Merge pull request #201271 from MicrosoftDocs/main

6/10 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -6931,6 +6931,11 @@
       "redirect_url": "/azure/azure-functions/functions-bindings-event-hubs-output",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-functions/functions-bindings-errors.md",
+      "redirect_url": "/azure/azure-functions/functions-bindings-error-pages",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-government/documentation-government-k8.md",
       "redirect_url": "/azure/azure-government",
@@ -35511,6 +35516,11 @@
       "redirect_url": "/azure/cognitive-services/speech-service/role-based-access-control",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/index-speech-translation.yml",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-translation",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/voice-first-virtual-assistants.md",
       "redirect_url": "/azure/cognitive-services/Speech-Service/voice-assistants",

articles/active-directory/develop/index.yml

@@ -154,7 +154,7 @@ tools:
   ## ROW 1 ######################
   - title: .NET
     url: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
-    imageSrc: https://docs.microsoft.com/media/logos/logo_Csharp.svg
+    imageSrc: /media/logos/logo_Csharp.svg
   - title: Android
     url: https://github.com/AzureAD/microsoft-authentication-library-for-android
     imageSrc: ./media/hub/android.svg
@@ -164,20 +164,20 @@ tools:
   ## ROW 2 ######################
   - title: iOS & macOS
     url: https://github.com/AzureAD/microsoft-authentication-library-for-objc
-    imageSrc: https://docs.microsoft.com/media/logos/logo_ios.svg
+    imageSrc: /media/logos/logo_ios.svg
   - title: Java
     url: https://github.com/AzureAD/microsoft-authentication-library-for-java
-    imageSrc: https://docs.microsoft.com/media/logos/logo_java.svg
+    imageSrc: /media/logos/logo_java.svg
   - title: JavaScript
     url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser
-    imageSrc: https://docs.microsoft.com/media/logos/logo_js.svg
+    imageSrc: /media/logos/logo_js.svg
   ## ROW 3 ######################
   - title: Node.js
     url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node
     imageSrc: ./media/hub/node.svg
   - title: Python
     url: https://github.com/AzureAD/microsoft-authentication-library-for-python
-    imageSrc: https://docs.microsoft.com/media/logos/logo_python.svg
+    imageSrc: /media/logos/logo_python.svg
   - title: React
     url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-react
     imageSrc: ./media/hub/react.svg
@@ -218,4 +218,4 @@ additionalContent:
         links:
           - url: ../app-provisioning/user-provisioning.md
             text: Application user and role provisioning documentation
-## BAND 5 - ADDITIONAL CONTENT END ##########################################################################################################################
+## BAND 5 - ADDITIONAL CONTENT END ##########################################################################################################################

articles/active-directory/enterprise-users/groups-dynamic-membership.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: overview
-ms.date: 06/03/2022
+ms.date: 06/08/2022
 ms.author: curtand
 ms.reviewer: krbain
 ms.custom: it-pro
@@ -67,7 +67,7 @@ A membership rule that automatically populates a group with users or devices is
 - Operator
 - Value
 
-The order of the parts within an expression are important to avoid syntax errors.
+The order of the parts within an expression is important to avoid syntax errors.
 
