Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into dpcustom

Author: dlepow

.openpublishing.publish.config.json

@@ -1024,7 +1024,7 @@
     "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",
     ".openpublishing.redirection.virtual-desktop.json",
     "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services.json",
-    "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services-renamed.json",
+    "articles/applied-ai-services/.openpublishing.archived.json",
     "articles/cognitive-services/.openpublishing.redirection.cognitive-services.json"
   ]
 }

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-frequently-asked-questions.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/faqs-general",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md",
             "redirect_url": "/azure/defender-for-iot/organizations/appliance-catalog/index",

.openpublishing.redirection.json

@@ -4573,6 +4573,11 @@
     "redirect_url":  "/azure/security/benchmarks",
     "redirect_document_id":  false
 },
+{
+  "source_path_from_root":  "/articles/azure-resource-manager/bicep/linter-rule-use-protectedsettings-for-commandtoexecute-secrets.md",
+  "redirect_url":  "/azure/azure-resource-manager/bicep/linter-rule-protect-commandtoexecute-secrets",
+  "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/azure-resource-manager/templates/view-resources.md",
     "redirect_url":  "/azure/azure-resource-manager/templates/export-template-portal",
@@ -5783,6 +5788,11 @@
     "redirect_url":  "/azure/automation/manage-run-as-account",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/automation/quickstarts/create-account-portal.md",
+    "redirect_url":  "/azure/automation/create-azure-automation-account-portal",
+    "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/best-practices-availability-paired-regions.md",
     "redirect_url":  "/azure/availability-zones/cross-region-replication-azure",
@@ -18298,6 +18308,16 @@
     "redirect_url":  "/connectors/bingsearch",
     "redirect_document_id":  false
 },
+{
+  "source_path_from_root": "/articles/connectors/connectors-create-api-twilio.md",
+  "redirect_url": "/connectors/twilio",
+  "redirect_document_id": false
+},
+{
+  "source_path_from_root":  "/articles/connectors/connectors-schema-migration.md",
+  "redirect_url":  "/azure/logic-apps/update-consumption-workflow-schema",
+  "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/logic-apps/logic-apps-scenario-error-and-exception-handling.md",
     "redirect_url":  "/azure/logic-apps/logic-apps-exception-handling",

articles/active-directory-b2c/string-transformations.md

@@ -864,7 +864,7 @@ Checks whether the provided phone number is valid, based on phone number regular
   </InputClaims>
   <InputParameters>
     <InputParameter Id="matchTo" DataType="string" Value="^[0-9]{4,16}$" />
-    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="Phone" />
+    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="iPhone" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />

articles/active-directory-domain-services/migrate-from-classic-vnet.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/07/2022
+ms.date: 08/15/2022
 ms.author: justinha 
 ms.custom: devx-track-azurepowershell
 
@@ -172,9 +172,15 @@ Before you begin the migration process, complete the following initial checks an
 
     Make sure that network settings don't block necessary ports required for Azure AD DS. Ports must be open on both the Classic virtual network and the Resource Manager virtual network. These settings include route tables (although it's not recommended to use route tables) and network security groups.
 
-    Azure AD DS needs a network security group to secure the ports needed for the managed domain and block all other incoming traffic. This network security group acts as an extra layer of protection to lock down access to the managed domain. To view the ports required, see [Network security groups and required ports][network-ports].
+    Azure AD DS needs a network security group to secure the ports needed for the managed domain and block all other incoming traffic. This network security group acts as an extra layer of protection to lock down access to the managed domain. 
 
-    If you use secure LDAP, add a rule to the network security group to allow incoming traffic for *TCP* port *636*. For more information, see [Lock down secure LDAP access over the internet](tutorial-configure-ldaps.md#lock-down-secure-ldap-access-over-the-internet)
+    The following network security group Inbound rules are required for the managed domain to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet your managed domain is deployed into.
+
+    | Inbound port number | Protocol | Source                             | Destination | Action | Required | Purpose |
+    |:-----------:|:--------:|:----------------------------------:|:-----------:|:------:|:--------:|:--------|
+    | 5986        | TCP      | AzureActiveDirectoryDomainServices | Any         | Allow  | Yes      | Management of your domain. |
+    | 3389        | TCP      | CorpNetSaw                         | Any         | Allow  | Optional      | Debugging for support. |
+    | 636         | TCP      | AzureActiveDirectoryDomainServices | Inbound         | Allow  | Optional      | Secure LDAP. |
 
     Make a note of this target resource group, target virtual network, and target virtual network subnet. These resource names are used during the migration process.
 

