Merge branch 'master' into issue#80635

Author: cephalin

.openpublishing.publish.config.json

@@ -788,7 +788,19 @@
       "url": "https://github.com/Azure/azure-docs-bicep-samples/",
       "branch": "main",
       "branch_mapping": {}
-    }
+    },
+    {
+      "path_to_root": "msdocs-python-flask-webapp-quickstart",
+      "url": "https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart",
+      "branch": "main",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "msdocs-python-django-webapp-quickstart",
+      "url": "https://github.com/Azure-Samples/msdocs-python-django-webapp-quickstart",
+      "branch": "main",
+      "branch_mapping": {}
+    }    
   ],
   "branch_target_mapping": {
     "live": [

.openpublishing.redirection.active-directory.json

@@ -7085,6 +7085,21 @@
             "redirect_url": "/azure/active-directory/reports-monitoring/overview-reports",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/hybrid/how-to-connect-fed-hybrid-azure-ad-join-post-config-tasks.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-federated-domains.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-managed-domains.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/reporting-azure-monitor-diagnostics-azure-storage-account.md",
             "redirect_url": "/azure/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account",

.openpublishing.redirection.healthcare-apis.json

@@ -374,7 +374,7 @@
     },
     {
         "source_path_from_root": "/articles/healthcare-apis/data-transformation/move-to-synapse.md",
-        "redirect_url": "/azure/healthcare-apis/fhir/move-to-synapse",
+        "redirect_url": "/azure/healthcare-apis/fhir/copy-to-synapse",
         "redirect_document_id": true
     },
     {
@@ -429,7 +429,7 @@
     },
     {
         "source_path_from_root": "/articles/healthcare-apis/azure-api-for-fhir/access-fhir-postman-tutorial.md",
-        "redirect_url": "/azure/healthcare-apis/use-postman",
+        "redirect_url": "/azure/healthcare-apis/fhir/use-postman",
         "redirect_document_id": true
     },
     {

.openpublishing.redirection.json

@@ -14892,6 +14892,11 @@
       "redirect_url": "/azure/data-factory/v1/data-factory-onprem-postgresql-connector",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/postgresql/howto-manage-firewall-using-cli.md",
+      "redirect_url": "/azure/postgresql/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/data-factory/data-factory-onprem-sybase-connector.md",
       "redirect_url": "/azure/data-factory/v1/data-factory-onprem-sybase-connector",
@@ -45231,6 +45236,26 @@
       "source_path_from_root": "/articles/azure/cognitive-services/translator/custom-translator/v2-preview/project-overview.md",
       "redirect_url": "/azure/cognitive-services/translator/custom-translator/v2-preview/beginners-guide",
       "redirect_document_id": true
-    }
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/agents/azure-monitor-agent-install.md",
+      "redirect_url": "/azure/azure-monitor/agents/azure-monitor-agent-manage",
+      "redirect_document_id": true
+    },
+    {
+    "source_path_from_root": "/articles/azure/virtual-desktop/azure-advisor.md",
+    "redirect_url": "/azure/advisor/advisor-overview",
+    "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure/cognitive-services/translator/tutorial-wpf-translation-csharp.md",
+      "redirect_url": "/ai-builder/flow-text-translation?toc=/azure/cognitive-services/translator/toc.json&bc=/azure/cognitive-services/translator/breadcrumb/toc.json",
+      "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/articles/azure/cognitive-services/translator/tutorial-build-flask-app-translation-synthesis.md",
+        "redirect_url": "/learn/modules/translate-text-with-translator-service?toc=/azure/cognitive-services/translator/toc.json&bc=/azure/cognitive-services/translator/breadcrumb/toc.json",
+        "redirect_document_id": false
+        }
   ]
 }

articles/active-directory-b2c/billing.md

@@ -110,6 +110,8 @@ To change your pricing tier, follow these steps:
 1. Select the pricing tier that includes the features you want to enable.
 
    ![Screenshot that shows how to select the pricing tier.](media/billing/select-tier.png)
+
+Learn about the [Azure AD features, which are supported in Azure AD B2C](supported-azure-ad-features.md). 
 
 
 ## Switch to MAU billing (pre-November 2019 Azure AD B2C tenants)

articles/active-directory-b2c/identity-provider-adfs-saml.md

@@ -236,11 +236,32 @@ You can configure how to sign the SAML request in Azure AD B2C. The [XmlSignatur
 
 #### Option 2: Set the signature algorithm in AD FS 
 
-Alternatively, you can configure the expected the SAML request signature algorithm in AD FS.
+Alternatively, you can configure the expected SAML request signature algorithm in AD FS.
 
