Merge pull request #232420 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md

@@ -91,13 +91,21 @@ To update certificate user IDs for federated users, configure Azure AD Connect t
 
 ### Synchronize X509:\<PN>PrincipalNameValue
 
-To synchronize X509:\<PN>PrincipalNameValue, create an outbound synchronization rule, and choose **Expression** in the flow type. Choose the target attribute as \<certificateUserIds>, and in the source field, add the expression <"X509:\<PN>"&[userPrincipalName]>. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
+To synchronize X509:\<PN>PrincipalNameValue, create an outbound synchronization rule, and choose **Expression** in the flow type. Choose the target attribute as **certificateUserIds**, and in the source field, add the following expression. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
+
+```
+"X509:\<PN>"&[userPrincipalName]
+```
 
 :::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/pnexpression.png" alt-text="Screenshot of how to sync x509.":::
 
 ### Synchronize X509:\<RFC822>RFC822Name
 
-To synchronize X509:\<RFC822>RFC822Name, create an outbound synchronization rule, choose **Expression** in the flow type. Choose the target attribute as \<certificateUserIds>, and in the source field, add the expression <"X509:\<RFC822>"&[userPrincipalName]>. If your source attribute isn't userPrincipalName, you can change the expression accordingly.  
+To synchronize X509:\<RFC822>RFC822Name, create an outbound synchronization rule, choose **Expression** in the flow type. Choose the target attribute as **certificateUserIds**, and in the source field, add the following expression. If your source attribute isn't userPrincipalName, you can change the expression accordingly.  
+
+```
+"X509:\<RFC822>"&[userPrincipalName]
+```
 
 :::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/rfc822expression.png" alt-text="Screenshot of how to sync RFC822Name.":::
 
@@ -122,11 +130,33 @@ AlternativeSecurityId isn't part of the default attributes. An administrator nee
 
 1. Create an inbound synchronization rule to transform from altSecurityIdentities to alternateSecurityId attribute.
 
+   In the inbound rule, use the following options.
+  
+   |Option | Value |
+   |-------|-------|
+   |Name | Descriptive name of the rule, such as: In from AD - altSecurityIdentities |
+   |Connected System | Your on-premises AD domain |
+   |Connected System Object Type | user |
+   |Metaverse Object Type | person |
+   |Precedence | Choose a random high number not currently used |
+  
+   Then proceed to the Transformations tab and do a direct mapping of the target attribute of **alternativeSecurityId** to **altSecurityIdentities** as shown below.
+
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/alt-security-identity-inbound.png" alt-text="Screenshot of how to transform from altSecurityIdentities to alternateSecurityId attribute":::
 
 1. Create an outbound synchronization rule to transform from alternateSecurityId attribute to certificateUserIds
 alt-security-identity-add.
 
+   |Option | Value |
+   |-------|-------|
+   |Name | Descriptive name of the rule, such as: Out to AAD - certificateUserIds |
+   |Connected System | Your Azure AD doamin |
+   |Connected System Object Type | user |
+   |Metaverse Object Type | person |
+   |Precedence | Choose a random high number not currently used |
+    
+   Then proceed to the Transformations tab and change your FlowType option to *Expression*, the target attribute to **certificateUserIds** and then input the below expression in to the Source field.
+
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/alt-security-identity-outbound.png" alt-text="Screenshot of outbound synchronization rule to transform from alternateSecurityId attribute to certificateUserIds":::
 
 To map the pattern supported by certificateUserIds, administrators must use expressions to set the correct value.

articles/active-directory/authentication/howto-authentication-passwordless-security-key.md

@@ -47,7 +47,7 @@ Registration features for passwordless authentication methods rely on the combin
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Browse to **Azure Active Directory** > **Security** > **Authentication methods** > **Authentication method policy**.
-1. Under the method **FIDO2 Security Key**, click **All users**, or click **Add groups** to select specific groups.
+1. Under the method **FIDO2 Security Key**, click **All users**, or click **Add groups** to select specific groups. *Only security groups are supported*.
 1. **Save** the configuration.
 
    >[!NOTE]

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -98,37 +98,12 @@ If your users are [Having trouble with two-step verification](https://support.mi
 
 ### Health check script
 
-The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose option 3.
+The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose option **1** to isolate the cause of the potential issue.
 
 ### Contact Microsoft support
 
 If you need additional help, contact a support professional through [Azure Multi-Factor Authentication Server support](https://support.microsoft.com/oas/default.aspx?prid=14947). When contacting us, it's helpful if you can include as much information about your issue as possible. Information you can supply includes the page where you saw the error, the specific error code, the specific session ID, the ID of the user who saw the error, and debug logs.
 
-To collect debug logs for support diagnostics, use the following steps on the NPS server:
+To collect debug logs for support diagnostics, run the [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) on the NPS server and choose option **4** to collect logs.
 
-1. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **TRUE**
-2. Open an Administrator command prompt and run these commands:
-
-   ```
-   Mkdir c:\NPS
-   Cd c:\NPS
-   netsh trace start Scenario=NetConnection capture=yes tracefile=c:\NPS\nettrace.etl
-   logman create trace "NPSExtension" -ow -o c:\NPS\NPSExtension.etl -p {7237ED00-E119-430B-AB0F-C63360C8EE81} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets
-   logman update trace "NPSExtension" -p {EC2E6D3A-C958-4C76-8EA4-0262520886FF} 0xffffffffffffffff 0xff -ets
-   ```
-
-3. Reproduce the issue
-
-4. Stop the tracing with these commands:
-
-   ```
-   logman stop "NPSExtension" -ets
-   netsh trace stop
-   wevtutil epl AuthNOptCh C:\NPS\%computername%_AuthNOptCh.evtx
-   wevtutil epl AuthZOptCh C:\NPS\%computername%_AuthZOptCh.evtx
-   wevtutil epl AuthZAdminCh C:\NPS\%computername%_AuthZAdminCh.evtx
-   Start .
-   ```
-
-5. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **FALSE**
-6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.
+At the end, zip the contents of the C:\NPS folder and attach the zipped file to the support case.

