Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-refresh

Author: HeidiSteen

.openpublishing.redirection.azure-monitor.json

@@ -35,6 +35,16 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/source-map-support.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk-advanced",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
             "redirect_url": "/azure/azure-monitor/app/app-insights-overview",

articles/active-directory/authentication/how-to-mfa-authenticator-lite.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/14/2023
+ms.date: 03/15/2023
 
 ms.author: justinha
 author: sabina-smith
@@ -23,6 +23,9 @@ Microsoft Authenticator Lite is another surface for Azure Active Directory (Azur
 
 Users receive a notification in Outlook mobile to approve or deny sign-in, or they can copy a TOTP to use during sign-in. 
 
+>[!NOTE]
+>This is an important security enhancement for users authenticating via telecom transports. The 'Microsoft managed' setting for this feature will be set to enabled on May 26th, 2023. This will enable the feature for all users in tenants where the feature is set to Microsoft managed. If you wish to change the state of this feature, please do so before May 26th, 2023.
+
 ## Prerequisites
 
 - Your organization needs to enable Microsoft Authenticator (second factor) push notifications for some users or groups by using the Authentication methods policy. You can edit the Authentication methods policy by using the Azure portal or Microsoft Graph API.
@@ -56,26 +59,40 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 ### Request
 
-```http
-PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
-Content-Type: application/json
- 
+```JSON
+//Retrieve your existing policy via a GET. 
+//Leverage the Response body to create the Request body section. Then update the Request body similar to the Request body as shown below.
+//Change the Query to PATCH and Run query
+
 {
-    "CompanionAppAllowedState": {
-        "state": "enabled",
-        "excludeTargets": [
-            {
-                "id": "s4432809-3bql-5m2l-0p42-8rq4707rq36m",
-                "targetType": "group"
-            }
-        ],
-        "includeTargets": [
-            {
-                "id": "all_users",
-                "targetType": "group"
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",
+    "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration",
+    "id": "MicrosoftAuthenticator",
+    "state": "enabled",
+    "isSoftwareOathEnabled": false,
+    "excludeTargets": [],
+    "featureSettings": {
+        "companionAppAllowedState": {
+            "state": "enabled",
+            "includeTarget": {
+                "targetType": "group",
+                "id": "s4432809-3bql-5m2l-0p42-8rq4707rq36m"
+            },
+            "excludeTarget": {
+                "targetType": "group",
+                "id": "00000000-0000-0000-0000-000000000000"
             }
-        ]
-    }
+        }
+    },
+    "[email protected]": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets",
+    "includeTargets": [
+        {
+            "targetType": "group",
+            "id": "all_users",
+            "isRegistrationRequired": false,
+            "authenticationMode": "any"
+        }
+    ]
 }
 ```
 

articles/active-directory/develop/scenario-web-app-call-api-acquire-token.md

@@ -115,7 +115,7 @@ public async Task<ActionResult> ReadMail()
 }
 ```
 
-For details see the code for [BuildConfidentialClientApplication()](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/Utils/MsalAppBuilder.cs) and [GetMsalAccountId](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/257c8f96ec3ff875c351d1377b36403eed942a18/WebApp/Utils/ClaimPrincipalExtension.cs#L38) in the code sample
+For details see the code for [GetMsalAccountId](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/257c8f96ec3ff875c351d1377b36403eed942a18/WebApp/Utils/ClaimPrincipalExtension.cs#L38) in the code sample.
 
 
 # [Java](#tab/java)

articles/active-directory/develop/userinfo.md

@@ -17,7 +17,7 @@ ms.custom: aaddev
 
 # Microsoft identity platform UserInfo endpoint
 
-As part of the OpenID Connect (OIDC) standard, the [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) returns information about an authenticated user. In the Microsoft identity platform, the UserInfo endpoint is hosted by Microsoft Graph at https://graph.microsoft.com/oidc/userinfo. 
+As part of the OpenID Connect (OIDC) standard, the [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) returns information about an authenticated user. 
 
 ## Find the .well-known configuration endpoint
 
@@ -85,7 +85,7 @@ You can't add to or customize the information returned by the UserInfo endpoint.
 
 To customize the information returned by the identity platform during authentication and authorization, use [claims mapping]( active-directory-claims-mapping.md) and [optional claims]( active-directory-optional-claims.md) to modify security token configuration.
 
-## Next Steps
+## Next steps
 
 * [Review the contents of ID tokens](id-tokens.md).
 * [Customize the contents of an ID token using optional claims](active-directory-optional-claims.md).

articles/active-directory/external-identities/external-identities-pricing.md

@@ -6,13 +6,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 03/29/2022
+ms.date: 03/15/2023
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 ms.workload: identity
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
 ---
 
 # Billing model for Azure AD External Identities
@@ -30,7 +30,6 @@ To take advantage of MAU billing, your Azure AD tenant must be linked to an Azur
 |---------|---------|
 | An Azure AD tenant already linked to a subscription     | Do nothing. When you use External Identities features to collaborate with guest users, you'll be automatically billed using the MAU model.        |
 | An Azure AD tenant not yet linked to a subscription     | [Link your Azure AD tenant to a subscription](#link-your-azure-ad-tenant-to-a-subscription) to activate MAU billing.        |
-|  |  |
 
 ## About monthly active users (MAU) billing
 
@@ -44,7 +43,7 @@ The pricing tier that applies to your guest users is based on the highest pricin
 
 An Azure AD tenant must be linked to a resource group within an Azure subscription for proper billing and access to features.
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) with an Azure account that's been assigned at least the [Contributor](../../role-based-access-control/built-in-roles.md) role within the subscription or a resource group within the subscription.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an Azure account that's been assigned at least the Contributor role within the subscription or a resource group within the subscription.
 
