Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into ez-access

Author: halkazwini

articles/active-directory-b2c/faq.yml

@@ -22,15 +22,11 @@ sections:
       - question: |
           What is Microsoft Entra External ID?
         answer: |
-          We announced an early preview of our next-generation Microsoft Entra External ID solution. This early preview represents an evolutionary step in unifying secure and engaging experiences across all external identities including partners, customers, citizens, patients, and others within a single, integrated platform. For more information about the preview, see [What is Microsoft Entra External ID for customers?](../active-directory/external-identities/customers/overview-customers-ciam.md). 
+          We have released our next generation Microsoft Entra External ID product which combines powerful solutions for working with people outside of your organization. With External ID capabilities, you can allow external identities to securely access your apps and resources. Whether you’re working with external partners, consumers, or business customers, users can bring their own identities. These identities can range from corporate or government-issued accounts to social identity providers like Google or Facebook. For more information, see [Introduction to Microsoft Entra External ID](/entra/external-id/external-identities-overview)
       - question: |
           How does this preview affect me?
         answer: |
-          No action is required on your part at this time. The next-generation platform is currently in early preview only. We remain fully committed to supporting your current Azure AD B2C solution. There are no requirements for Azure AD B2C customers to migrate at this time and no plans to discontinue the current Azure AD B2C service. As the next generation platform approaches GA, details will be made available to all our valued B2C customers on available options including migration to the new platform.
-      - question: |
-          How do I participate in the preview?
-        answer: |
-          As the next-generation platform represents our future for customer identity and access management (CIAM), we welcome and encourage your participation and feedback during early preview. If you're interested in joining the early preview, contact your sales team for details. 
+          No action is required on your part at this time. We remain fully committed to supporting your current Azure AD B2C solution. There are no requirements for Azure AD B2C customers to migrate at this time and no plans to discontinue the current Azure AD B2C service. 
   - name: General
     questions:
       - question: |
@@ -119,7 +115,7 @@ sections:
           Currently, you can’t change the "From:" field on the email.
           
           > [!TIP]
-          > With Azure AD B2C [custom policy](custom-policy-overview.md), you can customize the email Azure AD B2C sends to users, including the "From:" field on the email. The custom email verification requires the use of a third-party email provider like [Mailjet](custom-email-mailjet.md), [SendGrid](custom-email-sendgrid.md), or [SparkPost](https://messagebird.com/email/cloud-sending?sp=true).
+          > With Azure AD B2C [custom policy](custom-policy-overview.md), you can customize the email Azure AD B2C sends to users, including the "From:" field on the email. The custom email verification requires the use of a third-party email provider like [Mailjet](custom-email-mailjet.md) or [SendGrid](custom-email-sendgrid.md).
           
       - question: |
           How can I migrate my existing user names, passwords, and profiles from my database to Azure AD B2C?

articles/active-directory-b2c/media/policy-keys-overview/key-rollover.png

@@ -50,8 +50,8 @@ The top-level resource for policy keys in Azure AD B2C is the **Keyset** contain
 | Attribute |  Required | Remarks |
 | --- | --- |--- |
 | `use` | Yes | Usage: Identifies the intended use of the public key. Encrypting data `enc`, or verifying the signature on data `sig`.|
-| `nbf`| No | Activation date and time. |
-| `exp`| No | Expiration date and time. |
+| `nbf`| No | Activation date and time. An override value can be set manually by admins.|
+| `exp`| No | Expiration date and time. An override value can be set manually by admins.|
 
 We recommend setting the key activation and expiration values according to your PKI standards. You might need to rotate these certificates periodically for security or policy reasons. For example, you might have a policy to rotate all your certificates every year.
 
