Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into als-v1-to-v2

Author: RoseHJM

.openpublishing.redirection.defender-for-iot.json

@@ -142,12 +142,12 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-create-and-manage-users.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-create-and-manage-users",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-define-global-user-access-control.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-define-global-user-access-control",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-on-premises-management-console#define-global-access-permission-for-on-premises-users",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.healthcare-apis.json

@@ -554,6 +554,10 @@
         "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings",
         "redirect_document_id": false
     },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-08-new-ps-cli.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-powershell-cli",
+        "redirect_document_id": false
+    },
     {   "source_path_from_root": "/articles/healthcare-apis/events/events-display-metrics.md",
         "redirect_url": "/azure/healthcare-apis/events/events-use-metrics",
         "redirect_document_id": false

.openpublishing.redirection.json

@@ -16323,6 +16323,11 @@
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
             "redirect_document_id": ""
         },
+        {
+            "source_path_from_root": "/articles/search/search-how-to-index-power-query-data-sources.md",
+            "redirect_url": "/previous-versions/azure/search/search-how-to-index-power-query-data-sources",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/search/cognitive-search-quickstart-ocr.md",
             "redirect_url": "/azure/search/cognitive-search-quickstart-blob",

articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 11/12/2022
+ms.date: 11/29/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -44,7 +44,15 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
  7. Ensure that you're using a valid certificate that has not expired. Go to the **Settings** tab of the ECMA host to view the certificate expiration date. If the certificate has expired, click `Generate certificate` to generate a new certificate.
  8. Restart the provisioning agent by going to the taskbar on your VM by searching for the Microsoft Azure AD Connect provisioning agent. Right-click **Stop**, and then select **Start**.
  1. If you continue to see `The ECMA host is currently importing data from the target application` even after restarting the ECMA Connector Host and the provisioning agent, and waiting for the initial import to complete, then you may need to cancel and start over configuring provisioning to the application in the Azure portal.
- 1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
+1. When configuring the ECMA host, ensure that you provide a certificate with a subject that matches the hostname of your windows server. The certificate that is generated by the ECMA host will do this for you automatically, but should only be used for testing purposes. 
+
+```
+Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
+
+Details: We received this unexpected response from your application: Received response from Web resource. Resource: https://localhost/Users?filter=PLACEHOLDER+eq+"8646d011-1693-4cd3-9ee6-0d7482ca2219" Operation: GET Response Status Code: InternalServerError Response Headers: Response Content: An error occurred while sending the request. Please check the service and try again.
+```
+
+1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
  
     ```
     https://localhost:8585/ecma2host_connectorName/scim

articles/active-directory/authentication/TOC.yml

@@ -310,8 +310,12 @@
     href: /samples/browse/?products=azure
   - name: Azure PowerShell cmdlets
     href: /powershell/azure/
-  - name: Microsoft Graph REST API beta
+  - name: Authentication methods APIs - Microsoft Graph
     href: /graph/api/resources/authenticationmethods-overview
+  - name: Authentication strengths APIs - Microsoft Graph (preview)
+    href: /graph/api/resources/authenticationstrengths-overview
+  - name: Authentication methods policy - Microsoft Graph
+    href: /graph/api/resources/authenticationmethodspolicies-overview
   - name: Service limits and restrictions
     href: ../enterprise-users/directory-service-limits-restrictions.md
   - name: FIDO2 compatibility

articles/active-directory/fundamentals/resilience-b2b-authentication.md

@@ -3,21 +3,18 @@ title: Build resilience in external user authentication with Azure Active Direct
 description: A guide for IT admins and architects to building resilient authentication for external users
 services: active-directory
 author: janicericketts
-manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 09/13/2022
+ms.date: 11/16/2022
 ms.author: jricketts
-ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---
-
 # Build resilience in external user authentication
 
-[Azure Active Directory B2B collaboration](../external-identities/what-is-b2b.md) (Azure AD B2B) is a feature of [External Identities](../external-identities/external-collaboration-settings-configure.md) that enables collaboration with other organizations and individuals. It enables the secure onboarding of guest users into your Azure AD tenant without having to manage their credentials. External users bring their identity and credentials with them from an external identity provider (IdP), so they don’t have to remember a new credential. 
+[Azure Active Directory B2B collaboration](../external-identities/what-is-b2b.md) (Azure AD B2B) is a feature of [External Identities](../external-identities/external-collaboration-settings-configure.md) that enables collaboration with other organizations and individuals. It enables the secure onboarding of guest users into your Azure AD tenant without having to manage their credentials. External users bring their identity and credentials with them from an external identity provider (IdP) so they don't have to remember a new credential. 
 
 ## Ways to authenticate external users
 
@@ -26,46 +23,38 @@ You can choose the methods of external user authentication to your directory. Yo
 With every external IdP, you take a dependency on the availability of that IdP. With some methods of connecting to IdPs, there are things you can do to increase your resilience.
 
