Merge pull request #223530 from MicrosoftDocs/main

1/10 AM Publish

Author: huypub

articles/active-directory-b2c/configure-tokens.md

@@ -94,7 +94,7 @@ The following values are set in the previous example:
 
 - **token_lifetime_secs** -  Access token lifetimes (seconds). The default is 3,600 (1 hour). The minimum is 300 (5 minutes). The maximum is 86,400 (24 hours). 
 - **id_token_lifetime_secs** -  ID token lifetimes (seconds). The default is 3,600 (1 hour). The minimum  is 300 (5 minutes). The maximum is 86,400 (24 hours). 
-- **refresh_token_lifetime_secs** Refresh token lifetimes (seconds). The default is 120,9600 (14 days). The minimum is 86,400 (24 hours). The maximum  is 7,776,000 (90 days). 
+- **refresh_token_lifetime_secs** Refresh token lifetimes (seconds). The default is 1,209,600 (14 days). The minimum is 86,400 (24 hours). The maximum  is 7,776,000 (90 days). 
 - **rolling_refresh_token_lifetime_secs** - Refresh token sliding window lifetime (seconds). The default is 7,776,000 (90 days). The minimum is 86,400 (24 hours). The maximum  is 31,536,000  (365 days). If you don't want to enforce a sliding window lifetime, set the value of `allow_infinite_rolling_refresh_token` to `true`. 
 - **allow_infinite_rolling_refresh_token** - Refresh token sliding window lifetime never expires. 
 
@@ -238,4 +238,4 @@ When using the [OAuth 2.0 authorization code flow](authorization-code-flow.md),
 ## Next steps
 
 - Learn more about how to [request access tokens](access-tokens.md).
-- Learn how to build [Resilience through developer best practices](../active-directory/fundamentals/resilience-b2c-developer-best-practices.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json).
+- Learn how to build [Resilience through developer best practices](../active-directory/fundamentals/resilience-b2c-developer-best-practices.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json).

articles/active-directory/authentication/concept-authentication-oath-tokens.md

@@ -30,7 +30,7 @@ Some OATH TOTP hardware tokens are programmable, meaning they don't come with a
 
 ## OATH hardware tokens (Preview)
 
-Azure AD supports the use of OATH-TOTP SHA-1 tokens that refresh codes every 30 or 60 seconds. Customers can purchase these tokens from the vendor of their choice. 
+Azure AD supports the use of OATH-TOTP SHA-1 tokens that refresh codes every 30 or 60 seconds. Customers can purchase these tokens from the vendor of their choice. Hardware OATH tokens are available for users with an Azure AD Premium P1 or P2 license.  
 
 OATH TOTP hardware tokens typically come with a secret key, or seed, pre-programmed in the token. These keys must be input into Azure AD as described in the following steps. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret key can only contain the characters *a-z* or *A-Z* and digits *2-7*, and must be encoded in *Base32*.
 

articles/active-directory/devices/concept-azure-ad-join.md

@@ -26,7 +26,7 @@ Any organization can deploy Azure AD joined devices no matter the size or indust
 |   | Applicable to all users in an organization |
 | **Device ownership** | Organization |
 | **Operating Systems** | All Windows 11 and Windows 10 devices except Home editions |
-|   | [Windows Server 2019 Virtual Machines running in Azure](howto-vm-sign-in-azure-ad-windows.md) (Server core isn't supported) |
+|   | [Windows Server 2019 and newer Virtual Machines running in Azure](howto-vm-sign-in-azure-ad-windows.md) (Server core isn't supported) |
 | **Provisioning** | Self-service: Windows Out of Box Experience (OOBE) or Settings |
 |   | Bulk enrollment |
 |   | Windows Autopilot |

articles/active-directory/devices/hybrid-azuread-join-manual.md

@@ -96,30 +96,6 @@ The **$scp.Keywords** output shows the Azure AD tenant information. Here's an ex
    azureADId:72f988bf-86f1-41af-91ab-2d7cd011db47
    ```
 
