Merge pull request #188219 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/authentication/howto-mfa-adfs.md

@@ -43,7 +43,9 @@ To secure your cloud resource, set up a claims rule so that Active Directory Fed
 6. Give your rule a name. 
 7. Select **Authentication Methods References** as the Incoming claim type.
 8. Select **Pass through all claim values**.
+
     ![Screenshot shows Add Transform Claim Rule Wizard where you select Pass through all claim values.](./media/howto-mfa-adfs/configurewizard.png)
+
 9. Click **Finish**. Close the AD FS Management console.
 
 ## Trusted IPs for federated users
@@ -59,25 +61,34 @@ The first thing we need to do is to configure the AD FS claims. Create two claim
 1. Open AD FS Management.
 2. On the left, select **Relying Party Trusts**.
 3. Right-click on **Microsoft Office 365 Identity Platform** and select **Edit Claim Rules…**
+
    ![ADFS Console - Edit Claim Rules](./media/howto-mfa-adfs/trustedip1.png)
+
 4. On Issuance Transform Rules, click **Add Rule.**
+
    ![Adding a Claim Rule](./media/howto-mfa-adfs/trustedip2.png)
+
 5. On the Add Transform Claim Rule Wizard, select **Pass Through or Filter an Incoming Claim** from the drop-down and click **Next**.
+
    ![Screenshot shows Add Transform Claim Rule Wizard where you select Pass Through or Filter an Incoming Claim.](./media/howto-mfa-adfs/trustedip3.png)
+
 6. In the box next to Claim rule name, give your rule a name. For example: InsideCorpNet.
 7. From the drop-down, next to Incoming claim type, select **Inside Corporate Network**.
+
    ![Adding Inside Corporate Network claim](./media/howto-mfa-adfs/trustedip4.png)
+
 8. Click **Finish**.
 9. On Issuance Transform Rules, click **Add Rule**.
 10. On the Add Transform Claim Rule Wizard, select **Send Claims Using a Custom Rule** from the drop-down and click **Next**.
 11. In the box under Claim rule name: enter *Keep Users Signed In*.
 12. In the Custom rule box, enter:
 
-```ad-fs-claim-rule
+    ```ad-fs-claim-rule
         c:[Type == "http://schemas.microsoft.com/2014/03/psso"]
-            => issue(claim = c);
+            => issue(claim = c); 
+    ```
+
     ![Create custom claim to keep users signed in](./media/howto-mfa-adfs/trustedip5.png)
-```
 
 13. Click **Finish**.
 14. Click **Apply**.
@@ -97,4 +108,4 @@ Now that the claims are in place, we can configure trusted IPs.
 4. On the Service Settings page, under **trusted IPs**, select **Skip multi-factor-authentication for requests from federated users on my intranet**.  
 5. Click **save**.
 
-That's it! At this point, federated Microsoft 365 users should only have to use MFA when a claim originates from outside the corporate intranet.
+That's it! At this point, federated Microsoft 365 users should only have to use MFA when a claim originates from outside the corporate intranet.

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -78,7 +78,7 @@ The Office 365 suite makes it possible to target these services all at once. We
 
 Targeting this group of applications helps to avoid issues that may arise because of inconsistent policies and dependencies. For example: The Exchange Online app is tied to traditional Exchange Online data like mail, calendar, and contact information. Related metadata may be exposed through different resources like search. To ensure that all metadata is protected by as intended, administrators should assign policies to the Office 365 app.
 
-Administrators can exclude specific apps from policy if they wish, including the Office 365 suite and excluding the specific apps in policy.
+Administrators can exclude the entire Office 365 suite or specific Office 365 client apps from the Conditional Access policy.
 
 The following key applications are included in the Office 365 client app:
 

articles/active-directory/hybrid/how-to-connect-pta-faq.yml

@@ -25,7 +25,7 @@ sections:
   - name: Ignored
     questions:
       - question: |
-          Which of the methods to sign in to Azure AD, Pass-through Authentication, password hash synchronization, and Active Directory Federation Services (AD FS), should I choose?
+          Which of the methods to sign in to Azure AD, Pass-through Authentication, password hash synchronization, and Active Directory Federation Services (AD FS) should I choose?
         answer: |
           Review [this guide](./choose-ad-authn.md) for a comparison of the various Azure AD sign-in methods and how to choose the right sign-in method for your organization.
           
@@ -180,20 +180,34 @@ sections:
           If you uninstall a Pass-through Authentication Agent from a server, it causes the server to stop accepting sign-in requests. To avoid breaking the user sign-in capability on your tenant, ensure that you have another Authentication Agent running before you uninstall a Pass-through Authentication Agent.
 
       - question: |
-          I have an older tenant that was originally setup using AD FS.  We recently migrated to PTA but now are not seeing our UPN changes synchronizing to Azure AD.  Why are our UPN changes not being synchronized?
+          I have an older tenant that was originally setup using AD FS. We recently migrated to PTA, but now are not seeing our UPN changes synchronizing to Azure AD. Why are our UPN changes not being synchronized?
         answer: |
-          A: Under the following circumstances your on-premises UPN changes may not synchronize if:
+          Under the following circumstances your on-premises UPN changes might not synchronize if:
           
-          - Your Azure AD tenant was created prior to June 15th 2015
-          - You initially were federated with your Azure AD tenant using AD FS for authentication
-          - You switched to having managed users using PTA as authentication
+          - Your Azure AD tenant was created prior to June 15, 2015.
+          - You initially were federated with your Azure AD tenant using AD FS for authentication.
+          - You switched to having managed users using PTA as authentication.
           