 > [!NOTE] 
-> Azure AD B2B has the built-in ability to authenticate any user from any [Azure Active Directory](../index.yml) tenant, or with a personal [Microsoft Account](https://account.microsoft.com/account). You do not have to do any configuration with these built-in options.
+> Azure AD B2B has the built-in ability to authenticate any user from any [Azure Active Directory](../index.yml) tenant or with a personal [Microsoft Account](https://account.microsoft.com/account). You do not have to do any configuration with these built-in options.
 
 ### Considerations for resilience with other IdPs
 
-When using external IdPs for guest user authentication, there are certain configurations that you must ensure you maintain to prevent disruptions.
+When you use external IdPs for guest user authentication, there are configurations that you must maintain to prevent disruptions.
 
 | Authentication Method| Resilience considerations |
 | - | - |
 | Federation with social IDPs like [Facebook](../external-identities/facebook-federation.md) or [Google](../external-identities/google-federation.md).| You must maintain your account with the IdP and configure your Client ID and Client Secret. |
-| [Direct Federation with SAML and WS-Federation Identity Providers](../external-identities/direct-federation.md)| You must collaborate with the IdP owner for access to their endpoints, upon which you're dependent. <br>You must maintain the metadata that contain the certificates and endpoints. |
-| [Email one-time passcode](../external-identities/one-time-passcode.md)| With this method you're dependent on Microsoft’s email system, the user’s email system, and the user’s email client. |
-
-
- 
+| [SAML/WS-Fed identity provider (IdP) federation](../external-identities/direct-federation.md)| You must collaborate with the IdP owner for access to their endpoints upon which you're dependent. You must maintain the metadata that contain the certificates and endpoints. |
+| [Email one-time passcode](../external-identities/one-time-passcode.md)| You're dependent on Microsoft's email system, the user's email system, and the user's email client. |
 
-## Self-service sign-up (preview)
+## Self-service sign-up
 
-As an alternative to sending invitations or links, you can enable [Self-service sign-up](../external-identities/self-service-sign-up-overview.md).  This allows external users to request access to an application. You must create an [API connector](../external-identities/self-service-sign-up-add-api-connector.md) and associate it with a user flow. You associate user flows that define the user experience with one or more applications. 
+As an alternative to sending invitations or links, you can enable [Self-service sign-up](../external-identities/self-service-sign-up-overview.md).  This method allows external users to request access to an application. You must create an [API connector](../external-identities/self-service-sign-up-add-api-connector.md) and associate it with a user flow. You associate user flows that define the user experience with one or more applications. 
 
-It’s possible to use [API connectors](../external-identities/api-connectors-overview.md) to integrate your self-service sign-up user flow with external systems’ APIs. This API integration can be used for [custom approval workflows](../external-identities/self-service-sign-up-add-approvals.md), [performing identity verification](../external-identities/code-samples-self-service-sign-up.md), and other tasks such as overwriting user attributes. Using APIs requires that you manage the following dependencies.
+It's possible to use [API connectors](../external-identities/api-connectors-overview.md) to integrate your self-service sign-up user flow with external systems' APIs. This API integration can be used for [custom approval workflows](../external-identities/self-service-sign-up-add-approvals.md), [performing identity verification](../external-identities/code-samples-self-service-sign-up.md), and other tasks such as overwriting user attributes. Using APIs requires that you manage the following dependencies.
 
 * **API Connector Authentication**: Setting up a connector requires an endpoint URL, a username, and a password. Set up a process by which these credentials are maintained, and work with the API owner to ensure you know any expiration schedule.
-
 * **API Connector Response**: Design API Connectors in the sign-up flow to fail gracefully if the API isn't available. Examine and provide to your API developers these [example API responses](../external-identities/self-service-sign-up-add-api-connector.md) and the [best practices for troubleshooting](../external-identities/self-service-sign-up-add-api-connector.md). Work with the API development team to test all possible response scenarios, including continuation, validation-error, and blocking responses. 
 
 ## Next steps
-Resilience resources for administrators and architects
+
+### Resilience resources for administrators and architects
 
 * [Build resilience with credential management](resilience-in-credentials.md)
-
 * [Build resilience with device states](resilience-with-device-states.md)
-
 * [Build resilience by using Continuous Access Evaluation (CAE)](resilience-with-continuous-access-evaluation.md)
-
 * [Build resilience in your hybrid authentication](resilience-in-hybrid.md)
-
 * [Build resilience in application access with Application Proxy](resilience-on-premises-access.md)
 
-Resilience resources for developers
+### Resilience resources for developers
 
 * [Build IAM resilience in your applications](resilience-app-development-overview.md)
-
 * [Build resilience in your CIAM systems](resilience-b2c.md)

articles/active-directory/fundamentals/resilience-in-credentials.md

@@ -4,44 +4,36 @@ description: A guide for architects
  and IT administrators on building a resilient credential strategy.
 services: active-directory
 author: janicericketts
-manager: martinco
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 08/19/2022
+ms.date: 11/16/2022
 ms.author: jricketts
-ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---
-
 # Build resilience with credential management
 
-When a credential is presented to Azure AD in a token request, there are multiple dependencies that must be available for validation. The first authentication factor relies on Azure AD authentication, and in some cases on on-premises infrastructure. For more information on hybrid authentication architectures, see [Build resilience in your hybrid infrastructure](resilience-in-hybrid.md). 
+When a credential is presented to Azure Active Directory (Azure AD) in a token request, there are multiple dependencies that must be available for validation. The first authentication factor relies on Azure AD authentication and, in some cases, on on-premises infrastructure. For more information on hybrid authentication architectures, see [Build resilience in your hybrid infrastructure](resilience-in-hybrid.md). 
 
