MicrosoftDocs
diff --git a/‎articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/conditional-access/media/terms-of-use/new-tou.png
-50.8 KB b/‎articles/active-directory/conditional-access/media/terms-of-use/new-tou.png
-50.8 KB
diff --git a/‎articles/active-directory/conditional-access/terms-of-use.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/conditional-access/terms-of-use.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/manage-apps/f5-aad-integration.md
Lines changed: 88 additions & 92 deletions b/‎articles/active-directory/manage-apps/f5-aad-integration.md
Lines changed: 88 additions & 92 deletions
diff --git a/‎articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes.md
Lines changed: 9 additions & 2 deletions b/‎articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes.md
Lines changed: 9 additions & 2 deletions
@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 11/29/2022
+ms.date: 12/13/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -51,12 +51,12 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
     https://localhost:8585/ecma2host_connectorName/scim
     ```
  1. Navigate to the following folder to review the provisoning agent logs: C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace
-   1. If you see the following error, please add the service account "NT SERVICE\AADConnectProvisioningAgent" to the local group called "Performance Log Users". This eliminates the "Unable to initialize metrics collector" exception error by allowing the account to access the desired registry key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
+    1. If you see the following error, please add the service account "NT SERVICE\AADConnectProvisioningAgent" to the local group called "Performance Log Users". This eliminates the "Unable to initialize metrics collector" exception error by allowing the account to access the desired registry key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
 
 ```
 Unable to initialize metrics collector, exception: 'System.UnauthorizedAccessException: Access to the registry key 'Global' is denied.
 ```
- 13. When configuring the ECMA host, ensure that you provide a certificate with a subject that matches the hostname of your windows server. The certificate that is generated by the ECMA host will do this for you automatically, but should only be used for testing purposes. 
+ 12. When configuring the ECMA host, ensure that you provide a certificate with a subject that matches the hostname of your windows server. The certificate that is generated by the ECMA host will do this for you automatically, but should only be used for testing purposes. 
 
 ```
 Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
 
@@ -385,8 +385,8 @@ A: On the Terms of use blade, select the number under **Accepted**. You can also
 **Q: How long is information stored?**<br />
 A: The user counts in the terms of use report and who accepted/declined are stored for the life of the terms of use. The Azure AD audit logs are stored for 30 days.
 
-**Q: Why do I see a different number of consents in the terms of use report vs. the Azure AD audit logs?**<br />
-A: The terms of use report is stored for the lifetime of that terms of use policy, while the Azure AD audit logs are stored for 30 days. Also, the terms of use report only displays the users current consent state. For example, if a user declines and then accepts, the terms of use report will only show that user's accept. If you need to see the history, you can use the Azure AD audit logs.
+**Q: Why do I see a different number of consents in the terms of use details overview versus the exported CSV report?**<br />
+A: The terms of use details overview reflects aggregated acceptances of the current version of the policy (updated once every day).  If expiration is enabled or a TOU agreement is updated (with re-acceptance required), the count on the details overview is reset since the acceptances are expired, thereby showing the count of the current version. All acceptance history is still captured in the CSV report.
 
 **Q: If hyperlinks are in the terms of use policy PDF document, will end users be able to click them?**<br />
 A: Yes, end users are able to select hyperlinks to other pages but links to sections within the document aren't supported. Also, hyperlinks in terms of use policy PDFs don't work when accessed from the Azure AD MyApps/MyAccount portal.
 
@@ -35,19 +35,26 @@ This article describes the steps for deploying the self-hosted gateway component
 5. Select the **Kubernetes** tab under **Deployment scripts**.
 6. Select the **\<gateway-name\>.yml** file link and download the YAML file.
 7. Select the **copy** icon at the lower-right corner of the **Deploy** text box to save the `kubectl` commands to the clipboard.
-8. Paste commands to the terminal (or command) window. The first command creates a Kubernetes secret that contains the access token generated in step 4. The second command applies the configuration file downloaded in step 6 to the Kubernetes cluster and expects the file to be in the current directory.
+8. When using Azure Kubernetes Service (AKS), run `az aks get-credentials --resource-group <resource-group-name> --name <resource-name> --admin` in a new terminal session.
 9. Run the commands to create the necessary Kubernetes objects in the [default namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) and start self-hosted gateway pods from the [container image](https://aka.ms/apim/shgw/registry-portal) downloaded from the Microsoft Artifact Registry.
+   - The first step creates a Kubernetes secret that contains the access token generated in step 4. Next, it creates a Kubernetes deployment for the self-hosted gateway which uses a ConfigMap with the configuration of the gateway.
 10. Run the following command to check if the deployment succeeded. Note that it might take a little time for all the objects to be created and for the pods to initialize.
 
     ```console
     kubectl get deployments
-    NAME             READY   UP-TO-DATE   AVAILABLE   AGE
+    ```
+    It should return
+    ```console
+        NAME             READY   UP-TO-DATE   AVAILABLE   AGE
     <gateway-name>   1/1     1            1           18s
     ```
 11. Run the following command to check if the service was successfully created. Note that your service IPs and ports will be different.
 
     ```console
     kubectl get services
+    ```
+    It should return
+    ```console
     NAME             TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
     <gateway-name>   LoadBalancer   10.99.236.168   <pending>     80:31620/TCP,443:30456/TCP   9m1s
     ```