 2. Select the directory you want to link: In the Azure portal toolbar, select the **Directories + subscriptions** icon in the portal toolbar. Then on the **Portal settings | Directories + subscriptions** page, find your directory in the **Directory name** list, and then select **Switch**.
 
@@ -56,25 +55,24 @@ An Azure AD tenant must be linked to a resource group within an Azure subscripti
 
 6. In the tenant list, select the checkbox next to the tenant, and then select **Link subscription**.
 
-    ![Select the tenant and link a subscription](media/external-identities-pricing/linked-subscriptions.png)
+    :::image type="content" source="media/external-identities-pricing/linked-subscriptions.png" alt-text="Screenshot of the link a subscription option.":::
 
 7. In the **Link a subscription** pane, select a **Subscription** and a **Resource group**. Then select **Apply**. (If there are no subscriptions listed, see [What if I can't find a subscription?](#what-if-i-cant-find-a-subscription).)
 
-    ![Select a subscription and resource group](media/external-identities-pricing/link-subscription-resource.png)
+    :::image type="content" source="media/external-identities-pricing/link-subscription-resource.png" alt-text="Screenshot of how to link a subscription.":::
 
 After you complete these steps, your Azure subscription is billed based on your Azure Direct or Enterprise Agreement details, if applicable.
 
 ## What if I can't find a subscription?
 
 If no subscriptions are available in the **Link a subscription** pane, here are some possible reasons:
 
-- You don't have the appropriate permissions. Be sure to sign in with an Azure account that's been assigned at least the [Contributor](../../role-based-access-control/built-in-roles.md) role within the subscription or a resource group within the subscription.
+- You don't have the appropriate permissions. Be sure to sign in with an Azure account that's been assigned at least the Contributor role within the subscription or a resource group within the subscription.
 
 - A subscription exists, but it hasn't been associated with your directory yet. You can [associate an existing subscription to your tenant](../fundamentals/active-directory-how-subscriptions-associated-directory.md) and then repeat the steps for [linking it to your tenant](#link-your-azure-ad-tenant-to-a-subscription).
 
 - No subscription exists. In the **Link a subscription** pane, you can create a subscription by selecting the link **if you don't already have a subscription you may create one here**. After you create a new subscription, you'll need to [create a resource group](../../azure-resource-manager/management/manage-resource-groups-portal.md) in the new subscription, and then repeat the steps for [linking it to your tenant](#link-your-azure-ad-tenant-to-a-subscription).
 
 ## Next steps
 
-For the latest pricing information, see [Azure Active Directory pricing](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).
-Learn more about [managing Azure resources](../../azure-resource-manager/management/overview.md).
+For the latest pricing information, see [Azure Active Directory pricing](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).

articles/active-directory/external-identities/media/external-identities-pricing/link-subscription-resource.png

@@ -137,7 +137,7 @@ String attributes are indexable by default, and the maximum length is 448 charac
 The userPrincipalName attribute in Active Directory is not always known by the users and might not be suitable as the sign-in ID. With the Azure AD Connect sync installation wizard, you can choose a different attribute--for example, *mail*. But in some cases, the attribute must be calculated.
 
 For example, the company Contoso has two Azure AD directories, one for production and one for testing. They want the users in their test tenant to use another suffix in the sign-in ID:  
-`userPrincipalName` <- `Word([userPrincipalName],1,"@") & "@contosotest.com"`.
+`Word([userPrincipalName],1,"@") & "@contosotest.com"`.
 
 In this expression, take everything left of the first @-sign (Word) and concatenate with a fixed string.
 

articles/active-directory/external-identities/media/external-identities-pricing/linked-subscriptions.png

@@ -25,7 +25,7 @@ To adjust to changing application demands, such as between the workday and eveni
 
 ![The cluster autoscaler and horizontal pod autoscaler often work together to support the required application demands](media/autoscaler/cluster-autoscaler.png)
 
-Both the horizontal pod autoscaler and cluster autoscaler can also decrease the number of pods and nodes as needed. The cluster autoscaler decreases the number of nodes when there has been unused capacity for a period of time. Pods on a node to be removed by the cluster autoscaler are safely scheduled elsewhere in the cluster. For more information about how scaling down works, see [How does scale-down work?]https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-scale-down-work).
+Both the horizontal pod autoscaler and cluster autoscaler can also decrease the number of pods and nodes as needed. The cluster autoscaler decreases the number of nodes when there has been unused capacity for a period of time. Pods on a node to be removed by the cluster autoscaler are safely scheduled elsewhere in the cluster. For more information about how scaling down works, see [How does scale-down work?](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-scale-down-work).
 
 The cluster autoscaler may be unable to scale down if pods can't move, such as in the following situations: