Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-fresh

Author: HeidiSteen

articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -144,7 +144,7 @@ Content-type: application/json
 | -------------------------------------------------- | ----------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | version     | String | Yes      | The version of your API.                                                    |
 | action                                             | String            | Yes      | Value must be `Continue`.                                                                                                                                                                                                                                                              |
-| \<builtInUserAttribute>                            | \<attribute-type> | No       | They can returned in the token if selected as an **Application claim**.                                        |
+| \<builtInUserAttribute>                            | \<attribute-type> | No       | They can be returned in the token if selected as an **Application claim**.                                        |
 | \<extension\_{extensions-app-id}\_CustomAttribute> | \<attribute-type> | No       | The claim does not need to contain `_<extensions-app-id>_`, it is *optional*. They can returned in the token if selected as an **Application claim**.  |
 
 ::: zone-end

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/13/2022
+ms.date: 09/15/2022
 
 ms.author: justinha
 author: justinha
@@ -179,7 +179,7 @@ Here are some factors for you to consider when choosing Microsoft passwordless t
 
 ||**Windows Hello for Business**|**Passwordless sign-in with the Authenticator app**|**FIDO2 security keys**|
 |:-|:-|:-|:-|
-|**Pre-requisite**| Windows 10, version 1809 or later<br>Azure Active Directory| Authenticator app<br>Phone (iOS and Android devices running Android 8.0 or above.)|Windows 10, version 1903 or later<br>Azure Active Directory|
+|**Pre-requisite**| Windows 10, version 1809 or later<br>Azure Active Directory| Authenticator app<br>Phone (iOS and Android devices)|Windows 10, version 1903 or later<br>Azure Active Directory|
 |**Mode**|Platform|Software|Hardware|
 |**Systems and devices**|PC with a built-in Trusted Platform Module (TPM)<br>PIN and biometrics recognition |PIN and biometrics recognition on phone|FIDO2 security devices that are Microsoft compatible|
 |**User experience**|Sign in using a PIN or biometric recognition (facial, iris, or fingerprint) with Windows devices.<br>Windows Hello authentication is tied to the device; the user needs both the device and a sign-in component such as a PIN or biometric factor to access corporate resources.|Sign in using a mobile phone with fingerprint scan, facial or iris recognition, or PIN.<br>Users sign in to work or personal account from their PC or mobile phone.|Sign in using FIDO2 security device (biometrics, PIN, and NFC)<br>User can access device based on organization controls and authenticate based on PIN, biometrics using devices such as USB security keys and NFC-enabled smartcards, keys, or wearables.|

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 09/13/2022
+ms.date: 09/15/2022
 
 
 ms.author: justinha
@@ -48,7 +48,7 @@ The Azure AD accounts can be in the same tenant or different tenants. Guest acco
 To use passwordless phone sign-in with Microsoft Authenticator, the following prerequisites must be met:
 
 - Recommended: Azure AD Multi-Factor Authentication, with push notifications allowed as a verification method. Push notifications to your smartphone or tablet help the Authenticator app to prevent unauthorized access to accounts and stop fraudulent transactions. The Authenticator app automatically generates codes when set up to do push notifications so a user has a backup sign-in method even if their device doesn't have connectivity. 
-- Latest version of Microsoft Authenticator installed on devices running iOS 12.0 or greater, or Android 8.0 or greater.
+- Latest version of Microsoft Authenticator installed on devices running iOS or Android.
 - For Android, the device that runs Microsoft Authenticator must be registered to an individual user. We're actively working to enable multiple accounts on Android. 
 - For iOS, the device must be registered with each tenant where it's used to sign in. For example, the following device must be registered with Contoso and Wingtiptoys to allow all accounts to sign in:
   - [email protected]

articles/active-directory/managed-identities-azure-resources/how-to-view-associated-resources-for-an-identity.md

@@ -64,7 +64,7 @@ https://management.azure.com/subscriptions/{resourceID of user-assigned identity
 
 | Parameter   | Example  |Description  |
 |---|---|---|
-| $filter  |  ```'type' eq 'microsoft.cognitiveservices/account' and contains(name, 'test')``` |  An OData expression that allows you to filter any of the available fields: name, type, resourceGroup, subscriptionId, subscriptionDisplayName<br/><br/>The following operations are supported: ```and```, ```or```, ```eq``` and ```contains``` |
+| $filter  |  ```type eq 'microsoft.cognitiveservices/account' and contains(name, 'test')``` |  An OData expression that allows you to filter any of the available fields: name, type, resourceGroup, subscriptionId, subscriptionDisplayName<br/><br/>The following operations are supported: ```and```, ```or```, ```eq``` and ```contains``` |
 |  $orderby |  ```name asc``` |  An OData expression that allows you to order by any of the available fields |
 |  $skip |  50 |  The number of items you want to skip while paging through the results. |
 | $top  |  10 | The number of resources to return. 0 will return only a count of the resources.  |

articles/active-directory/saas-apps/jiramicrosoft-tutorial.md

@@ -118,6 +118,37 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	![The Certificate download link](common/copy-metadataurl.png)
 