 1. In Server Manager, select **Tools**, and then select **AD FS Management**.
 1. Select the **Relying Party Trust** you created earlier.
 1. Select **Properties**, then select **Advance**
 1. Configure the **Secure hash algorithm**, and select **OK** to save the changes.
 
+### The HTTP-Redirect request does not contain the required parameter 'Signature' for a signed request (AADB2C90168)
+
+#### Option 1: Set the ResponsesSigned to false in Azure AD B2C
+
+You can disable the requirement of signed message in Azure AD B2C. The following example configures Azure AD B2C to not require 'Signature' parameter for the signed request.
+
+```xml
+<Metadata>
+  <Item Key="WantsEncryptedAssertions">false</Item>
+  <Item Key="PartnerEntity">https://your-AD-FS-domain/federationmetadata/2007-06/federationmetadata.xml</Item>
+  <Item Key="ResponsesSigned">false</Item>
+</Metadata>
+```
+
+#### Option 2: Set the relying party in AD FS to sign both Message and Assertion
+
+Alternatively, you can configure the relying party in AD FS as mentioned below:
+
+1. Open PowerShell as Administrator and run ```Set-AdfsRelyingPartyTrust -TargetName <RP Name> -SamlResponseSignature MessageAndAssertion``` cmdlet to sign both Message and Assertion.
+2. Run  ```Set-AdfsRelyingPartyTrust -TargetName <RP Name>``` and confirm the **SamlResponseSignature** property is set as **MessageAndAssertion**.
+
 ::: zone-end

articles/active-directory-b2c/oauth2-technical-profile.md

@@ -340,7 +340,7 @@ The following table lists the OAuth2 identity provider generic metadata. The met
 | `ProviderName` | No | The name of the identity provider. |
 | `ResponseErrorCodeParamName` | No | The name of the parameter that contains the error message returned over HTTP 200 (Ok). |
 | `IncludeClaimResolvingInClaimsHandling`  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
-| `ResolveJsonPathsInJsonTokens`  | No | Indicates whether the technical profile resolves JSON paths. Possible values: `true`, or `false` (default). Use this metadata to read data from a nested JSON element. In an [OutputClaim](technicalprofiles.md#output-claims), set the `PartnerClaimType` to the JSON path element you want to output. For example: `firstName.localized`, or `data.0.to.0.email`.|
+| `ResolveJsonPathsInJsonTokens`  | No | Indicates whether the technical profile resolves JSON paths. Possible values: `true`, or `false` (default). Use this metadata to read data from a nested JSON element. In an [OutputClaim](technicalprofiles.md#output-claims), set the `PartnerClaimType` to the JSON path element you want to output. For example: `firstName.localized`, or `data[0].to[0].email`.|
 
 ## Cryptographic keys
 

articles/active-directory-b2c/restful-technical-profile.md

@@ -119,7 +119,7 @@ The technical profile also returns claims, that aren't returned by the identity
 | ClaimUsedForRequestPayload| No | Name of a string claim that contains the payload to be sent to the REST API. |
 | DebugMode | No | Runs the technical profile in debug mode. Possible values: `true`, or `false` (default). In debug mode, the REST API can return more information. See the [Returning error message](#returning-validation-error-message) section. |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
-| ResolveJsonPathsInJsonTokens  | No | Indicates whether the technical profile resolves JSON paths. Possible values: `true`, or `false` (default). Use this metadata to read data from a nested JSON element. In an [OutputClaim](technicalprofiles.md#output-claims), set the `PartnerClaimType` to the JSON path element you want to output. For example: `firstName.localized`, or `data.0.to.0.email`.|
+| ResolveJsonPathsInJsonTokens  | No | Indicates whether the technical profile resolves JSON paths. Possible values: `true`, or `false` (default). Use this metadata to read data from a nested JSON element. In an [OutputClaim](technicalprofiles.md#output-claims), set the `PartnerClaimType` to the JSON path element you want to output. For example: `firstName.localized`, or `data[0].to[0].email`.|
 | UseClaimAsBearerToken| No| The name of the claim that contains the bearer token.|
 
 ## Error handling

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 01/25/2022
+ms.date: 01/28/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -59,9 +59,7 @@ Exchange Online, SharePoint Online, Teams, and MS Graph can synchronize key Cond
 This process enables the scenario where users lose access to organizational files, email, calendar, or tasks from Microsoft 365 client apps or SharePoint Online immediately after network location changes.
 
