Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into wsown

Author: dlepow

.openpublishing.publish.config.json

@@ -760,7 +760,7 @@
     },
     {
       "path_to_root": "azure-spring-apps-reference-architecture",
-      "url": "https://github.com/Azure/azure-spring-apps-reference-architecture",
+      "url": "https://github.com/Azure/azure-spring-apps-landing-zone-accelerator",
       "branch": "reference-architecture",
       "branch_mapping": {}
     },

.openpublishing.redirection.json

@@ -22440,6 +22440,11 @@
             "source_path": "articles/private-multi-access-edge-compute-mec/metaswitch-fusion-core-overview.md",
             "redirect_URL": "/azure/private-5g-core",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/communications-gateway/rotate-secrets.md",
+            "redirect_URL": "/azure/communications-gateway/whats-new",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -64,3 +64,4 @@ The following video provides an overview of on-premises provisoning.
 - [App provisioning](user-provisioning.md)
 - [Generic SQL connector](on-premises-sql-connector-configure.md)
 - [Tutorial: ECMA Connector Host generic SQL connector](tutorial-ecma-sql-connector.md)
+- [Known issues](known-issues.md)

articles/active-directory/app-provisioning/scim-validator-tutorial.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/13/2022
+ms.date: 03/17/2023
 ms.custom: template-tutorial
 ms.reviewer: arvinh
 ---
@@ -41,7 +41,7 @@ The first step is to select a testing method to validate your SCIM endpoint.
 
 **Use default attributes** - The system provides the default attributes, and you modify them to meet your need.
 
-**Discover schema** - If your end point supports /Schema, this option will allow the tool to discover the supported attributes. We recommend this option as it reduces the overhead of updating your app as you build it out.
+**Discover schema** - If your end point supports /Schema, this option lets the tool discover the supported attributes. We recommend this option as it reduces the overhead of updating your app as you build it out.
 
 **Upload Azure AD Schema** - Upload the schema you've downloaded from your sample app on Azure AD.
 
@@ -75,7 +75,7 @@ Finally, you need to test and validate your endpoint.
 
 ### Use Postman to test endpoints (optional)
 
-In addition to using the SCIM Validator tool, you can also use Postman to validate an endpoint. This example provides a set of tests in Postman that validate CRUD (create, read, update, and delete) operations on users and groups, filtering, updates to group membership, and disabling users.
+In addition to using the SCIM Validator tool, you can also use Postman to validate an endpoint. This example provides a set of tests in Postman. The example validates create, read, update, and delete (CRUD) operations. The operations are validated on users and groups, filtering, updates to group membership, and disabling users.
 
 The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *ControllerConstant.cs* in **AzureADProvisioningSCIMreference** > **ScimReferenceApi** > **Controllers**.
 
@@ -120,10 +120,10 @@ If you created any Azure resources in your testing that are no longer needed, do
 ## Known Issues with Azure AD SCIM Validator
 
 - Soft deletes (disables) aren’t yet supported.
-- The time zone format is randomly generated and will fail for systems that try to validate it.
-- The preferred language format is randomly generated and will fail for systems that try to validate it.
+- The time zone format is randomly generated and fails for systems that try to validate it.
+- The preferred language format is randomly generated and fails for systems that try to validate it.
 - The patch user remove attributes may attempt to remove mandatory/required attributes for certain systems. Such failures should be ignored.
 
 
 ## Next steps
-- [Learn how to add an app that is not in the Azure AD app gallery](../manage-apps/overview-application-gallery.md)
+- [Learn how to add an app that's not in the Azure AD app gallery](../manage-apps/overview-application-gallery.md)

articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/16/2023
+ms.date: 03/17/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -102,7 +102,7 @@ That's it! Your SCIM endpoint is now published, and you can use the Azure App Se
 
 ## Test your SCIM endpoint
 
-Requests to a SCIM endpoint require authorization. The SCIM standard has multiple options for authentication and authorization, including cookies, basic authentication, TLS client authentication, or any of the methods listed in [RFC 7644](https://tools.ietf.org/html/rfc7644#section-2).
+Requests to a SCIM endpoint require authorization. The SCIM standard has multiple options available.  Requests can use cookies, basic authentication, TLS client authentication, or any of the methods listed in [RFC 7644](https://tools.ietf.org/html/rfc7644#section-2).
 
