Merge pull request #216568 from MicrosoftDocs/main

10/31 AM Publish

Author: huypub

.openpublishing.redirection.defender-for-cloud.json

@@ -744,6 +744,16 @@
             "source_path_from_root": "/articles/defender-for-cloud/detect-credential-leaks.md",
             "redirect_url": "/azure/defender-for-cloud/detect-exposed-secrets",
             "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/defender-for-containers-va-ecr.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-elastic",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/defender-for-containers-va-acr.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure",
+            "redirect_document_id": true
         }
 
       ]

.openpublishing.redirection.json

@@ -10183,6 +10183,101 @@
             "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/architecture.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/configuration.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/create-app.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/data-excel.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/data-powerbi.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/data-sql-management-studio.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/database-firewall.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/database-views.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/deploy.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/getdb-details.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/index.yml",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/integration-patterns.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/manage-users.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/messages-overview.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/overview.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/troubleshooting.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/use-api.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/use.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/blockchain/workbench/version-app.md",
+            "redirect_url": "https://azure.microsoft.com/solutions/blockchain",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/app-service/app-service-web-tutorial-content-delivery-network.md",
             "redirect_url": "/azure/cdn/cdn-add-to-web-app",

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 10/04/2022
+ms.date: 10/31/2022
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference
@@ -15,6 +15,22 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+
+## October 2022
+
+### New articles
+
+- [Edit Azure Active Directory B2C Identity Experience Framework (IEF) XML with Grit Visual IEF Editor](partner-grit-editor.md)
+- [Register apps in Azure Active Directory B2C](register-apps.md)
+
+### Updated articles
+
+- [Set up sign-in for a specific Azure Active Directory organization in Azure Active Directory B2C](identity-provider-azure-ad-single-tenant.md)
+- [Set up a password reset flow in Azure Active Directory B2C](add-password-reset-policy.md)
+- [Azure Active Directory B2C documentation landing page](index.yml)
+- [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
+- [JSON claims transformations](json-transformations.md)
+
 ## September
 
 ### New articles

articles/active-directory/authentication/howto-authentication-temporary-access-pass.md

@@ -63,7 +63,7 @@ To configure the Temporary Access Pass authentication method policy:
    |---|---|---|---|
    | Minimum lifetime | 1 hour | 10 – 43,200 Minutes (30 days) | Minimum number of minutes that the Temporary Access Pass is valid. |
    | Maximum lifetime | 8 hours | 10 – 43,200 Minutes (30 days) | Maximum number of minutes that the Temporary Access Pass is valid. |
-   | Default lifetime | 1 hour | 10 – 43,200 Minutes (30 days) | Default values can be override by the individual passes, within the minimum and maximum lifetime configured by the policy. |
+   | Default lifetime | 1 hour | 10 – 43,200 Minutes (30 days) | Default values can be overridden by the individual passes, within the minimum and maximum lifetime configured by the policy. |
    | One-time use | False | True / False | When the policy is set to false, passes in the tenant can be used either once or more than once during its validity (maximum lifetime). By enforcing one-time use in the Temporary Access Pass policy, all passes created in the tenant will be created as one-time use. |
    | Length | 8 | 8-48 characters | Defines the length of the passcode. |
 

articles/active-directory/develop/media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png

@@ -19,7 +19,7 @@ zone_pivot_groups: identity-wif-mi-methods
 
 # Configure a user-assigned managed identity to trust an external identity provider (preview)
 
-This article describes how to manage a federated identity credential on a user-assigned managed identity in Azure Active Directory (Azure AD).  The federated identity credential creates a trust relationship between a user-assigned managed identity and an external identity provider (IdP).  Configuring a federated identity credential on a system-assigned managed identity is not supported.
+This article describes how to manage a federated identity credential on a user-assigned managed identity in Azure Active Directory (Azure AD).  The federated identity credential creates a trust relationship between a user-assigned managed identity and an external identity provider (IdP).  Configuring a federated identity credential on a system-assigned managed identity isn't supported.
 
