Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into v-ssaunders-quickstart-logs-metrics-tracing

Author: SteveSaunders1952

articles/active-directory-b2c/extensions-app.md

@@ -36,6 +36,7 @@ If you accidentally deleted the `b2c-extensions-app`, you have 30 days to recove
 > [!NOTE]
 > An application can only be restored if it has been deleted within the last 30 days. If it has been more than 30 days, data will be permanently lost. For more assistance, file a support ticket.
 
+<!--Hide portal steps until SP bug is fixed
 ### Recover the extensions app using the Azure portal
 
 1. Sign in to your Azure AD B2C tenant.
@@ -44,18 +45,18 @@ If you accidentally deleted the `b2c-extensions-app`, you have 30 days to recove
 1. Select **Restore app registration**.
 
 You should now be able to [see the restored app](#verifying-that-the-extensions-app-is-present) in the Azure portal.
-
+-->
 ### Recover the extensions app using Microsoft Graph
-To restore the app using Microsoft Graph, you must restore both the application and the service principal.
+To restore the app using Microsoft Graph, you must restore both the application object and the service principal. For more information, see the [Restore deleted item](/graph/api/directory-deleteditems-restore) API.
 
-To restore the application:
+To restore the application object:
 1. Browse to [https://developer.microsoft.com/en-us/graph/graph-explorer](https://developer.microsoft.com/en-us/graph/graph-explorer).
 1. Log in to the site as a global administrator for the Azure AD B2C directory that you want to restore the deleted app for. This global administrator must have an email address similar to the following: `username@{yourTenant}.onmicrosoft.com`.
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.application`. This operation will list all of the applications that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.application?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the application in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
 1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.]
 
-To restore the service principal:
+To restore the service principal object:
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.servicePrincipal`. This operation will list all of the service principals that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the service principal in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
 1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 07/26/2022
+ms.date: 08/08/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -36,7 +36,7 @@ All policies are enforced in two phases:
    - Use the session details gathered in phase 1 to identify any requirements that haven't been met. 
    - If there's a policy that is configured to block access, with the block grant control, enforcement will stop here and the user will be blocked. 
    - The user will be prompted to complete more grant control requirements that weren't satisfied during phase 1 in the following order, until policy is satisfied:  
-      - [Multi-factor authentication​](concept-conditional-access-grant.md#require-multifactor-authentication)
+      - [Multi-factor authentication​](concept-conditional-access-grant.md#require-multi-factor-authentication)
       - [Device to be marked as compliant](./concept-conditional-access-grant.md#require-device-to-be-marked-as-compliant)
       - [Hybrid Azure AD joined device](./concept-conditional-access-grant.md#require-hybrid-azure-ad-joined-device)
       - [Approved client app](./concept-conditional-access-grant.md#require-approved-client-app)

articles/active-directory/conditional-access/concept-conditional-access-policies.md

@@ -81,7 +81,7 @@ The public preview supports the following scenarios:
 
 - Require user reauthentication during [Intune device enrollment](/mem/intune/fundamentals/deployment-guide-enrollment), regardless of their current MFA status.
 - Require user reauthentication for risky users with the [require password change](concept-conditional-access-grant.md#require-password-change) grant control.
-- Require user reauthentication for risky sign-ins with the [require multifactor authentication](concept-conditional-access-grant.md#require-multifactor-authentication) grant control.
+- Require user reauthentication for risky sign-ins with the [require multifactor authentication](concept-conditional-access-grant.md#require-multi-factor-authentication) grant control.
 
 When administrators select **Every time**, it will require full reauthentication when the session is evaluated.
 

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -27,7 +27,7 @@ Hybrid Azure AD joined devices require network line of sight to your on-premises
 | **Primary audience** | Suitable for hybrid organizations with existing on-premises AD infrastructure |
 |   | Applicable to all users in an organization |
 | **Device ownership** | Organization |
-| **Operating Systems** | Windows 11, Windows 10 or 8.1 |
+| **Operating Systems** | Windows 11, Windows 10 or 8.1 except Home editions |
 |   | Windows Server 2008/R2, 2012/R2, 2016, 2019 and 2022 |
 | **Provisioning** | Windows 11, Windows 10, Windows Server 2016/2019/2022 |
 |   | Domain join by IT and autojoin via Azure AD Connect or ADFS config |

articles/active-directory/devices/concept-azure-ad-join-hybrid.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/12/2022
+ms.date: 08/08/2022
 ms.custom: "it-pro, seodec18, references_regions"
 ms.collection: M365-identity-device-management
 ---
@@ -21,9 +21,7 @@ Azure Active Directory (Azure AD) stores its Customer Data in a geographical loc
 
 For information about where Azure AD and other Microsoft services' data is located, see the [Where your data is located](https://www.microsoft.com/trust-center/privacy/data-location) section of the Microsoft Trust Center.
 
-From April 15, 2022, Microsoft began storing Azure AD’s Customer Data for new tenants with a Japan billing address within the Japanese datacenters. From April 15, 2022 to June 30, 2022 a backup copy of the Azure AD’s Customer Data for these new tenants will be stored in Asia to ensure a smooth transition to the Japanese datacenters. This copy will be destroyed on June 30, 2022.
-
-Additionally, certain Azure AD features do not yet support storage of Customer Data in Japan. Please go to the [Azure AD data map](https://msit.powerbi.com/view?r=eyJrIjoiYzEyZTc5OTgtNTdlZS00ZTVkLWExN2ItOTM0OWU4NjljOGVjIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9), for specific feature information. For example, Microsoft Azure AD Multi-Factor Authentication stores Customer Data in the US and processes it globally. See [Data residency and customer data for Azure AD Multi-Factor Authentication](../authentication/concept-mfa-data-residency.md).
+Additionally, certain Azure AD features do not yet support storage of Customer Data in Japan. Please go to the [Azure AD data map](https://aka.ms/aaddatamap), for specific feature information. For example, Microsoft Azure AD Multi-Factor Authentication stores Customer Data in the US and processes it globally. See [Data residency and customer data for Azure AD Multi-Factor Authentication](../authentication/concept-mfa-data-residency.md).
 
 > [!NOTE]
 > Microsoft products, services, and third-party applications that integrate with Azure AD have access to Customer Data. Evaluate each product, service, and application you use to determine how Customer Data is processed by that specific product, service, and application, and whether they meet your company's data storage requirements. For more information about Microsoft services' data residency, see the [Where your data is located](https://www.microsoft.com/trust-center/privacy/data-location) section of the Microsoft Trust Center.

articles/active-directory/fundamentals/active-directory-data-storage-japan.md

@@ -3,7 +3,7 @@ title: Tutorial - Manage access to resources in Azure AD entitlement management
 description: Step-by-step tutorial for how to create your first access package using the Azure portal in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
-author: owinfreyatl
+author: owinfreyATL
 manager: karenhoran
 editor: markwahl-msft
 ms.service: active-directory