 ## Supported properties
 
@@ -90,41 +90,41 @@ dirSyncEnabled |true false |user.dirSyncEnabled -eq true
 
 | Properties | Allowed values | Usage |
 | --- | --- | --- |
-| city |Any string value or *null* |(user.city -eq "value") |
-| country |Any string value or *null* |(user.country -eq "value") |
-| companyName | Any string value or *null* | (user.companyName -eq "value") |
-| department |Any string value or *null* |(user.department -eq "value") |
-| displayName |Any string value |(user.displayName -eq "value") |
-| employeeId |Any string value |(user.employeeId -eq "value")<br>(user.employeeId -ne *null*) |
-| facsimileTelephoneNumber |Any string value or *null* |(user.facsimileTelephoneNumber -eq "value") |
-| givenName |Any string value or *null* |(user.givenName -eq "value") |
-| jobTitle |Any string value or *null* |(user.jobTitle -eq "value") |
-| mail |Any string value or *null* (SMTP address of the user) |(user.mail -eq "value") |
-| mailNickName |Any string value (mail alias of the user) |(user.mailNickName -eq "value") |
-| memberOf | Any string value (valid group object ID) | (device.memberof -any (group.objectId -in ['value'])) |
-| mobile |Any string value or *null* |(user.mobile -eq "value") |
-| objectId |GUID of the user object |(user.objectId -eq "11111111-1111-1111-1111-111111111111") |
-| onPremisesDistinguishedName (preview)| Any string value or *null* |(user.onPremisesDistinguishedName -eq "value") |
-| onPremisesSecurityIdentifier | On-premises security identifier (SID) for users who were synchronized from on-premises to the cloud. |(user.onPremisesSecurityIdentifier -eq "S-1-1-11-1111111111-1111111111-1111111111-1111111") |
-| passwordPolicies |None DisableStrongPassword DisablePasswordExpiration DisablePasswordExpiration, DisableStrongPassword |(user.passwordPolicies -eq "DisableStrongPassword") |
-| physicalDeliveryOfficeName |Any string value or *null* |(user.physicalDeliveryOfficeName -eq "value") |
-| postalCode |Any string value or *null* |(user.postalCode -eq "value") |
-| preferredLanguage |ISO 639-1 code |(user.preferredLanguage -eq "en-US") |
-| sipProxyAddress |Any string value or *null* |(user.sipProxyAddress -eq "value") |
-| state |Any string value or *null* |(user.state -eq "value") |
-| streetAddress |Any string value or *null* |(user.streetAddress -eq "value") |
-| surname |Any string value or *null* |(user.surname -eq "value") |
-| telephoneNumber |Any string value or *null* |(user.telephoneNumber -eq "value") |
-| usageLocation |Two lettered country/region code |(user.usageLocation -eq "US") |
-| userPrincipalName |Any string value |(user.userPrincipalName -eq "alias@domain") |
-| userType |member guest *null* |(user.userType -eq "Member") |
+| city |Any string value or *null* | user.city -eq "value" |
+| country |Any string value or *null* | user.country -eq "value" |
+| companyName | Any string value or *null* | user.companyName -eq "value" |
+| department |Any string value or *null* | user.department -eq "value" |
+| displayName |Any string value | user.displayName -eq "value" |
+| employeeId |Any string value | user.employeeId -eq "value"<br>user.employeeId -ne *null* |
+| facsimileTelephoneNumber |Any string value or *null* | user.facsimileTelephoneNumber -eq "value" |
+| givenName |Any string value or *null* | user.givenName -eq "value" |
+| jobTitle |Any string value or *null* | user.jobTitle -eq "value" |
+| mail |Any string value or *null* (SMTP address of the user) | user.mail -eq "value" |
+| mailNickName |Any string value (mail alias of the user) | user.mailNickName -eq "value" |
+| memberOf | Any string value (valid group object ID) | user.memberof -any (group.objectId -in ['value']) |
+| mobile |Any string value or *null* | user.mobile -eq "value" |
+| objectId |GUID of the user object | user.objectId -eq "11111111-1111-1111-1111-111111111111" |
+| onPremisesDistinguishedName (preview)| Any string value or *null* | user.onPremisesDistinguishedName -eq "value" |
+| onPremisesSecurityIdentifier | On-premises security identifier (SID) for users who were synchronized from on-premises to the cloud. | user.onPremisesSecurityIdentifier -eq "S-1-1-11-1111111111-1111111111-1111111111-1111111" |
+| passwordPolicies |None<br>DisableStrongPassword<br>DisablePasswordExpiration<br>DisablePasswordExpiration, DisableStrongPassword | user.passwordPolicies -eq "DisableStrongPassword" |
+| physicalDeliveryOfficeName |Any string value or *null* | user.physicalDeliveryOfficeName -eq "value" |
+| postalCode |Any string value or *null* | user.postalCode -eq "value" |
+| preferredLanguage |ISO 639-1 code | user.preferredLanguage -eq "en-US" |
+| sipProxyAddress |Any string value or *null* | user.sipProxyAddress -eq "value" |
+| state |Any string value or *null* | user.state -eq "value" |
+| streetAddress |Any string value or *null* | user.streetAddress -eq "value" |
+| surname |Any string value or *null* | user.surname -eq "value" |
+| telephoneNumber |Any string value or *null* | user.telephoneNumber -eq "value" |
+| usageLocation |Two lettered country/region code | user.usageLocation -eq "US" |
+| userPrincipalName |Any string value | user.userPrincipalName -eq "alias@domain" |
+| userType |member guest *null* | user.userType -eq "Member" |
 
 ### Properties of type string collection
 
-| Properties | Allowed values | Usage |
+| Properties | Allowed values | Example |
 | --- | --- | --- |
-| otherMails |Any string value |(user.otherMails -contains "alias@domain") |
-| proxyAddresses |SMTP: alias@domain smtp: alias@domain |(user.proxyAddresses -contains "SMTP: alias@domain") |
+| otherMails |Any string value | user.otherMails -contains "alias@domain" |
+| proxyAddresses |SMTP: alias@domain smtp: alias@domain | user.proxyAddresses -contains "SMTP: alias@domain" |
 
 For the properties used for device rules, see [Rules for devices](#rules-for-devices).
 