 After you configure your user-assigned managed identity to trust an external IdP, configure your external software workload to exchange a token from the external IdP for an access token from Microsoft identity platform. The external workload uses the access token to access Azure AD protected resources without needing to manage secrets (in supported scenarios).  To learn more about the token exchange workflow, read about [workload identity federation](workload-identity-federation.md).  
 
@@ -50,13 +50,27 @@ In the **Federated credential scenario** dropdown box, select your scenario.
 
 ### GitHub Actions deploying Azure resources
 
-For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on).  For more info, read the [examples](#entity-type-examples).
+To add a federated identity for GitHub actions, follow these steps:
 
-Add a **Name** for the federated credential.
+1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on).  For more info, read the [examples](#entity-type-examples).
 
-The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+1. Add a **Name** for the federated credential.
 
-Click **Add** to configure the federated credential.
+1. The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+
+1. Select **Add** to configure the federated credential.
+
+Use the following values from your Azure AD Managed Identity for your GitHub workflow:
+
+- `AZURE_CLIENT_ID` the managed identity **Client ID**
+
+- `AZURE_SUBSCRIPTION_ID` the **Subscription ID**. 
+
+    The following screenshot demonstrates how to copy the managed identity ID and subscription ID.
+
+    [![Screenshot that demonstrates how to copy the managed identity ID and subscription ID from Azure portal.](./media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png)](./media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png#lightbox)
+
+- `AZURE_TENANT_ID` the **Directory (tenant) ID**. Learn [how to find your Azure Active Directory tenant ID](../fundamentals/active-directory-how-to-find-tenant.md).
 
 #### Entity type examples
 
@@ -128,7 +142,7 @@ Fill in the **Cluster issuer URL**, **Namespace**, **Service account name**, and
 - **Namespace** is the service account namespace.
 - **Name** is the name of the federated credential, which can't be changed later.
 
-Click **Add** to configure the federated credential.
+Select **Add** to configure the federated credential.
 
 ### Other
 
@@ -140,7 +154,7 @@ Specify the following fields (using a software workload running in Google Cloud
 - **Subject identifier**: must match the `sub` claim in the token issued by the external identity provider.  In this example using Google Cloud, *subject* is the Unique ID of the service account you plan to use.
 - **Issuer**: must match the `iss` claim in the token issued by the external identity provider. A URL that complies with the OIDC Discovery spec. Azure AD uses this issuer URL to fetch the keys that are necessary to validate the token. For Google Cloud, the *issuer* is "https://accounts.google.com".
 
-Click **Add** to configure the federated credential.
+Select **Add** to configure the federated credential.
 
 ## List federated identity credentials on a user-assigned managed identity
 
@@ -356,11 +370,11 @@ Federated identity credential and parent user assigned identity can be created o
 
 All of the template parameters are mandatory.
 
-There is a limit of 3-120 characters for a federated identity credential name length. It must be alphanumeric, dash, underscore. First symbol is alphanumeric only.  
+There's a limit of 3-120 characters for a federated identity credential name length. It must be alphanumeric, dash, underscore. First symbol is alphanumeric only.  
 
-You must add exactly 1 audience to a federated identity credential. The audience is verified during token exchange. Use “api://AzureADTokenExchange” as the default value.
+You must add exactly one audience to a federated identity credential. The audience is verified during token exchange. Use “api://AzureADTokenExchange” as the default value.
 
-List, Get, and Delete operations are not available with template. Refer to Azure CLI for these operations.  By default, all child federated identity credentials are created in parallel, which triggers concurrency detection logic and causes the deployment to fail with a 409-conflict HTTP status code. To create them sequentially, specify a chain of dependencies using the *dependsOn* property.
+List, Get, and Delete operations aren't available with template. Refer to Azure CLI for these operations.  By default, all child federated identity credentials are created in parallel, which triggers concurrency detection logic and causes the deployment to fail with a 409-conflict HTTP status code. To create them sequentially, specify a chain of dependencies using the *dependsOn* property.
 
