
+9. Right-click on a user database and select **New query**.
 10. In the query window, enter the following line, and click **Execute** in the toolbar:
 
     > [!NOTE]
@@ -89,7 +89,7 @@ SQL DB requires unique Azure AD display names. With this, the Azure AD accounts
 11. Clear the query window, enter the following line, and click **Execute** in the toolbar:
 
     > [!NOTE]
-    > `VMName` in the following command is the name of the VM that you enabled system assigned identity on in the prerequsites section.
+    > `VMName` in the following command is the name of the VM that you enabled system assigned identity on in the prerequisites section.
 
     ```sql
     ALTER ROLE db_datareader ADD MEMBER [VMName]