+
+
+
+1. The Name ID attribute in Azure AD can be mapped to any desired user attribute by editing the Attributes & Claims section.
+
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing how to edit Attributes and Claims.](common/edit-attribute.png)
+	
+    a. After clicking on Edit, any desired user attribute can be mapped by clicking on Unique User Identifier (Name ID).
+    
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing the NameID in Attributes and Claims.](common/attribute-nameID.png)
+	
+    b. On the next screen, the desired attribute name like user.userprincipalname can be selected as an option from the Source Attribute dropdown menu.
+    
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing how to select Attributes and Claims.](common/attribute-select.png)
+	
+    c. The selection can then be saved by clicking on the Save button at the top.
+    
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing how to save Attributes and Claims.](common/attribute-save.png)
+	
+    d. Now, the user.userprincipalname attribute source in Azure AD is mapped to the Name ID attribute name in Azure AD which will be compared with the username attribute in Atlassian by the SSO plugin.
+    
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing how to review Attributes and Claims.](common/attribute-review.png)
+	
+	> [!NOTE]
+	> The SSO service provided by Microsoft Azure supports SAML authentication which is able to perform user identification using different attributes such as givenname (first name), surname (last name), email (email address), and user principal name (username). We recommend not to use email as an authentication attribute as email addresses are not always verified by Azure AD. The plugin compares the values of Atlassian username attribute with the NameID attribute in Azure AD in order to determine the valid user authentication.
+
 ### Create an Azure AD test user
 
 In this section, you'll create a test user in the Azure portal called B.Simon.

articles/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant.md

@@ -139,7 +139,7 @@ To add the required permissions, follow these steps:
 
 1. Select **APIs my organization uses**.
 
-1. Search for the **Verifiable Credentials Service Request** service principal, and select it.
+1. Search for the **Verifiable Credentials Service Request** and **Verifiable Credentials Service** service principals, and select them.
 
     ![Screenshot that shows how to select the service principal.](media/verifiable-credentials-configure-tenant/add-app-api-permissions-select-service-principal.png)
 

articles/aks/update-credentials.md

@@ -55,7 +55,7 @@ SP_ID=$(az aks show --resource-group myResourceGroup --name myAKSCluster \
 With a variable set that contains the service principal ID, now reset the credentials using [az ad sp credential reset][az-ad-sp-credential-reset]. The following example lets the Azure platform generate a new secure secret for the service principal. This new secure secret is also stored as a variable.
 
 ```azurecli-interactive
-SP_SECRET=$(az ad sp credential reset --name "$SP_ID" --query password -o tsv)
+SP_SECRET=$(az ad sp credential reset --id "$SP_ID" --query password -o tsv)
 ```
 
 Now continue on to [update AKS cluster with new service principal credentials](#update-aks-cluster-with-new-service-principal-credentials). This step is necessary for the Service Principal changes to reflect on the AKS cluster.
@@ -141,4 +141,4 @@ In this article, the service principal for the AKS cluster itself and the Azure
 [az-ad-sp-credential-list]: /cli/azure/ad/sp/credential#az_ad_sp_credential_list
 [az-ad-sp-credential-reset]: /cli/azure/ad/sp/credential#az_ad_sp_credential_reset
 [node-image-upgrade]: ./node-image-upgrade.md
-[node-surge-upgrade]: upgrade-cluster.md#customize-node-surge-upgrade
+[node-surge-upgrade]: upgrade-cluster.md#customize-node-surge-upgrade

articles/app-service/manage-custom-dns-buy-domain.md

@@ -183,39 +183,27 @@ To test the custom domain, navigate to it in the browser.
 
 ## Renew the domain
 
-The App Service domain you bought is valid for one year from the time of purchase. By default, the domain is configured to renew automatically by charging your payment method for the next year. You can manually renew your domain name.
+The App Service domain you bought is valid for one year from the time of purchase. You can configure to renew your domain automatically which will charge your payment method when your domain renews the following year. You can also manually renew your domain name.
 
-If you want to turn off automatic renewal, or if you want to manually renew your domain, follow the steps here.
+If you want to configure automatic renewal, or if you want to manually renew your domain, follow the steps here.
 
 1. In the search bar, search for and select **App Service Domains**.
 
     ![Portal navigation to Azure App Service domains](./media/app-service-web-tutorial-custom-domain/view-app-service-domains.png)
 
 1. In the **App Service Domains** section, select the domain you want to configure.
 
-1. From the left navigation of the domain, select **Domain renewal**. To stop renewing your domain automatically, select **Off**. The setting takes effect immediately.
+1. From the left navigation of the domain, select **Domain renewal**. To start renewing your domain automatically, select **On**, otherwise select **Off**. The setting takes effect immediately. If automatic renewal is enabled, on the day after your domain expiration date, Azure attempts to bill you for the domain name renewal.
 
     ![Screenshot that shows the option to automatically renew your domain.](./media/custom-dns-web-site-buydomains-web-app/dncmntask-cname-buydomains-autorenew.png)
 
     > [!NOTE]
     > When navigating away from the page, disregard the "Your unsaved edits will be discarded" error by clicking **OK**.
     >
 
-To manually renew your domain, select **Renew domain**. However, this button is not active until [90 days before the domain's expiration](#when-domain-expires).
+To manually renew your domain, select **Renew domain**. However, this button is not active until 90 days before the domain's expiration date.
 
-If your domain renewal is successful, you receive an email notification within 24 hours.
-
-## When domain expires
-
-Azure deals with expiring or expired App Service domains as follows:
-
-* If automatic renewal is disabled: 90 days before domain expiration, a renewal notification email is sent to you and the **Renew domain** button is activated in the portal.
-* If automatic renewal is enabled: On the day after your domain expiration date, Azure attempts to bill you for the domain name renewal.
-* If an error occurs during automatic renewal (for example, your card on file is expired), or if automatic renewal is disabled and you allow the domain to expire, Azure notifies you of the domain expiration and parks your domain name. You can [manually renew](#renew-the-domain) your domain.
-* On the 4th and 12th days day after expiration, Azure sends you additional notification emails. You can [manually renew](#renew-the-domain) your domain. On the 5th day after expiration, DNS resolution stops for the expired domain.
-* On the 19th day after expiration, your domain remains on hold but becomes subject to a redemption fee. You can call customer support to renew your domain name, subject to any applicable renewal and redemption fees.
-* On the 25th day after expiration, Azure puts your domain up for auction with a domain name industry auction service. You can call customer support to renew your domain name, subject to any applicable renewal and redemption fees.
-* On the 30th day after expiration, you're no longer able to redeem your domain.
+If your domain renewal is successful, you receive an email notification within 24 hours. 
 
 <a name="custom"></a>
 

articles/azure-arc/vmware-vsphere/day2-operations-resource-bridge.md

@@ -2,7 +2,7 @@
 title:  Perform ongoing administration for Arc-enabled VMware vSphere
 description: Learn how to perform day 2 administrator operations related to Azure Arc-enabled VMware vSphere
 ms.topic: how-to 
-ms.date: 08/25/2022
+ms.date: 09/15/2022
 
 ---
 
@@ -68,11 +68,15 @@ There are two different sets of credentials stored on the Arc resource bridge. Y
 - **Account for Arc resource bridge**. This account is used for deploying the Arc resource bridge VM and will be used for upgrade.
 - **Account for VMware cluster extension**. This account is used to discover inventory and perform all VM operations through Azure Arc-enabled VMware vSphere
 
-To update the credentials of the account for Arc resource bridge, use the Azure CLI command [`az arcappliance update-infracredentials vmware`](/cli/azure/arcappliance/update-infracredentials#az-arcappliance-update-infracredentials-vmware). Run the command from a workstation that can access cluster configuration IP address of the Arc resource bridge locally:
+To update the credentials of the account for Arc resource bridge, run the following Azure CLI commands . Run the commands from a workstation that can access cluster configuration IP address of the Arc resource bridge locally:
 
 ```azurecli
-az arcappliance update-infracredentials vmware --kubeconfig <kubeconfig>
+az account set -s <subscription id>
+az arcappliance get-credentials -n <name of the appliance> -g <resource group name> 
+az arcappliance update-infracredentials vmware --kubeconfig kubeconfig
 ```
+For more details on the commands see [`az arcappliance get-credentials`](/cli/azure/arcappliance/get-credentials#az-arcappliance-get-credentials) and [`az arcappliance update-infracredentials vmware`](/cli/azure/arcappliance/update-infracredentials#az-arcappliance-update-infracredentials-vmware).
+
 
 To update the credentials used by the VMware cluster extension on the resource bridge. This command can be run from anywhere with `connectedvmware` CLI extension installed.
 