-If you implement a second factor, the dependencies for the second factor are added to the dependencies for the first. For example, if your first factor is via PTA, and your second factor is SMS, your dependencies are:
+If you implement a second factor, the dependencies for the second factor are added to the dependencies for the first. For example, if your first factor is via PTA and your second factor is SMS, your dependencies are as follows.
 
 * Azure AD authentication services
-
-* Azure MFA service
-
+* Azure AD Multi-Factor Authentication service
 * On-premises infrastructure
-
 * Phone carrier
-
-* The user’s device (not pictured)
-
+* The user's device (not pictured)
 
 ![Image of authentication methods and dependencies](./media/resilience-in-credentials/admin-resilience-credentials.png)
 
-Your credential strategy should consider the dependencies of each authentication type, and provision methods that avoid a single point of failure. 
+Your credential strategy should consider the dependencies of each authentication type and provision methods that avoid a single point of failure. 
 
-Because authentication methods have different dependencies, it’s a good idea to enable users to register for as many second-factor options as possible. Be sure to include second factors with different dependencies if possible. For example, Voice call and SMS as second factors share the same dependencies, so having them as the only options does not mitigate risk.
+Because authentication methods have different dependencies, it's a good idea to enable users to register for as many second factor options as possible. Be sure to include second factors with different dependencies, if possible. For example, Voice call and SMS as second factors share the same dependencies, so having them as the only options doesn't mitigate risk.
 
-The most resilient credential strategy is to use passwordless authentication. Windows Hello for Business and FIDO 2.0 security keys have fewer dependencies than strong authentication with two separate factors. The Microsoft Authenticator app, Windows Hello for Business and Fido 2.0 security keys are the most secure. 
+The most resilient credential strategy is to use passwordless authentication. Windows Hello for Business and FIDO 2.0 security keys have fewer dependencies than strong authentication with two separate factors. The Microsoft Authenticator app, Windows Hello for Business, and FIDO 2.0 security keys are the most secure. 
 
-For second factors, the Microsoft Authenticator app or other authenticator apps using time-based one time passcode (TOTP) or OATH hardware tokens have the fewest dependencies, and are therefore more resilient.
+For second factors, the Microsoft Authenticator app or other authenticator apps using time-based one time passcode (TOTP) or OAuth hardware tokens have the fewest dependencies and are, therefore, more resilient.
 
 ## How do multiple credentials help resilience?
 
@@ -52,30 +44,21 @@ In addition to individual user resiliency described above, enterprises should pl
 ## How do I implement resilient credentials?
 
 * Deploy [Passwordless credentials](../authentication/howto-authentication-passwordless-deployment.md) such as Windows Hello for Business, Phone Authentication, and FIDO2 security keys to reduce dependencies.
-
 * Deploy the [Microsoft Authenticator App](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) as a second factor.
-
-* Turn on [password hash synchronization](../hybrid/whatis-phs.md) for hybrid accounts that are synchronized from Windows Server Active Directory. This option can be enabled alongside federation services such as AD FS and provides a fall back in case the federation service fails.
-
-* [Analyze usage of Multi-factor authentication methods](/samples/azure-samples/azure-mfa-authentication-method-analysis/azure-mfa-authentication-method-analysis/) to improve users’ experience.
-
+* Turn on [password hash synchronization](../hybrid/whatis-phs.md) for hybrid accounts that are synchronized from Windows Server Active Directory. This option can be enabled alongside federation services such as Active Directory Federation Services (AD FS) and provides a fallback in case the federation service fails.
+* [Analyze usage of Multi-factor authentication methods](/samples/azure-samples/azure-mfa-authentication-method-analysis/azure-mfa-authentication-method-analysis/) to improve user experience.
 * [Implement a resilient access control strategy](../authentication/concept-resilient-controls.md)
 
 ## Next steps
-Resilience resources for administrators and architects
+### Resilience resources for administrators and architects
 
 * [Build resilience with device states](resilience-with-device-states.md)
-
 * [Build resilience by using Continuous Access Evaluation (CAE)](resilience-with-continuous-access-evaluation.md)
-
 * [Build resilience in external user authentication](resilience-b2b-authentication.md)
-
 * [Build resilience in your hybrid authentication](resilience-in-hybrid.md)
-
 * [Build resilience in application access with Application Proxy](resilience-on-premises-access.md)
 
-Resilience resources for developers
+### Resilience resources for developers
 
 * [Build IAM resilience in your applications](resilience-app-development-overview.md)
-
 * [Build resilience in your CIAM systems](resilience-b2c.md)