Merge pull request #212811 from MicrosoftDocs/main

Publish to Live, Wednesday 4AM PST, 9/28

Author: PMEds28

articles/active-directory/enterprise-users/directory-delete-howto.md

@@ -30,6 +30,8 @@ You can't delete a organization in Azure AD until it passes several checks. Thes
 * There can be no multifactor authentication providers linked to the organization.
 * There can be no subscriptions for any Microsoft Online Services such as Microsoft Azure, Microsoft 365, or Azure AD Premium associated with the organization. For example, if a default Azure AD tenant was created for you in Azure, you can't delete this organization if your Azure subscription still relies on it for authentication. You also can't delete a tenant if another user has associated an Azure subscription with it.
 
+[!NOTE] Microsoft is aware that customers with certain tenant configurations may be unable to successfully delete their Azure AD organization. We are working to address this problem. In the meantime, if needed, you can contact Microsoft support for details about the issue.
+
 ## Delete the organization
 
 1. Sign in to the [Azure AD admin center](https://aad.portal.azure.com) with an account that is the Global Administrator for your organization.

articles/active-directory/standards/memo-22-09-enterprise-wide-identity-management-system.md

@@ -33,18 +33,20 @@ Memorandum 22-09 requires agencies to develop a plan to consolidate their identi
 
 ## Why Azure Active Directory?
 
-Azure Active Directory (Azure AD) provides the capabilities necessary to implement the recommendations from memorandum 22-09. It also provides broad identity controls that support Zero Trust initiatives. If your agency uses Microsoft Office 365, you already have an Azure AD back end to which you can consolidate.
+Azure Active Directory (Azure AD) provides the capabilities necessary to implement the recommendations from memorandum 22-09. It also provides broad identity controls that support Zero Trust initiatives. Today, If your agency uses Microsoft Office 365 or Azure, you already have Azure AD as an identity provider (IdP) and you can connect your applications and resources to Azure AD as your enterprise-wide identity system. 
 
 ## Single sign-on requirements
 
 The memo requires that users sign in once and then directly access applications. Microsoft's robust single sign-on (SSO) capabilities enable users to sign in once and then access cloud and other applications. For more information, see [Azure Active Directory single sign-on](../hybrid/how-to-connect-sso.md).
 
 ## Integration across agencies
 
-[Azure AD B2B collaboration](../external-identities/what-is-b2b.md) helps you meet the requirement to facilitate integration among agencies. It does this by:
+[Azure AD B2B collaboration](../external-identities/what-is-b2b.md) helps you meet the requirement to facilitate integration/collaboration among agencies. Whether the users reside in different Microsoft tenant in the same cloud, [tenant on another microsoft cloud](../external-identities/b2b-government-national-clouds.md), or a [non Azure AD tenant (SAML/WS-Fed identity provider)](..//external-identities/direct-federation.md).
+
+Azure AD cross-tenant access settings allow agencies to manage how they collaborate with other Azure AD organizations and other Microsoft Azure clouds. It does this by:
 
 - Limiting what other Microsoft tenants your users can access.
-- Enabling you to allow access to users whom you don't have to manage in your own tenant, but whom you can subject to your multifactor authentication (MFA) and other access requirements.
+- Granular settings to control access for external users including enforcement of multifactor authentication (MFA) and device signal.
 
 ## Connecting applications
 
@@ -119,6 +121,8 @@ Devices integrated with Azure AD can be either [hybrid joined devices](../device
 
 * [Azure Linux virtual machines](../devices/howto-vm-sign-in-azure-ad-linux.md)
 
+* [Azure Virtual Desktop](https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join)
+
 * [Virtual desktop infrastructure](../devices/howto-device-identity-virtual-desktop-infrastructure.md)
 
 ## Next steps

articles/analysis-services/analysis-services-manage-users.md

@@ -71,9 +71,13 @@ Roles at this level apply to users or accounts that need to perform tasks that c
 
  By default, when you create a new tabular model project, the model project does not have any roles. Roles can be defined by using the Role Manager dialog box in Visual Studio. When roles are defined during model project design, they are applied only to the model workspace database. When the model is deployed, the same roles are applied to the deployed model. After a model has been deployed, server and database administrators can manage roles and members by using SSMS. To learn more, see [Manage database roles and users](analysis-services-database-users.md).
 
