Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into egridmetrics0307

Author: spelluru

.openpublishing.redirection.azure-monitor.json

@@ -35,6 +35,11 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
+            "redirect_url": "/azure/azure-monitor/app/app-insights-overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/resource-manager-web-app.md",
             "redirect_url": "/previous-versions/azure/azure-monitor/app/resource-manager-web-app",

.openpublishing.redirection.json

@@ -6313,16 +6313,6 @@
             "redirect_url": "/azure/architecture/service-fabric/migrate-from-cloud-services",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/batch/batch-custom-image-pools-to-azure-compute-gallery-migration-guide.md",
-            "redirect_url": "/azure/batch",
-            "redirect_document_id": false
-        },
-        {
-            "source_path_from_root": "/articles/batch/batch-pools-to-simplified-compute-node-communication-model-migration-guide.md",
-            "redirect_url": "/azure/batch",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/batch/big-compute-resources.md",
             "redirect_url": "/azure/architecture/topics/high-performance-computing/",

.openpublishing.redirection.virtual-desktop.json

@@ -169,6 +169,11 @@
             "source_path_from_root": "/articles/virtual-desktop/deploy-windows-server-virtual-machine.md",
             "redirect_url": "/azure/virtual-desktop/add-session-hosts-host-pool",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/environment-setup.md",
+            "redirect_url": "/azure/virtual-desktop/terminology",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-domain-services/concepts-custom-attributes.md

@@ -2,15 +2,15 @@
 title: Create and manage custom attributes for Azure AD Domain Services | Microsoft Docs
 description: Learn how to create and manage custom attributes in an Azure AD DS managed domain.
 services: active-directory-ds
-author: justinha
+author: AlexCesarini
 manager: amycolannino
 
 ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/06/2023
+ms.date: 03/07/2023
 ms.author: justinha
 
 ---
@@ -44,7 +44,7 @@ After you create a managed domain, click **Custom Attributes (Preview)** under *
 
 ## Enable predefined attribute synchronization 
 
-Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1.0).
+Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes).
 
 ## Synchronize Azure AD directory extension attributes 
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 02/28/2023
+ms.date: 03/07/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -195,7 +195,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * Don't require a case-sensitive match on structural elements in SCIM, in particular **PATCH** `op` operation values, as defined in [section 3.5.2](https://tools.ietf.org/html/rfc7644#section-3.5.2). Azure AD emits the values of `op` as **Add**, **Replace**, and **Remove**.
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
 * Support HTTPS on your SCIM endpoint.
-* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
+* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Name/value attributes can be mapped to easily, but flowing data to complex attributes with three or more sub-attributes isn't supported.
 * The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
 * The header for all the responses should be of content-Type: application/scim+json 
 
@@ -914,7 +914,7 @@ TLS 1.2 Cipher Suites minimum bar:
 
 ### IP Ranges
 
-The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You'll need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as  '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
+The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as  '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
 
 Azure AD also supports an agent based solution to provide connectivity to applications in private networks (on-premises, hosted in Azure, hosted in AWS, etc.). Customers can deploy a lightweight agent, which provides connectivity to Azure AD without opening any inbound ports, on a server in their private network. Learn more [here](./on-premises-scim-provisioning.md).
 

articles/active-directory/develop/tutorial-v2-windows-uwp.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: tutorial
 ms.workload: identity
-ms.date: 12/13/2019
+ms.date: 03/03/2023
 ms.author: henrymbugua
 ms.reviewer: jmprieur
 ms.custom: "devx-track-csharp, aaddev, identityplatformtop40"
@@ -108,6 +108,7 @@ This section shows how to use the Microsoft Authentication Library to get a toke
     ```csharp
     using Microsoft.Identity.Client;
     using Microsoft.Graph;
+    using Microsoft.Graph.Models;
     using System.Diagnostics;
     using System.Threading.Tasks;
     using System.Net.Http.Headers;
@@ -152,7 +153,7 @@ This section shows how to use the Microsoft Authentication Library to get a toke
                 GraphServiceClient graphClient = await SignInAndInitializeGraphServiceClient(scopes);
 
                 // Call the /me endpoint of Graph
-                User graphUser = await graphClient.Me.Request().GetAsync();
+                User graphUser = await graphClient.Me.GetAsync();
 
                 // Go back to the UI thread to make changes to the UI
                 await Dispatcher.RunAsync(Windows.UI.Core.CoreDispatcherPriority.Normal, () =>
@@ -236,6 +237,42 @@ Eventually, the `AcquireTokenSilent` method fails. Reasons for failure include a
 