 Be sure to avoid methods that aren't secure, such as username and password, in favor of a more secure method such as OAuth. Azure AD supports long-lived bearer tokens (for gallery and non-gallery applications) and the OAuth authorization grant (for gallery applications).
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/16/2023
+ms.date: 03/17/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---

articles/active-directory/devices/concept-primary-refresh-token.md

@@ -36,7 +36,7 @@ The following Windows components play a key role in requesting and using a PRT:
 A PRT contains claims found in most Azure AD refresh tokens. In addition, there are some device-specific claims included in the PRT. They are as follows:
 
 * **Device ID**: A PRT is issued to a user on a specific device. The device ID claim `deviceID` determines the device the PRT was issued to the user on. This claim is later issued to tokens obtained via the PRT. The device ID claim is used to determine authorization for Conditional Access based on device state or compliance.
-* **Session key**: The session key is an encrypted symmetric key, generated by the Azure AD authentication service, issued as part of the PRT. The session key acts as the proof of possession when a PRT is used to obtain tokens for other applications.
+* **Session key**: The session key is an encrypted symmetric key, generated by the Azure AD authentication service, issued as part of the PRT. The session key acts as the proof of possession when a PRT is used to obtain tokens for other applications. Session key is rolled on  Windows 10 or newer Azure AD joined or Hybrid Azure AD joined devices if it's older than 30 days.
 
 ### Can I see what’s in a PRT?
 
@@ -133,6 +133,9 @@ A PRT can get a multifactor authentication (MFA) claim in specific scenarios. Wh
 
 Windows 10 or newer maintain a partitioned list of PRTs for each credential. So, there’s a PRT for each of Windows Hello for Business, password, or smartcard. This partitioning ensures that MFA claims are isolated based on the credential used, and not mixed up during token requests.
 
+> [!NOTE]
+> When using password to sign into Windows 10 or newer Azure AD joined or Hybrid Azure AD joined device, MFA during WAM interactive sign in may be required after session key associated with PRT is rolled.
+
 ## How is a PRT invalidated?
 
 A PRT is invalidated in the following scenarios:

articles/active-directory/governance/what-is-provisioning.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 08/01/2022
+ms.date: 01/05/2023
 ms.subservice: compliance
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -56,6 +56,8 @@ For more information, see [What is HR driven provisioning?](../app-provisioning/
 
 In Azure AD, the term **[app provisioning](../app-provisioning/user-provisioning.md)** refers to automatically creating copies of user identities in the applications that users need access to, for applications that have their own data store, distinct from Azure AD or Active Directory. In addition to creating user identities, app provisioning includes the maintenance and removal of user identities from those apps, as the user's status or roles change. Common scenarios include provisioning an Azure AD user into applications like [Dropbox](../saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../saas-apps/servicenow-provisioning-tutorial.md), as each of these applications have their own user repository distinct from Azure AD.
 
+Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If your application supports [SCIM](https://aka.ms/scimoverview), or you've built a SCIM gateway to connect to your legacy application, you can use the Azure AD Provisioning agent to [directly connect](https://learn.microsoft.com/azure/active-directory/app-provisioning/on-premises-scim-provisioning) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](https://learn.microsoft.com/azure/active-directory/app-provisioning/on-premises-ldap-connector-configure) user store or a [SQL](https://learn.microsoft.com/azure/active-directory/app-provisioning/on-premises-sql-connector-configure) database, Azure AD can support those as well.
+
 For more information, see [What is app provisioning?](../app-provisioning/user-provisioning.md)
 
 ## Inter-directory provisioning
@@ -76,4 +78,4 @@ For more information, see [What is inter-directory provisioning?](../hybrid/what
 - [What is identity lifecycle management?](what-is-identity-lifecycle-management.md)
 - [What is HR driven provisioning?](../app-provisioning/what-is-hr-driven-provisioning.md)
 - [What is app provisioning?](../app-provisioning/user-provisioning.md)
-- [What is inter-directory provisioning?](../hybrid/what-is-inter-directory-provisioning.md)
+- [What is inter-directory provisioning?](../hybrid/what-is-inter-directory-provisioning.md)

articles/azure-arc/kubernetes/extensions-release.md

@@ -1,6 +1,6 @@
 ---
 title: "Available extensions for Azure Arc-enabled Kubernetes clusters"
-ms.date: 03/02/2023
+ms.date: 03/17/2023
 ms.topic: how-to
 description: "See which extensions are currently available for Azure Arc-enabled Kubernetes clusters and view release notes."
 ---
@@ -110,14 +110,30 @@ For more information, see [Introduction to Kubernetes compute target in AzureML]
 
