MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
Lines changed: 20 additions & 14 deletions b/‎articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
Lines changed: 20 additions & 14 deletions
diff --git a/‎articles/active-directory/authentication/media/concept-registration-mfa-sspr-combined/other-method.png
35.6 KB b/‎articles/active-directory/authentication/media/concept-registration-mfa-sspr-combined/other-method.png
35.6 KB
diff --git a/‎articles/aks/image-cleaner.md
Lines changed: 6 additions & 3 deletions b/‎articles/aks/image-cleaner.md
Lines changed: 6 additions & 3 deletions
diff --git a/‎articles/api-management/powershell-create-service-instance.md
Lines changed: 23 additions & 13 deletions b/‎articles/api-management/powershell-create-service-instance.md
Lines changed: 23 additions & 13 deletions
diff --git a/‎articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png
-119 KB b/‎articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png
-119 KB
diff --git a/‎articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-remotely.png
-117 KB b/‎articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-remotely.png
-117 KB
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/17/2022
+ms.date: 09/23/2022
 
 ms.author: justinha
 author: justinha
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Combined security information registration for Azure Active Directory overview
 
-Before combined registration, users registered authentication methods for Azure AD Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for Multi-Factor Authentication and SSPR but they had to register for both features. Now, with combined registration, users can register once and get the benefits of both Multi-Factor Authentication and SSPR. We recommend this video on [How to enable and configure SSPR in Azure AD](https://www.youtube.com/watch?v=rA8TvhNcCvQ)
+Before combined registration, users registered authentication methods for Azure AD Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for multifactor authentication and SSPR but they had to register for both features. Now, with combined registration, users can register once and get the benefits of both multifactor authentication and SSPR. We recommend this video on [How to enable and configure SSPR in Azure AD](https://www.youtube.com/watch?v=rA8TvhNcCvQ)
 
 > [!NOTE]
 > Starting on August 15th 2020, all new Azure AD tenants will be automatically enabled for combined registration. 
@@ -50,7 +50,7 @@ If you want to force a specific language, you can add `?lng=<language>` to the e
 
 ## Methods available in combined registration
 
-Combined registration supports the following authentication methods and actions:
+Combined registration supports the authentication methods and actions in the following table.
 
 | Method | Register | Change | Delete |
 | --- | --- | --- | --- |
@@ -66,9 +66,9 @@ Combined registration supports the following authentication methods and actions:
 | FIDO2 security keys<br />*Managed mode only from the [Security info](https://mysignins.microsoft.com/security-info) page*| Yes | Yes | Yes |
 
 > [!NOTE]
-> App passwords are available only to users who have been enforced for Multi-Factor Authentication. App passwords are not available to users who are enabled for Multi-Factor Authentication via a Conditional Access policy.
+> App passwords are available only to users who have been enforced for Azure AD Multi-Factor Authentication. App passwords are not available to users who are enabled for Azure AD Multi-Factor Authentication by a Conditional Access policy.
 
-Users can set one of the following options as the default Multi-Factor Authentication method:
+Users can set one of the following options as the default multifactor authentication method. 
 
 - Microsoft Authenticator – push notification or passwordless
 - Authenticator app or hardware token – code
@@ -87,23 +87,23 @@ There are two modes of combined registration: interrupt and manage.
 - **Interrupt mode** is a wizard-like experience, presented to users when they register or refresh their security info at sign-in.
 - **Manage mode** is part of the user profile and allows users to manage their security info.
 
-For both modes, users who have previously registered a method that can be used for Multi-Factor Authentication need to perform Multi-Factor Authentication before they can access their security info. Users must confirm their information before continuing to use their previously registered methods. 
+For both modes, users who have previously registered a method that can be used for Azure AD Multi-Factor Authentication need to perform multifactor authentication before they can access their security info. Users must confirm their information before continuing to use their previously registered methods. 
 
 
 
 ### Interrupt mode
 
-Combined registration adheres to both Multi-Factor Authentication and SSPR policies, if both are enabled for your tenant. These policies control whether a user is interrupted for registration during sign-in and which methods are available for registration. If only an SSPR policy is enabled, then users will be able to skip the registration interruption and complete it at a later time.
+Combined registration adheres to both multifactor authentication and SSPR policies, if both are enabled for your tenant. These policies control whether a user is interrupted for registration during sign-in and which methods are available for registration. If only an SSPR policy is enabled, then users will be able to skip the registration interruption and complete it at a later time.
 
 The following are sample scenarios where users might be prompted to register or refresh their security info:
 
-- *Multi-Factor Authentication registration enforced through Identity Protection:* Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
-- *Multi-Factor Authentication registration enforced through per-user Multi-Factor Authentication:* Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
-- *Multi-Factor Authentication registration enforced through Conditional Access or other policies:* Users are asked to register when they use a resource that requires Multi-Factor Authentication. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
+- *Multifactor Authentication registration enforced through Identity Protection:* Users are asked to register during sign-in. They register multifactor authentication methods and SSPR methods (if the user is enabled for SSPR).
+- *Multifactor Authentication registration enforced through per-user multifactor authentication:* Users are asked to register during sign-in. They register multifactor authentication methods and SSPR methods (if the user is enabled for SSPR).
+- *Multifactor Authentication registration enforced through Conditional Access or other policies:* Users are asked to register when they use a resource that requires multifactor authentication. They register multifactor authentication methods and SSPR methods (if the user is enabled for SSPR).
 - *SSPR registration enforced:* Users are asked to register during sign-in. They register only SSPR methods.
 - *SSPR refresh enforced:* Users are required to review their security info at an interval set by the admin. Users are shown their info and can confirm the current info or make changes if needed.
 