-If the service connection point doesn't exist, you can create it by running the `Initialize-ADSyncDomainJoinedComputerSync` cmdlet on your Azure AD Connect server. Enterprise admin credentials are required to run this cmdlet.  
-
-The `Initialize-ADSyncDomainJoinedComputerSync` cmdlet:
-
-* Creates the service connection point in the Active Directory forest that Azure AD Connect is connected to.
-* Requires you to specify the `AdConnectorAccount` parameter. This account is configured as the Active Directory connector account in Azure AD Connect.
-
-
-The following script shows an example for using the cmdlet. In this script, `$aadAdminCred = Get-Credential` requires you to type a user name. Provide the user name in the user principal name (UPN) format (`[email protected]`).
-
-   ```PowerShell
-   Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1";
-
-   $aadAdminCred = Get-Credential;
-
-   Initialize-ADSyncDomainJoinedComputerSync –AdConnectorAccount [connector account name] -AzureADCredentials $aadAdminCred;
-   ```
-
-The `Initialize-ADSyncDomainJoinedComputerSync` cmdlet:
-
-* Uses the Active Directory PowerShell module and Active Directory Domain Services (AD DS) tools. These tools rely on Active Directory Web Services running on a domain controller. Active Directory Web Services is supported on domain controllers running Windows Server 2008 R2 and later.
-* Is only supported by the MSOnline PowerShell module version 1.1.166.0. To download this module, use [this link](https://www.powershellgallery.com/packages/MSOnline/1.1.166.0).
-* If the AD DS tools aren't installed, `Initialize-ADSyncDomainJoinedComputerSync` will fail. You can install the AD DS tools through Server Manager under **Features** > **Remote Server Administration Tools** > **Role Administration Tools**.
-
 ### Set up issuance of claims
 
 In a federated Azure AD configuration, devices rely on AD FS or an  on-premises federation service from a Microsoft partner to authenticate to Azure AD. Devices authenticate to get an access token to register against the Azure Active Directory Device Registration Service (Azure DRS).

articles/active-directory/reports-monitoring/concept-usage-insights-report.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 11/23/2022
+ms.date: 01/10/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 ---
@@ -44,7 +44,9 @@ There are currently three reports available in Azure AD Usage & insights. All th
 
 ### Azure AD application activity (preview)
 
-The **Azure AD application activity (preview)** report shows the list of applications with one or more sign-in attempts. Any application activity during the selected date range appears in the report. It's possible that activity for a deleted application may appear in the report, if the activity took place during the selected date range and before the application was deleted. The report allows you to sort by the number of successful sign-ins, failed sign-ins, and the success rate.
+The **Azure AD application activity (preview)** report shows the list of applications with one or more sign-in attempts. Any application activity during the selected date range appears in the report. The report allows you to sort by the number of successful sign-ins, failed sign-ins, and the success rate.
+
+It's possible that activity for a deleted application may appear in the report if the activity took place during the selected date range and before the application was deleted. Other scenarios could include a user attempting to sign in to an application that doesn't have a service principal associated with the app. For these types of scenarios, you may need to review the audit logs or sign-in logs to investigate further.
 
 Select the **View sign in activity** link for an application to view more details. The sign-in graph per application counts interactive user sign-ins. The details of any sign-in failures appears below the table. 
 

articles/active-directory/verifiable-credentials/issuance-request-api.md

@@ -30,10 +30,10 @@ The Request Service REST API issuance request supports the following HTTP method
 
 The Request Service REST API issuance request requires the following HTTP headers:
 
-| Method |Value  |
+| Name |Value  |
 |---------|---------|
 |`Authorization`| Attach the access token as a bearer token to the authorization header in an HTTP request. For example, `Authorization: Bearer <token>`.|
-|`Content-Type`| `Application/json`|
+|`Content-Type`| `application/json`|
 
 Construct an HTTP POST request to the Request Service REST API. 
 
