Merge branch 'main' into jasonshave/known-issues

Author: jasonshave

.openpublishing.redirection.defender-for-iot.json

@@ -142,12 +142,12 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-create-and-manage-users.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-create-and-manage-users",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-define-global-user-access-control.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-define-global-user-access-control",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-on-premises-management-console#define-global-access-permission-for-on-premises-users",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.healthcare-apis.json

@@ -554,6 +554,34 @@
         "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings",
         "redirect_document_id": false
     },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-iot-connector-in-azure.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-choose",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-02-new-button.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-button",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-03-new-manual.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-manual",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-05-new-config.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-config",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-06-new-deploy.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-deploy",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-08-new-ps-cli.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-powershell-cli",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-bicep-ps-cli.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-bicep-powershell-cli",
+        "redirect_document_id": false
+    }, 
     {   "source_path_from_root": "/articles/healthcare-apis/events/events-display-metrics.md",
         "redirect_url": "/azure/healthcare-apis/events/events-use-metrics",
         "redirect_document_id": false

.openpublishing.redirection.json

@@ -16323,6 +16323,11 @@
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
             "redirect_document_id": ""
         },
+        {
+            "source_path_from_root": "/articles/search/search-how-to-index-power-query-data-sources.md",
+            "redirect_url": "/previous-versions/azure/search/search-how-to-index-power-query-data-sources",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/search/cognitive-search-quickstart-ocr.md",
             "redirect_url": "/azure/search/cognitive-search-quickstart-blob",

articles/active-directory-b2c/partner-gallery.md

@@ -76,7 +76,7 @@ Microsoft partners with the following ISVs to provide secure hybrid access to on
 
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
-| ![Screenshot of an Akamai logo.](./media/partner-gallery/akamai-logo.png) | [Akamai](./partner-akamai-secure-hybrid-access.md) is a Zero Trust Network Access (ZTNA) solution that enables secure remote access to modern and legacy applications that reside in private datacenters.  |
+| ![Screenshot of an Akamai logo.](./media/partner-gallery/akamai-logo.png) | [Akamai](./partner-akamai-secure-hybrid-access.md) provides a Zero Trust Network Access (ZTNA) solution that enables secure remote access to modern and legacy applications that reside in private datacenters.  |
 | ![Screenshot of a Datawiza logo](./media/partner-gallery/datawiza-logo.png) | [Datawiza](./partner-datawiza.md) enables SSO and granular access control for your applications and extends Azure AD B2C to protect on-premises legacy applications.  |
 | ![Screenshot of a F5 logo](./media/partner-gallery/f5-logo.png) | [F5](./partner-f5.md) enables legacy applications to securely expose to the internet through BIG-IP security combined with Azure AD B2C pre-authentication, Conditional Access (CA) and SSO.  |
 | ![Screenshot of a Ping logo](./media/partner-gallery/ping-logo.png) | [Ping Identity](./partner-ping-identity.md) enables secure hybrid access to on-premises legacy applications across multiple clouds. |

articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 11/12/2022
+ms.date: 11/29/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -44,7 +44,15 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
  7. Ensure that you're using a valid certificate that has not expired. Go to the **Settings** tab of the ECMA host to view the certificate expiration date. If the certificate has expired, click `Generate certificate` to generate a new certificate.
  8. Restart the provisioning agent by going to the taskbar on your VM by searching for the Microsoft Azure AD Connect provisioning agent. Right-click **Stop**, and then select **Start**.
  1. If you continue to see `The ECMA host is currently importing data from the target application` even after restarting the ECMA Connector Host and the provisioning agent, and waiting for the initial import to complete, then you may need to cancel and start over configuring provisioning to the application in the Azure portal.
- 1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
+1. When configuring the ECMA host, ensure that you provide a certificate with a subject that matches the hostname of your windows server. The certificate that is generated by the ECMA host will do this for you automatically, but should only be used for testing purposes. 
+
+```
+Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
+
+Details: We received this unexpected response from your application: Received response from Web resource. Resource: https://localhost/Users?filter=PLACEHOLDER+eq+"8646d011-1693-4cd3-9ee6-0d7482ca2219" Operation: GET Response Status Code: InternalServerError Response Headers: Response Content: An error occurred while sending the request. Please check the service and try again.
+```
+
+1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
  
     ```
     https://localhost:8585/ecma2host_connectorName/scim

articles/active-directory/authentication/TOC.yml

@@ -310,8 +310,12 @@
     href: /samples/browse/?products=azure
   - name: Azure PowerShell cmdlets
     href: /powershell/azure/
-  - name: Microsoft Graph REST API beta
+  - name: Authentication methods APIs - Microsoft Graph
     href: /graph/api/resources/authenticationmethods-overview
+  - name: Authentication strengths APIs - Microsoft Graph (preview)
+    href: /graph/api/resources/authenticationstrengths-overview
+  - name: Authentication methods policy - Microsoft Graph
+    href: /graph/api/resources/authenticationmethodspolicies-overview
   - name: Service limits and restrictions
     href: ../enterprise-users/directory-service-limits-restrictions.md
   - name: FIDO2 compatibility

articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md

@@ -134,7 +134,7 @@ To map the pattern supported by certificateUserIds, administrators must use expr
 You can use the following expression for mapping to SKI and SHA1-PUKEY:
 
 ```
-IF(IsPresent([alternativeSecurityId]),
+IIF(IsPresent([alternativeSecurityId]),
                 Where($item,[alternativeSecurityId],BitOr(InStr($item, "x509:<SKI>"),InStr($item, "x509:<SHA1-PUKEY>"))>0),[alternativeSecurityId]
 )
 ```

articles/active-directory/external-identities/api-connectors-overview.md

@@ -5,13 +5,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 06/16/2020
+ms.date: 11/28/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 ms.custom: "it-pro"                 
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
 ---
 
 # Use API connectors to customize and extend self-service sign-up 
@@ -25,7 +25,7 @@ As a developer or IT administrator, you can use [API connectors](self-service-si
 - **Overwrite user attributes**. Reformat or assign a value to an attribute collected from the user. For example, if a user enters the first name in all lowercase or all uppercase letters, you can format the name with only the first letter capitalized. 
 - **Run custom business logic**. You can trigger downstream events in your cloud systems to send push notifications, update corporate databases, manage permissions, audit databases, and perform other custom actions.
 