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -326,9 +326,7 @@ You can choose to create this key and set it to *FALSE* while your users are onb
 
 ### NPS extension health check script
 
-The following script is available to perform basic health check steps when troubleshooting the NPS extension.
-
-[MFA_NPS_Troubleshooter.ps1](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/)
+The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose one of available options.
 
 ### How to fix the error "Service principal was not found" while running `AzureMfaNpsExtnConfigSetup.ps1` script? 
 

articles/active-directory/authentication/howto-mfaserver-deploy.md

@@ -128,11 +128,10 @@ Now that you have downloaded the server you can install and configure it. Be sur
 
 1. Double-click the executable.
 2. On the Select Installation Folder screen, make sure that the folder is correct and click **Next**.
-3. Once the installation is complete, click **Finish**. The configuration wizard launches.
-4. On the configuration wizard welcome screen, check **Skip using the Authentication Configuration Wizard** and click **Next**. The wizard closes and the server starts.
-
-   ![Skip using the Authentication Configuration Wizard](./media/howto-mfaserver-deploy/skip2.png)
-
+   The following libraries are installed:
+    * [Visual C++ Redistributable for Visual Studio 2017 (x64)](https://go.microsoft.com/fwlink/?LinkId=746572)
+    * [Visual C++ Redistributable for Visual Studio 2017 (x86)](https://go.microsoft.com/fwlink/?LinkId=746571)
+3. When the installation finishes, select **Finish**. The configuration wizard starts.
 5. Back on the page that you downloaded the server from, click the **Generate Activation Credentials** button. Copy this information into the Azure MFA Server in the boxes provided and click **Activate**.
 
 > [!NOTE]
@@ -223,4 +222,4 @@ Once you have upgraded to or installed MFA Server version 8.x or higher, it is r
 - Set up and configure the Azure MFA Server with [Active Directory Federation Service](multi-factor-authentication-get-started-adfs.md), [RADIUS Authentication](howto-mfaserver-dir-radius.md), or [LDAP Authentication](howto-mfaserver-dir-ldap.md).
 - Set up and configure [Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS](howto-mfaserver-nps-rdg.md).
 - [Deploy the Azure Multi-Factor Authentication Server Mobile App Web Service](howto-mfaserver-deploy-mobileapp.md).
-- [Advanced scenarios with Azure Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md).
+- [Advanced scenarios with Azure Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md).

articles/active-directory/authentication/tutorial-enable-cloud-sync-sspr-writeback.md

@@ -47,7 +47,7 @@ With password writeback enabled in Azure AD Connect cloud sync, now verify, and
 To verify and enable password writeback in SSPR, complete the following steps: 
 1. Sign in to the [Azure portal](https://portal.azure.com) using a Global Administrator account.
 1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
-1. Check the option for **Write back passwords to your on-premises directory** .
+1. Check the option for **Enable password write back for synced users** .
 1. (optional) If Azure AD Connect provisioning agents are detected, you can additionally check the option for **Write back passwords with Azure AD Connect cloud sync**.   
 3. Check the option for **Allow users to unlock accounts without resetting their password** to *Yes*.
 
@@ -68,7 +68,7 @@ If you no longer want to use the SSPR writeback functionality you have configure
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
-1. Uncheck the option for **Write back passwords to your on-premises directory**.
+1. Uncheck the option for **Enable password write back for synced users**.
 1. Uncheck the option for **Write back passwords with Azure AD Connect cloud sync**.
 1. Uncheck the option for **Allow users to unlock accounts without resetting their password**.
 1. When ready, select **Save**.

articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md

@@ -126,7 +126,7 @@ using Microsoft.Identity.Web;
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
     .EnableTokenAcquisitionToCallDownstreamApi()
-    .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
+    .AddDownstreamApi("MyApi", Configuration.GetSection("GraphBeta"))
     .AddInMemoryTokenCaches();
 // ...
 ```
@@ -228,4 +228,4 @@ For more information about the OBO protocol, see the [Microsoft identity platfor
 ## Next steps
 
 Move on to the next article in this scenario,
-[Acquire a token for the app](scenario-web-api-call-api-acquire-token.md).
+[Acquire a token for the app](scenario-web-api-call-api-acquire-token.md).

articles/azure-maps/create-data-source-android-sdk.md

@@ -769,9 +769,9 @@ A vector tile source describes how to access a vector tile layer. Use the `Vecto
 
 Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
 
-- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
-- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
-- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
+- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
+- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
+- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
 - Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
 
 > [!TIP]

articles/azure-maps/create-data-source-ios-sdk.md

@@ -309,9 +309,9 @@ A vector tile source describes how to access a vector tile layer. Use the `Vecto
 
 Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
 
-- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
-- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
-- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
+- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
+- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
+- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
 - Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
 
 > [!TIP]

articles/azure-maps/create-data-source-web-sdk.md

@@ -77,9 +77,9 @@ A vector tile source describes how to access a vector tile layer. Use the [Vecto
 
 Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
 
-- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
-- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
-- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
+- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
+- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
+- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
 - Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
 
 > [!TIP]