Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory/conditional-access/overview.md

@@ -6,15 +6,15 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 11/07/2022
+ms.date: 02/13/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: amycolannino
 ms.reviewer: calebb
 
 ms.collection: M365-identity-device-management
-ms.custom: contperf-fy20q4, azuread-video-2020
+ms.custom: zt-include
 ---
 # What is Conditional Access?
 
@@ -97,6 +97,8 @@ When licenses required for Conditional Access expire, policies aren't automatica
 
 [Security defaults](../fundamentals/concept-fundamentals-security-defaults.md) help protect against identity-related attacks and are available for all customers.  
 
+[!INCLUDE [active-directory-zero-trust](../../../includes/active-directory-zero-trust.md)]
+
 ## Next steps
 
 - [Building a Conditional Access policy piece by piece](concept-conditional-access-policies.md)

articles/active-directory/external-identities/b2b-tutorial-require-mfa.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: tutorial
-ms.date: 01/07/2022
+ms.date: 02/03/2023
 
 ms.author: cmulligan
 author: csmulligan
@@ -50,7 +50,7 @@ If you don’t have an Azure subscription, create a [free account](https://azure
 
 To complete the scenario in this tutorial, you need:
 
-- **Access to Azure AD Premium edition**, which includes Conditional Access policy capabilities. To enforce MFA, you need to create an Azure AD Conditional Access policy. MFA policies are always enforced at your organization, regardless of whether the partner has MFA capabilities.
+- **Access to [Azure AD Premium edition](/security/business/identity-access/azure-active-directory-pricing)**, which includes Conditional Access policy capabilities. To enforce MFA, you need to create an Azure AD Conditional Access policy. MFA policies are always enforced at your organization, regardless of whether the partner has MFA capabilities.
 - **A valid external email account** that you can add to your tenant directory as a guest user and use to sign in. If you don't know how to create a guest account, see [Add a B2B guest user in the Azure portal](add-users-administrator.md).
 
 ## Create a test guest user in Azure AD

articles/active-directory/external-identities/current-limitations.md

@@ -6,14 +6,16 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 01/31/2022
+ms.date: 02/13/2023
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 ms.reviewer: elisolMS
 
-ms.collection: M365-identity-device-management
+ms.collection: content-health, M365-identity-device-management
+
+# Customer intent: As a tenant administrator, I want to know about the current limitations for Azure AD B2B collaboration. 
 ---
 
 # Limitations of Azure AD B2B collaboration
@@ -23,7 +25,7 @@ Azure Active Directory (Azure AD) B2B collaboration is currently subject to the
 With Azure AD B2B, you can enforce multi-factor authentication at the resource organization (the inviting organization). The reasons for this approach are detailed in [Conditional Access for B2B collaboration users](authentication-conditional-access.md). If a partner already has multi-factor authentication set up and enforced, their users might have to perform the authentication once in their home organization and then again in yours.
 
 ## Instant-on
-In the B2B collaboration flows, we add users to the directory and dynamically update them during invitation redemption, app assignment, and so on. The updates and writes ordinarily happen in one directory instance and must be replicated across all instances. Replication is completed once all instances are updated. Sometimes when the object is written or updated in one instance and the call to retrieve this object is to another instance, replication latencies can occur. If that happens, refresh or retry to help. If you are writing an app using our API, then retries with some back-off is a good, defensive practice to alleviate this issue.
+In the B2B collaboration flows, we add users to the directory and dynamically update them during invitation redemption, app assignment, and so on. The updates and writes ordinarily happen in one directory instance and must be replicated across all instances. Replication is completed once all instances are updated. Sometimes when the object is written or updated in one instance and the call to retrieve this object is to another instance, replication latencies can occur. If that happens, refresh or retry to help. If you're writing an app using our API, then retries with some back-off is a good, defensive practice to alleviate this issue.
 
 ## Azure AD directories
 Azure AD B2B is subject to Azure AD service directory limits. For details about the number of directories a user can create and the number of directories to which a user or guest user can belong, see [Azure AD service limits and restrictions](../enterprise-users/directory-service-limits-restrictions.md).

articles/active-directory/hybrid/migrate-from-federation-to-cloud-authentication.md

@@ -429,6 +429,8 @@ Your support team should understand how to troubleshoot any authentication issue
 
 Migration requires assessing how the application is configured on-premises, and then mapping that configuration to Azure AD.
 
+> [!VIDEO https://www.youtube.com/embed/D0M-N-RQw0I]
+
 If you plan to keep using AD FS with on-premises & SaaS Applications using SAML / WS-FED or Oauth protocol, you'll use both AD FS and Azure AD after you convert the domains for user authentication. In this case, you can protect your on-premises applications and resources with Secure Hybrid Access (SHA) through [Azure AD Application Proxy](../app-proxy/what-is-application-proxy.md) or one of [Azure AD partner integrations](../manage-apps/secure-hybrid-access.md). Using Application Proxy or one of our partners can provide secure remote access to your on-premises applications. Users benefit by easily connecting to their applications from any device after a [single sign-on](../manage-apps/add-application-portal-setup-sso.md).
 
