Merge remote-tracking branch 'upstream/main' into v-dele-175137

Author: DennisLee-DennisLee

.openpublishing.redirection.active-directory.json

@@ -255,6 +255,41 @@
       "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-create-trust",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md",
+      "redirect_url": "/azure/active-directory/fundamentals/security-defaults",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-control.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-control",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-manual.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-manual",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-plan.md",
+      "redirect_url": "/azure/active-directory/devices/hybrid-join-plan",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/device-management-azure-portal.md",
+      "redirect_url": "/azure/active-directory/devices/manage-device-identities",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/concept-azure-ad-register.md",
+      "redirect_url": "/azure/active-directory/devices/concept-device-registration",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/devices/concept-azure-ad-join.md",
+      "redirect_url": "/azure/active-directory/devices/concept-directory-join",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/fundamentals/10-secure-local-guest.md",
       "redirect_url": "/azure/active-directory/architecture/10-secure-local-guest",

.openpublishing.redirection.defender-for-cloud.json

@@ -413,7 +413,7 @@
         {
             "source_path_from_root": "/articles/security-center/defender-for-dns-introduction.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/defender-for-key-vault-introduction.md",
@@ -840,6 +840,11 @@
             "redirect_url": "/azure/defender-for-cloud/enable-agentless-scanning-vms",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/tutorial-enable-dns-plan.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/defender-for-storage-exclude.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-storage-classic-enable#exclude-a-storage-account-from-a-protected-subscription-in-the-per-transaction-plan",

.openpublishing.redirection.json

@@ -9093,6 +9093,11 @@
             "redirect_url": "/azure/vpn-gateway/point-to-site-vpn-client-cert-windows",
             "redirect_document_id": false
         },
+        {
+         "source_path_from_root": "/articles/vpn-gateway/vpn-gateway-forced-tunneling-rm.md",
+         "redirect_url": "/azure/vpn-gateway/about-site-to-site-tunneling",
+         "redirect_document_id": false
+     },
         {
             "source_path_from_root": "/articles/azure-vmware/public-ip-usage.md",
             "redirect_url": "/azure/azure-vmware/enable-public-ip-nsx-edge",
@@ -23853,11 +23858,6 @@
             "redirect_url": "/azure/sentinel/data-connectors-reference",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-meraki.md",
-            "redirect_url": "/azure/sentinel/data-connectors-reference",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/networking/scripts/virtual-network-powershell-sample-peer-two-virtual-networks.md",
             "redirect_url": "/azure/virtual-network/tutorial-connect-virtual-networks-powershell",

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 06/05/2023
+ms.date: 08/01/2023
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference

articles/active-directory-domain-services/faqs.yml

@@ -11,7 +11,7 @@ metadata:
   ms.subservice: domain-services
   ms.workload: identity
   ms.topic: faq
-  ms.date: 05/09/2023
+  ms.date: 08/01/2023
   ms.author: justinha
 title: Frequently asked questions (FAQs) about Azure Active Directory (AD) Domain Services
 summary: This page answers frequently asked questions about Azure Active Directory Domain Services.
@@ -159,6 +159,10 @@ sections:
           Why do my domain controllers change names?
         answer: |
           It is possible that during the maintenance of domain controllers there is a change in their names. To avoid problems with this type of change, it is recommended to not use the names of the domain controllers hardcoded in applications and/or other domain resources, but the FQDN of the domain. This way, no matter what the names of the domain controllers are, you won't need to reconfigure anything after a name change.
+      - question: |
+          Is the password of the KRBTGT account in a managed domain rolled periodically? If so, what is the frequency?
+        answer: |
+          The password of the KRBTGT account in a managed domain is rolled over every seven (7) days.
 
   - name: Billing and availability
     questions:

articles/active-directory-domain-services/join-windows-vm-template.md

@@ -11,7 +11,7 @@ ms.subservice: domain-services
 ms.workload: identity
 ms.custom: devx-track-arm-template
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 08/01/2023
 ms.author: justinha
 ---
 
@@ -31,7 +31,7 @@ To complete this tutorial, you need the following resources and privileges:
     * If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
 * An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
     * If needed, the first tutorial [creates and configures an Azure Active Directory Domain Services managed domain][create-azure-ad-ds-instance].
-* A user account that's a part of the managed domain.
+* A user account that's a part of the *AAD DC administrators* group.
 
