Merge pull request #194058 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -107,15 +107,18 @@ This setting works with all browsers. However, to satisfy a device policy, like
 | Windows 10 + | Microsoft Edge, [Chrome](#chrome-support), [Firefox 91+](https://support.mozilla.org/kb/windows-sso) |
 | Windows Server 2022 | Microsoft Edge, [Chrome](#chrome-support) |
 | Windows Server 2019 | Microsoft Edge, [Chrome](#chrome-support) |
-| iOS | Microsoft Edge, Safari |
+| iOS | Microsoft Edge, Safari (see the notes) |
 | Android | Microsoft Edge, Chrome |
 | macOS | Microsoft Edge, Chrome, Safari |
 
 These browsers support device authentication, allowing the device to be identified and validated against a policy. The device check fails if the browser is running in private mode or if cookies are disabled. 
 
 > [!NOTE]
-> Edge 85+ requires the user to be signed in to the browser to properly pass device identity. Otherwise, it behaves like Chrome without the accounts extension. This sign-in might not occur automatically in a Hybrid Azure AD Join scenario. 
+> Edge 85+ requires the user to be signed in to the browser to properly pass device identity. Otherwise, it behaves like Chrome without the accounts extension. This sign-in might not occur automatically in a Hybrid Azure AD Join scenario.
+>  
 > Safari is supported for device-based Conditional Access, but it can not satisfy the **Require approved client app** or **Require app protection policy** conditions. A managed browser like Microsoft Edge will satisfy approved client app and app protection policy requirements.
+> On iOS with 3rd party MDM solution only Microsoft Edge browser supports device policy.
+> 
 > [Firefox 91+](https://support.mozilla.org/kb/windows-sso) is supported for device-based Conditional Access, but "Allow Windows single sign-on for Microsoft, work, and school accounts" needs to be enabled. 
 
 #### Why do I see a certificate prompt in the browser

articles/active-directory/hybrid/plan-connect-design-concepts.md

@@ -180,6 +180,9 @@ When you are selecting the attribute for providing the value of UPN to be used i
 
 In express settings, the assumed choice for the attribute is userPrincipalName. If the userPrincipalName attribute does not contain the value you want your users to sign in to Azure, then you must choose **Custom Installation**.
 
+>[!NOTE]
+>It's recommended as a best practice that the UPN prefix contains more than one character.
+
 ### Custom domain state and UPN
 It is important to ensure that there is a verified domain for the UPN suffix.
 

articles/storage/blobs/lifecycle-management-policy-configure.md

@@ -211,6 +211,10 @@ To define a lifecycle management policy with an Azure Resource Manager template,
 
 A lifecycle management policy must be read or written in full. Partial updates are not supported.
 
+
+> [!NOTE]
+> Each rule can have up to 10 case-sensitive prefixes and up to 10 blob index tag conditions.
+
 > [!NOTE]
 > If you enable firewall rules for your storage account, lifecycle management requests may be blocked. You can unblock these requests by providing exceptions for trusted Microsoft services. For more information, see the **Exceptions** section in [Configure firewalls and virtual networks](../common/storage-network-security.md#exceptions).