 ### Instantiate the Microsoft Graph Service Client by obtaining the token from the SignInUserAndGetTokenUsingMSAL method
 
+In the project, create a new file named *TokenProvider.cs*: right-click on the project, select **Add** > **New Item** > **Blank Page**.
+
+Add to the newly created file the following code:
+
+```csharp
+using Microsoft.Kiota.Abstractions.Authentication;
+using System;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace UWP_app_MSGraph {
+    public class TokenProvider : IAccessTokenProvider {
+        private Func<string[], Task<string>> getTokenDelegate;
+        private string[] scopes;
+
+        public TokenProvider(Func<string[], Task<string>> getTokenDelegate, string[] scopes) {
+            this.getTokenDelegate = getTokenDelegate;
+            this.scopes = scopes;
+        }
+
+        public Task<string> GetAuthorizationTokenAsync(Uri uri, Dictionary<string, object> additionalAuthenticationContext = default,
+            CancellationToken cancellationToken = default) {
+            return getTokenDelegate(scopes);
+        }
+
+        public AllowedHostsValidator AllowedHostsValidator { get; }
+    }
+}
+```
+
+> [!TIP]
+> After pasting the code, make sure that the namespace in the *TokenProvider.cs* file matches the namespace of your project. This will allow you to more easily reference the `TokenProvider` class in your project.
+
+The `TokenProvider` class defines a custom access token provider that executes the specified delegate method to get and return an access token.
+
 Add the following new method to *MainPage.xaml.cs*:
 
 ```csharp
@@ -245,16 +282,22 @@ Add the following new method to *MainPage.xaml.cs*:
      /// <returns>GraphServiceClient</returns>
      private async static Task<GraphServiceClient> SignInAndInitializeGraphServiceClient(string[] scopes)
      {
-         GraphServiceClient graphClient = new GraphServiceClient(MSGraphURL,
-             new DelegateAuthenticationProvider(async (requestMessage) =>
-             {
-                 requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", await SignInUserAndGetTokenUsingMSAL(scopes));
-             }));
+         var tokenProvider = new TokenProvider(SignInUserAndGetTokenUsingMSAL, scopes);
+         var authProvider = new BaseBearerTokenAuthenticationProvider(tokenProvider);
+         var graphClient = new GraphServiceClient(authProvider, MSGraphURL);
 
          return await Task.FromResult(graphClient);
      }
 ```
 
+In this method, you're using the custom access token provider `TokenProvider` to connect the `SignInUserAndGetTokenUsingMSAL` method to the Microsoft Graph .NET SDK and create an authenticated client.
+
+To use the `BaseBearerTokenAuthenticationProvider`, in the *MainPage.xaml.cs* file, add the following reference:
+
+```cs
+using Microsoft.Kiota.Abstractions.Authentication;
+```
+
 #### More information on making a REST call against a protected API
 
 In this sample application, the `GetGraphServiceClient` method instantiates `GraphServiceClient` by using an access token. Then, `GraphServiceClient` is used to get the user's profile information from the **me** endpoint.

articles/active-directory/develop/v2-admin-consent.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 3/29/2022
+ms.date: 02/17/2023
 ms.author: ryanwi
 ms.reviewer: ludwignick
 ms.custom: aaddev

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

@@ -2,15 +2,15 @@
 title: Create a trust relationship between a user-assigned managed identity and an external identity provider
 description: Set up a trust relationship between a user-assigned managed identity in Azure AD and an external identity provider.  This allows a software workload outside of Azure to access Azure AD protected resources without using secrets or certificates. 
 services: active-directory
-author: davidmu1
+author: rwike77
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 01/19/2023
-ms.author: davidmu
+ms.date: 03/06/2023
+ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: shkhalide, udayh, vakarand
 zone_pivot_groups: identity-wif-mi-methods
@@ -38,7 +38,7 @@ To learn more about supported regions, time to propagate federated credential up
 - If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
 - [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity)
 - Find the object ID of the user-assigned managed identity, which you need in the following steps.
 
@@ -179,7 +179,7 @@ To delete a specific federated identity credential, select the **Delete** icon f
 - If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
 - [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azcli#create-a-user-assigned-managed-identity-1)
 - Find the object ID of the user-assigned managed identity, which you need in the following steps.
 
@@ -277,7 +277,7 @@ az identity federated-credential delete --name $ficId --identity-name $uaId --re
 - If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
 - To run the example scripts, you have two options:
   - Use [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open by using the **Try It** button in the upper-right corner of code blocks.
   - Run scripts locally with Azure PowerShell, as described in the next section.
@@ -351,7 +351,7 @@ Remove-AzFederatedIdentityCredentials -ResourceGroupName azure-rg-test -Identity
 - If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
 - [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-arm#create-a-user-assigned-managed-identity-3)
 - Find the object ID of the user-assigned managed identity, which you need in the following steps.
 
@@ -468,7 +468,7 @@ Make sure that any kind of automation creates federated identity credentials und
 - If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
 - If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
 - Get the information for your external IdP and software workload, which you need in the following steps.
-- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
+- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
 - You can run all the commands in this article either in the cloud or locally:
   - To run in the cloud, use [Azure Cloud Shell](../../cloud-shell/overview.md).
   - To run locally, install [curl](https://curl.haxx.se/download.html) and the [Azure CLI](/cli/azure/install-azure-cli).

articles/active-directory/external-identities/faq.yml

@@ -217,4 +217,4 @@ additionalContent: |
 
   ## Next steps
   
-  [What is Azure AD B2B collaboration?](what-is-b2b.md)
+  [What is Azure AD B2B collaboration?](what-is-b2b.md)