Merge pull request #246419 from MicrosoftDocs/main

7/26/2023 PM Publish

Author: Taojunshen

articles/active-directory/authentication/fido2-compatibility.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 07/26/2023
 
 author: justinha
 ms.author: justinha
@@ -21,32 +21,84 @@ Azure Active Directory allows [FIDO2 security keys](./concept-authentication-pas
 
 ## Supported browsers
 
-This table shows support for authenticating Azure Active Directory (Azure AD) and Microsoft Accounts (MSA). Microsoft accounts are created by consumers for services such as Xbox, Skype, or Outlook.com. Supported device types include **USB**, near-field communication (**NFC**), and bluetooth low energy (**BLE**).
+This table shows support for authenticating Azure Active Directory (Azure AD) and Microsoft Accounts (MSA). Microsoft accounts are created by consumers for services such as Xbox, Skype, or Outlook.com. 
 
-| OS | Chrome | Chrome  | Chrome | Edge | Edge | Edge | Firefox | Firefox | Firefox | Safari | Safari | Safari
-|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
-| | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE |
-| **Windows**  | ![Chrome supports USB on Windows for Azure AD accounts.][y] | ![Chrome supports NFC on Windows for Azure AD accounts.][y] | ![Chrome supports BLE on Windows for Azure AD accounts.][y] | ![Edge supports USB on Windows for Azure AD accounts.][y] | ![Edge supports NFC on Windows for Azure AD accounts.][y] | ![Edge supports BLE on Windows for Azure AD accounts.][y] | ![Firefox supports USB on Windows for Azure AD accounts.][y] | ![Firefox supports NFC on Windows for Azure AD accounts.][y] | ![Firefox supports BLE on Windows for Azure AD accounts.][y] |  ![Safari supports USB on Windows for Azure AD accounts.][n] | ![Safari supports NFC on Windows for Azure AD accounts.][n] | ![Safari supports BLE on Windows for Azure AD accounts.][n] |
-| **macOS**  | ![Chrome supports USB on macOS for Azure AD accounts.][y] | ![Chrome supports NFC on macOS for Azure AD accounts.][n] | ![Chrome supports BLE on macOS for Azure AD accounts.][n] | ![Edge supports USB on macOS for Azure AD accounts.][y] | ![Edge supports NFC on macOS for Azure AD accounts.][n] | ![Edge supports BLE on macOS for Azure AD accounts.][n] | ![Firefox supports USB on macOS for Azure AD accounts.][n] | ![Firefox supports NFC on macOS for Azure AD accounts.][n] | ![Firefox supports BLE on macOS for Azure AD accounts.][n] | ![Safari supports USB on macOS for Azure AD accounts.][y] | ![Safari supports NFC on macOS for Azure AD accounts.][n] | ![Safari supports BLE on macOS for Azure AD accounts.][n] |
-| **ChromeOS**  | ![Chrome supports USB on ChromeOS for Azure AD accounts.][y] | ![Chrome supports NFC on ChromeOS for Azure AD accounts.][n] | ![Chrome supports BLE on ChromeOS for Azure AD accounts.][n] | ![Edge supports USB on ChromeOS for Azure AD accounts.][n] | ![Edge supports NFC on ChromeOS for Azure AD accounts.][n] | ![Edge supports BLE on ChromeOS for Azure AD accounts.][n] | ![Firefox supports USB on ChromeOS for Azure AD accounts.][n] | ![Firefox supports NFC on ChromeOS for Azure AD accounts.][n] | ![Firefox supports BLE on ChromeOS for Azure AD accounts.][n] | ![Safari supports USB on ChromeOS for Azure AD accounts.][n] | ![Safari supports NFC on ChromeOS for Azure AD accounts.][n] | ![Safari supports BLE on ChromeOS for Azure AD accounts.][n] |
