Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vm-nic

Author: halkazwini

.openpublishing.redirection.json

@@ -790,7 +790,7 @@
         },
         {
             "source_path_from_root": "/articles/aks/concepts-diagnostics.md",
-            "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
+            "redirect_url": "/azure/aks/aks-diagnostics",
             "redirect_document_id": false
         },
         {

articles/active-directory-b2c/index.yml

@@ -244,7 +244,7 @@ conceptualContent:
             url: azure-sentinel.md
             itemType: how-to-guide             
           - text: Regulations
-            url: https://docs.microsoft.com/azure/compliance/
+            url: ../compliance/index.yml
             itemType: concept 
           #- text: 'Manage user access: Minors and parental consent'
            #  url: manage-user-access.md
@@ -364,4 +364,4 @@ tools:
   - title: MSAL React
     url: https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
     imageSrc: ../active-directory/develop/media/hub/react.svg
-## BAND 4 - TOOLS END #######################################################################################################################################
+## BAND 4 - TOOLS END #######################################################################################################################################

articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/04/2022
+ms.date: 11/12/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 # Troubleshoot on-premises application provisioning
 
 ## Troubleshoot test connection issues
-After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. When the test connection fails, try the following troubleshooting steps:
+After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. Be sure to wait 10 to 20 minutes after assigning an initial agent or changing the agent before testing the connection. If after this time the test connection fails, try the following troubleshooting steps:
 
  1. Check that the agent and ECMA host are running:
      1. On the server with the agent installed, open **Services** by going to **Start** > **Run** > **Services.msc**.
@@ -31,7 +31,8 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
  6. After you assign an agent, you need to wait 10 to 20 minutes for the registration to complete. The connectivity test won't work until the registration completes.
  7. Ensure that you're using a valid certificate. Go to the **Settings** tab of the ECMA host to generate a new certificate.
  8. Restart the provisioning agent by going to the taskbar on your VM by searching for the Microsoft Azure AD Connect provisioning agent. Right-click **Stop**, and then select **Start**.
- 9. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
+ 1. If you continue to see `The ECMA host is currently importing data from the target application` even after restarting the ECMA Connector Host and the provisioning agent, and waiting for the initial import to complete, then you may need to cancel and re-start configuring provisioning to the application in the Azure portal.
+ 1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
 
     ```
     https://localhost:8585/ecma2host_connectorName/scim
@@ -142,7 +143,7 @@ After the ECMA Connector Host schema mapping has been configured, start the serv
 | Error      | Resolution |
 | ----------- | ----------- |
 | Could not load file or assembly 'file:///C:\Program Files\Microsoft ECMA2Host\Service\ECMA\Cache\8b514472-c18a-4641-9a44-732c296534e8\Microsoft.IAM.Connector.GenericSql.dll' or one of its dependencies. Access is denied.      | Ensure that the network service account has 'full control' permissions over the cache folder. |
-| Invalid LDAP style of object's DN. DN: [email protected]"   | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
+| Invalid LDAP style of object's DN. DN: [email protected]" or `Target Site: ValidByLdapStyle`  | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
 