+## Considerations and limitations
+
+* Azure Analysis Services does not support the use of One-Time Password for B2B users
+  
 ## Next steps
 
 [Manage access to resources with Azure Active Directory groups](../active-directory/fundamentals/active-directory-manage-groups.md)   
 [Manage database roles and users](analysis-services-database-users.md)  
 [Manage server administrators](analysis-services-server-admins.md)  
-[Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md)
+[Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md)

articles/api-management/api-management-gateways-overview.md

@@ -38,22 +38,22 @@ API Management offers both managed and self-hosted gateways:
     >    
  
 
-* **Self-hosted** - The [self-hosted gateway](self-hosted-gateway-overview.md) is an optional, containerized version of the default managed gateway. It's useful for hybrid and multi-cloud scenarios where there is a requirement to run the gateways off Azure in the same environments where API backends are hosted. The self-hosted gateway enables customers with hybrid IT infrastructure to manage APIs hosted on-premises and across clouds from a single API Management service in Azure. 
+* **Self-hosted** - The [self-hosted gateway](self-hosted-gateway-overview.md) is an optional, containerized version of the default managed gateway. It's useful for hybrid and multicloud scenarios where there's a requirement to run the gateways off of Azure in the same environments where API backends are hosted. The self-hosted gateway enables customers with hybrid IT infrastructure to manage APIs hosted on-premises and across clouds from a single API Management service in Azure. 
 
     * The self-hosted gateway is [packaged](self-hosted-gateway-overview.md#packaging) as a Linux-based Docker container and is commonly deployed to Kubernetes, including to [Azure Kubernetes Service](how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md) and [Azure Arc-enabled Kubernetes](how-to-deploy-self-hosted-gateway-azure-arc.md).
 
     * Each self-hosted gateway is associated with a **Gateway** resource in a cloud-based API Management instance from which it receives configuration updates and communicates status. 
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
 
 ## Feature comparison: Managed versus self-hosted gateways
 
-The following table compares features available in the managed gateway versus those in the self-hosted gateway. Differences are also shown between the managed gateway for dedicated service tiers (Developer, Basic, Standard, Premium) and for the Consumption tier.
+The following table compares features available in the managed gateway versus the features in the self-hosted gateway. Differences are also shown between the managed gateway for dedicated service tiers (Developer, Basic, Standard, Premium) and for the Consumption tier.
 
 > [!NOTE]
 > * Some features of managed and self-hosted gateways are supported only in certain [service tiers](api-management-features.md) or with certain [deployment environments](self-hosted-gateway-overview.md#packaging) for self-hosted gateways.
 > * See also self-hosted gateway [limitations](self-hosted-gateway-overview.md#limitations).
 
-
 ### Infrastructure
 
 | Feature support  | Managed (Dedicated)  | Managed (Consumption) | Self-hosted  |
@@ -154,6 +154,6 @@ For estimated maximum gateway throughput in the API Management service tiers, se
 
 ## Next steps
 
--   Learn more about [API Management in a Hybrid and Multi-Cloud World](https://aka.ms/hybrid-and-multi-cloud-api-management)
+-   Learn more about [API Management in a Hybrid and multicloud World](https://aka.ms/hybrid-and-multi-cloud-api-management)
 -   Learn more about using the [capacity metric](api-management-capacity.md) for scaling decisions
 -   Learn about [observability capabilities](observability.md) in API Management

articles/api-management/how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md

@@ -13,6 +13,8 @@ ms.author: danlep
 
 This article provides the steps for deploying self-hosted gateway component of Azure API Management to [Azure Kubernetes Service](https://azure.microsoft.com/services/kubernetes-service/). For deploying self-hosted gateway to a Kubernetes cluster, see the how-to article for deployment by using a [deployment YAML file](how-to-deploy-self-hosted-gateway-kubernetes.md) or [with Helm](how-to-deploy-self-hosted-gateway-kubernetes-helm.md).
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
+
 > [!NOTE]
 > You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](../azure-arc/kubernetes/extensions.md).
 