-When registration is enforced, users are shown the minimum number of methods needed to be compliant with both Multi-Factor Authentication and SSPR policies, from most to least secure. Users going through combined registration where both MFA and SSPR registration is enforced and the SSPR policy requires two methods will first be required to register an MFA method as the first method and can select another MFA or SSPR specific method as the second registered method (e.g. email, security questions etc.)
+When registration is enforced, users are shown the minimum number of methods needed to be compliant with both multifactor authentication and SSPR policies, from most to least secure. Users going through combined registration where both MFA and SSPR registration is enforced and the SSPR policy requires two methods will first be required to register an MFA method as the first method and can select another MFA or SSPR specific method as the second registered method (e.g. email, security questions etc.)
 
 Consider the following example scenario:
 
@@ -116,7 +116,7 @@ The following flowchart describes which methods are shown to a user when interru
 
 ![Combined security info flowchart](media/concept-registration-mfa-sspr-combined/combined-security-info-flow-chart.png)
 
-If you have both Multi-Factor Authentication and SSPR enabled, we recommend that you enforce Multi-Factor Authentication registration.
+If you have both multifactor authentication and SSPR enabled, we recommend that you enforce multifactor authentication registration.
 
 If the SSPR policy requires users to review their security info at regular intervals, users are interrupted during sign-in and shown all their registered methods. They can confirm the current info if it's up to date, or they can make changes if they need to. Users must perform multi-factor authentication when accessing this page.
 
@@ -130,21 +130,27 @@ Users can access manage mode by going to [https://aka.ms/mysecurityinfo](https:/
 
 An admin has enforced registration.
 
-A user has not set up all required security info and goes to the Azure portal. After the user enters the user name and password, the user is prompted to set up security info. The user then follows the steps shown in the wizard to set up the required security info. If your settings allow it, the user can choose to set up methods other than those shown by default. After users complete the wizard, they review the methods they set up and their default method for Multi-Factor Authentication. To complete the setup process, the user confirms the info and continues to the Azure portal.
+A user has not set up all required security info and goes to the Azure portal. After the user enters the user name and password, the user is prompted to set up security info. The user then follows the steps shown in the wizard to set up the required security info. If your settings allow it, the user can choose to set up methods other than those shown by default. After users complete the wizard, they review the methods they set up and their default method for multifactor authentication. To complete the setup process, the user confirms the info and continues to the Azure portal.
 
 ### Set up security info from My Account
 
 An admin has not enforced registration.
 
 A user who hasn't yet set up all required security info goes to [https://myaccount.microsoft.com](https://myaccount.microsoft.com). The user selects **Security info** in the left pane. From there, the user chooses to add a method, selects any of the methods available, and follows the steps to set up that method. When finished, the user sees the method that was set up on the Security info page.
 
+### Set up other methods after partial registration
+
+If a user has partially satisfied MFA or SSPR registration due to existing authentication method registrations performed by the user or admin, users will only be asked to register additional information allowed by the Authentication methods policy. If more than one other authentication method is available for the user to choose and register, an option on the registration experience titled **I want to set up another method** will be shown and allow the user to set up their desired authentication method.  
+
+:::image type="content" border="true" source="./media/concept-registration-mfa-sspr-combined/other-method.png" alt-text="Screenshot of how to set up another method." :::  
+
 ### Delete security info from My Account
 
 A user who has previously set up at least one method navigates to [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo). The user chooses to delete one of the previously registered methods. When finished, the user no longer sees that method on the Security info page.
 
 ### Change the default method from My Account
 
-A user who has previously set up at least one method that can be used for Multi-Factor Authentication navigates to [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo). The user changes the current default method to a different default method. When finished, the user sees the new default method on the Security info page.
+A user who has previously set up at least one method that can be used for multifactor authentication navigates to [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo). The user changes the current default method to a different default method. When finished, the user sees the new default method on the Security info page.
 
 ### Switch directory
 
 
@@ -5,14 +5,16 @@ ms.author: nickoman
 author: nickomang
 services: container-service
 ms.topic: article
-ms.date: 09/16/2022
+ms.date: 09/26/2022
 ---
 
 # Use ImageCleaner to clean up stale images on your Azure Kubernetes Service cluster (preview)
 
 It's common to use pipelines to build and deploy images on Azure Kubernetes Service (AKS) clusters. While great for image creation, this process often doesn't account for the stale images left behind and can lead to image bloat on cluster nodes. These images can present security issues as they may contain vulnerabilities. By cleaning these unreferenced images, you can remove an area of risk in your clusters. When done manually, this process can be time intensive, which ImageCleaner can mitigate via automatic image identification and removal. 
 