 > [!NOTE]
-> Not all client app and resource provider combinations are supported. See table below. The first column of this table refers to web applications launched via web browser (i.e. PowerPoint launched in web browser) while the remaining four columns refer to native applications running on each platform described. Additionally, references to "Office" encompass Word, Excel, and PowerPoint.
-
-Token lifetimes for Office web apps are reduced to 1 hour when a Conditional Access policy is set.
+> Not all client app and resource provider combinations are supported. See the following tables. The first column of this table refers to web applications launched via web browser (i.e. PowerPoint launched in web browser) while the remaining four columns refer to native applications running on each platform described. Additionally, references to "Office" encompass Word, Excel, and PowerPoint.
 
 | | Outlook Web | Outlook Win32 | Outlook iOS | Outlook Android | Outlook Mac |
 | :--- | :---: | :---: | :---: | :---: | :---: |
@@ -70,7 +68,7 @@ Token lifetimes for Office web apps are reduced to 1 hour when a Conditional Acc
 
 | | Office web apps | Office Win32 apps | Office for iOS | Office for Android | Office for Mac |
 | :--- | :---: | :---: | :---: | :---: | :---: |
-| **SharePoint Online** | Not Supported | Supported | Supported | Supported | Supported |
+| **SharePoint Online** | Not Supported \* | Supported | Supported | Supported | Supported |
 | **Exchange Online** | Not Supported | Supported | Supported | Supported | Supported |
 
 | | OneDrive web | OneDrive Win32 | OneDrive iOS | OneDrive Android | OneDrive Mac |
@@ -79,9 +77,11 @@ Token lifetimes for Office web apps are reduced to 1 hour when a Conditional Acc
 
 | | Teams web | Teams Win32 | Teams iOS | Teams Android | Teams Mac |
 | :--- | :---: | :---: | :---: | :---: | :---: |
-| **Teams Service** | Supported | Supported | Supported | Supported | Supported |
-| **SharePoint Online** | Supported | Supported | Supported | Supported | Supported |
-| **Exchange Online** | Supported | Supported | Supported | Supported | Supported |
+| **Teams Service** | Partially supported | Partially supported | Partially supported | Partially supported | Partially supported |
+| **SharePoint Online** | Partially supported | Partially supported | Partially supported | Partially supported | Partially supported |
+| **Exchange Online** | Partially supported | Partially supported | Partially supported | Partially supported | Partially supported |
+
+> \* Token lifetimes for Office web apps are reduced to 1 hour when a Conditional Access policy is set.
 
 ## Client Capabilities
 
@@ -201,7 +201,7 @@ For an explanation of the office update channels, see [Overview of update channe
 
 ### Coauthoring in Office apps
 
-When multiple users are collaborating on a document at the same time, their access to the document may not be immediately revoked by CAE based on user revocation or policy change events. In this case, the user loses access completely after: 
+When multiple users are collaborating on a document at the same time, their access to the document may not be immediately revoked by CAE based on policy change events. In this case, the user loses access completely after:
 
 - Closing the document
 - Closing the Office app

articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md

@@ -22,9 +22,11 @@ Organizations who have deployed Microsoft Intune can use the information returne
 * Requiring a PIN to unlock
 * Requiring device encryption
 * Requiring a minimum or maximum operating system version
-* Requiring a device is not jailbroken or rooted
+* Requiring a device isn't jailbroken or rooted
 
-This policy compliance information is forwarded to Azure AD where Conditional Access can make decisions to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+Policy compliance information is sent to Azure AD where Conditional Access decides to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+
+Requiring a hybrid Azure AD joined device is dependent on your devices already being hybrid Azure AD joined. For more information, see the article [Configure hybrid Azure AD join](../devices/howto-hybrid-azure-ad-join.md).
 
 ## Template deployment
 
@@ -59,7 +61,7 @@ After confirming your settings using [report-only mode](howto-conditional-access
 
 ### Known behavior
 
-On Windows 7, iOS, Android, macOS, and some third-party web browsers Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
+On Windows 7, iOS, Android, macOS, and some third-party web browsers, Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
 
 ## Next steps