Merge pull request #193838 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

.openpublishing.redirection.json

@@ -16603,6 +16603,11 @@
       "redirect_url": "/azure/devtest-labs/devtest-lab-create-environment-from-arm",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/devtest-labs/devtest-lab-troubleshoot-artifact-failure.md",
+      "redirect_url": "/azure/devtest-labs/devtest-lab-troubleshoot-apply-artifacts",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/dns/dns-getstarted-cli-nodejs.md",
       "redirect_url": "/azure/dns/dns-getstarted-cli",

articles/active-directory/develop/v2-permissions-and-consent.md

@@ -127,13 +127,13 @@ With the Microsoft identity platform endpoint, you can ignore the static permiss
 Allowing an app to request permissions dynamically through the `scope` parameter gives developers full control over your user's experience. You can also front load your consent experience and ask for all permissions in one initial authorization request. If your app requires a large number of permissions, you can gather those permissions from the user incrementally as they try to use certain features of the app over time.
 
 > [!IMPORTANT]
-> Dynamic consent can be convenient, but presents a big challenge for permissions that require admin consent, since the admin consent experience doesn't know about those permissions at consent time. If you require admin privileged permissions or if your app uses dynamic consent, you must register all of the permissions in the Azure portal (not just the subset of permissions that require admin consent). This enables tenant admins to consent on behalf of all their users.
+> Dynamic consent can be convenient, but presents a big challenge for permissions that require admin consent.  The admin consent experience in the **App registrations** and **Enterprise applications** blades in the portal doesn't know about those dynamic permissions at consent time. We recommend that a developer list all the admin privileged permissions that are needed by the app in the portal.  This enables tenant admins to consent on behalf of all their users in the portal, once.  Users won't need to go through the consent experience for those permissions on sign in. The alternative is to use dynamic consent for those permissions. To grant admin consent, an individual admin signs in to the app, triggers a consent prompt for the appropriate permissions, and selects **consent for my entire org** in the consent dialogue.
 
 ### Admin consent
 
 [Admin consent](#using-the-admin-consent-endpoint) is required when your app needs access to certain high-privilege permissions. Admin consent ensures that administrators have some additional controls before authorizing apps or users to access highly privileged data from the organization.
 
-[Admin consent done on behalf of an organization](#requesting-consent-for-an-entire-tenant) still requires the static permissions registered for the app. Set those permissions for apps in the app registration portal if you need an admin to give consent on behalf of the entire organization. This reduces the cycles required by the organization admin to set up the application.
+[Admin consent done on behalf of an organization](#requesting-consent-for-an-entire-tenant) is highly recommended if your app has an enterprise audience. Admin consent done on behalf of an organization requires the static permissions to be registered for the app in the portal. Set those permissions for apps in the app registration portal if you need an admin to give consent on behalf of the entire organization.  The admin can consent to those permissions on behalf of all users in the org, once.  The users will not need to go through the consent experience for those permissions when signing in to the app. This is easier for users and reduces the cycles required by the organization admin to set up the application.
 
 ## Requesting individual user consent
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -99,7 +99,7 @@ The supported service plans include:
 External admin takeover is not supported for any service that has service plans that include SharePoint, OneDrive, or Skype For Business; for example, through an Office free subscription. 
 
 > [!NOTE]
-> External admin takeover is not supported cross cloud boundaries (ex. Azure Commercial to Azure Government).  In these scenarios it is recommended to perform External admin takeover into another Azure Commercial tenant, and then delete the domain from this tenant so you may verify succesfully into the destination Azure Government tenant.
+> External admin takeover is not supported cross cloud boundaries (ex. Azure Commercial to Azure Government).  In these scenarios it is recommended to perform External admin takeover into another Azure Commercial tenant, and then delete the domain from this tenant so you may verify successfully into the destination Azure Government tenant.
 
 You can optionally use the [**ForceTakeover** option](#azure-ad-powershell-cmdlets-for-the-forcetakeover-option) for removing the domain name from the unmanaged organization and verifying it on the desired organization. 
 

articles/active-directory/devices/media/howto-vm-sign-in-azure-ad-windows/azure-portal-login-with-azure-ad.png

@@ -8,12 +8,12 @@
     href: advisor-release-notes.md
 - name: Quickstarts
   items:
+  - name: Get started with Advisor
+    href: advisor-get-started.md
   - name: Configure alerts for new recommendations
     items:
     - name: Azure portal
       href: advisor-alerts-portal.md
-    - name: Get started with Advisor
-      href: advisor-get-started.md
     - name: ARM template
       displayName: Resource Manager
       href: advisor-alerts-arm.md

articles/active-directory/enterprise-users/domains-admin-takeover.md

@@ -62,7 +62,7 @@ See how data, including name, job title, address, email, and company name, is ex
     > [!div class="nextstepaction"]
     > [Try Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=businessCard)
 
-#### Sample Labeling tool
+#### Sample Labeling tool (API v2.1)
 
 You'll need a business card document. You can use our [sample business card document](https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/businessCard.png).
 

articles/advisor/toc.yml

@@ -109,7 +109,7 @@ See how data is extracted from your specific or unique documents by using custom
     > [!div class="nextstepaction"]
     > [Try Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)
 
-#### Sample Labeling tool
+#### Sample Labeling tool (API v2.1)
 
 
 |Feature    |Custom Template | Custom Neural |

articles/applied-ai-services/form-recognizer/concept-business-card.md

@@ -62,7 +62,7 @@ See how to extract data, including name, birth date, machine-readable zone, and
     > [!div class="nextstepaction"]
     > [Try Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=idDocument)
 
-#### Sample Labeling tool
+#### Sample Labeling tool (API v2.1)
 
 You'll need an ID document. You can use our [sample ID document](https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/DriverLicense.png).
 

articles/applied-ai-services/form-recognizer/concept-custom.md

@@ -62,7 +62,7 @@ See how data, including time and date of transactions, merchant information, and
     > [!div class="nextstepaction"]
     > [Try Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=receipt)
 
-#### Sample Labeling tool
+#### Sample Labeling tool (API v2.1)
 
 You will need a receipt document. You can use our [sample receipt document](https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/contoso-receipt.png).