Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

.openpublishing.redirection.json

@@ -22661,6 +22661,11 @@
             "redirect_URL": "/azure/route-server/tutorial-protect-route-server-ddos",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/external-attack-surface-management/data-connections-overview.md",
+            "redirect_URL": "/azure/external-attack-surface-management/index",
+            "redirect_document_id": true
+        },
         {
             "source_path": "articles/virtual-network/nat-gateway/tutorial-protect-nat-gateway.md",
             "redirect_URL": "/azure/virtual-network/nat-gateway/tutorial-protect-nat-gateway-ddos",

articles/active-directory/authentication/certificate-based-authentication-faq.yml

@@ -123,7 +123,7 @@ sections:
           How can I use single-factor certificates to complete MFA?
         answer: |
           We have support for single factor CBA to get MFA. CBA SF + PSI (passwordless phone sign in) and CBA SF + FIDO2 are the two supported combinations to get MFA using single factor certificates.
-          [MFA with single factor certificates](../authentication/concept-certificate-based-authentication-technical-deep-dive.md#single-factor-certificate-based-authentication) 
+          [MFA with single factor certificates](../authentication/concept-certificate-based-authentication-technical-deep-dive.md#mfa-authentication-flow-using-single-factor-certificates-and-passwordless-sign-in) 
           
       - question: |
           Will the changes to the Authentication methods policy take effect immediately?

articles/active-directory/authentication/concept-certificate-based-authentication-migration.md

@@ -39,6 +39,9 @@ To configure Staged Rollout, follow these steps:
 
 For more information, see [Staged Rollout](../hybrid/how-to-connect-staged-rollout.md).
 
+>[!NOTE]
+> When Staged rollout is enabled for a user, the user is considered a managed user and all authentication will happen at Azure AD. For a federated Tenant, if CBA is enabled on Staged Rollout, password authentication only works if PHS is enabled too otherwise password authentication will fail.
+
 ## Use Azure AD connect to update certificateUserIds attribute
 
 An AD FS admin can use **Synchronization Rules Editor** to create rules to sync the values of attributes from AD FS to Azure AD user objects. For more information, see [Sync rules for certificateUserIds](concept-certificate-based-authentication-certificateuserids.md#update-certificate-user-ids-using-azure-ad-connect).

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -74,7 +74,10 @@ Now we'll walk through each step:
 
 ## MFA with Single-factor certificate-based authentication
 
-Azure AD CBA supports second factors to meet MFA requirements with single-factor certificates. Users can use either passwordless sign-in or FIDO2 security keys as second factors when the first factor is single-factor CBA. Users need to register passwordless sign-in or FIDO2 in advance to signing in with Azure AD CBA.
+Azure AD CBA supports second factors to meet MFA requirements with single-factor certificates. Users can use either passwordless sign-in or FIDO2 security keys as second factors when the first factor is single-factor CBA. Users need to have another way to get MFA and register passwordless sign-in or FIDO2 in advance to signing in with Azure AD CBA.
+
+>[!IMPORTANT]
+>A user will be considered MFA capable when a user is in scope for Certificate-based authentication auth method. This means user will not be able to use proof up as part of their authentication to registerd other available methods. More info on [Azure AD MFA](../authentication/concept-mfa-howitworks.md)
 
 **Steps to set up passwordless phone signin(PSI) with CBA**
 

articles/active-directory/manage-apps/datawiza-azure-ad-sso-mfa-oracle-ebs.md

@@ -2,15 +2,15 @@
 title: Use Azure Policy to assign managed identities (preview)
 description: Documentation for the Azure Policy that can be used to assign managed identities to Azure resources.
 services: active-directory
-author: karavar
-manager: skwan
+author: barclayn
+manager: amycolannino
 editor: barclayn
 ms.service: active-directory
 ms.subservice: msi
 ms.topic: how-to
 ms.workload: identity
 ms.date: 05/23/2022
-ms.author: vakarand
+ms.author: barclayn
 ms.collection: M365-identity-device-management
 ---
 

articles/active-directory/managed-identities-azure-resources/how-to-assign-managed-identity-via-azure-policy.md

@@ -59,7 +59,6 @@ For more information, see [Transfer an Azure subscription to a different Azure A
 In rare cases, you may see error messages indicating errors related to assignment of managed identities with Azure resources. Some of the example error messages are as follows: 
 - Azure resource ‘azure-resource-id' does not have access to identity 'managed-identity-id'.  
 - No managed service identities are associated with resource ‘azure-resource-id'
-- Managed service identities referenced with URL 'https://control-....virtualMachineScaleSets/<vmss_name>/credentials/v2/systemassigned' are not valid. Ensure all assigned identities associated with the resource are valid.
 