@@ -162,12 +162,12 @@ The **-match** operator is used for matching any regular expression. Examples:
 ```
 user.displayName -match "Da.*"   
 ```
-Da, Dav, David evaluate to true, aDa evaluates to false.
+`Da`, `Dav`, `David` evaluate to true, aDa evaluates to false.
 
 ```
 user.displayName -match ".*vid"
 ```
-David evaluates to true, Da evaluates to false.
+`David` evaluates to true, `Da` evaluates to false.
 
 ## Supported values
 
@@ -278,7 +278,7 @@ user.assignedPlans -any (assignedPlan.service -eq "SCO" -and assignedPlan.capabi
 
 #### Example 3
 
-The following expression selects all users who have no asigned service plan:
+The following expression selects all users who have no assigned service plan:
 
 ```
 user.assignedPlans -all (assignedPlan.servicePlanId -eq "")
@@ -383,22 +383,22 @@ The following device attributes can be used.
 
  Device attribute  | Values | Example
  ----- | ----- | ----------------
- accountEnabled | true false | (device.accountEnabled -eq true)
- displayName | any string value |(device.displayName -eq "Rob iPhone")
- deviceOSType | any string value | (device.deviceOSType -eq "iPad") -or (device.deviceOSType -eq "iPhone")<br>(device.deviceOSType -contains "AndroidEnterprise")<br>(device.deviceOSType -eq "AndroidForWork")<br>(device.deviceOSType -eq "Windows")
- deviceOSVersion | any string value | (device.deviceOSVersion -eq "9.1")<br>(device.deviceOSVersion -startsWith "10.0.1")
- deviceCategory | a valid device category name | (device.deviceCategory -eq "BYOD")
- deviceManufacturer | any string value | (device.deviceManufacturer -eq "Samsung")
- deviceModel | any string value | (device.deviceModel -eq "iPad Air")
- deviceOwnership | Personal, Company, Unknown | (device.deviceOwnership -eq "Company")
- enrollmentProfileName | Apple Device Enrollment Profile name, Android Enterprise Corporate-owned dedicated device Enrollment Profile name, or Windows Autopilot profile name | (device.enrollmentProfileName -eq "DEP iPhones")
- isRooted | true false | (device.isRooted -eq true)
- managementType | MDM (for mobile devices) | (device.managementType -eq "MDM")
- memberOf | Any string value (valid group object ID) | (user.memberof -any (group.objectId -in ['value'])) 
- deviceId | a valid Azure AD device ID | (device.deviceId -eq "d4fe7726-5966-431c-b3b8-cddc8fdb717d")
- objectId | a valid Azure AD object ID |  (device.objectId -eq "76ad43c9-32c5-45e8-a272-7b58b58f596d")
- devicePhysicalIds | any string value used by Autopilot, such as all Autopilot devices, OrderID, or PurchaseOrderID  | (device.devicePhysicalIDs -any _ -contains "[ZTDId]") (device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881") (device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
- systemLabels | any string matching the Intune device property for tagging Modern Workplace devices | (device.systemLabels -contains "M365Managed")
+ accountEnabled | true false | device.accountEnabled -eq true
+ displayName | any string value | device.displayName -eq "Rob iPhone"
+ deviceOSType | any string value | (device.deviceOSType -eq "iPad") -or (device.deviceOSType -eq "iPhone")<br>device.deviceOSType -contains "AndroidEnterprise"<br>device.deviceOSType -eq "AndroidForWork"<br>device.deviceOSType -eq "Windows"
+ deviceOSVersion | any string value | device.deviceOSVersion -eq "9.1"<br>device.deviceOSVersion -startsWith "10.0.1"
+ deviceCategory | a valid device category name | device.deviceCategory -eq "BYOD"
+ deviceManufacturer | any string value | device.deviceManufacturer -eq "Samsung"
+ deviceModel | any string value | device.deviceModel -eq "iPad Air"
+ deviceOwnership | Personal, Company, Unknown | device.deviceOwnership -eq "Company"
+ enrollmentProfileName | Apple Device Enrollment Profile name, Android Enterprise Corporate-owned dedicated device Enrollment Profile name, or Windows Autopilot profile name | device.enrollmentProfileName -eq "DEP iPhones"
+ isRooted | true false | device.isRooted -eq true
+ managementType | MDM (for mobile devices) | device.managementType -eq "MDM"
+ memberOf | Any string value (valid group object ID) | device.memberof -any (group.objectId -in ['value']) 
+ deviceId | a valid Azure AD device ID | device.deviceId -eq "d4fe7726-5966-431c-b3b8-cddc8fdb717d"
+ objectId | a valid Azure AD object ID | device.objectId -eq "76ad43c9-32c5-45e8-a272-7b58b58f596d"
+ devicePhysicalIds | any string value used by Autopilot, such as all Autopilot devices, OrderID, or PurchaseOrderID  | device.devicePhysicalIDs -any _ -contains "[ZTDId]"<br>(device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881"<br>(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342"
+ systemLabels | any string matching the Intune device property for tagging Modern Workplace devices | device.systemLabels -contains "M365Managed"
 
 > [!NOTE]