@@ -84,28 +88,22 @@ az connectedvmware vcenter connect --custom-location <name of the custom locatio
 
 For any issues encountered with the Azure Arc resource bridge, you can collect logs for further investigation. To collect the logs, use the Azure CLI [`Az arcappliance log`](/cli/azure/arcappliance/logs#az-arcappliance-logs-vmware) command.
 
-The `az arcappliance log` command must be run from a workstation that can communicate with the Arc resource bridge either via the cluster configuration IP address or the IP address of the Arc resource bridge VM.
-
-To save the logs to a destination folder, run the following command. This command requires connectivity to cluster configuration IP address.
+To save the logs to a destination folder, run the following commands. These commands need connectivity to cluster configuration IP address.
 
 ```azurecli
-az arcappliance logs <provider> --kubeconfig <path to kubeconfig> --out-dir <path to specified output directory>
+az account set -s <subscription id>
+az arcappliance get-credentials -n <name of the appliance> -g <resource group name> 
+az arcappliance logs vmware --kubeconfig kubeconfig --out-dir <path to specified output directory>
 ```
 
-If the Kubernetes cluster on the resource bridge isn't in functional state, you can use the following command. This command requires connectivity to IP address of the Azure Arc resource bridge VM via SSH
+If the Kubernetes cluster on the resource bridge isn't in functional state, you can use the following commands. These commands require connectivity to IP address of the Azure Arc resource bridge VM via SSH
 
 ```azurecli
-az arcappliance logs <provider> --out-dir <path to specified output directory> --ip XXX.XXX.XXX.XXX
+az account set -s <subscription id>
+az arcappliance get-credentials -n <name of the appliance> -g <resource group name> 
+az arcappliance logs vmware --out-dir <path to specified output directory> --ip XXX.XXX.XXX.XXX
 ```
 
-During initial onboarding, SSH keys are saved to the workstation. If you're running this command from the workstation that was used for onboarding, no other steps are required.
-
-If you're running this command from a different workstation, make sure the following files are copied to the new workstation in the same location.
-
-- For a Windows workstation, `C:\ProgramData\kva\.ssh\logkey` and `C:\ProgramData\kva\.ssh\logkey.pub`
-  
-- For a Linux workstation, `$HOME\.KVA\.ssh\logkey` and `$HOME\.KVA\.ssh\logkey.pub`
-
 ## Next steps
 
 - [Troubleshoot common issues related to resource bridge](../resource-bridge/troubleshoot-resource-bridge.md)

articles/azure-arc/vmware-vsphere/overview.md

@@ -2,7 +2,7 @@
 title: What is Azure Arc-enabled VMware vSphere (preview)?
 description: Azure Arc-enabled VMware vSphere (preview) extends Azure governance and management capabilities to VMware vSphere infrastructure and delivers a consistent management experience across both platforms. 
 ms.topic: overview
-ms.date: 11/10/2021
+ms.date: 09/15/2022
 ms.custom: references_regions
 ---
 
@@ -29,7 +29,7 @@ To deliver this experience, you need to deploy the [Azure Arc resource bridge](.
 Azure Arc-enabled VMware vSphere (preview) works with VMware vSphere version 6.7 and 7.
 
 > [!NOTE]
-> Azure Arc-enabled VMware vSphere  (preview)  supports vCenters with a maximum of 2500 VMs. If your vCenter has more than 2500 VMs, it is not recommended to use Arc-enabled VMware vSphere with it at this point.
+> Azure Arc-enabled VMware vSphere  (preview)  supports vCenters with a maximum of 9500 VMs. If your vCenter has more than 9500 VMs, it is not recommended to use Arc-enabled VMware vSphere with it at this point.
 
 ## Supported scenarios
 
@@ -53,6 +53,10 @@ You can use Azure Arc-enabled VMware vSphere (preview) in these supported region
 
 - West Europe
 
+- Australia East
+
+- Canada Central
+
 ## Next steps
 
 - [Connect VMware vCenter to Azure Arc using the helper script](quick-start-connect-vcenter-to-arc-using-script.md)