Merge pull request #239309 from MicrosoftDocs/main

5/25 AM Publish

Author: huypub

.whatsnew/.microsoft-identity-platform.json

@@ -7,7 +7,7 @@
         "relativeLinkPrefix": "/azure/active-directory/develop"
     },
     "inclusionCriteria": {
-        "omitPullRequestTitles" : true,
+        "omitPullRequestTitles" : false,
         "minAdditionsToFile" : 20,
         "maxFilesChanged": 50,
         "labels": [

articles/active-directory-domain-services/network-considerations.md

@@ -141,8 +141,6 @@ If needed, you can [create the required network security group and rules using A
 
 For Outbound connectivity, you can either keep **AllowVnetOutbound** and **AllowInternetOutBound** or restrict Outbound traffic by using ServiceTags listed in the following table. The ServiceTag for AzureUpdateDelivery must be added via [PowerShell](powershell-create-instance.md).
 
-Filtered Outbound traffic is not supported on Classic deployments.
-
 
 | Outbound port number | Protocol | Source | Destination   | Action | Required | Purpose |
 |:--------------------:|:--------:|:------:|:-------------:|:------:|:--------:|:-------:|
@@ -159,13 +157,7 @@ Filtered Outbound traffic is not supported on Classic deployments.
 
 * Used to perform management tasks using PowerShell remoting in your managed domain.
 * Without access to this port, your managed domain can't be updated, configured, backed-up, or monitored.
-* For managed domains that use a Resource Manager-based virtual network, you can restrict inbound access to this port to the *AzureActiveDirectoryDomainServices* service tag.
-    * For legacy managed domains using a Classic-based virtual network, you can restrict inbound access to this port to the following source IP addresses: *52.180.183.8*, *23.101.0.70*, *52.225.184.198*, *52.179.126.223*, *13.74.249.156*, *52.187.117.83*, *52.161.13.95*, *104.40.156.18*, and *104.40.87.209*.
-
-    > [!NOTE]
-    > In 2017, Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we have been able to build a more secure service using the Azure Resource Manager's modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023.
-    >
-    > For more information, see the [official deprecation notice](https://azure.microsoft.com/updates/we-are-retiring-azure-ad-domain-services-classic-vnet-support-on-march-1-2023/)
+* You can restrict inbound access to this port to the *AzureActiveDirectoryDomainServices* service tag.
 
 ### Port 3389 - management using remote desktop
 

articles/active-directory-domain-services/tutorial-create-replica-set.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/16/2022
+ms.date: 05/25/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create and use replica sets in Azure Active Directory Domain Services to provide resiliency or geographical distributed managed domain data.
@@ -42,7 +42,7 @@ To complete this tutorial, you need the following resources and privileges:
     * If needed, [create and configure an Azure Active Directory Domain Services managed domain][tutorial-create-instance].
 
     > [!IMPORTANT]
-    > Managed domains created using the Classic deployment model can't use replica sets. You also need to use a minimum of *Enterprise* SKU for your managed domain. If needed, [change the SKU for a managed domain][howto-change-sku].
+    > You need to use a minimum of *Enterprise* SKU for your managed domain to support replica sets. If needed, [change the SKU for a managed domain][howto-change-sku].
 
 ## Sign in to the Azure portal
 

articles/active-directory-domain-services/use-azure-monitor-workbooks.md

@@ -54,7 +54,7 @@ To access the workbook template for the security overview report, complete the f
 1. Select your managed domain, such as *aaddscontoso.com*
 1. From the menu on the left-hand side, choose **Monitoring > Workbooks**
 
-    ![Screenshot that hightlights where to select the Security Overview Report and the Account Activity Report.](./media/use-azure-monitor-workbooks/select-workbooks-in-azure-portal.png)
+    ![Screenshot that highlights where to select the Security Overview Report and the Account Activity Report.](./media/use-azure-monitor-workbooks/select-workbooks-in-azure-portal.png)
 
 1. Choose the **Security Overview Report**.
 1. From the drop-down menus at the top of the workbook, select your Azure subscription and then an Azure Monitor workspace.

articles/active-directory/authentication/howto-sspr-authenticationdata.md

@@ -56,7 +56,7 @@ The following considerations apply for this authentication contact info:
 
 ## Security questions and answers
 
-The security questions and answers are stored securely in your Azure AD tenant and are only accessible to users via the [SSPR registration portal](https://aka.ms/ssprsetup). Administrators can't see, set, or modify the contents of another users' questions and answers.
+The security questions and answers are stored securely in your Azure AD tenant and are only accessible to users via My Security-Info's [Combined registration experience](https://aka.ms/mfasetup). Administrators can't see, set, or modify the contents of another users' questions and answers.
 
 ## What happens when a user registers
 

articles/active-directory/develop/claims-challenge.md

@@ -34,7 +34,7 @@ Here's an example:
 ```https
 HTTP 401; Unauthorized
 
-www-authenticate =Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", error="insufficient_claims", claims="eyJhY2Nlc3NfdG9rZW4iOnsiYWNycyI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlIjoiYzEifX19"
+www-authenticate =Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", error="insufficient_claims", claims="eyJhY2Nlc3NfdG9rZW4iOnsiYWNycyI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlIjoiY3AxIn19fQ=="
 ```
 
  **HTTP Status Code**: Must be **401 Unauthorized**.