Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/unified-IIT-take-two

Author: yelevin

.openpublishing.publish.config.json

@@ -590,6 +590,12 @@
             "branch": "main",
             "branch_mapping": {}
         },
+        {
+            "path_to_root": "laravel-tasks",
+            "url": "https://github.com/Azure-Samples/laravel-tasks",
+            "branch": "main",
+            "branch_mapping": {}
+        },
         {
             "path_to_root": "playwright-testing-service",
             "url": "https://github.com/microsoft/playwright-testing-service",

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/migrate/tutorial-modernize-asp-net-aks.md",
+      "redirect_url": "/azure/migrate/migrate-services-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/databox-online/azure-stack-edge-gpu-deploy-sample-module-marketplace.md",
       "redirect_url": "https://azuremarketplace.microsoft.com/marketplace/apps?page=1",
@@ -30,6 +35,11 @@
       "redirect_url": "/previous-versions/azure/partner-solutions/logzio/troubleshoot",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-grid/event-schema-storage-actions.md",
+      "redirect_url": "/azure/storage-actions/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/hdinsight-aks/index.yml",
       "redirect_url": "/previous-versions/azure/hdinsight-aks",
@@ -5935,6 +5945,11 @@
       "redirect_url": "/azure/reliability/overview-reliability-guidance",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/reliability/sovereign-cloud-china.md",
+      "redirect_url": "/azure/china/concepts-service-availability",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/managed-grafana/concept-role-based-access-control.md",
       "redirect_url": "/azure/managed-grafana/how-to-manage-access-permissions-users-identities",
@@ -5949,6 +5964,16 @@
       "source_path": "articles/sentinel/resources.md",
       "redirect_url": "/azure/sentinel/overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer.md",
+      "redirect_url": "/azure/nat-gateway/nat-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/kusto-resources.md",
+      "redirect_url": "/kusto/query/kql-learning-resources?view=microsoft-sentinel?view=microsoft-sentinel&preserve-view=true&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json",
+      "redirect_document_id": false
     }
   ]
-}
+}

articles/active-directory-b2c/add-ropc-policy.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 09/11/2024
+ms.date: 02/24/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type

articles/active-directory-b2c/b2clogin.md

@@ -1,15 +1,15 @@
 ---
 title: Migrate applications and APIs to b2clogin.com
 titleSuffix: Azure AD B2C
-description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C.
+description: Learn how to update redirect URLs in Azure AD B2C applications to use b2clogin.com or a custom domain for authentication endpoints.
 
 author: kengaderdus
 manager: CelesteDG
 
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/26/2024
+ms.date: 02/26/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -40,9 +40,9 @@ With Azure AD B2C [custom domain](./custom-domain.md) the corresponding updated
 - <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code> for the `/authorize` endpoint.
 - <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/logout</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/logout?<b>p=\<policy-name\></b></code> for the `/logout` endpoint.
 
-## Endpoints that are not affected
+## Endpoints that aren't affected
 
-Some customers use the shared capabilities of Microsoft Entra enterprise tenants. For example, acquiring an access token to call the [MS Graph API](microsoft-graph-operations.md#code-discussion) of the Azure AD B2C tenant.
+Some customers use the shared capabilities of Microsoft Entra enterprise tenants. For example, acquiring an access token to call the [MS Graph API](microsoft-graph-operations.md) of the Azure AD B2C tenant.
 
 This change doesn't affect all endpoints, which don't contain a policy parameter in the URL. They're accessed only with the Microsoft Entra ID's login.microsoftonline.com endpoints, and can't be used with the *b2clogin.com*, or custom domains. The following example shows a valid token endpoint of the Microsoft identity platform:
 
@@ -64,7 +64,6 @@ There are several modifications you might need to make to migrate your applicati
 * Update your Azure AD B2C applications to use *b2clogin.com*, or custom domain in their user flow and token endpoint references. The change may include updating your use of an authentication library like Microsoft Authentication Library (MSAL).
 * Update any **Allowed Origins** that you define in the CORS settings for [user interface customization](customize-ui-with-html.md).
 