 ## Understand incoming SCIM requests
 
@@ -232,7 +233,7 @@ By using Azure AD, you can monitor the provisioning service in the cloud and col
   ```
 
 ### I am getting an Invalid LDAP style DN error when trying to configure the ECMA Connector Host with SQL
-By default, the genericSQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message above, you can see that the DN is a UPN, rather than an LDAP style DN that the connector expects. 
+By default, the generic SQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message `Invalid LDAP style DN` or `Target Site: ValidByLdapStyle`, you may see that the DN field contains a user principal name (UPN), rather than an LDAP style DN that the connector expects.
 
 To resolve this, ensure that **Autogenerated** is selected on the object types page when you configure the connector.
 

articles/active-directory/authentication/overview-authentication.md

@@ -99,7 +99,7 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | ESTSAUTHPERSISTENT | Common | Contains user's session information to facilitate SSO. Persistent. |
 | ESTSAUTHLIGHT | Common  | Contains Session GUID Information. Lite session state cookie used exclusively by client-side JavaScript in order to facilitate OIDC sign-out. Security feature. |
 | SignInStateCookie | Common | Contains list of services accessed to facilitate sign-out. No user information. Security feature. |
-| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). |
+| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). |
 | buid | Common | Tracks browser related information. Used for service telemetry and protection mechanisms. |
 | fpc | Common | Tracks browser related information. Used for tracking requests and throttling. |
 | esctx | Common | Session context cookie information. For CSRF protection. Binds a request to a specific browser instance so the request can't be replayed outside the browser. No user information. |
@@ -116,15 +116,15 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | wlidperf | Common | Client-side cookie (set by JavaScript) that tracks local time for performance purposes. |
 | x-ms-gateway-slice | Common | Azure AD Gateway cookie used for tracking and load balance purposes. |
 | stsservicecookie | Common | Azure AD Gateway cookie also used for tracking purposes. |
-| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](/azure/active-directory/devices/concept-primary-refresh-token) is in use. |
+| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](../devices/concept-primary-refresh-token.md) is in use. |
 | estsStateTransient | Specific | Applicable to new session information model only. Transient. | 
 | estsStatePersistent | Specific | Same as estsStateTransient, but persistent. |
 | ESTSNCLOGIN | Specific | National Cloud Login related Cookie. | 
 | UsGovTraffic | Specific | US Gov Cloud Traffic Cookie. | 
 | ESTSWCTXFLOWTOKEN | Specific | Saves flowToken information when redirecting to ADFS. |
-| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Native flows. | 
-| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Web flows. | 
-| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults) is in use. | 
+| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Native flows. | 
+| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Web flows. | 
+| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md) is in use. | 
 | threxp | Specific | Used for throttling control. | 
 | rrc | Specific | Cookie used to identify a recent B2B invitation redemption. | 
 | debug | Specific | Cookie used to track if user's browser session is enabled for DebugMode. |
@@ -147,4 +147,4 @@ To learn more about multi-factor authentication concepts, see [How Azure AD Mult
 [tutorial-sspr]: tutorial-enable-sspr.md
 [tutorial-azure-mfa]: tutorial-enable-azure-mfa.md
 [concept-sspr]: concept-sspr-howitworks.md
-[concept-mfa]: concept-mfa-howitworks.md
+[concept-mfa]: concept-mfa-howitworks.md

articles/active-directory/cloud-infrastructure-entitlement-management/overview.md

@@ -55,7 +55,7 @@ Customers can right-size permissions based on usage, grant new permissions on-de
 
 ### Monitor
 
-Customers can detect anomalous activities with machine language-powered (ML-powered) alerts and generate detailed forensic reports.
+Customers can detect anomalous activities with machine learning-powered (ML-powered) alerts and generate detailed forensic reports.
 
 - ML-powered anomaly detections.
 - Context-rich forensic reports around identities, actions, and resources to support rapid investigation and remediation.

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -144,6 +144,7 @@ Applications must have the Intune SDK with policy assurance implemented and must
 
 The following client apps are confirmed to support this setting, this list isn't exhaustive and is subject to change:
 
+- iAnnotate for Office 365
 - Microsoft Cortana
 - Microsoft Edge
 - Microsoft Excel
@@ -158,9 +159,11 @@ The following client apps are confirmed to support this setting, this list isn't
 - Microsoft PowerApps
 - Microsoft PowerPoint
 - Microsoft SharePoint
+- Microsoft Stream Mobile Native 2.0
 - Microsoft Teams
 - Microsoft To Do
 - Microsoft Word
+- Microsoft Whiteboard Services
 - Microsoft Field Service (Dynamics 365)
 - MultiLine for Intune
 - Nine Mail - Email and Calendar

articles/active-directory/develop/troubleshoot-publisher-verification.md

@@ -247,11 +247,11 @@ The error message displayed will be: "Due to a configuration change made by your
 
 When a request to add a verified publisher is made, many signals are used to make a security risk assessment. If the user risk state is determined to be ‘AtRisk’, an error, “You're unable to add a verified publisher to this application. Contact your administrator for assistance” will be returned. Please investigate the user risk and take the appropriate steps to remediate the risk (guidance below): 
 
-> [Investigate risk](/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-users)
+> [Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md#risky-users)
 
-> [Remediate risk/unblock users](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock)
+> [Remediate risk/unblock users](../identity-protection/howto-identity-protection-remediate-unblock.md)
 
-> [Self-remediation guidance](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock)
+> [Self-remediation guidance](../identity-protection/howto-identity-protection-remediate-unblock.md)
 
 > Self-serve password reset (SSPR): If the organization allows SSPR, use aka.ms/sspr to reset the password for remediation. Please choose a strong password; Choosing a weak password may not reset the risk state.  
 
@@ -275,4 +275,4 @@ If you've reviewed all of the previous information and are still receiving an er
 - TenantId where app is registered
 - MPN ID
 - REST request being made 
-- Error code and message being returned
+- Error code and message being returned

articles/active-directory/develop/v2-protocols-oidc.md

@@ -71,7 +71,7 @@ The value of `{tenant}` varies based on the application's sign-in audience as sh
 | `8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com` | Only users from a specific Azure AD tenant (directory members with a work or school account or directory guests with a personal Microsoft account) can sign in to the application. <br/><br/>The value can be the domain name of the Azure AD tenant or the tenant ID in GUID format. You can also use the consumer tenant GUID, `9188040d-6c67-4c5b-b112-36a304b66dad`, in place of `consumers`.  |
 
 > [!TIP]
-> Note that when using the `common` or `consumers` authority for personal Microsoft accounts, the consuming resource application must be configured to support such type of accounts in accordance with [signInAudience](/azure/active-directory/develop/supported-accounts-validation).
+> Note that when using the `common` or `consumers` authority for personal Microsoft accounts, the consuming resource application must be configured to support such type of accounts in accordance with [signInAudience](./supported-accounts-validation.md).
 
 You can also find your app's OpenID configuration document URI in its app registration in the Azure portal.
 
@@ -347,4 +347,4 @@ When you redirect the user to the `end_session_endpoint`, the Microsoft identity
 
 * Review the [UserInfo endpoint documentation](userinfo.md).
 * [Populate claim values in a token](active-directory-claims-mapping.md) with data from on-premises systems. 
-* [Include your own claims in tokens](active-directory-optional-claims.md).  
+* [Include your own claims in tokens](active-directory-optional-claims.md).

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

@@ -274,14 +274,14 @@ az identity federated-credential delete --name $ficId --identity-name $uaId --re
 ::: zone pivot="identity-wif-mi-methods-powershell"
 ## Prerequisites
 
-- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](/azure/active-directory/managed-identities-azure-resources/overview). Be sure to review the [difference between a system-assigned and user-assigned managed identity](/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types).
+- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](/azure/role-based-access-control/built-in-roles#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
 - To run the example scripts, you have two options:
   - Use [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open by using the **Try It** button in the upper-right corner of code blocks.
   - Run scripts locally with Azure PowerShell, as described in the next section.
-- [Create a user-assigned manged identity](/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-powershell#list-user-assigned-managed-identities-2) 
+- [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-powershell#list-user-assigned-managed-identities-2) 
 - Find the object ID of the user-assigned managed identity, which you need in the following steps.
 
 ### Configure Azure PowerShell locally