@@ -46,18 +46,18 @@ The following HTTP request demonstrates a request to the Request Service REST AP
 ```http
 POST https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/createIssuanceRequest
 Content-Type: application/json
-Authorization: Bearer  <token>
+Authorization: Bearer <token>
 
 {
-    "includeQRCode": true, 
-    "callback": {  
-        "url": "https://wwww.contoso.com/vc/callback",  
-        "state": "Aaaabbbb11112222", 
-        "headers": { 
-            "api-key": "an-api-key-can-go-here" 
-        }  
-    }, 
-    ... 
+    "includeQRCode": true,
+    "callback": {
+        "url": "https://wwww.contoso.com/vc/callback",
+        "state": "Aaaabbbb11112222",
+        "headers": {
+            "api-key": "an-api-key-can-go-here"
+        }
+    },
+    ...
 }
 ```  
 
@@ -182,7 +182,7 @@ When your app receives the response, the app needs to present the QR code to the
 
 ## Error response
 
-If there is an error with the request, an [error responses](error-codes.md) will be returned and should be handled appropriately by the app. 
+If there is an error with the request, an [error response](error-codes.md) will be returned and should be handled appropriately by the app. 
 
 ## Callback events
 

articles/analysis-services/analysis-services-logging.md

@@ -160,7 +160,7 @@ In the query builder, expand **LogManagement** > **AzureDiagnostics**. AzureDiag
 
