Merge branch 'main' into release-ga-purview-policy

Author: v-alje

articles/active-directory-b2c/custom-email-mailjet.md

@@ -333,11 +333,12 @@ Add the following technical profiles to the `<ClaimsProviders>` element.
         <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
         <Metadata>
           <Item Key="Operation">GenerateCode</Item>
-          <Item Key="CodeExpirationInSeconds">1200</Item>
+          <Item Key="CodeExpirationInSeconds">600</Item>
           <Item Key="CodeLength">6</Item>
           <Item Key="CharacterSet">0-9</Item>
-          <Item Key="ReuseSameCode">true</Item>
           <Item Key="NumRetryAttempts">5</Item>
+          <Item Key="NumCodeGenerationAttempts">10</Item>
+          <Item Key="ReuseSameCode">false</Item>
         </Metadata>
         <InputClaims>
           <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="identifier" />

articles/active-directory-b2c/custom-email-sendgrid.md

@@ -322,11 +322,12 @@ Add the following technical profiles to the `<ClaimsProviders>` element.
         <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
         <Metadata>
           <Item Key="Operation">GenerateCode</Item>
-          <Item Key="CodeExpirationInSeconds">1200</Item>
+          <Item Key="CodeExpirationInSeconds">600</Item>
           <Item Key="CodeLength">6</Item>
           <Item Key="CharacterSet">0-9</Item>
-          <Item Key="ReuseSameCode">true</Item>
           <Item Key="NumRetryAttempts">5</Item>
+          <Item Key="NumCodeGenerationAttempts">10</Item>
+          <Item Key="ReuseSameCode">false</Item>
         </Metadata>
         <InputClaims>
           <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="identifier" />

articles/active-directory-b2c/one-time-password-technical-profile.md

@@ -70,12 +70,12 @@ The following settings can be used to configure code generation mode:
 
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
+| Operation | Yes | The operation to be performed. Possible value: `GenerateCode`. |
 | CodeExpirationInSeconds | No | Time in seconds until code expiration. Minimum: `60`; Maximum: `1200`; Default: `600`. Every time a code is provided (same code using `ReuseSameCode`, or a new code), the code expiration is extended. This time is also used to set retry timeout (once max attempts are reached, user is locked out from attempting to obtain new codes until this time expires) |
 | CodeLength | No | Length of the code. The default value is `6`. |
 | CharacterSet | No | The character set for the code, formatted for use in a regular expression. For example, `a-z0-9A-Z`. The default value is `0-9`. The character set must include a minimum of 10 different characters in the set specified. |
 | NumRetryAttempts | No | The number of verification attempts before the code is considered invalid. The default value is `5`. For example, if you set NumRetryAttempts to 2 it will allow you only 2 attempts in total (first + 1 retry). For the 3rd attempt it will throw max attempts reached irrespective of whether the code is correct or not.|
-| NumCodeGenerationAttempts | No | The number of maximum code generation attempts per identifier. The default value is 10 if not specified. |
-| Operation | Yes | The operation to be performed. Possible value: `GenerateCode`. |
+| NumCodeGenerationAttempts | No | The number of maximum code generation attempts per identifier. The default value is `10` if not specified. |
 | ReuseSameCode | No | Whether the same code should be given rather than generating a new code when given code has not expired and is still valid. The default value is `false`.  |
 
 
@@ -94,7 +94,7 @@ The following example `TechnicalProfile` is used for generating a code:
     <Item Key="CodeLength">6</Item>
     <Item Key="CharacterSet">0-9</Item>
     <Item Key="NumRetryAttempts">5</Item>
-    <Item Key="NumCodeGenerationAttempts">15</Item>
+    <Item Key="NumCodeGenerationAttempts">10</Item>
     <Item Key="ReuseSameCode">false</Item>
   </Metadata>
   <InputClaims>

articles/active-directory-b2c/service-limits.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
 ms.author: kengaderdus
-ms.date: 04/15/2022
+ms.date: 10/27/2022
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 ---
@@ -168,6 +168,7 @@ The following table lists the administrative configuration limits in the Azure A
 |Levels of [inheritance](custom-policy-overview.md#inheritance-model) in custom policies     |10         |
 |Number of policies per Azure AD B2C tenant (user flows + custom policies)     |200          |
 |Maximum policy file size      |1024 KB          |
+|Number of API connectors per tenant     |19         |
 
 <sup>1</sup> See also [Azure AD service limits and restrictions](../active-directory/enterprise-users/directory-service-limits-restrictions.md).
 

articles/active-directory/azuread-dev/active-directory-acs-migration.md

@@ -279,7 +279,7 @@ In these cases, you might want to consider migrating your web application to ano
 
 ![This image shows the Auth0 logo](./media/active-directory-acs-migration/rsz-auth0.png) 
 
-[Auth0](https://auth0.com/acs) is a flexible cloud identity service that has created [high-level migration guidance for customers of Access Control](https://auth0.com/acs), and supports nearly every feature that ACS does.
+[Auth0](https://auth0.com/access-management) is a flexible cloud identity service that has created [high-level migration guidance for customers of Access Control](https://auth0.com/access-management), and supports nearly every feature that ACS does.
 
 ![This image shows the Ping Identity logo](./media/active-directory-acs-migration/rsz-ping.png)
 
@@ -344,7 +344,7 @@ In these cases, you might consider migrating your web application to another clo
 
 ![This image shows the Auth0 logo](./media/active-directory-acs-migration/rsz-auth0.png)
 
-[Auth0](https://auth0.com/acs) is a flexible cloud identity service that has created [high-level migration guidance for customers of Access Control](https://auth0.com/acs), and supports nearly every feature that ACS does.
+[Auth0](https://auth0.com/access-management) is a flexible cloud identity service that has created [high-level migration guidance for customers of Access Control](https://auth0.com/access-management), and supports nearly every feature that ACS does.
 
