Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into mrb_05_12_2022_ma

Author: mrbullwinkle

articles/active-directory-b2c/custom-domain.md

@@ -43,9 +43,10 @@ To enable sign-in for users with a Google account in Azure Active Directory B2C
 1. In the upper-left corner of the page, select the project list, and then select **New Project**.
 1. Enter a **Project Name**, select **Create**.
 1. Make sure you are using the new project by selecting the project drop-down in the top-left of the screen. Select your project by name, then select **Open**.
-1. In the left menu, select **OAuth consent screen**, select **External**, and then select **Create**.
+1. In the left menu, select **APIs and services** and then **OAuth consent screen**. Select **External** and then select **Create**.
     1. Enter a **Name** for your application. 
     1. Select a **User support email**. 
+    1. In the **App domain** section, enter a link to your **Application home page**, a link to your **Application privacy policy**, and a link to your **Application terms of service**.
     1. In the **Authorized domains** section, enter *b2clogin.com*.
     1. In the **Developer contact information** section, enter comma separated emails for Google to notify you about any changes to your project. 
     1. Select **Save**.
@@ -199,4 +200,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 - Check out the Google federation [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#google), and how to pass Google access token [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#google-with-access-token)
 
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/identity-provider-google.md

@@ -31,6 +31,9 @@ Many of the following examples use tools like [Managed Identities](../managed-id
 
 ### PowerShell
 
+> [!IMPORTANT]
+> Due to the planned deprecation of PowerShell modules (MSOL & AAD) after December 2022, no further updates are planned for these modules to support new Conditional Access features. See recent announcements for more information: https://aka.ms/AzureADPowerShellDeprecation. New Conditional Access features may not be available or may not be functional within these PowerShell modules as a result of this announcement. Please consider [migrating to Microsoft Graph PowerShell](https://aka.ms/MigrateMicrosoftGraphPowerShell). Additional guidance and examples will be released soon.
+
 For many administrators, PowerShell is already an understood scripting tool. The following example shows how to use the [Azure AD PowerShell module](https://www.powershellgallery.com/packages/AzureAD) to manage Conditional Access policies.
 
 - [Configure Conditional Access policies with Azure AD PowerShell commands](https://github.com/Azure-Samples/azure-ad-conditional-access-apis/tree/main/01-configure/powershell)

articles/active-directory-b2c/media/custom-domain/azure-front-door-route-status.png

@@ -45,6 +45,7 @@ Here are some ways you can use workload identities:
 - Review service principals and applications that are assigned to privileged directory roles in Azure AD using [access reviews for service principals](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md).
 - Access Azure AD protected resources without needing to manage secrets (for supported scenarios) using [workload identity federation](workload-identity-federation.md).
 - Apply Conditional Access policies to service principals owned by your organization using [Conditional Access for workload identities](../conditional-access/workload-identity.md).
+- Secure workload identities with [Identity Protection](../identity-protection/concept-workload-identity-risk.md).
 
 ## Next steps
 

articles/active-directory-b2c/media/custom-domain/enable-the-route.png

@@ -99,7 +99,7 @@ Here are some example license scenarios to help you determine the number of lice
 | An administrator creates an access review of Group C with 50 member users and 25 guest users. Makes it a self-review. | 50 licenses for each user as self-reviewers.* | 50 |
 | An administrator creates an access review of Group D with 6 member users and 108 guest users. Makes it a self-review. | 6 licenses for each user as self-reviewers. Guest users are billed on a monthly active user (MAU) basis. No additional licenses are required. *  | 6 |
 
-\* Azure AD External Identities (guest user) pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month. This model replaces the 1:5 ratio billing model, which allowed up to five guest users for each Azure AD Premium license in your tenant. When your tenant is linked to a subscription and you use External Identities features to collaborate with guest users, you'll be automatically billed using the MAU-based billing model. For more information, see Billing model for Azure AD External Identities.
+\* Azure AD External Identities (guest user) pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month. This model replaces the 1:5 ratio billing model, which allowed up to five guest users for each Azure AD Premium license in your tenant. When your tenant is linked to a subscription and you use External Identities features to collaborate with guest users, you'll be automatically billed using the MAU-based billing model. For more information, see [Billing model for Azure AD External Identities](../external-identities/external-identities-pricing.md).
 