-
 ## Change identity provider redirect URLs
 
 On each identity provider's website in which you've created an application, change all trusted URLs to redirect to `your-tenant-name.b2clogin.com`, or a custom domain instead of *login.microsoftonline.com*.
@@ -146,7 +145,7 @@ this.clientApplication = new UserAgentApplication(
 );
 ```
 
-## Next steps
+## Related content
 
 For information about migrating OWIN-based web applications to b2clogin.com, see [Migrate an OWIN-based web API to b2clogin.com](multiple-token-endpoints.md).
 

articles/active-directory-b2c/custom-email-mailjet.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -33,7 +33,7 @@ Use custom email in Azure Active Directory B2C (Azure AD B2C) to send customized
 
 ::: zone pivot="b2c-custom-policy"
 
-Custom email verification requires the use of a third-party email provider like [Mailjet](https://www.mailjet.com/), [SendGrid](./custom-email-sendgrid.md), or [SparkPost](https://messagebird.com/email/cloud-sending?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses Mailjet.
+Custom email verification requires the use of a third-party email provider like [Mailjet](https://www.mailjet.com/), [SendGrid](./custom-email-sendgrid.md), or [SparkPost](https://messagebird.com/support-center/omnichannel-and-connectivity/sms/sending-email-to-sms?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses Mailjet.
 
 ## Create a Mailjet account
 
@@ -74,7 +74,7 @@ With a Mailjet account created and the Mailjet API key stored in an Azure AD B2C
 1. On the Mailjet site, open the [transactional templates](https://app.mailjet.com/templates/transactional) page and select **Create a new template**.
 1. Select **By coding it in HTML**, and then select **Code from scratch**.
 1. Enter a unique template name like `Verification email`, and then select **Create**.
-1. In the HTML editor, paste following HTML template or use your own. The `{{var:otp:""}}` and `{{var:email:""}}` parameters will be replaced dynamically with the one-time password value and the user email address.
+1. In the HTML editor, paste following HTML template or use your own. The `{{var:otp:""}}` and `{{var:email:""}}` parameters are replaced dynamically with the one-time password value and the user email address.
 
     ```HTML
     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -210,7 +210,7 @@ These claims types are necessary to generate and verify the email address using
 
 ## Add the claims transformation
 
-Next, you need a claims transformation to output a JSON string claim that will be the body of the request sent to Mailjet.
+Next, you need a claims transformation to output a JSON string claim that's the body of the request sent to Mailjet.
 
 The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md).
 
@@ -572,9 +572,9 @@ The Localization element allows you to support multiple locales or languages in
 ```
 
 
-## Next steps
+## Related content
 
 - You can find an example of a [Custom email verification - DisplayControls](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/Mailjet) custom policy on GitHub.
 - For information about using a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/custom-email-sendgrid.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -33,7 +33,7 @@ Use custom email in Azure Active Directory B2C (Azure AD B2C) to send customized
 
 ::: zone pivot="b2c-custom-policy"
 
-Custom email verification requires the use of a third-party email provider like [SendGrid](https://sendgrid.com), [Mailjet](https://www.mailjet.com/), or [SparkPost](https://messagebird.com/email/cloud-sending?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses SendGrid.
+Custom email verification requires the use of a third-party email provider like [SendGrid](https://sendgrid.com), [Mailjet](https://www.mailjet.com/), or [SparkPost](https://messagebird.com/support-center/omnichannel-and-connectivity/sms/sending-email-to-sms?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses SendGrid.
 
 ## Create a SendGrid account
 
@@ -42,7 +42,7 @@ If you don't already have one, start by setting up a SendGrid account. For setup
 Make sure you complete the section in which you [create a SendGrid API key](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#to-find-your-sendgrid-api-key). Record the API key for use in a later step.
 
 > [!IMPORTANT]
-> SendGrid offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://docs.sendgrid.com/ui/account-and-settings/dedicated-ip-addresses). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [Warming Up An Ip Address](https://docs.sendgrid.com/ui/sending-email/warming-up-an-ip-address).
+> SendGrid offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://docs.sendgrid.com/ui/account-and-settings/dedicated-ip-addresses). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [Warming Up An IP Address](https://www.twilio.com/docs/sendgrid/ui/sending-email/warming-up-an-ip-address).
 