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 08/08/2022
+ms.date: 08/16/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/app-provisioning/accidental-deletions.md

@@ -20,10 +20,6 @@ The Azure AD provisioning service includes a feature to help avoid accidental de
 The feature lets you specify a deletion threshold, above which an admin 
 needs to explicitly choose to allow the deletions to be processed.
 
-> [!NOTE]
-> Accidental deletions are not supported for our Workday / SuccessFactors integrations. It is also not supported for changes in scoping (e.g. changing a scoping filter or changing from "sync all users and groups" to "sync assigned users and groups"). Until the accidental deletions prevention feature is fully released, you'll need to access the Azure portal using this URL: https://aka.ms/AccidentalDeletionsPreview
-
-
 ## Configure accidental deletion prevention
 To enable accidental deletion prevention:
 1.  In the Azure portal, select **Azure Active Directory**.
@@ -35,11 +31,6 @@ threshold. Also, be sure the notification email address is completed. If the del
 
 When the deletion threshold is met, the job will go into quarantine and a notification email will be sent. The quarantined job can then be allowed or rejected. To learn more about quarantine behavior, see [Application provisioning in quarantine status](application-provisioning-quarantine-status.md).
 
-## Known limitations
-There are two key limitations to be aware of and are actively working to address:
-- HR-driven provisioning from Workday and SuccessFactors don't support the accidental deletions feature. 
-- Changes to your provisioning configuration (e.g. changing scoping) isn't supported by the accidental deletions feature. 
-
 ## Recovering from an accidental deletion
 If you encounter an accidental deletion you'll see it on the provisioning status page.  It will say **Provisioning has been quarantined. See quarantine details for more information.**.
 

articles/active-directory/authentication/howto-authentication-use-email-signin.md

@@ -56,7 +56,7 @@ In the current preview state, the following limitations apply to email as an alt
     * On some Microsoft sites and apps, such as Microsoft Office, the *Account Manager* control typically displayed in the upper right may display the user's UPN instead of the non-UPN email used to sign in.
 
 * **Unsupported flows** - Some flows are currently not compatible with non-UPN emails, such as the following:
-    * Identity Protection doesn't match non-UPN emails with *Leaked Credentials* risk detection. This risk detection uses the UPN to match credentials that have been leaked. For more information, see [Azure AD Identity Protection risk detection and remediation][identity-protection].
+    * Identity Protection doesn't match non-UPN emails with *Leaked Credentials* risk detection. This risk detection uses the UPN to match credentials that have been leaked. For more information, see [How To: Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md).
     * When a user is signed-in with a non-UPN email, they cannot change their password. Azure AD self-service password reset (SSPR) should work as expected. During SSPR, the user may see their UPN if they verify their identity using a non-UPN email.
 
 * **Unsupported scenarios** - The following scenarios are not supported. Sign-in with non-UPN email for:
@@ -113,7 +113,7 @@ To support this hybrid authentication approach, you synchronize your on-premises
 
 In both configuration options, the user submits their username and password to Azure AD, which validates the credentials and issues a ticket. When users sign in to Azure AD, it removes the need for your organization to host and manage an AD FS infrastructure.
 
-One of the user attributes that's automatically synchronized by Azure AD Connect is *ProxyAddresses*. If users have an email address defined in the on-prem AD DS environment as part of the *ProxyAddresses* attribute, it's automatically synchronized to Azure AD. This email address can then be used directly in the Azure AD sign-in process as an alternate login ID.
+One of the user attributes that's automatically synchronized by Azure AD Connect is *ProxyAddresses*. If users have an email address defined in the on-premesis AD DS environment as part of the *ProxyAddresses* attribute, it's automatically synchronized to Azure AD. This email address can then be used directly in the Azure AD sign-in process as an alternate login ID.
 
 > [!IMPORTANT]
 > Only emails in verified domains for the tenant are synchronized to Azure AD. Each Azure AD tenant has one or more verified domains, for which you have proven ownership, and are uniquely bound to your tenant.
@@ -448,7 +448,6 @@ For more information on hybrid identity operations, see [how password hash sync]
 [hybrid-overview]: ../hybrid/cloud-governed-management-for-on-premises.md
 [phs-overview]: ../hybrid/how-to-connect-password-hash-synchronization.md
 [pta-overview]: ../hybrid/how-to-connect-pta-how-it-works.md
-[identity-protection]: ../identity-protection/overview-identity-protection.md#risk-detection-and-remediation
 [sign-in-logs]: ../reports-monitoring/concept-sign-ins.md
 
 <!-- EXTERNAL LINKS -->