-| **Linux**  | ![Chrome supports USB on Linux for Azure AD accounts.][y] | ![Chrome supports NFC on Linux for Azure AD accounts.][n] | ![Chrome supports BLE on Linux for Azure AD accounts.][n] | ![Edge supports USB on Linux for Azure AD accounts.][n] | ![Edge supports NFC on Linux for Azure AD accounts.][n] | ![Edge supports BLE on Linux for Azure AD accounts.][n] | ![Firefox supports USB on Linux for Azure AD accounts.][n] | ![Firefox supports NFC on Linux for Azure AD accounts.][n] | ![Firefox supports BLE on Linux for Azure AD accounts.][n] | ![Safari supports USB on Linux for Azure AD accounts.][n] | ![Safari supports NFC on Linux for Azure AD accounts.][n] | ![Safari supports BLE on Linux for Azure AD accounts.][n] |
-| **iOS**  | ![Chrome supports USB on iOS for Azure AD accounts.][y] | ![Chrome supports NFC on iOS for Azure AD accounts.][y] | ![Chrome supports BLE on iOS for Azure AD accounts.][n] | ![Edge supports USB on iOS for Azure AD accounts.][y] | ![Edge supports NFC on iOS for Azure AD accounts.][y] | ![Edge supports BLE on iOS for Azure AD accounts.][n] | ![Firefox supports USB on Linux for Azure AD accounts.][n] | ![Firefox supports NFC on iOS for Azure AD accounts.][n] | ![Firefox supports BLE on iOS for Azure AD accounts.][n] | ![Safari supports USB on iOS for Azure AD accounts.][y] | ![Safari supports NFC on iOS for Azure AD accounts.][y] | ![Safari supports BLE on iOS for Azure AD accounts.][n] |
-| **Android**  | ![Chrome supports USB on Android for Azure AD accounts.][n] | ![Chrome supports NFC on Android for Azure AD accounts.][n] | ![Chrome supports BLE on Android for Azure AD accounts.][n] | ![Edge supports USB on Android for Azure AD accounts.][n] | ![Edge supports NFC on Android for Azure AD accounts.][n] | ![Edge supports BLE on Android for Azure AD accounts.][n] | ![Firefox supports USB on Android for Azure AD accounts.][n] | ![Firefox supports NFC on Android for Azure AD accounts.][n] | ![Firefox supports BLE on Android for Azure AD accounts.][n] | ![Safari supports USB on Android for Azure AD accounts.][n] | ![Safari supports NFC on Android for Azure AD accounts.][n] | ![Safari supports BLE on Android for Azure AD accounts.][n] |
-
-- Key registration is currently not supported with ChromeOS/Chrome Browser.
-- For iOS and macOS on Safari browser, PIN requests fail if the PIN isn't already set on the security key.
-- Security key PIN for user verification isn't currently supported with Android.
+| OS  | Chrome | Edge | Firefox | Safari |
+|:---:|:------:|:----:|:-------:|:------:|
+| **Windows**  | ✅ | ✅ | ✅ | N/A |
+| **macOS**  | ✅ | ✅ | ✅ | ✅ |
+| **ChromeOS**  | ✅ | N/A | N/A | N/A |
+| **Linux**  | ✅ | ❌ | ❌ | N/A |
+| **iOS**  | ✅ | ✅ | ✅ | ✅ |
+| **Android**  | ❌ | ❌ | ❌ | N/A |
 