 **Workaround**
 In these rare cases the best next steps are
@@ -68,6 +67,12 @@ In these rare cases the best next steps are
 2. For User Assigned Managed Identity, reassign the identity to the Azure resource. 
 3. For System Assigned Managed Identity, disable the identity and enable it again. 
 
+>[!NOTE]
+>To assign/unassign Managed identities please follow below links
+
+- [Documentation for VM](qs-configure-portal-windows-vm.md)
+- [Documentation for VMSS](qs-configure-portal-windows-vmss.md)
+
 ## Next steps
 
 You can review our article listing the [services that support managed identities](services-support-managed-identities.md) and our [frequently asked questions](managed-identities-faq.md)

articles/active-directory/managed-identities-azure-resources/known-issues.md

@@ -3,7 +3,7 @@ title: PowerShell samples
 description: Learn about the Azure PowerShell sample scripts available for App Configuration.
 ms.service: azure-app-configuration
 ms.topic: sample
-ms.date: 12/14/2022
+ms.date: 01/19/2023
 ms.author: malev
 author: maud-lv
 ---
@@ -14,9 +14,9 @@ The following table includes links to PowerShell scripts built using the [Az.App
 | Script | Description |
 |-|-|
 |**Create store**||
-| [Create a configuration store with the specified parameters](/powershell/module/az.appconfiguration/New-AzAppConfigurationStore) | Creates an  Azure App Configuration store with some specified parameters. |
+| [Create a configuration store with the specified parameters](scripts/powershell-create-service.md) | Creates an  Azure App Configuration store with some specified parameters. |
 |**Delete store**||
-| [Delete a configuration store](/powershell/module/az.appconfiguration/Remove-AzAppConfigurationStore) | Deletes an Azure App Configuration store. |
+| [Delete a configuration store](scripts/powershell-delete-service.md) | Deletes an Azure App Configuration store. |
 | [Purge a deleted configuration store](/powershell/module/az.appconfiguration/Clear-AzAppConfigurationDeletedStore) | Purges a deleted Azure App Configuration store, permanently removing all data. |
 |**Get and list stores**||
 | [Get a deleted configuration store](/powershell/module/az.appconfiguration/Get-AzAppConfigurationDeletedStore) | Gets a deleted Azure App Configuration store. |

articles/azure-app-configuration/powershell-samples.md

@@ -7,20 +7,20 @@ author: maud-lv
 
 ms.service: azure-app-configuration
 ms.topic: sample
-ms.date: 01/24/2020
+ms.date: 01/18/2023
 ms.author: malev 
 ms.custom: devx-track-azurecli
 ---
 
-# Create an Azure App Configuration Store
+# Create an Azure App Configuration store with the Azure CLI
 
-This sample script creates a new instance of Azure App Configuration in a new resource group.
+This sample script creates a new instance of Azure App Configuration using the Azure CLI in a new resource group.
 
 [!INCLUDE [quickstarts-free-trial-note](../../../includes/quickstarts-free-trial-note.md)]
 
 [!INCLUDE [azure-cli-prepare-your-environment.md](~/articles/reusable-content/azure-cli/azure-cli-prepare-your-environment.md)]
 
- - This tutorial requires version 2.0 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
+- This tutorial requires version 2.0 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
 
 ## Sample script
 
@@ -55,7 +55,7 @@ appConfigConnectionString=$(az appconfig credential list \
 echo "$appConfigConnectionString"
 ```
 
-Make a note of the actual name generated for the new resource group. You will use that resource group name when you want to delete all group resources.
+Make a note of the actual name generated for the new resource group. You'll use that resource group name when you want to delete all group resources.
 
 [!INCLUDE [cli-script-cleanup](../../../includes/cli-script-clean-up.md)]
 
@@ -73,4 +73,4 @@ This script uses the following commands to create a new resource group and an Ap
 
 For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
 
-Additional App Configuration CLI script samples can be found in the [Azure App Configuration  CLI samples](../cli-samples.md).
+More App Configuration CLI script samples can be found in the [Azure App Configuration  CLI samples](../cli-samples.md).

articles/azure-app-configuration/scripts/cli-create-service.md

@@ -13,9 +13,9 @@ ms.author: malev
 ms.custom: devx-track-azurecli
 ---
 
-# Delete an Azure App Configuration store
+# Delete an Azure App Configuration store with the Azure CLI
 
-This sample script deletes an instance of Azure App Configuration.
+This sample script deletes an instance of Azure App Configuration using the Azure CLI.
 
 [!INCLUDE [quickstarts-free-trial-note](../../../includes/quickstarts-free-trial-note.md)]