Merge pull request #182850 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -39,20 +39,26 @@ The following table details the different ways to get Azure AD Multi-Factor Auth
 
 The following table provides a list of the features that are available in the various versions of Azure AD Multi-Factor Authentication. Plan out your needs for securing user authentication, then determine which approach meets those requirements. For example, although Azure AD Free provides security defaults that provide Azure AD Multi-Factor Authentication, only the mobile authenticator app can be used for the authentication prompt, not a phone call or SMS. This approach may be a limitation if you can't ensure the mobile authentication app is installed on a user's personal device. See [Azure AD Free tier](#azure-ad-free-tier) later in this topic for more details. 
 
-| Feature | Azure AD Free - Security defaults (enabled for all users) | Azure AD Free - Global Administrators only | Office 365 | Azure AD Premium P1 or P2 |
-| --- |:---:|:---:|:---:|:---:|
-| Protect Azure AD tenant admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● |
-| Mobile app as a second factor | ● | ● | ● | ● |
-| Phone call as a second factor | | ● | ● | ● |
-| SMS as a second factor | | ● | ● | ● |
-| Admin control over verification methods | | ● | ● | ● |
-| Fraud alert | | | | ● |
-| MFA Reports | | | | ● |
-| Custom greetings for phone calls | | | | ● |
-| Custom caller ID for phone calls | | | | ● |
-| Trusted IPs | | | | ● |
-| Remember MFA for trusted devices | | ● | ● | ● |
-| MFA for on-premises applications | | | | ● |
+| Feature | Azure AD Free - Security defaults (enabled for all users) | Azure AD Free - Global Administrators only | Office 365 | Azure AD Premium P1 | Azure AD Premium P2 | 
+| --- |:---:|:---:|:---:|:---:|:---:|
+| Protect Azure AD tenant admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● | ● |
+| Mobile app as a second factor | ● | ● | ● | ● | ● |
+| Phone call as a second factor | | ● | ● | ● | ● |
+| SMS as a second factor | | ● | ● | ● | ● |
+| Admin control over verification methods | | ● | ● | ● | ● |
+| Fraud alert | | | | ● | ● |
+| MFA Reports | | | | ● | ● |
+| Custom greetings for phone calls | | | | ● | ● |
+| Custom caller ID for phone calls | | | | ● | ● |
+| Trusted IPs | | | | ● | ● |
+| Remember MFA for trusted devices | | ● | ● | ● | ● |
+| MFA for on-premises applications | | | | ● | ● |
+| Conditional access | | | | ● | ● |
+| Risk-based conditional access | | | | | ● |
+| Identity Protection (Risky sign-ins, risky users) | | | | | ● |
+| Access Reviews | | | | | ● |
+| Entitlements Management | | | | | ● |
+| Privileged Identity Management (PIM), just-in-time access | | | | | ● |
 
 ## Compare multi-factor authentication policies
 

articles/active-directory/develop/msal-authentication-flows.md

@@ -80,7 +80,7 @@ The [OAuth 2 client credentials flow](v2-oauth2-client-creds-grant-flow.md) allo
 The client credentials grant flow permits a web service (a confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. In this scenario, the client is typically a middle-tier web service, a daemon service, or a website. For a higher level of assurance, the Microsoft identity platform also allows the calling service to use a certificate (instead of a shared secret) as a credential.
 
 > [!NOTE]
-> The confidential client flow isn't available on mobile platforms like UWP, Xamarin.iOS, and Xamarin.Android because they support only public client applications. Public client applications don't know how to prove the application's identity to the identity provider. A secure connection can be achieved on web app or web API back-ends by deploying a certificate.
+> The confidential client flow isn't available on mobile platforms like UWP, iOS, and Android because they support only public client applications. Public client applications don't know how to prove the application's identity to the identity provider. A secure connection can be achieved on web app or web API back-ends by deploying a certificate.
 
 ### Application secrets
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -261,7 +261,7 @@ The AADLoginForWindows extension must install successfully in order for the VM t
    | `curl -H @{"Metadata"="true"} "http://169.254.169.254/metadata/identity/oauth2/token?resource=urn:ms-drs:enterpriseregistration.windows.net&api-version=2018-02-01"` | Valid access token issued by Azure Active Directory for the managed identity that is assigned to this VM |
 
    > [!NOTE]
-   > The access token can be decoded using a tool like [calebb.net](http://calebb.net/). Verify the `appid` in the access token matches the managed identity assigned to the VM.
+   > The access token can be decoded using a tool like [calebb.net](http://calebb.net/). Verify the `oid` in the access token matches the managed identity assigned to the VM.
 