-An API connector provides Azure Active Directory with the information needed to call API endpoint by defining the HTTP endpoint URL and authentication for the API call. Once you configure an API connector, you can enable it for a specific step in a user flow. When a user reaches that step in the sign up flow, the API connector is invoked and materializes as an HTTP POST request to your API, sending user information ("claims") as key-value pairs in a JSON body. The API response can affect the execution of the user flow. For example, the API response can block a user from signing up, ask the user to re-enter information, or overwrite and append user attributes.
+An API connector provides Azure Active Directory with the information needed to call API endpoint by defining the HTTP endpoint URL and authentication for the API call. Once you configure an API connector, you can enable it for a specific step in a user flow. When a user reaches that step in the sign-up flow, the API connector is invoked and materializes as an HTTP POST request to your API, sending user information ("claims") as key-value pairs in a JSON body. The API response can affect the execution of the user flow. For example, the API response can block a user from signing up, ask the user to reenter information, or overwrite and append user attributes.
 
 ## Where you can enable an API connector in a user flow
 
@@ -39,7 +39,7 @@ There are two places in a user flow where you can enable an API connector:
 
 ### After federating with an identity provider during sign-up
 
-An API connector at this step in the sign-up process is invoked immediately after the user authenticates with an identity provider (like Google, Facebook, & Azure AD). This step precedes the ***attribute collection page***, which is the form presented to the user to collect user attributes. This step is not invoked if a user is registering with a local account. The following are examples of API connector scenarios you might enable at this step:
+An API connector at this step in the sign-up process is invoked immediately after the user authenticates with an identity provider (like Google, Facebook, & Azure AD). This step precedes the [***attribute collection page***](self-service-sign-up-user-flow.md#select-the-layout-of-the-attribute-collection-form), which is the form presented to the user to collect user attributes. This step isn't invoked if a user is registering with a local account. The following are examples of API connector scenarios you might enable at this step:
 
 - Use the email or federated identity that the user provided to look up claims in an existing system. Return these claims from the existing system, pre-fill the attribute collection page, and make them available to return in the token.
 - Implement an allow or blocklist based on social identity.
@@ -55,4 +55,5 @@ An API connector at this step in the sign-up process is invoked after the attrib
 
 ## Next steps
 - Learn how to [add an API connector to a user flow](self-service-sign-up-add-api-connector.md)
+- Learn about [Azure AD entitlement management](self-service-portal.md)
 - Learn how to [add a custom approval system to self-service sign-up](self-service-sign-up-add-approvals.md)

articles/active-directory/external-identities/self-service-portal.md

@@ -5,13 +5,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 11/25/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
 ---
 
 # Self-service for Azure AD B2B collaboration sign-up
@@ -20,14 +20,14 @@ Customers can do a lot with the built-in features that are exposed through the [
 
 ## Azure AD entitlement management for B2B guest user sign-up
 
-As an inviting organization, you might not know ahead of time who the individual external collaborators are who need access to your resources. You need a way for users from partner companies to sign themselves up with policies that you control. If you want to enable users from other organizations to request access, and upon approval be provisioned with guest accounts and assigned to groups, apps and SharePoint Online sites, you can use [Azure AD entitlement management](../governance/entitlement-management-overview.md) to configure policies that [manage access for external users](../governance/entitlement-management-external-users.md#how-access-works-for-external-users).
+As an inviting organization, you might not know ahead of time who the individual external collaborators are who need access to your resources. You need a way for users from partner companies to sign themselves up with policies that you control. You can use [Azure AD entitlement management](../governance/entitlement-management-overview.md) to configure policies, which [manage access for external users](../governance/entitlement-management-external-users.md#how-access-works-for-external-users). This will enable users from other organizations to request access, and upon approval be provisioned with guest accounts and assigned to groups, apps and SharePoint Online sites.
 
 ## Azure Active Directory B2B invitation API
 
 Organizations can use the [Microsoft Graph invitation manager API](/graph/api/resources/invitation) to build their own onboarding experiences for B2B guest users. When you want to offer self-service B2B guest user sign-up, we recommend that you use [Azure AD entitlement management](../governance/entitlement-management-overview.md). But if you want to build your own experience, you can use the [create invitation API](/graph/api/invitation-post?tabs=http) to automatically send your customized invitation email directly to the B2B user, for example. Or your app can use the inviteRedeemUrl returned in the creation response to craft your own invitation (through your communication mechanism of choice) to the invited user.
 
 ## Next steps
 
-* [What is Azure AD B2B collaboration?](what-is-b2b.md)
-* [External Identities pricing](external-identities-pricing.md)
-* [Azure Active Directory B2B collaboration frequently asked questions (FAQ)](faq.yml)
+- [Self-service sign-up user flows](self-service-sign-up-overview.md)
+- [What is Azure AD B2B collaboration?](what-is-b2b.md)
+- [External Identities pricing](external-identities-pricing.md)