 Make sure that any kind of automation creates federated identity credentials under the same parent identity sequentially. Federated identity credentials under different managed identities can be created in parallel without any restrictions.
 

articles/active-directory/develop/media/workload-identity-federation-create-trust/copy-client-id.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 07/27/2022
+ms.date: 10/31/2022
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: shkhalid, udayh, vakarand
@@ -43,21 +43,37 @@ Get the *subject* and *issuer* information for your external IdP and software wo
 ## Configure a federated identity credential on an app
 
 ### GitHub Actions
-Find your app registration in the [App Registrations](https://aka.ms/appregistrations) experience of the Azure portal.  Select **Certificates & secrets** in the left nav pane, select the **Federated credentials** tab, and select **Add credential**.
 
-In the **Federated credential scenario** drop-down box, select **GitHub actions deploying Azure resources**.
+To add a federated identity for GitHub actions, follow these steps:
+
+1. Find your app registration in the [App Registrations](https://aka.ms/appregistrations) experience of the Azure portal.  Select **Certificates & secrets** in the left nav pane, select the **Federated credentials** tab, and select **Add credential**.
+
+1. In the **Federated credential scenario** drop-down box, select **GitHub actions deploying Azure resources**.
+
+1. Specify the **Organization** and **Repository** for your GitHub Actions workflow.  
+
+1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on). Pattern matching isn't supported for branches and tags. Specify an environment if your on-push workflow runs against many branches or tags. For more info, read the [examples](#entity-type-examples).
+
+1. Add a **Name** for the federated credential.
+
+1. The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+
+1. Select **Add** to configure the federated credential.
+
+    :::image type="content" source="media/workload-identity-federation-create-trust/add-credential.png" alt-text="Screenshot of the Add a credential window, showing sample values." :::
 
-Specify the **Organization** and **Repository** for your GitHub Actions workflow.  
 
-For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on). Pattern matching is not supported for branches and tags. Specify an environment if your on-push workflow runs against many branches or tags. For more info, read the [examples](#entity-type-examples).
+Use the following values from your Azure AD application registration for your GitHub workflow:
 
-Add a **Name** for the federated credential.
+- `AZURE_CLIENT_ID` the **Application (client) ID** 
 
-The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+- `AZURE_TENANT_ID` the **Directory (tenant) ID**
+    
+    The following screenshot demonstrates how to copy the application ID and tenant ID.
 
-Click **Add** to configure the federated credential.
+    ![Screenshot that demonstrates how to copy the application ID and tenant ID from Microsoft Entra portal.](./media/workload-identity-federation-create-trust/copy-client-id.png)
 
-:::image type="content" source="media/workload-identity-federation-create-trust/add-credential.png" alt-text="Screenshot of the Add a credential window, showing sample values." :::
+- `AZURE_SUBSCRIPTION_ID` your subscription ID. To get the subscription ID, open **Subscriptions** in Azure portal and find your subscription. Then, copy the **Subscription ID**.
 
 #### Entity type examples
 
@@ -173,7 +189,7 @@ To delete a federated identity credential, select the **Delete** icon for the cr
 
 Run the [az ad app federated-credential create](/cli/azure/ad/app/federated-credential) command to create a new federated identity credential on your app.  
 
-The *id* parameter specifies the identifier URI, application ID, or object ID of the application.  *parameters* specifies the parameters, in JSON format, for creating the federated identity credential.
+The `id` parameter specifies the identifier URI, application ID, or object ID of the application. The `parameters` parameter specifies the parameters, in JSON format, for creating the federated identity credential.
 
 ### GitHub Actions example
 

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

@@ -58,7 +58,7 @@ These terms are used throughout this content:
 
 * **Home tenant**: The Azure AD tenant containing users requiring access to the resources in the resource tenant.
 
-* **User lifecycle management**: the process of provisioning, managing, and deprovisioning user access to resources.
+* **User lifecycle management**: The process of provisioning, managing, and deprovisioning user access to resources.
 
 * **Unified GAL**: Each user in each tenant can see users from each organization in their Global Address List (GAL).