@@ -72,10 +72,22 @@ If an Azure AD B2C keyset has multiple keys, only one of the keys is active at a
 - The key activation is based on the **activation date**.
   - The keys are sorted by activation date in ascending order. Keys with activation dates further into the future appear lower in the list. Keys without an activation date are located at the bottom of the list.
   - When the current date and time is greater than a key's activation date, Azure AD B2C will activate the key and stop using the prior active key.
-- When the current key's expiration time has elapsed and the key container contains a new key with valid *not before* and *expiration* times, the new key will become active automatically.
+- When the current key's expiration time has elapsed and the key container contains a new key with valid *nbf (not before)* and *exp (expiration)* times, the new key will become active automatically. New tokens will be signed with the newly active key. It is possible to keep an expired key published for token validation until disabled by an admin, but this must be requested by [filing a support request](/azure/active-directory-b2c/find-help-open-support-ticket).
+
 - When the current key's expiration time has elapsed and the key container *does not* contain a new key with valid *not before* and *expiration* times, Azure AD B2C won't be able to use the expired key. Azure AD B2C will raise an error message within a dependant component of your custom policy. To avoid this issue, you can create a default key without activation and expiration dates as a safety net.
 - The key's endpoint (JWKS URI) of the OpenId Connect well-known configuration endpoint reflects the keys configured in the Key Container, when the Key is referenced in the [JwtIssuer Technical Profile](./jwt-issuer-technical-profile.md). An application using an OIDC library will automatically fetch this metadata to ensure it uses the correct keys to validate tokens. For more information, learn how to use [Microsoft Authentication Library](../active-directory/develop/msal-b2c-overview.md), which always fetches the latest token signing keys automatically.
 
+:::image type="content" source="media/policy-keys-overview/key-rollover.png" alt-text="A diagram describing the process for key rollover in Azure AD B2C." lightbox="media/policy-keys-overview/key-rollover.png":::
+
+
+## Key caching
+
+When a key is uploaded, the activation flag on the key is set to false by default. You can then set the state of this key to **Enabled**. If a key enabled and valid (current time is between NBF and EXP), then the key will be used.
+
+### Key state
+
+The activation flag property is modifiable within the Azure portal UX allowing admins to disable a key and take it out of rotation. 
+
 ## Policy key management
 
 To get the current active key within a key container, use the Microsoft Graph API [getActiveKey](/graph/api/trustframeworkkeyset-getactivekey) endpoint.

articles/active-directory-b2c/policy-keys-overview.md

@@ -151,8 +151,8 @@
       href: high-availability.md
     - name: Deploy to multiple Azure regions
       href: api-management-howto-deploy-multi-region.md
-    - name: Enable zone redundancy
-      displayName: Availability zones
+    - name: Enable availability zones
+      displayName: zonal, zone-redundant
       href: ../reliability/migrate-api-mgt.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
     - name: Set up DR using backup/restore
       displayName: disaster, recovery

articles/api-management/TOC.yml

@@ -19,7 +19,7 @@ When adding a region, you configure:
 
 * The number of scale [units](upgrade-and-scale.md) that region will host. 
 
-* Optional [zone redundancy](../reliability/migrate-api-mgt.md), if that region supports it.
+* Optional [availability zones](../reliability/migrate-api-mgt.md), if that region supports it.
 
 * [Virtual network](virtual-network-concepts.md) settings in the added region, if networking is configured in the existing region or regions.
 
@@ -33,7 +33,7 @@ When adding a region, you configure:
 ## Prerequisites
 
 * If you haven't created an API Management service instance, see [Create an API Management service instance](get-started-create-service-instance.md). Select the Premium service tier.
-* If your API Management instance is deployed in a virtual network, ensure that you set up a virtual network and subnet in the location that you plan to add, and within the same subscription. To enable zone redundancy, also set up a new public IP. See [virtual network prerequisites](api-management-using-with-vnet.md#prerequisites).
+* If your API Management instance is deployed in a virtual network, ensure that you set up a virtual network and subnet in the location that you plan to add, and within the same subscription. See [virtual network prerequisites](api-management-using-with-vnet.md#prerequisites).
 
 ## <a name="add-region"> </a>Deploy API Management service to an additional region
 
@@ -184,7 +184,7 @@ This section provides considerations for multi-region deployments when the API M
 
 * Learn more about configuring API Management for [high availability](high-availability.md).
 
