Merge branch 'main' into release-preview-acss

Author: v-alje

articles/active-directory-b2c/enable-authentication-python-web-app.md

@@ -416,7 +416,7 @@ if __name__ == "__main__":
 
 ## Step 6: Run your web app
 
-In the Terminal, run the app by entering the following command, which runs the Flask development server. The development server looks for `app.py` by default. Then, open your browser and navigate to the web app URL: <http://localhost:5000>.
+In the Terminal, run the app by entering the following command, which runs the Flask development server. The development server looks for `app.py` by default. Then, open your browser and navigate to the web app URL: `http://localhost:5000`.
 
 # [Linux](#tab/linux)    
 

articles/active-directory-b2c/page-layout.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/12/2022
+ms.date: 07/18/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -26,7 +26,7 @@ Page layout packages are periodically updated to include fixes and improvements
 
 Azure AD B2C page layout uses the following versions of the [jQuery library](https://jquery.com/) and the [Handlebars templates](https://handlebarsjs.com/):
 
-|Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compliler version |
+|Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compiler version |
 |---------|---------|------|--------|----------|
 |multifactor |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
 |            |< 1.2.4 | 3.4.1 |4.0.12 |2.0.1 |
@@ -52,6 +52,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## Self-asserted page (selfasserted)
 
+**2.1.14**
+- Fixed WCAG 2.1 accessibility bug for the TOTP multifactor authentication screens.
+
 **2.1.10**
 
 - Correcting to the tab index
@@ -83,7 +86,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Fixed an accessibility bug to show inline error messages only on form submission.
 
 **2.1.6**
-- Fixed password error get cleared when typing too quickly on a different field.
+- Fixed *password error gets cleared when typing too quickly on a different field*.
 
 **2.1.5**
 - Fixed cursor jumps issue on iOS when editing in the middle of the text.
@@ -100,7 +103,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 **2.1.1**
 
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This message is hidden by default.
 - Added support for saving passwords to iCloud Keychain.
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 - Added disclaimers on self-asserted page.
@@ -143,7 +146,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - Initial release
 
-## Unified sign-in sign-up page with password reset link (unifiedssp)
+## Unified sign-in and sign-up page with password reset link (unifiedssp)
 
 > [!TIP]
 > If you localize your page to support multiple locales, or languages in a user flow. The [localization IDs](localization-string-ids.md) article provides the list of localization IDs that you can use for the page version you select.
@@ -159,7 +162,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Updates to the UI elements and CSS classes
 
 **2.1.5**
-- Fixed an issue on tab order when idp selector template is used on sign in page.
+- Fixed an issue on tab order when idp selector template is used on sign-in page.
 - Fixed an encoding issue on sign-in link text.
 
 **2.1.4**
@@ -175,7 +178,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Allowing the "forgot password" link to use as claims exchange. For more information, see [Self-service password reset](add-password-reset-policy.md#self-service-password-reset-recommended).
 
 **2.1.1**
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This message is hidden by default.
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 - Added support for saving passwords to iCloud Keychain.
 - Focus is now placed on the first error field when multiple fields have errors.
@@ -187,7 +190,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - Added support for multiple sign-up links.
 - Added support for user input validation according to the predicate rules defined in the policy.
-- When the [sign-in option](sign-in-options.md) is set to Email, the sign-in header presents "Sign in with your sign in name". The username field presents "Sign in name". For more information, see [localization](localization-string-ids.md#sign-up-or-sign-in-page-elements).
+- When the [sign-in option](sign-in-options.md) is set to Email, the sign-in header presents "Sign in with your sign-in name". The username field presents "Sign in name". For more information, see [localization](localization-string-ids.md#sign-up-or-sign-in-page-elements).
 
 **1.2.0**
 
@@ -225,7 +228,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 **1.2.2**
 - Fixed an issue with auto-filling the verification code when using iOS.
 - Fixed an issue with redirecting a token to the relying party from Android Webview. 
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.  
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This messages is hidden by default.  
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 
 **1.2.1**
@@ -246,7 +249,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - 'Confirm Code' button removed
 - The input field for the code now only takes input up to six (6) characters
-- The page will automatically attempt to verify the code entered when a 6-digit code is entered, without any button having to be clicked
+- The page will automatically attempt to verify the code entered when a six-digit code is entered, without any button having to be clicked
 - If the code is wrong, the input field is automatically cleared
 - After three (3) attempts with an incorrect code, B2C sends an error back to the relying party
 - Accessibility fixes
@@ -274,7 +277,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 **1.1.0**
 
 - Accessibility fix
-- Removed the default message when there is no contact from the policy
+- Removed the default message when there's no contact from the policy
 - Default CSS removed
 
 **1.0.0**

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -230,9 +230,6 @@ You can enforce Conditional Access policies, such as multifactor authentication
 >
 > Remote desktop using Windows Hello for Business authentication is available only for deployments that use a certificate trust model. It's currently not available for a key trust model.
 