 >[!NOTE]
->This is the view for web support. Authentication for native apps in iOS and Android are not available yet.
+>This is the view for web support. Authentication for native apps in iOS and Android isn't available yet.
 
-## Unsupported browsers
+## Browser support for each platform
 
-The following operating system and browser combinations aren't supported, but future support and testing is being investigated. If you would like to see other operating system and browser support, please leave feedback on our [product feedback site](https://feedback.azure.com/d365community/).
+The following tables show which transports are supported for each platform. Supported device types include **USB**, near-field communication (**NFC**), and bluetooth low energy (**BLE**).
 
-| Operating system | Browser |
-| ---- | ---- |
-| Android | Chrome |
+### Windows
+
+| Browser | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | ✅ | ✅ | ✅ |
+| Chrome   | ✅ | ✅ | ✅ |
+| Firefox   | ✅ | ✅ | ✅ |
+
+### macOS
+
+| Browser | USB  | NFC<sup>1</sup> | BLE<sup>1</sup> |
+|---------|------|-----|-----|
+| Edge    | &#x2705; | N/A | N/A |
+| Chrome   | &#x2705; | N/A | N/A |
+| Firefox<sup>2</sup>   | &#x2705; | N/A | N/A |
+| Safari<sup>2</sup>   | &#x2705; | N/A | N/A |
+
+<sup>1</sup>NFC and BLE security keys aren't supported on macOS by Apple.
+
+<sup>2</sup>New security key registration doesn't work on these macOS browsers because they don't prompt to set up biometrics or PIN.
+
+### ChromeOS
+
+| Browser<sup>1</sup> | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Chrome  | &#x2705; | &#10060; | &#10060; |
+
+<sup>1</sup>Security key registration isn't supported on ChromeOS or Chrome browser.
+
+### Linux
+
+| Browser | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | &#10060; | &#10060; | &#10060; |
+| Chrome  | &#x2705; | &#10060; | &#10060; |
+| Firefox | &#10060; | &#10060; | &#10060; |
+
+
+### iOS
+
+| Browser<sup>1</sup> | Lightning  | NFC | BLE<sup>2</sup> |
+|---------|------------|-----|-----|
+| Edge    |  &#x2705;  | &#x2705; | N/A | 
+| Chrome  |  &#x2705;  | &#x2705; | N/A |
+| Firefox |  &#x2705;  | &#x2705; | N/A |
+| Safari  |  &#x2705;  | &#x2705; | N/A |
+
+<sup>1</sup>New security key registration doesn't work on iOS browsers because they don't prompt to set up biometrics or PIN.
+
+<sup>2</sup>BLE security keys aren't supported on iOS by Apple.
+
+### Android
+
+| Browser<sup>1</sup> | USB  | NFC | BLE |
+|---------|------|-----|-----|
+| Edge    | &#10060;  | &#10060; | &#10060; |
+| Chrome  | &#10060;  | &#10060; | &#10060; |
+| Firefox | &#10060;  | &#10060; | &#10060; |
+
+<sup>1</sup>Security key biometrics or PIN for user verficiation isn't currently supported on Android by Google. Azure AD requires user verification for all FIDO2 authentications.
 
 ## Minimum browser version
 
@@ -58,7 +110,7 @@ The following are the minimum browser version requirements.
 | Edge | Windows 10 version 1903<sup>1</sup> |
 | Firefox | 66 |
 
-<sup>1</sup>All versions of the new Chromium-based Microsoft Edge support Fido2. Support on Microsoft Edge legacy was added in 1903.
+<sup>1</sup>All versions of the new Chromium-based Microsoft Edge support FIDO2. Support on Microsoft Edge legacy was added in 1903.
 
 ## Next steps
 [Enable passwordless security key sign-in](./howto-authentication-passwordless-security-key.md)

articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 07/18/2023
+ms.date: 07/26/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -45,7 +45,7 @@ Organizations can choose to include or exclude roles as they see fit.
 
 ## Create a Conditional Access policy
 
-The following steps will help create a Conditional Access policy to require those assigned administrative roles to perform multifactor authentication.
+The following steps will help create a Conditional Access policy to require those assigned administrative roles to perform multifactor authentication. Some organizations may be ready to move to stronger authentication methods for their administrators. These organizations may choose to implement a policy like the one described in the article [Require phishing-resistant multifactor authentication for administrators](how-to-policy-phish-resistant-admin-mfa.md).
 
