Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-fix

Author: HeidiSteen

articles/active-directory/cloud-infrastructure-entitlement-management/partner-list.md

@@ -31,7 +31,7 @@ Microsoft verified partners can help you onboard Microsoft Entra Permissions Man
 * **Onboarding and Deployment Support**
 
     Partners can guide you through the entire onboarding and deployment process for 
-    ermissions Management across AWS, Azure, and GCP.
+    Permissions Management across AWS, Azure, and GCP.
 
 
 ## Partner list

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -94,7 +94,6 @@ To apply this grant control, the device must be registered in Azure AD, which re
 The following client apps support this setting, this list isn't exhaustive and is subject to change::
 
 - Microsoft Azure Information Protection
-- Microsoft Bookings
 - Microsoft Cortana
 - Microsoft Dynamics 365
 - Microsoft Edge
@@ -114,7 +113,6 @@ The following client apps support this setting, this list isn't exhaustive and i
 - Microsoft PowerPoint
 - Microsoft SharePoint
 - Microsoft Skype for Business
-- Microsoft StaffHub
 - Microsoft Stream
 - Microsoft Teams
 - Microsoft To-Do

articles/active-directory/conditional-access/location-condition.md

@@ -1,6 +1,6 @@
 ---
 title: Location condition in Azure Active Directory Conditional Access
-description: Use the location condition to control access based on user physical or network location.
+description: Learn about creating location-based Conditional Access policies using Azure AD.
 
 services: active-directory
 ms.service: active-directory

articles/active-directory/develop/msal-net-aad-b2c-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 05/07/2020
+ms.date: 02/21/2023
 ms.author: henrymbugua
 ms.reviewer: saeeda, jeferrie
 ms.custom: "devx-track-csharp, aaddev"
@@ -29,9 +29,9 @@ This article applies to MSAL.NET 3.x. For MSAL.NET 2.x, see [Azure AD B2C specif
 
 The authority format for Azure AD B2C is: `https://{azureADB2CHostname}/tfp/{tenant}/{policyName}`
 
-- `azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example, *contosob2c.b2clogin.com*.
-- `tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, *contosob2c.onmicrosoft.com* or a GUID, respectively.
-- `policyName` - The name of the user flow or custom policy to apply. For example, a sign-up/sign-in policy like *b2c_1_susi*.
+- `azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example, _contosob2c.b2clogin.com_.
+- `tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, _contosob2c.onmicrosoft.com_ or a GUID, respectively.
+- `policyName` - The name of the user flow or custom policy to apply. For example, a sign-up/sign-in policy like _b2c_1_susi_.
 
 For more information about Azure AD B2C authorities, see [Set redirect URLs to b2clogin.com](../../active-directory-b2c/b2clogin.md).
 
@@ -77,7 +77,7 @@ catch (MsalUiRequiredException ex)
                         .WithAccount(account)
                         .WithParentActivityOrWindow(ParentActivityOrWindow)
                         .ExecuteAsync();
-}  
+}
 ```
 
 In the preceding code snippet:
@@ -116,12 +116,12 @@ private async void EditProfileButton_Click(object sender, RoutedEventArgs e)
 
 For more information on the ROPC flow, see [Sign in with resource owner password credentials grant](v2-oauth-ropc.md).
 
-The ROPC flow is **not recommended** because asking a user for their password in your application is not secure. For more information about this problem, see [What’s the solution to the growing problem of passwords?](https://news.microsoft.com/features/whats-solution-growing-problem-passwords-says-microsoft/).
+The ROPC flow is **not recommended** because asking a user for their password in your application isn't secure. For more information about this problem, see [What’s the solution to the growing problem of passwords?](https://news.microsoft.com/features/whats-solution-growing-problem-passwords-says-microsoft/).
 
 By using username/password in an ROPC flow, you sacrifice several things:
 
 - Core tenets of modern identity: The password can be fished or replayed because the shared secret can be intercepted. By definition, ROPC is incompatible with passwordless flows.
-- Users who need to do MFA won't be able to sign in (as there is no interaction).
+- Users who use multi-factor authentication (MFA) won't be able to sign in as there's no interaction.
 - Users won't be able to use single sign-on (SSO).
 
 ### Configure the ROPC flow in Azure AD B2C
@@ -137,21 +137,19 @@ AcquireTokenByUsernamePassword(
             SecureString password)
 ```
 
-This `AcquireTokenByUsernamePassword` method takes the following parameters:
+The `AcquireTokenByUsernamePassword` method takes the following parameters:
 
-- The *scopes* for which to obtain an access token.
-- A *username*.
-- A SecureString *password* for the user.
+- The _scopes_ for which to obtain an access token.
+- A _username_.
+- A SecureString _password_ for the user.
 