 1. Ensure the required endpoints are accessible from the VM using PowerShell:
 

articles/active-directory/reports-monitoring/concept-all-sign-ins.md

@@ -64,7 +64,7 @@ The sign-in log provides answers to questions like:
 
 ## What Azure AD license do you need?
 
-Your tenant must have an Azure AD Premium license associated with it to see sign-in activities. See [Getting started with Azure Active Directory Premium](../fundamentals/active-directory-get-started-premium.md) to upgrade your Azure Active Directory edition. It will take a couple of days for the data to show up in the logs after you upgrade to a premium license with no data activities before the upgrade.
+The sign-in activity report is available in [all editions of Azure AD](reference-reports-data-retention.md#how-long-does-azure-ad-store-the-data). If you have an Azure Active Directory P1 or P2 license, you also can access the sign-in activity report through the Microsoft Graph API. See [Getting started with Azure Active Directory Premium](../fundamentals/active-directory-get-started-premium.md) to upgrade your Azure Active Directory edition. It will take a couple of days for the data to show up in Graph after you upgrade to a premium license with no data activities before the upgrade.
 
 
 

articles/active-directory/reports-monitoring/overview-reports.md

@@ -31,33 +31,6 @@ Azure Active Directory (Azure AD) reports provide a comprehensive view of activi
 - Detect potential risks affecting the health of your environment
 - Troubleshoot issues preventing your users from getting their work done  
 
-The reporting architecture relies on two main pillars:
-
-- [Security reports](#security-reports)
-- [Activity reports](#activity-reports)
-
-![Reporting](./media/overview-reports/01.png)
-
-
-## Security reports
-
-Security reports help you to protect your organization's identities. There are two types of security reports:
-
-- **Users flagged for risk** - From the [users flagged for risk security report](../identity-protection/overview-identity-protection.md), you get an overview of user accounts that might have been compromised.
-
-- **Risky sign-ins** - With the [risky sign-in security report](../identity-protection/overview-identity-protection.md), you get an indicator for sign-in attempts that might have been performed by someone who is not the legitimate owner of a user account. 
-
-### What Azure AD license do you need to access a security report?  
-
-All editions of Azure AD provide you with users flagged for risk and risky sign-ins reports. However, the level of report granularity varies between the editions: 
-
-- In the **Azure Active Directory Free and Basic editions**, you get a list of users flagged for risk and risky sign-ins. 
-
-- The **Azure Active Directory Premium 1** edition extends this model by also enabling you to examine some of the underlying risk detections that have been detected for each report. 
-
-- The **Azure Active Directory Premium 2** edition provides you with the most detailed information about the underlying risk detections and it also enables you to configure security policies that automatically respond to configured risk levels.
-
-
 ## Activity reports
 
 Activity reports help you understand the behavior of users in your organization. There are two types of activity reports in Azure AD:
@@ -70,9 +43,6 @@ Activity reports help you understand the behavior of users in your organization.
 
 > [!VIDEO https://www.youtube.com/embed/ACVpH6C_NL8]
 
-
-
-
 ### Audit logs report 
 
 The [audit logs report](concept-audit-logs.md) provides you with records of system activities for compliance. This data enables you to address common scenarios such as:
@@ -108,4 +78,4 @@ In addition to the user interface, Azure AD also provides you with [programmatic
 
 - [Risky sign-ins report](../identity-protection/overview-identity-protection.md)
 - [Audit logs report](concept-audit-logs.md)
-- [Sign-ins logs report](concept-sign-ins.md)
+- [Sign-ins logs report](concept-sign-ins.md)

articles/applied-ai-services/form-recognizer/containers/form-recognizer-container-configuration.md

@@ -90,7 +90,7 @@ In this example, enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_K
 ```yml
 version: "3.9"
 services:
-azure-cognitive-service-layout:
+  azure-cognitive-service-layout:
     container_name: azure-cognitive-service-layout
     image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
     environment:

articles/cloud-services-extended-support/in-place-migration-powershell.md

@@ -152,12 +152,12 @@ Move-AzureService -Prepare -ServiceName $serviceName -DeploymentName $deployment
 
 Check the configuration for the prepared Cloud Service (extended support) by using either Azure PowerShell or the Azure portal. If you're not ready for migration and you want to go back to the old state, abort the migration.
 ```powershell
-Move-AzureService -Abort -ServiceName $serviceName -DeploymentName $deploymentName -CreateNewVirtualNetwork
+Move-AzureService -Abort -ServiceName $serviceName -DeploymentName $deploymentName
 ```
 If you're ready to complete the migration, commit the migration
 
 ```powershell
-Move-AzureService -Commit -ServiceName $serviceName -DeploymentName $deploymentName -CreateNewVirtualNetwork
+Move-AzureService -Commit -ServiceName $serviceName -DeploymentName $deploymentName
 ```
 
 ### 5.1) Option 2 - Migrate a Cloud Service in a virtual network

articles/defender-for-cloud/troubleshooting-guide.md

@@ -15,7 +15,7 @@ Defender for Cloud uses the Log Analytics agent to collect and store data. See [
 > [!TIP]
 > A dedicated area of the Defender for Cloud pages in the Azure portal provides a collated, ever-growing set of self-help materials for solving common challenges with Defender for Cloud.
 >
-> When you're facing an issue, or are seeking advice from our support team, **Diagnose and solve problems*- is good place to look for solutions:
+> When you're facing an issue, or are seeking advice from our support team, **Diagnose and solve problems** is good place to look for solutions:
 >
 > :::image type="content" source="media/release-notes/solve-problems.png" alt-text="Defender for Cloud's 'Diagnose and solve problems' page":::