 1. Sign in to the **[Microsoft Entra admin center](https://entra.microsoft.com)** as a [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator).
 1. Browse to **Microsoft Entra ID (Azure AD)** > **Protection** > **Conditional Access**.

articles/active-directory/hybrid/connect/how-to-connect-install-prerequisites.md

@@ -78,7 +78,7 @@ We recommend that you harden your Azure AD Connect server to decrease the securi
 - Create a [dedicated account for all personnel with privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access). Administrators shouldn't be browsing the web, checking their email, and doing day-to-day productivity tasks with highly privileged accounts.
 - Follow the guidance provided in [Securing privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access). 
 - Deny use of NTLM authentication with the AADConnect server. Here are some ways to do this: [Restricting NTLM on the AADConnect Server](/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers) and [Restricting NTLM on a domain](/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain)
-- Ensure every machine has a unique local administrator password. For more information, see [Local Administrator Password Solution (LAPS)](https://support.microsoft.com/help/3062591/microsoft-security-advisory-local-administrator-password-solution-laps) can configure unique random passwords on each workstation and server store them in Active Directory protected by an ACL. Only eligible authorized users can read or request the reset of these local administrator account passwords. You can obtain the LAPS for use on workstations and servers from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=46899). Additional guidance for operating an environment with LAPS and privileged access workstations (PAWs) can be found in [Operational standards based on clean source principle](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#operational-standards-based-on-clean-source-principle). 
+- Ensure every machine has a unique local administrator password. For more information, see [Local Administrator Password Solution (Windows LAPS)](/windows-server/identity/laps/laps-overview) can configure unique random passwords on each workstation and server store them in Active Directory protected by an ACL. Only eligible authorized users can read or request the reset of these local administrator account passwords. Additional guidance for operating an environment with Windows LAPS and privileged access workstations (PAWs) can be found in [Operational standards based on clean source principle](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#operational-standards-based-on-clean-source-principle). 
 - Implement dedicated [privileged access workstations](https://4sysops.com/archives/understand-the-microsoft-privileged-access-workstation-paw-security-model/) for all personnel with privileged access to your organization's information systems. 
 - Follow these [additional guidelines](/windows-server/identity/ad-ds/plan/security-best-practices/reducing-the-active-directory-attack-surface) to reduce the attack surface of your Active Directory environment.
 - Follow the [Monitor changes to federation configuration](how-to-connect-monitor-federation-changes.md) to set up alerts to monitor changes to the trust established between your Idp and Azure AD. 

articles/active-directory/hybrid/connect/reference-connect-version-history.md

@@ -9,7 +9,7 @@ ms.topic: reference
 ms.workload: identity
 ms.date: 7/6/2022
 ms.subservice: hybrid
-ms.author: rodejo
+ms.author: billmath
 ms.custom: has-adal-ref
 ms.collection: M365-identity-device-management
 ---
@@ -47,9 +47,6 @@ Required permissions | For permissions required to apply an update, see [Azure A
 > Currently only builds 2.1.16.0 (release August 8th 2022) or later are supported.
 > 
 > If you are not already using the latest release version of Azure AD Connect Sync, you should upgrade your Azure AD Connect Sync software before that date. 
-> 
-
-Rather than list all the versions which are retired I think its simpler just to list the ones which aren’t retired.
 
 
 If you run a retired version of Azure AD Connect, it might unexpectedly stop working. You also might not have the latest security fixes, performance improvements, troubleshooting and diagnostic tools, and service enhancements. If you require support, we might not be able to provide you with the level of service your organization needs.

articles/ai-services/openai/includes/chatgpt-dotnet.md

@@ -9,7 +9,7 @@ ms.subservice: openai
 ms.topic: include
 author: mrbullwinkle
 ms.author: mbullwin
-ms.date: 05/03/2023
+ms.date: 07/26/2023
 keywords:
 ---
 

articles/ai-services/openai/includes/chatgpt-java.md

@@ -9,11 +9,11 @@ ms.subservice: openai
 ms.topic: include
 author: mrbullwinkle
 ms.author: mbullwin
-ms.date: 05/22/2023
+ms.date: 07/26/2023
 keywords: 
 ---
 
-[Source code](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/openai/azure-ai-openai) | [Artifact (Maven)](https://central.sonatype.com/artifact/com.azure/azure-ai-openai/1.0.0-beta.1) | [Samples](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/openai/azure-ai-openai/src/samples)
+[Source code](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/openai/azure-ai-openai) | [Artifact (Maven)](https://central.sonatype.com/artifact/com.azure/azure-ai-openai/1.0.0-beta.3) | [Samples](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/openai/azure-ai-openai/src/samples)
 