 ## Flux (GitOps)
 
-- **Supported distributions**: All Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters. Not currently supported for ARM 64.
+- **Supported distributions**: All Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters.
 
 [GitOps on AKS and Azure Arc-enabled Kubernetes](conceptual-gitops-flux2.md) uses [Flux v2](https://fluxcd.io/docs/), a popular open-source tool set, to help manage cluster configuration and application deployment. GitOps is enabled in the cluster as a `Microsoft.KubernetesConfiguration/extensions/microsoft.flux` cluster extension resource.
 
 For more information, see [Tutorial: Deploy applications using GitOps with Flux v2](tutorial-use-gitops-flux2.md).
 
 The currently supported versions of the `microsoft.flux` extension are described below. The most recent version of the Flux v2 extension and the two previous versions (N-2) are supported. We generally recommend that you use the most recent version of the extension.
 
+### 1.7.0 (March 2023)
+
+Flux version: [Release v0.39.0](https://github.com/fluxcd/flux2/releases/tag/v0.39.0)
+
+- source-controller: v0.34.0
+- kustomize-controller: v0.33.0
+- helm-controller: v0.29.0
+- notification-controller: v0.31.0
+- image-automation-controller: v0.29.0
+- image-reflector-controller: v0.24.0
+
+Changes made for this version:
+
+- Upgrades Flux to [v0.39.0](https://github.com/fluxcd/flux2/releases/tag/v0.39.0)
+- Flux extension is now supported on ARM64-based clusters
+
 ### 1.6.4 (February 2023)
 
 Changes made for this version:
@@ -160,22 +176,6 @@ Changes made for this version:
 - Fixes bug where [deleting the extension may fail on AKS with Windows node pool](https://github.com/Azure/AKS/issues/3191)
 - Adds support for sasToken for Azure blob storage at account level as well as container level
 
-### 1.6.0 (September 2022)
-
-Flux version: [Release v0.33.0](https://github.com/fluxcd/flux2/releases/tag/v0.33.0)
-
-- source-controller: v0.28.0
-- kustomize-controller: v0.27.1
-- helm-controller: v0.23.1
-- notification-controller: v0.25.2
-- image-automation-controller: v0.24.2
-- image-reflector-controller: v0.20.1
-
-Changes made for this version:
-
-- Upgrades Flux to [v0.33.0](https://github.com/fluxcd/flux2/releases/tag/v0.33.0)
-- Fixes Helm-related [security issue](https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3)
-
 ## Dapr extension for Azure Kubernetes Service (AKS) and Arc-enabled Kubernetes
 
 [Dapr](https://dapr.io/) is a portable, event-driven runtime that simplifies building resilient, stateless, and stateful applications that run on the cloud and edge and embrace the diversity of languages and developer frameworks. The Dapr extension eliminates the overhead of downloading Dapr tooling and manually installing and managing the runtime on your clusters.

articles/azure-functions/durable/durable-functions-overview.md

@@ -28,7 +28,7 @@ Durable Functions is designed to work with all Azure Functions programming langu
 | Java | Functions 4.0+ | Java 8+ | 4.x bundles |
 
 > [!NOTE]
-> The new programming model for authoring Functions in Python (V2) is currently in preview. Compared to the current model, the new experience is designed to have a more idiomatic and intuitive. To learn more, see Azure Functions Python [developer guide](../functions-reference-python.md?pivots=python-mode-decorators).
+> The new programming model for authoring Functions in Python (V2) is currently in preview. Compared to the current model, the new experience is designed to be more idiomatic and intuitive for Python programmers. To learn more, see Azure Functions Python [developer guide](../functions-reference-python.md?pivots=python-mode-decorators).
 >
 > In the following code snippets, Python (PM2) denotes programming model V2, the new experience.