 > For the deviceOwnership when creating Dynamic Groups for devices you need to set the value equal to "Company". On Intune the device ownership is represented instead as Corporate. Refer to [OwnerTypes](/intune/reports-ref-devices#ownertypes) for more details. 

articles/active-directory/external-identities/cross-cloud-settings.md

@@ -34,6 +34,9 @@ To set up B2B collaboration between partner organizations in different Microsoft
 
 After each organization has completed these steps, Azure AD B2B collaboration between the organizations is enabled.
 
+> [!NOTE]
+> B2B direct connect is not supported for collaboration with Azure AD tenants in a different Microsoft cloud.
+
 ## Before you begin
 
 - **Obtain the partner's tenant ID.** To enable B2B collaboration with a partner's Azure AD organization in another Microsoft Azure cloud, you'll need the partner's tenant ID. Using an organization's domain name for lookup isn't available in cross-cloud scenarios.

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -69,6 +69,9 @@ To set up B2B collaboration, both organizations configure their Microsoft cloud
 - Use B2B collaboration to invite a user in the partner tenant to access resources in your organization, including web line-of-business apps, SaaS apps, and SharePoint Online sites, documents, and files.
 - Apply Conditional Access policies to the B2B collaboration user and opt to trust device claims (compliant claims and hybrid Azure AD joined claims) from the user’s home tenant.
 
+> [!NOTE]
+> B2B direct connect is not supported for collaboration with Azure AD tenants in a different Microsoft cloud.
+
 For configuration steps, see [Configure Microsoft cloud settings for B2B collaboration (Preview)](cross-cloud-settings.md).
 
 > [!NOTE]

articles/active-directory/hybrid/how-to-connect-install-prerequisites.md

@@ -51,7 +51,7 @@ For more information on setting the PowerShell execution policy, see [Set-Execut
 ### Azure AD Connect server
 The Azure AD Connect server contains critical identity data. It's important that administrative access to this server is properly secured. Follow the guidelines in [Securing privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access). 
 
-The Azure AD Connect server must be treated as a Tier 0 component as documented in the [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material). We recommend hardening the Azure AD Connect server as a Control Plane asset by following the guidance provided in [Secure Privileged Access]( https://docs.microsoft.com/security/compass/overview) 
+The Azure AD Connect server must be treated as a Tier 0 component as documented in the [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material). We recommend hardening the Azure AD Connect server as a Control Plane asset by following the guidance provided in [Secure Privileged Access](/security/compass/overview) 
 
 To read more about securing your Active Directory environment, see [Best practices for securing Active Directory](/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory).
 
@@ -73,7 +73,7 @@ To read more about securing your Active Directory environment, see [Best practic
 ### Harden your Azure AD Connect server 
 We recommend that you harden your Azure AD Connect server to decrease the security attack surface for this critical component of your IT environment. Following these recommendations will help to mitigate some security risks to your organization.
 
-- We recommend hardening the Azure AD Connect server as a Control Plane (formerly Tier 0) asset by following the guidance provided in [Secure Privileged Access]( https://docs.microsoft.com/security/compass/overview) and [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material).
+- We recommend hardening the Azure AD Connect server as a Control Plane (formerly Tier 0) asset by following the guidance provided in [Secure Privileged Access](/security/compass/overview) and [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material).
 - Restrict administrative access to the Azure AD Connect server to only domain administrators or other tightly controlled security groups.
 - Create a [dedicated account for all personnel with privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access). Administrators shouldn't be browsing the web, checking their email, and doing day-to-day productivity tasks with highly privileged accounts.
 - Follow the guidance provided in [Securing privileged access](/windows-server/identity/securing-privileged-access/securing-privileged-access). 

articles/active-directory/manage-apps/secure-hybrid-access.md

@@ -54,6 +54,10 @@ The following partners offer pre-built solutions to support **conditional access
 
 The following partners offer pre-built solutions and detailed guidance for integrating with Azure AD.
 
+- [AWS](../saas-apps/aws-clientvpn-tutorial.md)
+
+- [Check Point](../saas-apps/check-point-remote-access-vpn-tutorial.md)
+
 - [Cisco AnyConnect](../saas-apps/cisco-anyconnect.md)
 
 - [Fortinet](../saas-apps/fortigate-ssl-vpn-tutorial.md)