 ### Limitations of the ROPC flow
 
 The ROPC flow **only works for local accounts**, where your users have registered with Azure AD B2C using an email address or username. This flow doesn't work when federating to an external identity provider supported by Azure AD B2C (Facebook, Google, etc.).
 
 ## Google auth and embedded webview
 
-If you're using Google as an identity provider, we recommend you use the system browser as Google doesn't allow [authentication from embedded webviews](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). Currently, `login.microsoftonline.com` is a trusted authority with Google and will work with embedded webview. However, `b2clogin.com` is not a trusted authority with Google, so users will not be able to authenticate.
-
-We'll provide an update to this [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/688) if things change.
+If you're using Google as an identity provider, we recommend you use the system browser as Google doesn't allow [authentication from embedded webviews](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). Currently, `login.microsoftonline.com` is a trusted authority with Google and will work with embedded webview. However, `b2clogin.com` isn't a trusted authority with Google, so users won't be able to authenticate.
 
 ## Token caching in MSAL.NET
 
@@ -186,6 +184,6 @@ For more information about specifying which claims are returned by your user flo
 
 More details about acquiring tokens interactively with MSAL.NET for Azure AD B2C applications are provided in the following sample.
 
-| Sample | Platform | Description|
-|------ | -------- | -----------|
-|[active-directory-b2c-xamarin-native](https://github.com/Azure-Samples/active-directory-b2c-xamarin-native) | Xamarin iOS, Xamarin Android, UWP | A Xamarin Forms app that uses MSAL.NET to authenticate users via Azure AD B2C and then access a web API with the tokens returned.|
+| Sample                                                                                                      | Platform                          | Description                                                                                                                       |
+| ----------------------------------------------------------------------------------------------------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| [active-directory-b2c-xamarin-native](https://github.com/Azure-Samples/active-directory-b2c-xamarin-native) | Xamarin iOS, Xamarin Android, UWP | A Xamarin Forms app that uses MSAL.NET to authenticate users via Azure AD B2C and then access a web API with the tokens returned. |

articles/active-directory/enterprise-users/licensing-service-plan-reference.md

@@ -424,10 +424,8 @@ The following service plans cannot be assigned together:
 | Service Plan Name | GUID |
 | --- | --- |
 | EXCHANGE_B_STANDARD	| 90927877-dcff-4af6-b346-2332c0b15bb7 |
-| EXCHANGE_L_STANDARD	| d42bdbd6-c335-4231-ab3d-c8f348d5aff5 |
 | EXCHANGE_S_ARCHIVE	| da040e0a-b393-4bea-bb76-928b3fa1cf5a |
 | EXCHANGE_S_DESKLESS	| 4a82b400-a79f-41a4-b4e2-e94f5787b113 |
-| EXCHANGE_S_ENTERPRISE	| efb87545-963c-4e0d-99df-69c6916d9eb0 |
 | EXCHANGE_S_ESSENTIALS	| 1126bef5-da20-4f07-b45e-ad25d2581aa8 |
 | EXCHANGE_S_STANDARD	| 9aaf7827-d63c-4b61-89c3-182f06f82e5c |
 | EXCHANGE_S_STANDARD_MIDMARKET	| fc52cc4b-ed7d-472d-bbe7-b081c23ecc56 |

articles/active-directory/governance/customize-workflow-schedule.md

@@ -14,31 +14,30 @@ ms.reviewer: krbain
 ms.collection: M365-identity-device-management
 ---
 
-# Customize the schedule of workflows (Preview)
+# Customize the schedule of workflows
 
 Workflows created using Lifecycle Workflows can be fully customized to match the schedule that fits your organization's needs. By default, workflows are scheduled to run every 3 hours, but the interval can be set as frequent as 1 hour, or as infrequent as 24 hours.
 