 You can move SaaS applications that are currently federated with ADFS to Azure AD. Reconfigure to authenticate with Azure AD either via a built-in connector from the [Azure App gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps), or by [registering the application in Azure AD](../develop/quickstart-register-app.md).

articles/active-directory/reports-monitoring/overview-recommendations.md

@@ -1,5 +1,5 @@
 ---
-title: What is Azure Active Directory recommendations? | Microsoft Docs
+title: What are Azure Active Directory recommendations? | Microsoft Docs
 description: Provides a general overview of Azure Active Directory recommendations.
 services: active-directory
 author: shlipsey3
@@ -9,7 +9,7 @@ ms.topic: overview
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 02/07/2023
+ms.date: 02/13/2023
 ms.author: sarahlipsey
 ms.reviewer: hafowler  
 ms.collection: M365-identity-device-management
@@ -18,29 +18,29 @@ ms.collection: M365-identity-device-management
 
 ---
 
-# What is Azure Active Directory recommendations?
+# What are Azure Active Directory recommendations?
 
-Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure Active Directory (Azure AD) recommendations feature helps monitor the status of your tenant so you don't have to. Azure AD recommendations helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.
+Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure Active Directory (Azure AD) recommendations feature helps monitor the status of your tenant so you don't have to. The Azure AD recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.
 
 The Azure AD recommendations feature provides you with personalized insights with actionable guidance to:
 
 - Help you identify opportunities to implement best practices for Azure AD-related features.
 - Improve the state of your Azure AD tenant.
 - Optimize the configurations for your scenarios.
 
-This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant's recommendations, and their associated resources periodically. 
+This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant's Azure AD recommendations, and their associated resources periodically. 
 
 ## What it is 
 
-Azure AD recommendations is the Azure AD specific implementation of [Azure Advisor](../../advisor/advisor-overview.md), which is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. Azure Advisor analyzes your resource configuration and usage data to recommend solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
+The Azure AD recommendations feature is the Azure AD specific implementation of [Azure Advisor](../../advisor/advisor-overview.md), which is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. Azure Advisor analyzes your resource configuration and usage data to recommend solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
 
-*Azure AD recommendations* uses similar data to support you with the roll-out and management of Microsoft's best practices for Azure AD tenants to keep your tenant in a secure and healthy state. Azure AD recommendations provide a holistic view into your tenant's security, health, and usage. 
+*Azure AD recommendations* use similar data to support you with the roll-out and management of Microsoft's best practices for Azure AD tenants to keep your tenant in a secure and healthy state. Azure AD recommendations provide a holistic view into your tenant's security, health, and usage. 
 
 ## How it works
 
-On a daily basis, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the **Recommendations** section of the Azure AD Overview area. Recommendations are listed in order of priority so you can quickly determine where to focus first. 
+On a daily basis, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the **Recommendations** section of the Azure AD Overview area. The recommendations are listed in order of priority so you can quickly determine where to focus first. 
 
-Recommendations contain a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is *Tenant level*. so your step-by-step action plan impacts the entire tenant and not just a specific resource.
+Each recommendation contains a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is *Tenant level*. so your step-by-step action plan impacts the entire tenant and not just a specific resource.
 
 ![Screenshot of the Overview page of the tenant with the Recommendations option highlighted.](./media/overview-recommendations/recommendations-preview-option-tenant-overview.png)
 
@@ -60,7 +60,7 @@ The **Priority** of a recommendation could be low, medium, or high. These values
 - **Medium**: Should do. No severe risk if action isn't taken.
 - **Low**: Might do. No security risks or health concerns if action isn't taken.
 
-The **Impacted resources** for a recommendation could be things like applications or users. This detail gives you an idea of what type of resources you'll need to address. The impacted resource could also be at the tenant level, so you may need to make a global change. 
+The **Impacted resources** for a recommendation could be things like applications or users. This detail gives you an idea of what type of resources you need to address. The impacted resource could also be at the tenant level, so you may need to make a global change. 
 
 The **Status description** tells you the date the recommendation status changed and if it was changed by the system or a user.
 
@@ -84,7 +84,7 @@ The following roles provide *update and read-only* access to recommendations:
 - Cloud apps Administrator
 - Apps Administrator
 
-Azure AD recommendations is automatically enabled. If you'd like to disable this feature, go to **Azure AD** > **Preview features**. Locate the **Recommendations** feature, and change the **State**.
+The Azure AD recommendations feature is automatically enabled. If you'd like to disable this feature, go to **Azure AD** > **Preview features**. Locate the **Recommendations** feature, and change the **State**.
 
 Azure AD only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed. Some recommendations are available in all tenants, regardless of the license type, but others require the [Workload Identities premium license](../identity-protection/concept-workload-identity-risk.md). 
 
