Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into coexistportal

Author: duongau

.openpublishing.redirection.json

@@ -44178,6 +44178,25 @@
         "source_path_from_root": "/articles/governance/policy/how-to/guest-configuration-create-group-policy.md",
         "redirect_url": "/azure/governance/policy/how-to/guest-configuration-create",
         "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/azure/marketplace/co-sell-requirements.md",
+          "redirect_url": "/partner-center/co-sell-requirements",
+          "redirect_document_id": false
+      },        
+      {
+        "source_path_from_root": "/articles/azure/marketplace/co-sell-status.md",
+        "redirect_url": "/partner-center/co-sell-status",
+        "redirect_document_id": false
+      },
+      {
+          "source_path_from_root": "/articles/azure/marketplace/co-sell-configure.md",
+          "redirect_url": "/partner-center/co-sell-configure",
+          "redirect_document_id": false
+      },
+      {
+          "source_path_from_root": "/articles/azure/marketplace/co-sell-overview.md",
+          "redirect_url": "/partner-center/co-sell-overview",
+          "redirect_document_id": false
       }
   ]
 }

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Thank you for taking the time to contribute to the Microsoft Azure documentation.
 
-This guide covers some general topics related to contribution and refers to the [contributors guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
+This guide covers some general topics related to contribution and refers to the [contributors guide](/contribute) for more detailed explanations when required.
 
 ## Code of Conduct
 
@@ -21,8 +21,8 @@ Please use the Feedback tool at the bottom of any article to submit bugs and sug
 
 ### Editing in GitHub
 
-Follow the guidance for [Quick edits to existing documents](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) in our contributors guide.
+Follow the guidance for [Quick edits to existing documents](/contribute/#quick-edits-to-existing-documents) in our contributors guide.
 
 ### Pull Request
 
-Review the guidance for [Pull Requests](https://docs.microsoft.com/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.
+Review the guidance for [Pull Requests](/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.

README.md

@@ -10,7 +10,7 @@ Contributing to open source is more than just providing updates, it's also about
 
 You've decided to contribute, that's great! To contribute to the documentation, you need a few tools.
 
-Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for the [GitHub account setup](https://docs.microsoft.com/contribute/get-started-setup-github) from our contributor guide.
+Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for the [GitHub account setup](/contribute/get-started-setup-github) from our contributor guide.
 
 #### Download
 
@@ -22,7 +22,7 @@ Install the following tools:
 
 #### Install
 
-Follow the instructions provided in the [Install content authoring tools](https://docs.microsoft.com/contribute/get-started-setup-tools) from our contributor guide.
+Follow the instructions provided in the [Install content authoring tools](/contribute/get-started-setup-tools) from our contributor guide.
 
 ## License
 

articles/active-directory-b2c/faq.yml

@@ -245,12 +245,12 @@ sections:
           Follow the following steps to check if the refresh token is valid or revoked:
           1. Retrieve the `RefreshToken` and the `AccessToken` by redeeming `authorization_code`.
           1. Wait for 7 minutes.
-          1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](https://docs.microsoft.com/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](https://docs.microsoft.com/graph/api/user-invalidateallrefreshtokens?view=graph-rest-beta&tabs=http) to run the `RevokeAllRefreshToken` command.
+          1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](/graph/api/user-invalidateallrefreshtokens?tabs=http&view=graph-rest-beta) to run the `RevokeAllRefreshToken` command.
           1. Wait for 10 minutes.
           
           1. Retrieve the `RefreshToken` again.
           
       - question: |
           How do I report issues with Azure AD B2C?
         answer: |
-          See [File support requests for Azure Active Directory B2C](support-options.md).
+          See [File support requests for Azure Active Directory B2C](support-options.md).

articles/active-directory/authentication/certificate-based-authentication-faq.yml

@@ -61,7 +61,7 @@ sections:
           We highly recommend not to disable certificate revocation list (CRL) checking as you won't be able to revoke certificates. 
           However, to disable CRL checking if there are issues with CRL for a particular CA, you can update a trusted certificate authority and set the crlDistributionPoint attribute to """.
           
-          Use the [Set-AzureADTrustedCertificateAuthority](https://docs.microsoft.com/powershell/module/azuread/set-azureadtrustedcertificateauthority) cmdlet:
+          Use the [Set-AzureADTrustedCertificateAuthority](/powershell/module/azuread/set-azureadtrustedcertificateauthority) cmdlet:
           
           ```powershell
           $c=Get-AzureADTrustedCertificateAuthority
@@ -97,5 +97,4 @@ additionalContent: |
     * [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)
     * [Limitations with Azure AD CBA](concept-certificate-based-authentication-limitations.md)
     * [How to configure Azure AD CBA](how-to-certificate-based-authentication.md)
-    * [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
-
+    * [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -6,12 +6,12 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 02/09/2022
+ms.date: 02/15/2022
 
 ms.author: justinha
 author: vimrang
 manager: daveba
-ms.reviewer: tommma
+ms.reviewer: vimrang
 
 ms.collection: M365-identity-device-management
 ms.custom: has-adal-ref
@@ -49,7 +49,9 @@ Let's cover each step:
 
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-alt.png" alt-text="Screenshot of the Sign-in if FIDO2 is also enabled.":::
 
-1. After the user clicks the link, the client is redirected to the certauth endpoint [http://certauth.login.microsoftonline.com](http://certauth.login.microsoftonline.com). The endpoint performs mutual authentication and requests the client certificate as part of the TLS handshake. You will see an entry for this request in the Sign-in logs. There is a [known issue](#known-issues) where User ID is displayed instead of Username.
+1. After the user clicks the link, the client is redirected to the certauth endpoint, which is [http://certauth.login.microsoftonline.com](http://certauth.login.microsoftonline.com) for Azure Global. For [Azure Government](/azure-government/compare-azure-government-global-azure.md#guidance-for-developers), the certauth endpoint is [http://certauth.login.microsoftonline.us](http://certauth.login.microsoftonline.us). For the correct endpoint for other environments, see the specific Microsoft cloud docs. 
+
+   The endpoint performs mutual authentication and requests the client certificate as part of the TLS handshake. You will see an entry for this request in the Sign-in logs. There is a [known issue](#known-issues) where User ID is displayed instead of Username.
 