 
-## Customize the schedule of workflows using Microsoft Graph
+## Customize the schedule of workflows using the Azure portal
+
+Workflows created within Lifecycle Workflows follow the same schedule that you define within the **Workflow Settings** page. To adjust the schedule, you'd follow these steps:
 
+1. Sign in to the [Azure portal](https://portal.azure.com).
 
-First, to view the current schedule interval of your workflows, run the following get call:
+1. Select **Identity Governance** on the search bar near the top of the page.
 
-```http
-GET https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/settings
-```
+1. In the left menu, select **Lifecycle workflows (Preview)**.
 
+1. Select **Workflow settings (Preview)** from the Lifecycle workflows overview page.
 
-To customize a workflow in Microsoft Graph, use the following request and body:
-```http
-PATCH https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/settings
-Content-type: application/json
+1. On the workflow settings page you can set the schedule of workflows from an interval between 1-24.
+    :::image type="content" source="media/customize-workflow-schedule/workflow-schedule-settings.png" alt-text="Screenshot of the settings for workflow schedule.":::
+1. After setting the workflow schedule, select save.
 
-{
-"workflowScheduleIntervalInHours":<Interval between 0-24>
-}
+## Customize the schedule of workflows using Microsoft Graph
 
-```
+To schedule workflow settings using API via Microsoft Graph, see: Update lifecycleManagementSettings [tenant settings for Lifecycle Workflows](/graph/api/resources/identitygovernance-lifecyclemanagementsettings).
 
 ## Next steps
 

articles/active-directory/governance/media/customize-workflow-schedule/workflow-schedule-settings.png

@@ -233,7 +233,7 @@ Starting with version 1.2.0, Azure CNI sets Transparent mode as default for sing
 
 ### Bridge mode
 
-As the name suggests, bridge mode Azure CNI, in a "just in time" fashion, will create a L2 bridge named "azure0". All the host side pod `veth` pair interfaces will be connected to this bridge. So Pod-Pod intra VM communication and the remaining traffic goes through this bridge. The bridge in question is a layer 2 virtual device that on its own cannot receive or transmit anything unless you bind one or more real devices to it. For this reason, eth0 of the Linux VM has to be converted into a subordinate to "azure0" bridge. This creates a complex network topology within the Linux VM and as a symptom CNI had to take care of other networking functions like DNS server update and so on.
+As the name suggests, bridge mode Azure CNI, in a "just in time" fashion, will create an L2 bridge named "azure0". All the host side pod `veth` pair interfaces will be connected to this bridge. So Pod-Pod intra VM communication and the remaining traffic goes through this bridge. The bridge in question is a layer 2 virtual device that on its own cannot receive or transmit anything unless you bind one or more real devices to it. For this reason, eth0 of the Linux VM has to be converted into a subordinate to "azure0" bridge. This creates a complex network topology within the Linux VM and as a symptom CNI had to take care of other networking functions like DNS server update and so on.
 
 :::image type="content" source="media/faq/bridge-mode.png" alt-text="Bridge mode topology":::
 

articles/aks/faq.md

@@ -170,14 +170,14 @@ The following command creates the Arc data services extension.
 ##### [Linux](#tab/linux)
 
 ```azurecli
-az k8s-extension create --cluster-name ${clusterName} --resource-group ${resourceGroup} --name ${adsExtensionName} --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade false --scope cluster --release-namespace ${namespace} --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper
+az k8s-extension create --cluster-name ${clusterName} --resource-group ${resourceGroup} --name ${adsExtensionName} --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade false --auto-upgrade-minor-version false --scope cluster --release-namespace ${namespace} --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper
 az k8s-extension show --resource-group ${resourceGroup} --cluster-name ${resourceName} --name ${adsExtensionName} --cluster-type connectedclusters
 ```
 