@@ -99,17 +99,6 @@ The recommendations listed in the following table are available to all Azure AD
 | [Migrate to Microsoft Authenticator](recommendation-migrate-to-authenticator.md) | Users | Preview |
 | [Minimize MFA prompts from known devices](recommendation-migrate-apps-from-adfs-to-azure-ad.md)  | Users | Generally available |
 
-### Recommendations available for Workload Identities premium licenses
-
-The recommendations listed in the following table are available to Azure AD tenants with a Workload Identities premium license. 
-
-| Recommendation  | Impacted resources | Availability |
-|---- |---- |---- |
-| Remove unused applications | Applications | Preview |
-| Remove unused credentials from applications | Applications | Preview |
-| Renew expiring application credentials | Applications | Preview |
-| Renew expiring service principal credentials | Applications | Preview |
-
 ## How to use Azure AD recommendations
 
 1. Go to **Azure AD** > **Recommendations**.
@@ -120,11 +109,16 @@ The recommendations listed in the following table are available to Azure AD tena
 
 1. Follow the **Action plan**.
 
-1. If applicable, right-click on a resource in a recommendation, select **Mark as**, then select a status.
+1. If applicable, *right-click on the status* of a resource in a recommendation, select **Mark as**, then select a status.
 
+    - The status for the resource appears as regular text, but you can right-click on the status to open the menu.
+    - You can set each resource to a different status as needed.
+    
     ![Screenshot of the status options for a resource.](./media/overview-recommendations/resource-mark-as-option.png)
 
-1. If you need to manually change the status of a recommendation, select **Mark as** from the top of the page and select a status.
+1. The recommendation service automatically marks the recommendation as complete, but if you need to manually change the status of a recommendation, select **Mark as** from the top of the page and select a status.
+
+    ![Screenshot of the Mark as options, to highlight the difference from the resource menu.](./media/overview-recommendations/recommendations-object.png)
 
     - Mark a recommendation as **Completed** if all impacted resources have been addressed.
         - Active resources may still appear in the list of resources for manually completed recommendations. If the resource is completed, the service will update the status the next time the service runs. 

articles/active-directory/reports-monitoring/toc.yml

@@ -139,7 +139,7 @@ items:
       - name: Multifactor authentication gaps 
         href: workbook-mfa-gaps.md
 
-- name: Recommendations
+- name: Azure AD Recommendations
   items:
     - name: Switch to Conditional Access MFA
       href: recommendation-turn-off-per-user-mfa.md

articles/azure-arc/data/backup-restore-postgresql.md

@@ -13,6 +13,35 @@ ms.topic: how-to
 
 # Back up and restore Azure Arc-enabled PostgreSQL servers
 
-Automated backups can be enabled by including the `--storage-class-backups` argument when creating an Azure Arc-enabled PostgreSQL server. Restore is not supported in the current preview release.
+Automated backups can be enabled by including the `--storage-class-backups` argument when creating an Azure Arc-enabled PostgreSQL server. Specify the retention period for backups with the `--retention-days` parameter, when creating or updating an Arc-enabled PostgreSQL server. The retention period can be between 0 and 35 days. If backups are enabled but no retention period is specified, the default is seven days.
+
+Restoring an Azure Arc-enable PostgreSQL server creates a new server by copying the configuration of the existing server (for example resource requests/limits, extensions etc.). Configurations that could cause conflicts (for example primary endpoint port) aren't copied. The storage configuration for the new resource can be defined by passing `--storage-class*` and `--volume-size-*` parameters to the `restore` command.
+
+Restore an Azure Arc-enabled PostgreSQL server to a new server with the `restore` command:
+```azurecli
+az postgres server-arc restore -n <destination-server-name> --source-server <source-server-name> --k8s-namespace <namespace> --use-k8s
+```
+
+## Examples:
+
+Create a new Arc-enabled PostgreSQL server `pg02` by restoring `pg01` using the latest backups:
+```azurecli
+az postgres server-arc restore -n pg02 --source-server pg01 --k8s-namespace arc --use-k8s
+```
+
+Create a new Arc-enabled PostgreSQL server `pg02` by restoring `pg01` using the latest backups, defining new storage requirements for pg02:
+```azurecli
+az postgres server-arc restore -n pg02 --source-server pg01 --k8s-namespace arc --storage-class-data azurefile-csi-premium --volume-size-data 10Gi --storage-class-logs azurefile-csi-premium --volume-size-logs 2Gi--use-k8s --storage-class-backups azurefile-csi-premium --volume-size-backups 15Gi
+```
+
+Create a new Arc-enabled PostgreSQL server `pg02` by restoring `pg01` to its state at `2023-02-01T00:00:00Z`:
+```azurecli
+az postgres server-arc restore -n pg02 --source-server pg01 --k8s-namespace arc -t 2023-02-01T00:00:00Z --use-k8s
+```
+
+For details about all the parameters available for restore review the output of the command:
+```azurecli
+az postgres server-arc restore --help
+```
 
 - Read about [scaling up or down (increasing/decreasing memory/vcores)](scale-up-down-postgresql-server-using-cli.md) your server.