 #### Example 1
 
-The following query returns durations for each query end/refresh end event for a model database and server. If scaled out, the results are broken out by replica because the replica number is included in ServerName_s. Grouping by RootActivityId_g reduces the row count retrieved from the Azure Diagnostics REST API and helps stay within the limits as described in [Log Analytics Rate limits](https://dev.loganalytics.io/documentation/Using-the-API/Limits).
+The following query returns durations for each query end/refresh end event for a model database and server. If scaled out, the results are broken out by replica because the replica number is included in ServerName_s. Grouping by RootActivityId_g reduces the row count retrieved from the Azure Diagnostics REST API and helps stay within the limits as described in Log Analytics Rate limits.
 
 ```Kusto
 let window = AzureDiagnostics

articles/automation/TOC.yml

@@ -43,6 +43,8 @@
       href: /powershell/dsc/overview
     - name: Automation network configuration details
       href: automation-network-configuration.md
+    - name: Azure Automation extension for Visual Studio Code
+      href: automation-runbook-authoring.md
     - name: Security
       items:
       - name: Security controls by Azure Policy
@@ -98,6 +100,8 @@
               href: delete-run-as-account.md
             - name: Manage Run As account
               href: manage-runas-account.md
+        - name: Use Automation extension for Visual Studio Code
+          href: how-to/runbook-authoring-extension-for-vscode.md
         - name: Configure authentication with Amazon Web Services
           href: automation-config-aws-account.md
         - name: Configure authentication with Azure AD

articles/automation/automation-runbook-authoring.md

@@ -0,0 +1,79 @@
+---
+title: Runbook authoring using VS code in Azure Automation
+description: This article provides an overview authoring runbooks in Azure Automation using the visual studio code.
+services: automation
+ms.subservice: process-automation
+ms.date: 01/10/2023
+ms.topic: conceptual
+ms.custom: devx-track-azurepowershell
+---
+
+# Runbook authoring through VS Code in Azure Automation
+
+This article explains about the Visual Studio extension that you can use to create and manage runbooks. 
+
+Azure Automation provides a new extension from VS Code to create and manage runbooks. Using this extension, you can perform all runbook management operations such as, creating and editing runbooks, triggering a job, tracking recent jobs output, linking a schedule, asset management, and local debugging. 
+
+## Prerequisites 
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).  
+- [Visual Studio Code](https://code.visualstudio.com/).
+- PowerShell modules and Python packages used by runbook must be locally installed on the machine to run the runbook locally. 
+
+## Supported operating systems 
+
+The test matrix includes the following operating systems:
+1. **Windows Server 2022** with Windows PowerShell 5.1 and PowerShell Core 7.2.7
+1. **Windows Server 2019** with Windows PowerShell 5.1 and PowerShell Core 7.2.7
+1. **macOS 11** with PowerShell Core 7.2.7
+1. **Ubuntu** 20.04 with PowerShell Core 7.2.7
+
+>[!NOTE]
+>- The extension should work anywhere in VS Code and it supports [PowerShell 7.2 or higher](https://learn.microsoft.com/powershell/scripting/install/PowerShell-Support-Lifecycle?view=powershell-7.3). For Windows PowerShell, only version 5.1 is supported.
+>-  PowerShell Core 6 is end-of-life and not supported.
+
+
+## Key Features 
+
+- **Simplified onboarding** – You can sign in using an Azure account in a simple and secure way. 
+- **Multiple languages** - Supports all Automation runtime stack such as PowerShell 5, PowerShell 7, Python 2, and Python 3 Runbooks. 
+- **Supportability**- Supports test execution of job, publishing Automation job and triggering job in Azure and Hybrid workers. You can execute runbooks locally.  
+- Supports Python positional parameters and PowerShell parameters to trigger job. 
+- **Webhooks simplified** – You can create a webhook, start a job through a webhook in simpler way. Also, support to link a schedule to a Runbook. 
+- **Manage Automation Assets** – You can perform create, update, and delete operation against assets including certificates, variables, credentials, and connections. 
+- **View properties** – You can view the properties and select Hybrid worker group to execute hybrid jobs and view the recent last 10 jobs executed. 
+- **Debug locally** - You can debug the PowerShell scripts locally.
+- **Runbook comparison** - You can compare the local runbook to the published or the draft runbook copy.
+ 
+## Key Features of v1.0.8
+
+- **Local directory configuration settings** - You can define the working directory that you want to save runbooks locally.
+   - **Change Directory:Base Path** - You use the changed directory path when you reopen Visual Studio code IDE. To change the directory using the Command Palette, use **Ctrl+Shift+P -> select Change Directory**. To change the base path from extension configuration settings, select **Manage** icon in the activity bar on the left and go to **Settings > Extensions > Azure Automation > Directory:Base Path**.
+   - **Change Directory:Folder Structure** - You can change the local directory folder structure from *vscodeAutomation/accHash* to *subscription/resourceGroup/automationAccount*. Select **Manage** icon in the activity bar on the left and go to **Settings > Extensions > Azure Automation > Directory:Folder Structure**. You can change the default configuration setting from *vscodeAutomation/accHash* to *subscription/resourceGroupe/automationAccount* format.
+    >[!NOTE]
+    >If your automation account is integrated with source control you can provide the runbook folder path of your GitHub repo as the directory path. For example: changing directory to *C:\abc* would store runbooks in *C:\abc\vscodeAutomation..* or *C:\abc//subscriptionName//resourceGroupName//automationAccountName//runbookname.ps1*. 
+- **Runbook management operations** - You can create runbook, fetch draft runbook, fetch published runbook, open local runbook in the editor, compare local runbook with a published or draft runbook copy, upload as draft, publish runbook, and delete runbook from your Automation account.
+- **Runbook execution operations** - You can run a local version of Automation jobs such as, Start Automation jobs, Start Automation test job, view job outputs and run local version of the PowerShell Runbook in debug mode by allowing you to add breakpoints in the script. 
+  >[!NOTE]
+  > Currently, we support the use of internal cmdlets like `Get-AutomationVariable` only with non-encrypted assets.
+ 
+- **Work with schedules, assets and webhooks** -  You can view the properties of a schedule, delete schedule, link schedule to link a schedule to a runbook.
+- **Add webhook** - You can add a webhook to the runbook.
+- **Update properties of assets** - You can create, update, view properties of assets such as Certificates, Connections, Credentials, Variables and Deletion of assets from the extension.
+
+
+## Limitations
+Currently, the following features aren't supported:  
+
+- Creation of new schedules. 
+- Adding new Certificates in Assets. 
+- Upload Modules (PowerShell and Python) packages from the extension. 
+- Auto-sync of local runbooks to Azure Automation account. You will have to perform the operation to **Fetch** or **Publish** runbook. 
+- Management of Hybrid worker groups. 
+- Graphical runbook and workflows. 
+- For Python, we don't provide any debug options. We recommend that you install any debugger extension in your Python script.
+- Currently, we support only the unencrypted assets in local run.
+
+## Next steps
+
+- For Runbook management operations and to test runbook and jobs, see [Use Azure Automation extension for Visual Studio Code](../automation/how-to/runbook-authoring-extension-for-vscode.md)
+