-> [!WARNING]
-> The per-user **Enabled/Enforced Azure AD Multi-Factor Authentication** setting is not supported for the Azure Windows VM Sign-In app.
-
 ## Log in by using Azure AD credentials to a Windows VM
 
 > [!IMPORTANT]
@@ -396,31 +393,12 @@ You might see the following error message when you initiate a remote desktop con
 
 ![Screenshot of the message that says the sign-in method you're trying to use isn't allowed.](./media/howto-vm-sign-in-azure-ad-windows/mfa-sign-in-method-required.png)
 
-If you've configured a Conditional Access policy that requires MFA before you can access the resource, you need to ensure that the Windows 10 or later PC that's initiating the remote desktop connection to your VM signs in by using a strong authentication method such as Windows Hello. If you don't use a strong authentication method for your remote desktop connection, you'll see the error.
+If you've configured a Conditional Access policy that requires MFA or legacy per-user Enabled/Enforced Azure AD MFA before you can access the resource, you need to ensure that the Windows 10 or later PC that's initiating the remote desktop connection to your VM signs in by using a strong authentication method such as Windows Hello. If you don't use a strong authentication method for your remote desktop connection, you'll see the error.
 
 Another MFA-related error message is the one described previously: "Your credentials did not work."
 
 ![Screenshot of the message that says your credentials didn't work.](./media/howto-vm-sign-in-azure-ad-windows/your-credentials-did-not-work.png)
 
-> [!WARNING]
-> The legacy per-user **Enabled/Enforced Azure AD Multi-Factor Authentication** setting is not supported for the Azure Windows VM Sign-In app. This setting causes sign-in to fail with the "Your credentials did not work" error message.
-
-You can resolve the problem by removing the per-user MFA setting through these commands:
-
-```
-
-# Get StrongAuthenticationRequirements configure on a user
-(Get-MsolUser -UserPrincipalName [email protected]).StrongAuthenticationRequirements
- 
-# Clear StrongAuthenticationRequirements from a user
-$mfa = @()
-Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements $mfa
- 
-# Verify StrongAuthenticationRequirements are cleared from the user
-(Get-MsolUser -UserPrincipalName [email protected]).StrongAuthenticationRequirements
-
-```
-
 If you haven't deployed Windows Hello for Business and if that isn't an option for now, you can configure a Conditional Access policy that excludes the Azure Windows VM Sign-In app from the list of cloud apps that require MFA. To learn more about Windows Hello for Business, see [Windows Hello for Business overview](/windows/security/identity-protection/hello-for-business/hello-identity-verification).
 
 > [!NOTE]

articles/active-directory/fundamentals/road-to-the-cloud-migrate.md

@@ -263,7 +263,7 @@ Based on the app dependencies, you have three migration options:
 >[!NOTE]
 >* Utilize Azure AD Domain Services if the dependencies are aligned with [Common deployment scenarios for Azure AD Domain Services](../../active-directory-domain-services/scenarios.md). 
 >* To validate if Azure AD DS is a good fit, you might use tools like Service Map [Microsoft Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.ServiceMapOMS?tab=Overview) and [Automatic Dependency Mapping with Service Map and Live Maps](https://techcommunity.microsoft.com/t5/system-center-blog/automatic-dependency-mapping-with-service-map-and-live-maps/ba-p/351867).
->* Validate your SQL server instantiations can be [migrated to a different domain](https://social.technet.microsoft.com/wiki/contents/articles/24960.migrating-sql-server-to-new-domain.aspx). If your SQL service is running in virtual machines, [use this guidance](/azure-sql/migration-guides/virtual-machines/sql-server-to-sql-on-azure-vm-individual-databases-guide).
+>* Validate your SQL server instantiations can be [migrated to a different domain](https://social.technet.microsoft.com/wiki/contents/articles/24960.migrating-sql-server-to-new-domain.aspx). If your SQL service is running in virtual machines, [use this guidance](/azure/azure-sql/migration-guides/virtual-machines/sql-server-to-sql-on-azure-vm-individual-databases-guide).
 
 #### Implement approach #2