Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into release-iotedge-moniker-retirement

Author: PatAltimore

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -31,14 +31,14 @@
       - name: View key statistics and data about your authorization system
         href: ui-dashboard.md
       - name: View data about the activity in your authorization system
-        href: product-dashboard.md
-      - name: View current billable resources in your authorization system
-        href: product-data-billable-resources.md  
+        href: product-dashboard.md  
     - name: View information about your Authorization Systems
       expanded: false
       items:
       - name: View and configure settings for data collection
         href: product-data-sources.md
+      - name: View current billable resources in your authorization system
+        href: product-data-billable-resources.md
     - name: Manage organizational and personal information
       expanded: false
       items:

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-role-policy.md

@@ -24,6 +24,9 @@ This article describes how you can use the **Remediation** dashboard in Permissi
 
 ## Create a policy for AWS
 
+> [!NOTE]
+> For information on AWS service quotas, and to request an AWS service quota increase, visit [the AWS documentation](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html). 
+
 1. On the Entra home page, select the **Remediation** tab, and then select the **Role/Policies** tab.
 1. Use the dropdown lists to select the **Authorization System Type** and **Authorization System**.
 1. Select **Create Policy**.

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

@@ -4,7 +4,7 @@ description: Use filter for devices in Conditional Access to enhance security po
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 04/28/2022
+ms.date: 01/25/2023
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: amycolannino
@@ -19,7 +19,7 @@ When creating Conditional Access policies, administrators have asked for the abi
 
 ## Common scenarios
 
-There are multiple scenarios that organizations can now enable using filter for devices condition. Below are some core scenarios with examples of how to use this new condition.
+There are multiple scenarios that organizations can now enable using filter for devices condition. The following scenarios provide examples of how to use this new condition.
 
 - **Restrict access to privileged resources**. For this example, lets say you want to allow access to Microsoft Azure Management from a user who is assigned a privileged role Global Admin, has satisfied multifactor authentication and accessing from a device that is [privileged or secure admin workstations](/security/compass/privileged-access-devices) and attested as compliant. For this scenario, organizations would create two Conditional Access policies:
    - Policy 1: All users with the directory role of Global Administrator, accessing the Microsoft Azure Management cloud app, and for Access controls, Grant access, but require multifactor authentication and require device to be marked as compliant.
@@ -89,7 +89,7 @@ Setting extension attributes is made possible through the Graph API. For more in
 
 ### Filter for devices Graph API
 
-The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint mentioned above by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding devices that aren't marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md). 
+The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using the endpoint `https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/`. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding devices that aren't marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md). 
 
 ```json
 {
@@ -136,7 +136,7 @@ The following device attributes can be used with the filter for devices conditio
 
 ## Policy behavior with filter for devices
 
-The filter for devices condition in Conditional Access evaluates policy based on device attributes of a registered device in Azure AD and hence it's important to understand under what circumstances the policy is applied or not applied. The table below illustrates the behavior when a filter for devices condition is configured. 
+The filter for devices condition in Conditional Access evaluates policy based on device attributes of a registered device in Azure AD and hence it's important to understand under what circumstances the policy is applied or not applied. The following table illustrates the behavior when a filter for devices condition is configured. 
 
 | Filter for devices condition | Device registration state | Device filter Applied 
 | --- | --- | --- |

articles/active-directory/conditional-access/location-condition.md

@@ -162,7 +162,7 @@ Most of the IPv6 traffic that gets proxied to Azure AD comes from Microsoft Exch
 If you're using Azure VNets, you'll have traffic coming from an IPv6 address. If you have VNet traffic blocked by a Conditional Access policy, check your Azure AD sign-in log. Once you’ve identified the traffic, you can get the IPv6 address being used and exclude it from your policy. 
 
 > [!NOTE]
-> If you want to specify an IP CIDR range for a single address, apply the /128 bit mask. If you see the IPv6 address 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a and wanted to exclude that single address as a range, you would use 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a/128.
+> If you want to specify an IP CIDR range for a single address, apply the /128 bit mask. If you see the IPv6 address 2001:db8:4a7d:3f57:a1e2:6b4a:8f3e:d17b and wanted to exclude that single address as a range, you would use 2001:db8:4a7d:3f57:a1e2:6b4a:8f3e:d17b/128.
 
 ## What you should know
 

articles/active-directory/develop/developer-support-help-options.md

@@ -41,14 +41,17 @@ Get answers to your identity app development questions directly from Microsoft e
 
 If you can't find an answer to your problem by searching Microsoft Q&A, submit a new question. Use one of following tags when you ask your [high-quality question](/answers/articles/24951/how-to-write-a-quality-question.html):
 
-| Component/area                                                              | Tags                                                                    |
-| --------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
-| Microsoft Authentication Library (MSAL)                                     | [[msal]](/answers/topics/azure-ad-msal.html)                            |
-| Open Web Interface for .NET (OWIN) middleware                               | [[azure-active-directory]](/answers/topics/azure-active-directory.html) |
-| [Azure AD B2B / External Identities](../external-identities/what-is-b2b.md) | [[azure-ad-b2b]](/answers/topics/azure-ad-b2b.html)                     |
-| [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/)  | [[azure-ad-b2c]](/answers/topics/azure-ad-b2c.html)                     |
-| [Microsoft Graph API](https://developer.microsoft.com/graph/)               | [[azure-ad-graph]](/answers/topics/azure-ad-graph.html)                 |
-| All other authentication and authorization areas                            | [[azure-active-directory]](/answers/topics/azure-active-directory.html) |
+| Component/area                                            | Tags                                                                                         |
+| ----------------------------------------------------------| ---------------------------------------------------------------------------------------------|
+| Azure AD B2B / External Identities                        | [Azure Active Directory External Identities](/answers/tags/231/azure-active-directory-b2c)   |
+| Azure AD B2C                                              | [Azure Active Directory External Identities](/answers/tags/231/azure-active-directory-b2c)   |
+| All other Azure Active Directory areas                    | [Azure Active Diretory](/answers/tags/49/azure-active-directory)                             |
+| Azure RBAC                                                | [Azure Role-Based access control](/answers/tags/189/azure-rbac)                              |
+| Azure Key Vault                                           | [Azure Key Vault](/answers/tags/5/azure-key-vault)                                           |
+| Microsoft Security                                        | [Microsoft Defender for Cloud](/answers/tags/392/defender-for-cloud)                         |
+| Microsoft Sentinel                                        | [Microsoft Sentinel](/answers/tags/423/microsoft-sentinel)                                   |
+| Azure AD Domain Services                                  | [Azure Active Directory Domain Services](/answers/tags/222/azure-active-directory-domain)    |
+| Azure Windows and Linux Virtual Machines                  | [Azure Virtual Machines](/answers/tags/94/azure-virtual-machines)                            |
 
 ## Create a GitHub issue