-ImageCleaner is a feature inherited from Eraser. For more information on Eraser, see [Eraser plugin](https://github.com/Azure/eraser)  
+> [!NOTE]
+> ImageCleaner is a feature based on [Eraser](https://github.com/Azure/eraser). 
+> On an AKS cluster, the feature name and property name is `ImageCleaner` while the relevant ImageCleaner pods' names contain `Eraser`.
 
 [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
 
@@ -114,6 +116,7 @@ az aks update -g MyResourceGroup -n MyManagedCluster \
   --image-cleaner-interval-hours 48
 ```
 
+After the feature is enabled, the `eraser-controller-manager-xxx` pod and `collector-aks-xxx` pod will be deployed.
 Based on your configuration, ImageCleaner will generate an `ImageList` containing non-running and vulnerable images at the desired interval. ImageCleaner will automatically remove these images from cluster nodes.
 
 ## Manually remove images
@@ -136,7 +139,7 @@ And apply it to the cluster:
 kubectl apply -f image-list.yml
 ```
 
-A job will trigger which causes ImageCleaner to remove the desired images from all nodes.
+A job named `eraser-aks-xxx`will be triggerred which causes ImageCleaner to remove the desired images from all nodes.
 
 ## Disable ImageCleaner
 
 
@@ -1,29 +1,31 @@
 ---
-title: Quickstart - Create Azure API Management instance using PowerShell | Microsoft Docs
-description: Create a new Azure API Management instance by using Azure PowerShell.
+title: Quickstart - Create API Management instance - PowerShell
+description: Use this quickstart to create a new Azure API Management instance by using Azure PowerShell cmdlets.
 services: api-management
-documentationcenter: ''
 author: dlepow
 ms.service: api-management
 ms.topic: quickstart
 ms.custom: mvc, devx-track-azurepowershell, mode-api, devdivchpfy22
-ms.date: 03/30/2022
+ms.date: 09/21/2022
 ms.author: danlep
 ---
 
 # Quickstart: Create a new Azure API Management service instance by using PowerShell
 
-Azure API Management (APIM) helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. APIM lets you create and manage modern API gateways for existing backend services hosted anywhere. For more information, see the [Overview](api-management-key-concepts.md).
+In this quickstart, you create a new API Management instance by using Azure PowerShell cmdlets.
 
-This quickstart describes the steps for creating a new API Management instance by using Azure PowerShell cmdlets.
+Azure API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. API Management lets you create and manage modern API gateways for existing backend services hosted anywhere. 
 
-[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
+## Prerequisites
 
-[!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
-[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
+- Azure Cloud Shell or Azure PowerShell
+
+    [!INCLUDE [cloud-shell-try-it-no-header](../../includes/cloud-shell-try-it-no-header.md)]
+
+    If you choose to install and use the PowerShell locally, this quickstart requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.
 
-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.
 
 ## Create resource group
 
@@ -35,13 +37,13 @@ The following command creates a resource group named *myResourceGroup* in the We
 New-AzResourceGroup -Name myResourceGroup -Location WestUS
 ```
 
-## Create an API Management service
+## Create an API Management instance
 
 Now that you have a resource group, you can create an API Management service instance. Create one by using [New-AzApiManagement](/powershell/module/az.apimanagement/new-azapimanagement) and provide a service name and publisher details. The service name must be unique within Azure.
 
 In the following example, *myapim* is used for the service name. Update the name to a unique value. Also, update the organization name of the API publisher and the admin email address to receive notifications.
 
-By default, the command creates the instance in the Developer tier, an economical option to evaluate Azure API Management. This tier isn't for production use. For more information about scaling the API Management tiers, see [upgrade and scale](upgrade-and-scale.md).
+By default, the command creates the instance in the Developer tier, an economical option to evaluate Azure API Management. This tier isn't for production use. For more information about the API Management tiers, see [Feature-based comparison of the Azure API Management tiers](api-management-features.md).
 
 > [!NOTE]
 > This is a long-running action. It can take between 30 and 40 minutes to create and activate an API Management service in this tier.
@@ -67,7 +69,7 @@ Name                                  : myapim
 Location                              : West US
 Sku                                   : Developer
 Capacity                              : 1
-CreatedTimeUtc                        : 9/9/2020 9:07:43 PM
+CreatedTimeUtc                        : 9/9/2022 9:07:43 PM
 ProvisioningState                     : Succeeded
 RuntimeUrl                            : https://myapim.azure-api.net
 RuntimeRegionalUrl                    : https://myapi-westus-01.regional.azure-api.net
@@ -91,6 +93,14 @@ AdditionalRegions                     : {}
 SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
 Identity                              :
 EnableClientCertificate               :
+EnableClientCertificate               :
+Zone                                  :
+DisableGateway                        : False
+MinimalControlPlaneApiVersion         :
+PublicIpAddressId                     :
+PlatformVersion                       : stv2
+PublicNetworkAccess                   : Enabled
+PrivateEndpointConnections            :
 ResourceGroupName                     : myResourceGroup
 
 ```