 ## Create Azure AD B2C policy key
 
@@ -558,9 +558,9 @@ The Localization element allows you to support multiple locales or languages in
 ```
 
 
-## Next steps
+## Related content
 
 - Find an example of [Custom email verification - DisplayControls custom policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid) on GitHub.
 - Learn how to use a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/enable-authentication-python-web-app.md

@@ -1,5 +1,5 @@
 ---
-title: Enable authentication in your own Python web application using Azure Active Directory B2C
+title: Enable authentication in your own Python web application using Azure AD B2C
 description: This article explains how to enable authentication in your own Python web application using Azure AD B2C
 titleSuffix: Azure AD B2C
 
@@ -8,23 +8,23 @@ manager: CelesteDG
 ms.service: azure-active-directory
 ms.custom: devx-track-python
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 #Customer intent: As a Python web application developer, I want to enable Azure Active Directory B2C authentication in my application, so that users can sign in, sign out, update their profile, and reset their password using Azure AD B2C user flows.
 ---
 
 # Enable authentication in your own Python web application using Azure Active Directory B2C
 
-In this article, you'll learn how to add Azure Active Directory B2C (Azure AD B2C) authentication in your own Python web application. You'll enable users to sign in, sign out, update profile and reset password using Azure AD B2C user flows. This article uses [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/main) to simplify adding authentication to your Python web application.
+In this article, you learn how to add Azure Active Directory B2C (Azure AD B2C) authentication in your own Python web application. You enable users to sign in, sign out, update profile and reset password using Azure AD B2C user flows. This article uses [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/main) to simplify adding authentication to your Python web application.
 
 The aim of this article is to substitute the sample application you used in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md) with your own Python application.
 
-This article uses [Python 3.9+](https://www.python.org/) and [Flask 2.1](https://flask.palletsprojects.com/en/2.1.x/) to create a basic web app. The application's views uses [Jinja2 templates](https://flask.palletsprojects.com/en/2.1.x/templating/).
+This article uses [Python 3.9+](https://www.python.org/) and [Flask 2.1](https://flask.palletsprojects.com/en/stable/installation/) to create a basic web app. The application's views use [Jinja2 templates](https://flask.palletsprojects.com/en/2.1.x/templating/).
 
 ## Prerequisites
 
-- Complete the steps in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md). You'll create Azure AD B2C user flows and register a web application in Azure portal.
+- Complete the steps in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md). You create Azure AD B2C user flows and register a web application in Azure portal.
 - Install [Python](https://www.python.org/downloads/) 3.9 or above
 - [Visual Studio Code](https://code.visualstudio.com/) or another code editor
 - Install the [Python extension](https://marketplace.visualstudio.com/items?itemName=ms-python.python) for Visual Studio Code
@@ -126,7 +126,7 @@ py -m pip install -r requirements.txt
 
 ## Step 3: Build app UI components
 
-Flask is a lightweight Python framework for web applications that provides the basics for URL routing and page rendering. It leverages Jinja2 as its template engine to render the content of your app. For more information, check out the [template designer documentation](https://jinja.palletsprojects.com/en/3.1.x/templates/). In this section, you add the required templates that provide the basic functionality of your web app.
+Flask is a lightweight Python framework for web applications that provides the basics for URL routing and page rendering. It uses Jinja2 as its template engine to render the content of your app. For more information, check out the [template designer documentation](https://jinja.palletsprojects.com/en/3.1.x/templates/). In this section, you add the required templates that provide the basic functionality of your web app.
 
 ### Step 3.1 Create a base template
 
@@ -475,6 +475,6 @@ To change the host name and/or port number, use the `args` array of the `launch.
 
 
 
-## Next steps
+## Related content
 
-- Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-python-web-app-options.md)
+- Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-python-web-app-options.md)

articles/active-directory-b2c/faq.yml

@@ -163,6 +163,18 @@ sections:
           * **Audit reports** include both admin activity and application activity.
           * **Usage reports** include the number of users, number of logins, and volume of MFA.
 
+      - question: |
+          Why does my Azure AD B2C bill show phone charges named "Microsoft Entra External ID?"
+        answer: |
+          Following the new [billing model](https://azure.microsoft.com/pricing/details/active-directory-b2c/) for Azure AD External Identities SMS Phone Authentication, you may notice a new name on your bill. Previously, Phone MFA was billed as "Azure Active Directory B2C - Basic 1 Multi-Factor Authentication." Now you’ll see the following names based on your [country or region pricing tier](https://aka.ms/B2CSMSCountries):
+          
+          * Microsoft Entra External ID - Phone Authentication Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid High Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication High Cost 1 Transaction
+          
+          Although the new bill mentions Microsoft Entra External ID, **you’re still billed for Azure AD B2C based on your core MAU count**.
+          
       - question: |
           Can end users use a time-based one-time password (TOTP) with an authenticator app to authenticate to my Azure AD B2C app?
         answer: |
@@ -271,7 +283,7 @@ sections:
       - question: |
           I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
         answer: |
-          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user hasn't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
              
           
       - question: |