 ## Next steps
 

articles/active-directory/conditional-access/howto-conditional-access-apis.md

@@ -167,7 +167,10 @@ Here are some example license scenarios to help you determine the number of lice
 | Scenario | Calculation | Number of licenses |
 | --- | --- | --- |
 | A Global Administrator at Woodgrove Bank creates initial catalogs and delegates administrative tasks to 6 other users. One of the policies specifies that **All employees** (2,000 employees) can request a specific set of access packages. 150 employees request the access packages. | 2,000 employees who **can** request the access packages | 2,000 |
-| A Global Administrator at Woodgrove Bank creates initial catalogs and delegates administrative tasks to 6 other users. One of the policies specifies that **All employees** (2,000 employees) can request a specific set of access packages. Another policy specifies that some users from **Users from partner Contoso** (guests) can request the same access packages subject to approval. Contoso has 30,000 users. 150 employees request the access packages and 10,500 users from Contoso request access. | 2,000 employees + 500 guest users from Contoso that exceed the 1:5 ratio (10,500 - (2,000 * 5)) | 2,500 |
+| A Global Administrator at Woodgrove Bank creates initial catalogs and delegates administrative tasks to 6 other users. One of the policies specifies that **All employees** (2,000 employees) can request a specific set of access packages. Another policy specifies that some users from **Users from partner Contoso** (guests) can request the same access packages subject to approval. Contoso has 30,000 users. 150 employees request the access packages and 10,500 users from Contoso request access. | 2,000 employees need licenses, guest users are billed on a monthly active user basis and no additional licenses are required for them. * | 2,000 |
+
+\* Azure AD External Identities (guest user) pricing is based on monthly active users (MAU), which is the count of unique users with authentication activity within a calendar month. This model replaces the 1:5 ratio billing model, which allowed up to five guest users for each Azure AD Premium license in your tenant. When your tenant is linked to a subscription and you use External Identities features to collaborate with guest users, you'll be automatically billed using the MAU-based billing model. For more information, see [Billing model for Azure AD External Identities](../external-identities/external-identities-pricing.md).
+
 
 ## Next steps
 

articles/active-directory/develop/workload-identities-overview.md

@@ -16,7 +16,7 @@ ms.reviewer: davidmu
 
 # Understand how users are assigned to apps
 
-This article help you to understand how users get assigned to an application in your tenant.
+This article helps you to understand how users get assigned to an application in your tenant.
 
 ## How do users get assigned an application in Azure AD?
 
@@ -34,6 +34,7 @@ There are several ways a user can be assigned an application. Assignment can be
 * An administrator enables [Self-service Application Access](./manage-self-service-access.md) to allow a user to add an application using [My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510) **Add App** feature, but only **with prior approval from a selected set of business approvers**
 * An administrator enables [Self-service Group Management](../enterprise-users/groups-self-service-management.md) to allow a user to join a group that an application is assigned to **without business approval**
 * An administrator enables [Self-service Group Management](../enterprise-users/groups-self-service-management.md) to allow a user to join a group that an application is assigned to, but only **with prior approval from a selected set of business approvers**
+* One of the application's roles is included in an [entitlement management access package](../governance/entitlement-management-access-package-resources.md), and a user requests or is assigned to that access package
 * An administrator assigns a license to a user directly, for a Microsoft service such as [Microsoft 365](https://products.office.com/)
 * An administrator assigns a license to a group that the user is a member of, for a Microsoft service such as [Microsoft 365](https://products.office.com/)
 * A user [consents to an application](consent-and-permissions-overview.md#user-consent) on behalf of themselves.

articles/active-directory/governance/access-reviews-overview.md

@@ -55,8 +55,8 @@ For each month, we truncate the SLA attainment at three places after the decimal
 | ---       | ---     | ---     |
 | January   |         | 99.999% |
 | February  | 99.999% | 99.999% |
-| March     | 99.568% |         |
-| April     | 99.999% |         |
+| March     | 99.568% | 99.999% |
+| April     | 99.999% | 99.999% |
 | May       | 99.999% |         |
 | June      | 99.999% |         |
 | July      | 99.999% |         |
@@ -89,4 +89,4 @@ All incidents that seriously impact Azure AD performance are documented in the [
 
 * [Azure AD reports overview](overview-reports.md)
 * [Programmatic access to Azure AD reports](concept-reporting-api.md)
-* [Azure Active Directory risk detections](../identity-protection/overview-identity-protection.md)
+* [Azure Active Directory risk detections](../identity-protection/overview-identity-protection.md)