 ![This image shows the Ping Identity logo](./media/active-directory-acs-migration/rsz-ping.png)
 [Ping Identity](https://www.pingidentity.com) offers two solutions similar to ACS. PingOne is a cloud identity service that supports many of the same features as ACS, and PingFederate is a similar on premises identity product that offers more flexibility. Refer to Ping's ACS retirement guidance for more details on using these products.

articles/active-directory/develop/msal-net-token-cache-serialization.md

@@ -38,7 +38,10 @@ The recommendation is:
 
 ## [ASP.NET Core web apps and web APIs](#tab/aspnetcore)
 
-The [Microsoft.Identity.Web.TokenCache](https://www.nuget.org/packages/Microsoft.Identity.Web.TokenCache) NuGet package provides token cache serialization within the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) library.
+The [Microsoft.Identity.Web.TokenCache](https://www.nuget.org/packages/Microsoft.Identity.Web.TokenCache) NuGet package provides token cache serialization within the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) library. 
+
+If you're using the MSAL library directly in an ASP.NET Core app, consider moving to use [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web), which provides a simpler, higher-level API. Otherwise, see the [Non-ASP.NET Core web apps and web APIs](/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=aspnet#configuring-the-token-cache), which covers direct MSAL usage.
+
 
 | Extension method | Description  |
 | ---------------- | ------------ |
@@ -686,6 +689,9 @@ namespace CommonCacheMsalV3
 }
 ```
 
+For more details see the sample: https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/TokenCacheMigration/ADAL2MSAL
+
+
 ---
 
 ## Monitor cache hit ratios and cache performance

articles/active-directory/develop/v2-protocols-oidc.md

@@ -70,6 +70,9 @@ The value of `{tenant}` varies based on the application's sign-in audience as sh
 | `consumers` |Only users with a personal Microsoft account can sign in to the application. |
 | `8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com` | Only users from a specific Azure AD tenant (directory members with a work or school account or directory guests with a personal Microsoft account) can sign in to the application. <br/><br/>The value can be the domain name of the Azure AD tenant or the tenant ID in GUID format. You can also use the consumer tenant GUID, `9188040d-6c67-4c5b-b112-36a304b66dad`, in place of `consumers`.  |
 
+> [!TIP]
+> Note that when using the `common` or `consumers` authority for personal Microsoft accounts, the consuming resource application must be configured to support such type of accounts in accordance with [signInAudience](/azure/active-directory/develop/supported-accounts-validation).
+
 You can also find your app's OpenID configuration document URI in its app registration in the Azure portal.
 
 To find the OIDC configuration document for your app, navigate to the [Azure portal](https://portal.azure.com) and then:

articles/active-directory/develop/workload-identity-federation-considerations.md

@@ -190,10 +190,10 @@ The following table describes limits on requests to the user-assigned managed id
 
 | Operation         | Requests-per-second per Azure AD tenant    | Requests-per-second per subscription    | Requests-per-second per resource    |
 |-------------------|----------------|----------------|----------------|
-| [Create or update](/rest/api/managedidentity/user-assigned-identities/create-or-update) requests | 10 | 2 | 0.25 |
-| [Get](/rest/api/managedidentity/user-assigned-identities/get) requests | 30 | 10 | 0.5 |
-| [List by resource group](/rest/api/managedidentity/user-assigned-identities/list-by-resource-group) or [List by subscription](/rest/api/managedidentity/user-assigned-identities/list-by-subscription) requests | 15 | 5 | 0.25 |
-| [Delete](/rest/api/managedidentity/user-assigned-identities/delete) requests | 10 | 2 | 0.25 |
+| [Create or update](/rest/api/managedidentity/2022-01-31-preview/user-assigned-identities/create-or-update) requests | 10 | 2 | 0.25 |
+| [Get](/rest/api/managedidentity/2022-01-31-preview/user-assigned-identities/get) requests | 30 | 10 | 0.5 |
+| [List by resource group](/rest/api/managedidentity/2022-01-31-preview/user-assigned-identities/list-by-resource-group) or [List by subscription](/rest/api/managedidentity/2022-01-31-preview/user-assigned-identities/list-by-subscription) requests | 15 | 5 | 0.25 |
+| [Delete](/rest/api/managedidentity/2022-01-31-preview/user-assigned-identities/delete) requests | 10 | 2 | 0.25 |
 
 ## Errors
 
@@ -209,4 +209,4 @@ The following error codes may be returned when creating, updating, getting, list
 | 400 | Federated Identity Credential name '{ficName}' is invalid. | Alphanumeric, dash, underscore, no more than 3-120 symbols. First symbol is alphanumeric. |
 | 404 | The parent user-assigned identity doesn't exist. | Check user assigned identity name in federated identity credentials resource path. |
 | 400 | Issuer and subject combination already exists for this Managed Identity. | This is a constraint. List all federated identity credentials associated with the user-assigned identity to find existing federated identity credential. |
-| 409 | Conflict | Concurrent write request to federated identity credential resources under the same user-assigned identity has been denied.
+| 409 | Conflict | Concurrent write request to federated identity credential resources under the same user-assigned identity has been denied.

articles/active-directory/develop/workload-identity-federation-create-trust.md

@@ -49,7 +49,7 @@ In the **Federated credential scenario** drop-down box, select **GitHub actions
 
 Specify the **Organization** and **Repository** for your GitHub Actions workflow.  
 
-For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on).  For more info, read the [examples](#entity-type-examples).
+For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on). Pattern matching is not supported for branches and tags. Specify an environment if your on-push workflow runs against many branches or tags. For more info, read the [examples](#entity-type-examples).
 
 Add a **Name** for the federated credential.