Merge pull request #298633 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit f197d3c9288e · 2025-04-23T05:31:54.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/app-service/configure-authentication-provider-openid-connect.md b/articles/app-service/configure-authentication-provider-openid-connect.md
@@ -27,6 +27,9 @@ Your provider requires you to register the details of your application with it.
 
 You need to collect a *client ID* and a *client secret* for your application. The client secret is an important security credential. Don't share this secret with anyone or distribute it in a client application.
 
+> [!NOTE]
+> You only need to provide a client secret to the configuration if you would like to acquire access tokens for the user through interactive login flow using the authorization code flow. If this is not your case, collecting a secret is not required.
+
 You also need the OIDC metadata for the provider. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's issuer URL suffixed with `/.well-known/openid-configuration`. Get this configuration URL.
 
 If you can't use a configuration metadata document, get the following values separately:
@@ -52,7 +55,7 @@ To add provider information for your OpenID Connect provider, follow these steps
 
    Otherwise, select **Provide endpoints separately**. Put each URL from the identity provider in the appropriate field.
 
-1. Provide the values that you collected earlier for **Client ID** and **Client secret**.
+1. Provide the values that you collected earlier for **Client ID**. If the **Client secret** was also collected, provide it as part of the configuration process.
 
 1. Specify an application setting name for your client secret. Your client secret is stored as an app setting to ensure that secrets are stored in a secure fashion. If you want to manage the secret in Azure Key vault, update that setting later to use [Azure Key Vault references](./app-service-key-vault-references.md).
 
@@ -61,6 +64,8 @@ To add provider information for your OpenID Connect provider, follow these steps
 > [!NOTE]
 > The OpenID provider name can't contain a hyphen (-) because an app setting is created based on this name. The app setting doesn't support hyphens. Use an underscore (_) instead.  
 >
+> It also requires that the `aud` scope in your token be the same as the **Client Id** as configured above. It is currently not possible to configure the allowed audiences for this provider at the moment.
+>
 > Azure requires `openid`, `profile`, and `email` scopes. Make sure that you configure your app registration in your ID provider with at least these scopes.
 
 ## <a name="related-content"> </a>Related content
diff --git a/articles/azure-resource-manager/management/move-support-resources.md b/articles/azure-resource-manager/management/move-support-resources.md
@@ -756,6 +756,7 @@ Review the [Checklist before moving resources](./move-resource-group-and-subscri
 > | hostpools | **Yes** | **Yes** | No |
 > | scalingplans | **Yes** | **Yes** | No |
 > | workspaces | **Yes** | **Yes** | No |
+> | appattachpackages | **Yes** | **Yes** | No |
 
 ## Microsoft.Devices
 
diff --git a/articles/migrate/vmware/agent-based-migration-architecture.md b/articles/migrate/vmware/agent-based-migration-architecture.md
@@ -27,7 +27,7 @@ Learn more about [selecting and comparing](server-migrate-overview.md?context=/a
 
 ## Agent-based migration
 
-Agent-based migration is used to migrate on-premises VMware VMs and physical servers to Azure. It can also be used to migrate other on-premises virtualized servers, as well as private and public cloud VMs, including AWS instances, and GCP VMs. Agent-based migration in Azure Migrate uses some backend functionality from the [Azure Site Recovery]../../site-recovery/site-recovery-overview.md) service.
+Agent-based migration is used to migrate on-premises VMware VMs and physical servers to Azure. It can also be used to migrate other on-premises virtualized servers, as well as private and public cloud VMs, including AWS instances, and GCP VMs. Agent-based migration in Azure Migrate uses some backend functionality from the [Azure Site Recovery](../../site-recovery/site-recovery-overview.md) service.
 
 
 ## Architectural components
diff --git a/articles/spring-apps/migration/migrate-to-azure-container-apps-components-gateway.md b/articles/spring-apps/migration/migrate-to-azure-container-apps-components-gateway.md
@@ -28,7 +28,7 @@ The OSS version of Spring Cloud Gateway mentioned in this page is provided as an
 - An Azure Spring Apps Enterprise plan instance with Spring Cloud Gateway enabled.
 - An Azure Container Apps instance. For more information, see [Quickstart: Deploy your first container app using the Azure portal](../../container-apps/quickstart-portal.md).
 - [Azure CLI](/cli/azure/install-azure-cli)
-- An Azure container registry instance with sufficient permissions to build and push Docker images. For more information, see [Quickstart: Create a private container registry using the Azure CLI](/azure/container-registry/container-registry-get-started-azure-cli).
+- An Azure Container Registry instance with sufficient permissions to build and push Docker images. For more information, see [Quickstart: Create a private container registry using the Azure CLI](/azure/container-registry/container-registry-get-started-azure-cli).
 
 ## Prepare the code of the self-hosted Spring Cloud Gateway application
 