articles/api-management/how-to-deploy-self-hosted-gateway-docker.md

@@ -13,6 +13,8 @@ ms.author: danlep
 
 This article provides the steps for deploying self-hosted gateway component of Azure API Management to a Docker environment.
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
+
 > [!NOTE]
 > Hosting self-hosted gateway in Docker is best suited for evaluation and development use cases. Kubernetes is recommended for production use. Learn how to [deploy with Helm](how-to-deploy-self-hosted-gateway-kubernetes-helm.md) or using [deployment YAML file](how-to-deploy-self-hosted-gateway-kubernetes.md) to learn how to deploy self-hosted gateway to Kubernetes.
 

articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes-helm.md

@@ -15,6 +15,8 @@ ms.author: tomkerkhove
 
 This article provides the steps for deploying self-hosted gateway component of Azure API Management to a Kubernetes cluster by using Helm.
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
+
 > [!NOTE]
 > You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](../azure-arc/kubernetes/extensions.md).
 

articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes.md

@@ -13,6 +13,8 @@ ms.date: 05/25/2021
 
 This article describes the steps for deploying the self-hosted gateway component of Azure API Management to a Kubernetes cluster.
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
+
 > [!NOTE]
 > You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](../azure-arc/kubernetes/extensions.md).
 

articles/api-management/how-to-self-hosted-gateway-on-kubernetes-in-production.md

@@ -12,10 +12,12 @@ ms.date: 12/17/2021
 
 # Guidance for running self-hosted gateway on Kubernetes in production
 
-In order to run the self-hosted gateway in production, there are various aspects to take in to mind. For example, it should be deployed in a highly-available manner, use configuration backups to handle temporary disconnects and many more.
+In order to run the self-hosted gateway in production, there are various aspects to take in to mind. For example, it should be deployed in a highly available manner, use configuration backups to handle temporary disconnects and many more.
 
 This article provides guidance on how to run [self-hosted gateway](./self-hosted-gateway-overview.md) on Kubernetes for production workloads to ensure that it will run smoothly and reliably.
 
+[!INCLUDE [preview](./includes/preview/preview-callout-self-hosted-gateway-deprecation.md)]
+
 ## Access token
 Without a valid access token, a self-hosted gateway can't access and download configuration data from the endpoint of the associated API Management service. The access token can be valid for a maximum of 30 days. It must be regenerated, and the cluster configured with a fresh token, either manually or via automation before it expires.
 
@@ -57,11 +59,11 @@ An alternative is to use Kubernetes Event-driven Autoscaling (KEDA) allowing you
 
 ### Traffic-based autoscaling
 
-Kubernetes does not provide an out-of-the-box mechanism for traffic-based autoscaling.
+Kubernetes doesn't provide an out-of-the-box mechanism for traffic-based autoscaling.
 
 Kubernetes Event-driven Autoscaling (KEDA) provides a few ways that can help with traffic-based autoscaling:
 
-- You can scale based on metrics from a Kubernetes ingress if they are available in [Prometheus](https://keda.sh/docs/latest/scalers/prometheus/) or [Azure Monitor](https://keda.sh/docs/latest/scalers/azure-monitor/) by using an out-of-the-box scaler
+- You can scale based on metrics from a Kubernetes ingress if they're available in [Prometheus](https://keda.sh/docs/latest/scalers/prometheus/) or [Azure Monitor](https://keda.sh/docs/latest/scalers/azure-monitor/) by using an out-of-the-box scaler
 - You can install [HTTP add-on](https://github.com/kedacore/http-add-on), which is available in beta, and scales based on the number of requests per second.
 
 ## Container resources
@@ -153,7 +155,7 @@ Consider using [Pod Disruption Budgets](https://kubernetes.io/docs/concepts/work
 ## Security
 The self-hosted gateway is able to run as non-root in Kubernetes allowing customers to run the gateway securely.
 
-Here is an example of the security context for the self-hosted gateway:
+Here's an example of the security context for the self-hosted gateway:
 ```yml
 securityContext:
   allowPrivilegeEscalation: false

articles/api-management/import-container-app-with-oas.md

@@ -1,5 +1,5 @@
 ---
-title: Import Azure Container App to Azure API Management  | Microsoft Docs
+title: Import Azure Container App to Azure API Management | Microsoft Docs
 description: This article shows you how to use Azure API Management to import a web API hosted in Azure Container Apps.
 services: api-management
 documentationcenter: ''