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-log.png" alt-text="Screenshot of the Sign-in log in Azure AD." lightbox="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-log.png":::
 

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -42,7 +42,7 @@ Make sure that the following prerequisites are in place.
 >Each CA should have a certificate revocation list (CRL) that can be referenced from internet-facing URLs. If the trusted CA does not have a CRL configured, Azure AD will not perform any CRL checking, revocation of user certificates will not work, and authentication will not be blocked.
 
 >[!IMPORTANT]
->Make sure the PKI is secure and cannot be easily compromised. In the event of a compromise, the attacker can create and sign client certificates and compromise any user in the tenant, both synced and cloud-only users. However, a strong key protection strategy, along with other physical and logical controls such as HSM activation cards or tokens for the secure storage of artifacts, can provide defense-in-depth to prevent external attackers or insider threats from compromising the integrity of the PKI. For more information, see [Securing PKI](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786443(v=ws.11)).
+>Make sure the PKI is secure and cannot be easily compromised. In the event of a compromise, the attacker can create and sign client certificates and compromise any user in the tenant, both synced and cloud-only users. However, a strong key protection strategy, along with other physical and logical controls such as HSM activation cards or tokens for the secure storage of artifacts, can provide defense-in-depth to prevent external attackers or insider threats from compromising the integrity of the PKI. For more information, see [Securing PKI](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786443(v=ws.11)).
 
 ## Steps to configure and test Azure AD CBA
 
@@ -331,5 +331,4 @@ To enable the certificate-based authentication and configure username bindings u
 - [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)   
 - [Limitations with Azure AD CBA](concept-certificate-based-authentication-limitations.md)
 - [FAQ](certificate-based-authentication-faq.yml)
-- [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
-
+- [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)

articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md

@@ -31,7 +31,7 @@ Take note of the *object ID* of the app (not the application (client) ID) which
 
 ## Grant your app permissions to resources
 
-Grant your app the permissions necessary to access the Azure AD protected resources targeted by your software workload running in Google Cloud.  For example, [assign the Storage Blob Data Contributor role](/azure/storage/blobs/assign-azure-role-data-access) to your app if your application needs to read, write, and delete blob data in [Azure Storage](/azure/storage/blobs/storage-blobs-introduction).
+Grant your app the permissions necessary to access the Azure AD protected resources targeted by your software workload running in Google Cloud.  For example, [assign the Storage Blob Data Contributor role](../../storage/blobs/assign-azure-role-data-access.md) to your app if your application needs to read, write, and delete blob data in [Azure Storage](../../storage/blobs/storage-blobs-introduction.md).
 
 ## Set up an identity in Google Cloud
 

articles/active-directory/develop/workload-identity-federation-create-trust-github.md

@@ -206,6 +206,6 @@ az rest -m DELETE  -u 'https://graph.microsoft.com/beta/applications/f6475511-fd
 Before configuring your GitHub Actions workflow, get the *tenant-id* and *client-id* values of your app registration.  You can find these values in the Azure portal. Go to the list of [registered applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) and select your app registration.  In **Overview**->**Essentials**, find the **Application (client) ID** and **Directory (tenant) ID**. Set these values in your GitHub environment to use in the Azure login action for your workflow.  
 
 ## Next steps
-For an end-to-end example, read [Deploy to App Service using GitHub Actions](/azure/app-service/deploy-github-actions?tabs=openid).
+For an end-to-end example, read [Deploy to App Service using GitHub Actions](../../app-service/deploy-github-actions.md?tabs=openid).
 
 Read the [GitHub Actions documentation](https://docs.github.com/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure) to learn more about configuring your GitHub Actions workflow to get an access token from Microsoft identity provider and access Azure resources.

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -91,7 +91,7 @@ The output is a summary of all available sign-in events for inbound and outbound
 
 ### Sign-in logs PowerShell script
 
-To determine your users' access to external Azure AD organizations, you can use the [Get-MgAuditLogSignIn](https://aka.ms/cross-tenant-log-ps) cmdlet in the Microsoft Graph PowerShell SDK to view data from your sign-in logs for the last 30 days. For example, run the following command:
+To determine your users' access to external Azure AD organizations, you can use the [Get-MgAuditLogSignIn](/powershell/module/microsoft.graph.reports/get-mgauditlogsignin) cmdlet in the Microsoft Graph PowerShell SDK to view data from your sign-in logs for the last 30 days. For example, run the following command:
 
 ```powershell
 Get-MgAuditLogSignIn ` 
@@ -113,4 +113,4 @@ If your organization exports sign-in logs to a Security Information and Event Ma
 
 ## Next steps
 
-[Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.md)
+[Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.md)