 ## Azure Resource Manager template overview
 

articles/active-directory-domain-services/network-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/31/2023
+ms.date: 08/01/2023
 ms.author: justinha
 ms.reviewer: xyuan
 
@@ -149,7 +149,7 @@ If needed, you can [create the required network security group and rules using A
 
 ### Outbound connectivity
 
-For Outbound connectivity, you can either keep **AllowVnetOutbound** and **AllowInternetOutBound** or restrict Outbound traffic by using ServiceTags listed in the following table. The ServiceTag for AzureUpdateDelivery must be added via [PowerShell](powershell-create-instance.md).
+For Outbound connectivity, you can either keep **AllowVnetOutbound** and **AllowInternetOutBound** or restrict Outbound traffic by using ServiceTags listed in the following table. The ServiceTag for AzureUpdateDelivery must be added via [PowerShell](powershell-create-instance.md). Make sure no other NSG with higher priority denies the Outbound connectivity. If Outbound connectivity is denied, replication won't work between replica sets. 
 
 
 | Outbound port number | Protocol | Source | Destination   | Action | Required | Purpose |

articles/active-directory-domain-services/tutorial-create-instance.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/31/2023
+ms.date: 08/01/2023
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -67,7 +67,7 @@ When you create a managed domain, you specify a DNS name. There are some conside
 * **Non-routable domain suffixes:** We generally recommend that you avoid a non-routable domain name suffix, such as *contoso.local*. The *.local* suffix isn't routable and can cause issues with DNS resolution.
 
 > [!TIP]
-> If you create a custom domain name, take care with existing DNS namespaces. It's recommended to use a domain name separate from any existing Azure or on-premises DNS name space.
+> If you create a custom domain name, take care with existing DNS namespaces. Although it's supported, you may want to use a domain name separate from any existing Azure or on-premises DNS namespace.
 >
 > For example, if you have an existing DNS name space of *contoso.com*, create a managed domain with the custom domain name of *aaddscontoso.com*. If you need to use secure LDAP, you must register and own this custom domain name to generate the required certificates.
 >

articles/active-directory/architecture/multi-tenant-user-management-introduction.md

@@ -67,7 +67,7 @@ The following conceptual and how-to articles provide information about Azure AD
 - [B2B and Office 365 external sharing](../external-identities/o365-external-user.md) explains the similarities and differences among sharing resources through B2B, Office 365, and SharePoint/OneDrive.
 - [Properties on an Azure AD B2B collaboration user](../external-identities/user-properties.md) describes the properties and states of the external user object in Azure AD. The description provides details before and after invitation redemption.
 - [B2B user tokens](../external-identities/user-token.md) provides examples of the bearer tokens for B2B for an external user.
-- [Conditional access for B2B](../external-identities/authentication-conditional-access.md) describes how Conditional Access and MFA work for external users.
+- [Conditional Access for B2B](../external-identities/authentication-conditional-access.md) describes how Conditional Access and MFA work for external users.
 - [Cross-tenant access settings](../external-identities/cross-tenant-access-overview.md) provides granular control over how external Azure AD organizations collaborate with you (inbound access) and how your users collaborate with external Azure AD organizations (outbound access).
 - [Cross-tenant synchronization overview](../multi-tenant-organizations/cross-tenant-synchronization-overview.md) explains how to automate creating, updating, and deleting Azure AD B2B collaboration users across tenants in an organization.
 

articles/active-directory/architecture/ops-guide-auth.md

@@ -134,7 +134,7 @@ If you're managing devices with MDM or Microsoft Intune, but not using device co
 
 #### Device trust access policies recommended reading
 
-- [How To: Plan your hybrid Azure Active Directory join implementation](../devices/hybrid-azuread-join-plan.md)
+- [How To: Plan your hybrid Azure Active Directory join implementation](../devices/hybrid-join-plan.md)
 - [Identity and device access configurations](/microsoft-365/enterprise/microsoft-365-policies-configurations)
 
 ### Windows Hello for Business