 ## Prerequisites
 
@@ -63,7 +63,7 @@ mkdir "quickstart/src/main/java/com/azure/ai/openai/usage"
     <dependency>
         <groupId>com.azure</groupId>
         <artifactId>azure-ai-openai</artifactId>
-        <version>1.0.0-beta.1</version>
+        <version>1.0.0-beta.3</version>
     </dependency>
 </dependencies>
 </project>
@@ -147,20 +147,20 @@ public class GetChatCompletionsSample {
         String endpoint = System.getenv("AZURE_OPENAI_ENDPOINT");;
         String deploymentOrModelId = "gpt-35-turbo";
 
-        OpenAIClient client = new OpenAIClientBuilder()
+      OpenAIClient client = new OpenAIClientBuilder()
             .endpoint(endpoint)
             .credential(new AzureKeyCredential(azureOpenaiKey))
             .buildClient();
 
         List<ChatMessage> chatMessages = new ArrayList<>();
-        chatMessages.add(new ChatMessage(ChatRole.SYSTEM).setContent("You are a helpful assistant."));
-        chatMessages.add(new ChatMessage(ChatRole.USER).setContent("Does Azure OpenAI support customer managed keys?"));
-        chatMessages.add(new ChatMessage(ChatRole.ASSISTANT).setContent("Yes, customer managed keys are supported by Azure OpenAI?"));
-        chatMessages.add(new ChatMessage(ChatRole.USER).setContent("Do other Azure AI services support this too?"));
+        chatMessages.add(new ChatMessage(ChatRole.SYSTEM, "You are a helpful assistant"));
+        chatMessages.add(new ChatMessage(ChatRole.USER, "Does Azure OpenAI support customer managed keys?"));
+        chatMessages.add(new ChatMessage(ChatRole.ASSISTANT, "Yes, customer managed keys are supported by Azure OpenAI?"));
+        chatMessages.add(new ChatMessage(ChatRole.USER, "Do other Azure AI services support this too?"));
 
         ChatCompletions chatCompletions = client.getChatCompletions(deploymentOrModelId, new ChatCompletionsOptions(chatMessages));
 
-        System.out.printf("Model ID=%s is created at %d.%n", chatCompletions.getId(), chatCompletions.getCreated());
+        System.out.printf("Model ID=%s is created at %s.%n", chatCompletions.getId(), chatCompletions.getCreatedAt());
         for (ChatChoice choice : chatCompletions.getChoices()) {
             ChatMessage message = choice.getMessage();
             System.out.printf("Index: %d, Chat Role: %s.%n", choice.getIndex(), message.getRole());
@@ -174,7 +174,7 @@ public class GetChatCompletionsSample {
                 + "number of completion token is %d, and number of total tokens in request and response is %d.%n",
             usage.getPromptTokens(), usage.getCompletionTokens(), usage.getTotalTokens());
     }
-}
+}  
 ```
 
 > [!IMPORTANT]

articles/ai-services/openai/includes/chatgpt-javascript.md

@@ -9,7 +9,7 @@ ms.subservice: openai
 ms.topic: include
 author: mrbullwinkle
 ms.author: mbullwin
-ms.date: 05/22/2023
+ms.date: 07/26/2023
 keywords: 
 ---
 

articles/ai-services/openai/includes/dotnet.md

@@ -9,11 +9,11 @@ ms.subservice: openai
 ms.topic: include
 author: mrbullwinkle
 ms.author: mbullwin
-ms.date: 03/14/2023
+ms.date: 07/26/2023
 keywords: 
 ---
 
-[Source code](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/src) | [Package (NuGeT)](https://www.nuget.org/packages/Azure.AI.OpenAI/) | [Samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/tests/Samples)
+[Source code](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/src) | [Package (NuGet)](https://www.nuget.org/packages/Azure.AI.OpenAI/) | [Samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/openai/Azure.AI.OpenAI/tests/Samples)
 
 ## Prerequisites