-* Learn more about [zone redundancy](../reliability/migrate-api-mgt.md) to improve the availability of an API Management instance in a region.
+* Learn more about configuring [availability zones](../reliability/migrate-api-mgt.md) to improve the availability of an API Management instance in a region.
 
 * For more information about virtual networks and API Management, see:
 

articles/api-management/api-management-howto-deploy-multi-region.md

@@ -36,7 +36,7 @@ Enabling [zone redundancy](../reliability/migrate-api-mgt.md) for an API Managem
 When you enable zone redundancy in a region, consider the number of API Management scale [units](upgrade-and-scale.md) that need to be distributed. Minimally, configure the same number of units as the number of availability zones, or a multiple so that the units are distributed evenly across the zones. For example, if you select 3 availability zones in a region, you could have 3 units so that each zone hosts one unit.
 
 > [!NOTE]
-> Use the [capacity](api-management-capacity.md) metric and your own testing to decide the number of scale units that will provide the gateway performance for your needs. Learn more about [scaling and upgrading](upgrade-and-scale.md) your service instance.
+> Use [capacity metrics](api-management-capacity.md) and your own testing to decide the number of scale units that will provide the gateway performance for your needs. Learn more about [scaling and upgrading](upgrade-and-scale.md) your service instance.
 
 ## Multi-region deployment
 

articles/api-management/high-availability.md

@@ -4,7 +4,7 @@ description: This article tells how to delete and your Automation account across
 services: automation
 ms.service: azure-automation
 ms.subservice: process-automation
-ms.date: 09/09/2024
+ms.date: 10/10/2024
 ms.topic: how-to 
 ---
 
@@ -103,11 +103,11 @@ To delete your Automation account linked to a Log Analytics workspace in support
 
 1. Sign in to Azure at [https://portal.azure.com](https://portal.azure.com).
 
-2. Navigate to your Automation account, and select **Linked workspace** under **Related resources**.
+1. Navigate to your Automation account, and select **Linked workspace**.
 
-3. Select **Go to workspace**.
+1. Under **Related resources**, select **Linked workspace** and then select **Go to workspace**.
 
-4. Select **Solutions** under **General**.
+4. Under **Classic**, select **Legacy solutions**.
 
 5. On the Solutions page, select one of the following based on the feature(s) deployed in the account:
 

articles/automation/delete-account.md

@@ -3,15 +3,15 @@ title: How to create update deployments for Azure Automation Update Management
 description: This article describes how to schedule update deployments and review their status.
 services: automation
 ms.subservice: update-management
-ms.date: 09/15/2024
+ms.date: 10/18/2024
 ms.topic: how-to
 ms.service: azure-automation
 ---
 
 # How to deploy updates and review results
 
 > [!CAUTION]
-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
+> This article references CentOS, a Linux distribution that has reached the End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
 
 [!INCLUDE [./automation-update-management-retirement-announcement.md](../includes/automation-update-management-retirement-announcement.md)]
 

articles/automation/update-management/deploy-updates.md

@@ -5,14 +5,14 @@ services: automation
 ms.subservice: update-management
 ms.custom: linux-related-content
 ms.topic: overview
-ms.date: 09/15/2024
+ms.date: 10/18/2024
 ms.service: azure-automation
 ---
 
 # Manage updates and patches for your VMs
 
 > [!CAUTION]
-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
+> This article references CentOS, a Linux distribution that has reached the End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
 
 [!INCLUDE [./automation-update-management-retirement-announcement.md](../includes/automation-update-management-retirement-announcement.md)]
 

articles/automation/update-management/manage-updates-for-vm.md

@@ -4,15 +4,15 @@ description: This article provides an overview of the Update Management feature
 services: automation
 ms.subservice: update-management
 ms.custom: linux-related-content
-ms.date: 09/15/2024
+ms.date: 10/18/2024
 ms.topic: overview
 ms.service: azure-automation
 ---
 
 # Update Management overview
 
 > [!CAUTION]
-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
+> This article references CentOS, a Linux distribution that has reached the End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life).
 
 [!INCLUDE [./automation-update-management-retirement-announcement.md](../includes/automation-update-management-retirement-announcement.md)]