Merge pull request #99019 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md

@@ -121,7 +121,7 @@ Once you've added app roles in your application, you can assign users and groups
 
 - [Authorization in a web app using Azure AD application roles & role claims (Sample)](https://github.com/Azure-Samples/active-directory-dotnet-webapp-roleclaims)
 - [Using Security Groups and Application Roles in your apps (Video)](https://www.youtube.com/watch?v=V8VUPixLSiM)
-- [Azure Active Directory, now with Group Claims and Application Roles](https://cloudblogs.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles)
+- [Azure Active Directory, now with Group Claims and Application Roles](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-now-with-Group-Claims-and-Application/ba-p/243862)
 - [Azure Active Directory app manifest](https://docs.microsoft.com/azure/active-directory/develop/reference-app-manifest)
 - [AAD Access tokens](access-tokens.md)
 - [AAD `id_tokens`](id-tokens.md)

articles/active-directory/develop/msal-net-xamarin-android-considerations.md

@@ -3,7 +3,7 @@ title: Xamarin Android considerations (MSAL.NET) | Azure
 titleSuffix: Microsoft identity platform
 description: Learn about specific considerations when using Xamarin Android with the Microsoft Authentication Library for .NET (MSAL.NET).
 services: active-directory
-author: TylerMSFT
+author: jmprieur
 manager: CelesteDG
 
 ms.service: active-directory
@@ -80,6 +80,23 @@ The `AndroidManifest.xml` should contain the following values:
 </activity>
 ```
 
+Or, you can [create the activity in code](https://docs.microsoft.com/xamarin/android/platform/android-manifest#the-basics) and not manually edit `AndroidManifest.xml`. For that, you must create a class that has the `Activity` and `IntentFilter` attribute. A class that represents the same values of the above xml would be:
+
+```csharp
+  [Activity]
+  [IntentFilter(new[] { Intent.ActionView },
+        Categories = new[] { Intent.CategoryBrowsable, Intent.CategoryDefault },
+        DataHost = "auth",
+        DataScheme = "msal{client_id}")]
+  public class MsalActivity : BrowserTabActivity
+  {
+  }
+```
+
+### XamarinForms 4.3.X manifest
+
+The code generated by XamarinForms 4.3.x sets the `package` attribute to `com.companyname.{appName}` in the `AndroidManifest.xml`. You might want to change the value to be same as the `MainActivity.cs` namespace, if you use the `DataScheme` as `msal{client_id}`.
+
 ## Use the embedded web view (optional)
 
 By default MSAL.NET uses the system web browser, which enables you to get SSO with Web applications and other apps. In some rare cases, you might want to specify that you want to use the embedded web view. For more information, see [MSAL.NET uses a Web browser](msal-net-web-browsers.md) and [Android system browser](msal-net-system-browser-android-considerations.md).
@@ -124,4 +141,4 @@ More details and samples are provided in the [Android Specific Considerations](h
 
 | Sample | Platform | Description |
 | ------ | -------- | ----------- |
-|[https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the AADD v2.0 endpoint, and access the Microsoft Graph with the resulting token. <br>![Topology](media/msal-net-xamarin-android-considerations/topology.png) |
+|[https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the AADD v2.0 endpoint, and access the Microsoft Graph with the resulting token. <br>![Topology](media/msal-net-xamarin-android-considerations/topology.png) |

articles/active-directory/develop/msal-net-xamarin-ios-considerations.md

@@ -3,7 +3,7 @@ title: Xamarin iOS considerations (MSAL.NET) | Azure
 titleSuffix: Microsoft identity platform
 description: Learn about specific considerations when using Xamarin iOS with the Microsoft Authentication Library for .NET (MSAL.NET).
 services: active-directory
-author: TylerMSFT
+author: jmprieur
 manager: CelesteDG
 
 ms.service: active-directory
@@ -27,13 +27,6 @@ On Xamarin iOS, there are several considerations that you must take into account
 - [Enable token cache sharing](#enable-token-cache-sharing-across-ios-applications)
 - [Enable Keychain access](#enable-keychain-access)
 
-## Known issues with iOS 12 and authentication
-Microsoft has released a [security advisory](https://github.com/aspnet/AspNetCore/issues/4647) to provide information about an incompatibility between iOS12 and some types of authentication. The incompatibility breaks social, WSFed, and OIDC logins. This advisory also provides guidance on what developers can do to remove current security restrictions added by ASP.NET to their applications to become compatible with iOS12.  
-
-When developing MSAL.NET applications on Xamarin iOS, you may see an infinite loop when trying to sign in to websites from iOS 12 (similar to this [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1329). 
-
-You might also see a break in ASP.NET Core OIDC authentication with iOS 12 Safari as described in this [WebKit issue](https://bugs.webkit.org/show_bug.cgi?id=188165).
-
 ## Implement OpenUrl
 
 First you need to override the `OpenUrl` method of the `FormsApplicationDelegate` derived class and call `AuthenticationContinuationHelper.SetAuthenticationContinuationEventArgs`.
@@ -53,40 +46,28 @@ You'll also need to define a URL scheme, require permissions for your app to cal
 To enable keychain access, your application must have a keychain access group.
 You can set your keychain access group by using the `WithIosKeychainSecurityGroup()` api when creating your application as shown below:
 
-To enable single sign-on, you need to set the `PublicClientApplication.iOSKeychainSecurityGroup` property to the same value in all of the applications.
+To benefit from the cache and single sign-on, you need to set the keychain access group to the same value in all of your applications.
 
-An example of this using MSAL v3.x would be:
+An example of this using MSAL v4.x would be:
 ```csharp
 var builder = PublicClientApplicationBuilder
      .Create(ClientId)
-     .WithIosKeychainSecurityGroup("com.microsoft.msalrocks")
+     .WithIosKeychainSecurityGroup("com.microsoft.adalcache")
      .Build();
 ```
 
-The entitlements.plist should be updated to look like the following XML fragment:
-
 This change is *in addition* to enabling keychain access in the `Entitlements.plist` file, using either the below access group or your own:
 
 ```xml
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
 <dict>
   <key>keychain-access-groups</key>
   <array>
-    <string>$(AppIdentifierPrefix)com.microsoft.msalrocks</string>
+    <string>$(AppIdentifierPrefix)com.microsoft.adalcache</string>
   </array>
 </dict>
-</plist>
 ```
 
-An example of this using MSAL v4.x would be:
-
-```csharp
-PublicClientApplication.iOSKeychainSecurityGroup = "com.microsoft.msalrocks";
-```
-
-When using the `WithIosKeychainSecurityGroup()` api, MSAL will automatically append your security group to the end of the application's "team ID" (AppIdentifierPrefix) because when you build your application using xcode, it will do the same. [See iOS entitlements documentation for more details](https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps). That's why you need to update the entitlements to include $(AppIdentifierPrefix) before the keychain access group in the entitlements.plist.
+When you use the `WithIosKeychainSecurityGroup()` api, MSAL automatically appends your security group to the end of the application's *team ID* (AppIdentifierPrefix) because when you build your application using xcode, it will do the same. For more information, see [iOS entitlements documentation](https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps). That's why the entitlements need to include `$(AppIdentifierPrefix)` before the keychain access group in the `Entitlements.plist`.
 
 ### Enable token cache sharing across iOS applications
 
@@ -125,3 +106,10 @@ Sample | Platform | Description
 [https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the Azure AD V2.0 endpoint, and access the Microsoft Graph with the resulting token.
 
 <!--- https://github.com/Azure-Samples/active-directory-xamarin-native-v2/blob/master/ReadmeFiles/Topology.png -->
+
+## Known issues with iOS 12 and authentication
+Microsoft has released a [security advisory](https://github.com/aspnet/AspNetCore/issues/4647) to provide information about an incompatibility between iOS12 and some types of authentication. The incompatibility breaks social, WSFed, and OIDC logins. This advisory also provides guidance on what developers can do to remove current security restrictions added by ASP.NET to their applications to become compatible with iOS12.  
+
+When developing MSAL.NET applications on Xamarin iOS, you might see an infinite loop when trying to sign in to websites from iOS 12 (similar to this [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1329)). 
+
+You might also see a break in ASP.NET Core OIDC authentication with iOS 12 Safari as described in this [WebKit issue](https://bugs.webkit.org/show_bug.cgi?id=188165).

articles/asc-for-iot/how-to-deploy-linux-cs.md

@@ -48,7 +48,7 @@ To deploy the security agent, use the following steps:
 
 1. Add running permissions to the **InstallSecurityAgent script** by running `chmod +x InstallSecurityAgent.sh` 
 
-1. Next, run: 
+1. Next, run the following command with **root privileges**: 
 
    ```
    ./InstallSecurityAgent.sh -i -aui <authentication identity>  -aum <authentication method> -f <file path> -hn <host name>  -di <device id> -cl <certificate location kind>
@@ -122,4 +122,4 @@ To uninstall the agent, run the script with the –u parameter: `./InstallSecuri
 - Learn more about Azure Security Center for IoT [Architecture](architecture.md)
 - Enable the [service](quickstart-onboard-iot-hub.md)
 - Read the [FAQ](resources-frequently-asked-questions.md)
-- Understand [alerts](concept-security-alerts.md)
+- Understand [alerts](concept-security-alerts.md)

articles/azure-monitor/app/azure-vm-vmss-apps.md

@@ -46,7 +46,7 @@ There are two ways to enable application monitoring for Azure virtual machines a
 ## Manage Application Insights Agent for .NET applications on Azure virtual machines using PowerShell
 
 > [!NOTE]
-> Before installing the Application Insights Agent, you'll need an instrumentation key. [Create a new Application Insights Resource](https://docs.microsoft.com/azure/azure-monitor/app/create-new-resource) or copy the instrumentation key from an existing application insights resource.
+> Before installing the Application Insights Agent, you'll need a connection string. [Create a new Application Insights Resource](https://docs.microsoft.com/azure/azure-monitor/app/create-new-resource) or copy the connection string from an existing application insights resource.
 
 > [!NOTE]
 > New to powershell? Check out the [Get Started Guide](https://docs.microsoft.com/powershell/azure/get-started-azureps?view=azps-2.5.0).
@@ -61,8 +61,9 @@ $publicCfgJsonString = '
         {
           "appFilter": ".*",
           "machineFilter": ".*",
+          "virtualPathFilter": ".*",
           "instrumentationSettings" : {
-            "instrumentationKey": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+            "connectionString": "InstrumentationKey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
           }
         }
       ]
@@ -101,7 +102,7 @@ Get-AzResource -ResourceId "/subscriptions/<mySubscriptionId>/resourceGroups/<my
 You may also view installed extensions in the [Azure virtual machine blade](https://docs.microsoft.com/azure/virtual-machines/extensions/overview) in the Portal.
 
 > [!NOTE]
-> Verify installation by clicking on Live Metrics Stream within the Application Insights Resource associated with the instrumentation key you used to deploy the Application Insights Agent Extension. If you are sending data from multiple Virtual Machines, select the target Azure virtual machines under Server Name. It may take up to a minute for data to begin flowing.
+> Verify installation by clicking on Live Metrics Stream within the Application Insights Resource associated with the connection string you used to deploy the Application Insights Agent Extension. If you are sending data from multiple Virtual Machines, select the target Azure virtual machines under Server Name. It may take up to a minute for data to begin flowing.
 
 ## Manage Application Insights Agent for .NET applications on Azure virtual machine scale sets using powershell
 
@@ -115,8 +116,9 @@ $publicCfgHashtable =
         @{
           "appFilter"= ".*";
           "machineFilter"= ".*";
-          "instrumentationSettings"= @{
-            "instrumentationKey"= "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; # Application Insights Instrumentation Key, create new Application Insights resource if you don't have one. https://ms.portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.insights%2Fcomponents
+          "virtualPathFilter": ".*",
+          "instrumentationSettings" : {
+            "connectionString": "InstrumentationKey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Application Insights connection string, create new Application Insights resource if you don't have one. https://ms.portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/microsoft.insights%2Fcomponents
           }
         }
       )

articles/azure-monitor/app/opencensus-go.md

@@ -39,7 +39,7 @@ First you have to create an Application Insights resource which will generate an
 
    A configuration box appears; use the following table to fill out the input fields.
 
-    | Settings        | Value           | Description  |
+   | Settings        | Value           | Description  |
    | ------------- |:-------------|:-----|
    | **Name**      | Globally Unique Value | Name that identifies the app you are monitoring |
    | **Resource Group**     | myResourceGroup      | Name for the new resource group to host App Insights data |

articles/billing/billing-avoid-charges-free-account.md

@@ -20,7 +20,7 @@ Let's look at some of the reasons you can incur charges on your Azure free accou
 
 ## Your credit runs out or is expired
 
-Your subscription and services are disabled when your credit runs out or expires at the end of 30 days. To continue using Azure services, you must upgrade your account. For more information, see [Upgrade your Azure free account](billing-upgrade-azure-subscription.md). After you upgrade, you still have access to free services for 12 month and you get charged only for usage beyond the free services and quantities.
+Your subscription and services are disabled when your credit runs out or expires at the end of 30 days. To continue using Azure services, you must upgrade your account. For more information, see [Upgrade your Azure free account](billing-upgrade-azure-subscription.md). After you upgrade, you still have access to free services for 12 months and you get charged only for usage beyond the free services and quantities.
 
 
 ## Usage exceeds the limits of free services

articles/cosmos-db/online-backup-and-restore.md

@@ -1,5 +1,5 @@
 ---
-title: Cnline backup and on-demand data restore in Azure Cosmos DB
+title: Online backup and on-demand data restore in Azure Cosmos DB
 description: This article describes how automatic, online backup and on-demand data restore works in Azure Cosmos DB.
 author: kanshiG
 ms.service: cosmos-db

articles/iot-accelerators/howto-opc-vault-secure.md

@@ -94,7 +94,7 @@ Now it depends on the OPC UA device how to apply the new key pair. Typically, th
 
 Now it depends on the OPC UA device how to apply the new certificate. Typically, the CA cert and CRL are copied to a `trusted` folder, while the application certificate is applied to an `own` folder in the certificate store. Some devices might already support server push for certificate updates. Refer to the documentation of your OPC UA device.
 
-### Step 4: Device secured
+### Step 3: Device secured
 
 The OPC UA device is now ready to communicate with other OPC UA devices secured by CA signed certificates, without further configuration.
 
@@ -103,4 +103,4 @@ The OPC UA device is now ready to communicate with other OPC UA devices secured
 Now that you have learned how to secure OPC UA devices, you can:
 
 > [!div class="nextstepaction"]
-> [Run a secure certificate management service](howto-opc-vault-secure-ca.md)
+> [Run a secure certificate management service](howto-opc-vault-secure-ca.md)

articles/iot-central/preview/tutorial-define-edge-device-type.md

@@ -395,4 +395,4 @@ In this tutorial, you learned how to:
 Now that you've created a device template in your Azure IoT Central application, you can do this next:
 
 > [!div class="nextstepaction"]
-> [Connect device](./tutorial-connect-pnp-device.md)
+> [Connect edge device](./tutorial-add-edge-as-leaf-device.md)