-          This is because the default behavior of tenants created prior to June 15th 2015 was to block UPN changes.  If you need to un-block UPN changes you need to run the following PowerShell cmdlt:  
+          This is because the default behavior of tenants created prior to June 15, 2015 was to block UPN changes. If you need to un-block UPN changes you need to run the following PowerShell cmdlet:  
           
           `Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $True`
           
-          Tenants created after June 15th 2015 have the default behavior of synchronizing UPN changes.   
+          Tenants created after June 15, 2015 have the default behavior of synchronizing UPN changes.   
           
+      - question: |
+          How do I capture the PTA Agent ID from Azure AD sign-in logs and the PTA server to validate which PTA server was used for a sign-in event?
+        answer: |
+          To validate which local server or authentication agent was used for a specific sign-in event:
+
+          1. In the Azure portal, go to the sign-in event.
+          2. Select **Authentication Details**. In the **Authentication Method Detail** column, Agent ID details are shown in the format "Pass-through Authentication; PTA AgentId: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX".
+          3. To get Agent ID details for the agent that's installed on your local server, log in to your local server and run following cmdlet: 
+          
+              `Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Azure AD Connect Agents\Azure AD Connect Authentication Agent' | Select *Instance*`
+          
+              The GUID value that's returned is the Agent ID of the authentication agent that's installed on that specific server. If you have multiple agents in your environment, you can run this cmdlet on each agent server and capture the Agent ID details.
+          4. Correlate the Agent ID that you get from the local server and from the Azure AD sign-in logs to validate which agent or server acknowledged the sign-request.
+            
 additionalContent: |
 
   ## Next steps

articles/analysis-services/analysis-services-refresh-azure-automation.md

@@ -62,7 +62,7 @@ The Service Principal you create must have server administrator permissions on t
 4. Browse for the [Refresh-Model.ps1](#sample-powershell-runbook) file, provide a **Name** and **Description**, and then click **Create**.
 
     > [!NOTE]
-    > Use script from [Sample Powershell Runbook](#sample-powershell-runbook) section at the bottom of this document to create a file called Refresh-Model.ps1 and save to local machine to import into Runbook.
+    > Use script from [Sample PowerShell Runbook](#sample-powershell-runbook) section at the bottom of this document to create a file called Refresh-Model.ps1 and save to local machine to import into Runbook.
 
     ![Import Runbook](./media/analysis-services-refresh-azure-automation/9.png)
 

articles/api-management/api-management-faq.yml

@@ -103,7 +103,7 @@ sections:
         answer: |
           Yes. This can be done through PowerShell or by directly submitting to the API. This will disable certificate chain validation and will allow you to use self-signed or privately-signed certificates when communicating from API Management to the back end services.
           
-          ### Powershell method
+          ### PowerShell method
           Use the [`New-AzApiManagementBackend`](/powershell/module/az.apimanagement/new-azapimanagementbackend) (for new back end) or [`Set-AzApiManagementBackend`](/powershell/module/az.apimanagement/set-azapimanagementbackend) (for existing back end) PowerShell cmdlets and set the `-SkipCertificateChainValidation` parameter to `True`.
           
           ```powershell

articles/api-management/automation-manage-api-management.md

@@ -29,7 +29,7 @@ Reduce operational overhead and free up IT and DevOps staff to focus on work tha
 ## How can Azure Automation help manage Azure API Management?
 API Management can be managed in Azure Automation by using the [Windows PowerShell cmdlets for Azure API Management API](/powershell/module/az.apimanagement). Within Azure Automation, you can write PowerShell workflow scripts to perform many of your API Management tasks using the cmdlets. You can also pair these cmdlets in Azure Automation with the cmdlets for other Azure services, to automate complex tasks across Azure services and 3rd party systems.
 
-Here are some examples of using API Management with Powershell:
+Here are some examples of using API Management with PowerShell:
 
 * [Azure PowerShell samples for API Management](./powershell-samples.md)
 

articles/app-service/scripts/powershell-backup-delete.md

@@ -44,4 +44,4 @@ This script uses the following commands. Each command in the table links to comm
 
 For more information on the Azure PowerShell module, see [Azure PowerShell documentation](/powershell/azure/).
 
-Additional Azure Powershell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).
+Additional Azure PowerShell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).

articles/app-service/scripts/powershell-backup-onetime.md

@@ -50,4 +50,4 @@ This script uses the following commands. Each command in the table links to comm
 
 For more information on the Azure PowerShell module, see [Azure PowerShell documentation](/powershell/azure/).
 
-Additional Azure Powershell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).
+Additional Azure PowerShell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).

articles/app-service/scripts/powershell-backup-restore-diff-sub.md

@@ -46,4 +46,4 @@ This script uses the following commands. Each command in the table links to comm
 
 For more information on the Azure PowerShell module, see [Azure PowerShell documentation](/powershell/azure/).
 
-Additional Azure Powershell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).
+Additional Azure PowerShell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).

articles/app-service/scripts/powershell-backup-restore.md

@@ -44,4 +44,4 @@ This script uses the following commands. Each command in the table links to comm
 
 For more information on the Azure PowerShell module, see [Azure PowerShell documentation](/powershell/azure/).
 
-Additional Azure Powershell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).
+Additional Azure PowerShell samples for Azure App Service Web Apps can be found in the [Azure PowerShell samples](../samples-powershell.md).