 ##### [Windows (PowerShell)](#tab/windows)
 
 ```azurecli
-az k8s-extension create --cluster-name $ENV:clusterName --resource-group $ENV:resourceGroup --name $ENV:adsExtensionName --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade false --scope cluster --release-namespace $ENV:namespace --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper
+az k8s-extension create --cluster-name $ENV:clusterName --resource-group $ENV:resourceGroup --name $ENV:adsExtensionName --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade false --auto-upgrade-minor-version false --scope cluster --release-namespace $ENV:namespace --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper
 az k8s-extension show --resource-group $ENV:resourceGroup --cluster-name $ENV:clusterName --name $ENV:adsExtensionName --cluster-type connectedclusters
 ```
 
@@ -188,13 +188,13 @@ az k8s-extension show --resource-group $ENV:resourceGroup --cluster-name $ENV:cl
 Use the below command if you are deploying from your private repository:
 
 ```azurecli
-az k8s-extension create --cluster-name "<connected cluster name>" --resource-group "<resource group>" --name "<extension name>" --cluster-type connectedClusters --extension-type microsoft.arcdataservices --scope cluster --release-namespace "<namespace>" --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper --config imageCredentials.registry=<registry info> --config imageCredentials.username=<username> --config systemDefaultValues.image=<registry/repo/arc-bootstrapper:<imagetag>> --config-protected imageCredentials.password=$ENV:DOCKER_PASSWORD --debug
+az k8s-extension create --cluster-name "<connected cluster name>" --resource-group "<resource group>" --name "<extension name>" --cluster-type connectedClusters -auto-upgrade false --auto-upgrade-minor-version false  --extension-type microsoft.arcdataservices --scope cluster --release-namespace "<namespace>" --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper --config imageCredentials.registry=<registry info> --config imageCredentials.username=<username> --config systemDefaultValues.image=<registry/repo/arc-bootstrapper:<imagetag>> --config-protected imageCredentials.password=$ENV:DOCKER_PASSWORD --debug
 ```
 
 For example:
 
 ```azurecli
-az k8s-extension create --cluster-name "my-connected-cluster" --resource-group "my-resource-group" --name "arc-data-services" --cluster-type connectedClusters --extension-type microsoft.arcdataservices --scope cluster --release-namespace "arc" --config Microsoft.CustomLocation.ServiceAccount=sa-bootstrapper --config imageCredentials.registry=mcr.microsoft.com --config imageCredentials.username=arcuser --config systemDefaultValues.image=mcr.microsoft.com/arcdata/arc-bootstrapper:latest --config-protected imageCredentials.password=$ENV:DOCKER_PASSWORD --debug
+az k8s-extension create --cluster-name "my-connected-cluster" --resource-group "my-resource-group" --name "arc-data-services" --cluster-type connectedClusters -auto-upgrade false --auto-upgrade-minor-version false  --extension-type microsoft.arcdataservices --scope cluster --release-namespace "arc" --config Microsoft.CustomLocation.ServiceAccount=sa-bootstrapper --config imageCredentials.registry=mcr.microsoft.com --config imageCredentials.username=arcuser --config systemDefaultValues.image=mcr.microsoft.com/arcdata/arc-bootstrapper:latest --config-protected imageCredentials.password=$ENV:DOCKER_PASSWORD --debug
 ```
 
 

articles/azure-arc/data/create-data-controller-direct-cli.md

@@ -18,6 +18,7 @@ The following Microsoft-provided Kubernetes distributions and infrastructure pro
 | Cluster API Provider on Azure            | Release version: [0.4.12](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v0.4.12); Kubernetes version: [1.18.2](https://github.com/kubernetes/kubernetes/releases/tag/v1.18.2) |
 | AKS on Azure Stack HCI                   | Release version: [December 2020 Update](https://github.com/Azure/aks-hci/releases/tag/AKS-HCI-2012); Kubernetes version: [1.18.8](https://github.com/kubernetes/kubernetes/releases/tag/v1.18.8) |
 | K8s on Azure Stack Edge                  | Release version: Azure Stack Edge 2207 (2.2.2037.5375); Kubernetes version: [1.22.6](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.6) |
+| AKS Edge Essentials                  | Release version [1.0.406.0]( https://github.com/Azure/AKS-Edge/releases/tag/1.0.406.0); Kubernetes version [1.24.3](https://github.com/kubernetes/kubernetes/releases/tag/v1.24.3) |
 
 The following providers and their corresponding Kubernetes distributions have successfully passed the conformance tests for Azure Arc-enabled Kubernetes: