Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into aca/jason/353435

Author: craigshoemaker

.openpublishing.redirection.json

@@ -5,6 +5,11 @@
       "redirect_url": "/previous-versions/azure/partner-solutions/split-experimentation/create",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/migrate/context/vmware-context.yml",
+      "redirect_url": "articles/migrate/context/migrate-context",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/partner-solutions/split-experimentation/how-to-set-up-data-access.md",
       "redirect_url": "/previous-versions/azure/partner-solutions/split-experimentation/how-to-set-up-data-access",
@@ -4020,6 +4025,11 @@
       "redirect_url": "/azure/managed-grafana/overview",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/managed-grafana/concept-whats-new.md",
+      "redirect_url": "/azure/managed-grafana/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/managed-grafana/how-to-transition-domain.md",
       "redirect_url": "/azure/managed-grafana/overview",
@@ -4039,11 +4049,16 @@
       "source_path_from_root": "/articles/load-balancer/move-across-regions-internal-load-balancer-portal.md",
       "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path_from_root": "/articles/load-balancer/move-across-regions-internal-load-balancer-powershell.md",
       "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/fasttrack/index.yml",
+      "redirect_url": "/azure",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/partner-nok-nok.md

@@ -1,65 +1,62 @@
 ---
 title: Tutorial to configure Nok Nok S3 Authentication Suite with Azure Active Directory B2C for FIDO passkey authentication
 titleSuffix: Azure AD B2C
-description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication
+description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication.
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
-
+ms.date: 12/09/2024
 ms.author: gasinh
 ms.subservice: b2c
 
-# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO Passkey authentication for my users.
+# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO passkey authentication for my users.
 ---
-# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO Passkey Authentication
+# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO passkey authentication
 
-Learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication such as FIDO UAF, FIDO U2F, WebAuthn, and FIDO2 for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
+In this article, you learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication, such as FIDO Universal Authentication Framework (UAF), FIDO Universal Second Factor (U2F), WebAuthn, and FIDO2, for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
 
-Learn more at [Nok Nok](https://noknok.com/)
+Learn more at [Nok Nok](https://noknok.com/).
 
 ## Prerequisites
 
 To get started, you need:
 
 * An Azure subscription. If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/).
-* An Azure AD B2C tenant linked to the Azure subscription [Tutorial: Create an Azure AD B2C tenant](tutorial-create-tenant.md).
+* An Azure AD B2C tenant linked to the Azure subscription. Learn how to [Create an Azure AD B2C tenant](tutorial-create-tenant.md).
 * A Nok Nok Cloud evaluation tenant for FIDO registration and authentication.
 
 ## Scenario description
 
-To enable Passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
+To enable passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
 
 * **Azure AD B2C** – authorization server that verifies user credentials.
 * **Web and mobile applications** – mobile or web apps to protect with Nok Nok solutions and Azure AD B2C.
-* **Nok Nok Tutorial Web App** – application to register the passkey on your device.
-* **Nok Nok Sign in App** – application for authenticating Azure AD B2C applications using passkey.
-
+* **Nok Nok tutorial web app** – application to register the passkey on your device.
+* **Nok Nok sign-in app** – application for authenticating Azure AD B2C applications with passkey.
 
-The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for Passkey authentication.
+The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for passkey authentication.
 
-![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for Passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
+![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
 
-### Scenario 1: Passkey Registration
-1. The user navigates to the Nok Nok Tutorial Web App using the link provided by Nok Nok.
+### Scenario 1: Passkey registration
+1. The user navigates to the Nok Nok tutorial web app using the link provided by Nok Nok.
 2. The user enters their Azure AD B2C username and default tutorial app password.
 3. The user receives a prompt to register the passkey.
 4. The Nok Nok server validates the passkey credential and confirms successful passkey registration to the user.
 5. The passkey on the user's device is ready for authentication.
 
-### Scenario 2: Passkey Authentication
-1. The user selects the Sign in with Nok Nok Cloud button on the Azure AD B2C Sign in page.
-2. Azure AD B2C redirects the user to the Nok Nok Signin App.
-3. User authenticates with their passkey.
+### Scenario 2: Passkey authentication
+1. The user selects the sign-in with Nok Nok Cloud button on the Azure AD B2C sign-in page.
+2. Azure AD B2C redirects the user to the Nok Nok sign-in app.
+3. The user authenticates with their passkey.
 4. The Nok Nok server validates the passkey assertion and sends an OIDC authentication response to Azure AD B2C.
 5. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
 
-
 ## Get started with Nok Nok
 
-1. [Contact](https://noknok.com/contact/) Nok Nok.
+1. [Contact Nok Nok](https://noknok.com/contact/).
 2. Fill out the form for a Nok Nok tenant.
 3. An email arrives with tenant access information and links to documentation.
 4. Use the Nok Nok integration documentation to complete the tenant OIDC configuration.
@@ -68,11 +65,11 @@ The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2
 
 Use the following instructions to add and configure an IdP, and then configure a user flow.
 
-### Add a new Identity provider
+### Add a new identity provider
 
 For the following instructions, use the directory with the Azure AD B2C tenant. To add a new IdP:
 
-1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C IEF Policy Administrator of the Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C Identity Experience Framework (IEF) Policy Administrator of the Azure AD B2C tenant.
 2. In the portal toolbar, select **Directories + subscriptions**.
 3. On **Portal settings, Directories + subscriptions**, in the **Directory name** list, locate the Azure AD B2C directory.
 4. Select **Switch**.
@@ -82,13 +79,13 @@ For the following instructions, use the directory with the Azure AD B2C tenant.
 8. Select **Identity providers**.
 9. Select **Add**.
 
-### Configure an Identity provider
+### Configure an identity provider
 
 To configure an IdP:
 
 1. Select **Identity provider type** > **OpenID Connect (Preview)**.
-2. For **Name**, enter the Nok Nok Authentication Provider, or another name.
-3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID provided by Nok Nok: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
+2. For **Name**, enter the Nok Nok Authentication Provider or another name.
+3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID that Nok Nok provides: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
 4. For **Client Secret**, use the Client Secret from Nok Nok.
 5. For **Client ID**, use the Client ID provided by Nok Nok.
 6. For **Scope**, use **openid**.
@@ -109,19 +106,19 @@ For the following instructions, Nok Nok is a new OIDC IdP in the B2C identity pr
 5. Select **Create**.
 6. Enter a policy **Name**.
 7. In **Identity providers**, select the created Nok Nok IdP.
-8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok Signin App.
+8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok sign-in app.
 9. Leave the **Multi-factor Authentication** field.
-10. Click **Create** to save.
+10. Select **Create** to save.
 
 ## Test the user flow
 
 1. Open the Azure AD B2C tenant. Under **Policies**, select **Identity Experience Framework**.
 2. Select the created **SignUpSignIn**.
 3. Select **Run user flow**.
-4. For **Application**, select the registered app. The example is JWT.
-5. For **Reply URL**, select the redirect URL of the application that you previously selected at the previous step.
+4. For **Application**, select the registered app. The example is JSON Web Token (JWT).
+5. For **Reply URL**, select the redirect URL of the application that you selected at the previous step.
 6. Select **Run user flow**.
-7. Perform signin using the Azure AD B2C username and the passkey that you previously registered for the same user.
+7. Perform sign-in using the Azure AD B2C username and the passkey that you previously registered for the same user.
 8. Verify that you received the token after authentication.
 
 If the flow is incomplete, confirm the user is or isn't saved in the directory.

articles/api-center/synchronize-api-management-apis.md

@@ -28,7 +28,7 @@ API Management APIs automatically synchronize to the API center whenever existin
 
 > [!NOTE]
 > * There are [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=/azure/api-center/toc.json&bc=/azure/api-center/breadcrumb/toc.json#api-center-limits) for the number of linked API Management instances (API sources).
-> * API updates in API Management can take a few minutes to up to 24 hours to synchronize to your API center.
+> * API updates in API Management typically synchronize to your API center within minutes but synchronization can take up to 24 hours.
 
 ### Entities synchronized from API Management
 

articles/api-management/api-management-gateways-overview.md

@@ -126,7 +126,7 @@ Managed and self-hosted gateways support all available [policies](api-management
 | [GraphQL resolvers](api-management-policies.md#graphql-resolvers) and [GraphQL validation](api-management-policies.md#content-validation)|  ✔️ | ✔️ |✔️ | ❌ | ❌ |
 | [Get authorization context](get-authorization-context-policy.md) |  ✔️ |  ✔️ |✔️ | ❌ | ❌ |
 | [Authenticate with managed identity](authentication-managed-identity-policy.md) |  ✔️ |  ✔️ |✔️ | ✔️ | ❌ |
-| [Azure OpenAI and LLM semantic caching](api-management-policies.md#caching) |  ❌ | ✔️ |❌ | ❌ | ❌ |
+| [Azure OpenAI and LLM semantic caching](api-management-policies.md#caching) |  ✔️ | ✔️ |✔️ | ❌ | ❌ |
 | [Quota and rate limit](api-management-policies.md#rate-limiting-and-quotas) |  ✔️ | ✔️<sup>2</sup> | ✔️<sup>3</sup> | ✔️<sup>4</sup> | ✔️ |
 
 <sup>1</sup> Configured policies that aren't supported by the self-hosted gateway are skipped during policy execution.<br/>

articles/api-management/authentication-managed-identity-policy.md

@@ -31,7 +31,7 @@ Both system-assigned identity and any of the multiple user-assigned identities c
 | Attribute         | Description                                            | Required | Default |
 | ----------------- | ------------------------------------------------------ | -------- | ------- |
 |resource|String. The application ID of the target web API (secured resource) in Microsoft Entra ID. Policy expressions are allowed. |Yes|N/A|
-|client-id|String. The client ID of the user-assigned identity in Microsoft Entra ID. Policy expressions aren't allowed. |No|system-assigned identity|
+|client-id|String. The client ID of the user-assigned identity in Microsoft Entra ID. Policy expressions aren't allowed. |No|N/A. System-assigned identity is used if attribute is not present.|
 |output-token-variable-name|String. Name of the context variable that will receive token value as an object of type `string`. Policy expressions aren't allowed. |No|N/A|  
 |ignore-error|Boolean. If set to `true`, the policy pipeline continues to execute even if an access token isn't obtained.|No|`false`|  
 

articles/api-management/azure-openai-enable-semantic-caching.md

@@ -61,6 +61,10 @@ Configure a [backend](backends.md) resource for the embeddings API deployment wi
         ```
         https://my-aoai.openai.azure.com/openai/deployments/embeddings-deployment/embeddings
         ```
+* **Authorization credentials** - Go to **Managed Identity** tab.
+  * **Client indentity** - Select *System assigned identity* or type in a User assigned managed identity client ID.
+  * **Resource ID** - Enter `https://cognitiveservices.azure.com/` for Azure OpenAI Service.
+
 ### Test backend 
 
 To test the backend, create an API operation for your Azure OpenAI Service API:
@@ -123,7 +127,6 @@ Configure the following policies to enable semantic caching for Azure OpenAI API
     <azure-openai-semantic-cache-lookup
         score-threshold="0.8"
         embeddings-backend-id="embeddings-deployment"
-        embeddings-backend-auth="system-assigned"
         ignore-system-messages="true"
         max-message-count="10">
         <vary-by>@(context.Subscription.Id)</vary-by>

articles/api-management/azure-openai-semantic-cache-lookup-policy.md

@@ -34,7 +34,6 @@ Use the `azure-openai-semantic-cache-lookup` policy to perform cache lookup of r
 <azure-openai-semantic-cache-lookup
     score-threshold="similarity score threshold"
     embeddings-backend-id ="backend entity ID for embeddings API"
-    embeddings-backend-auth ="system-assigned"             
     ignore-system-messages="true | false"      
     max-message-count="count" >
     <vary-by>"expression to partition caching"</vary-by>
@@ -47,7 +46,6 @@ Use the `azure-openai-semantic-cache-lookup` policy to perform cache lookup of r
 | ----------------- | ------------------------------------------------------ | -------- | ------- |
 | score-threshold	| Similarity score threshold used to determine whether to return a cached response to a prompt. Value is a decimal between 0.0 and 1.0. [Learn more](../azure-cache-for-redis/cache-tutorial-semantic-cache.md#change-the-similarity-threshold). | Yes |	N/A |
 | embeddings-backend-id | [Backend](backends.md) ID for OpenAI embeddings API call. |	Yes |	N/A |
-| embeddings-backend-auth | Authentication used for Azure OpenAI embeddings API backend. | Yes. Must be set to `system-assigned`. | N/A |
 | ignore-system-messages | Boolean. If set to `true`, removes system messages from a GPT chat completion prompt before assessing cache similarity. | No | false |
 | max-message-count | If specified, number of remaining dialog messages after which caching is skipped. | No | N/A |
                                              
@@ -62,7 +60,7 @@ Use the `azure-openai-semantic-cache-lookup` policy to perform cache lookup of r
 
 - [**Policy sections:**](./api-management-howto-policies.md#sections) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) v2
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
 
 ### Usage notes
 

articles/api-management/azure-openai-semantic-cache-store-policy.md

@@ -46,7 +46,7 @@ The `azure-openai-semantic-cache-store` policy caches responses to Azure OpenAI
 
 - [**Policy sections:**](./api-management-howto-policies.md#sections) outbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) v2
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
 
 ### Usage notes
 

articles/api-management/inject-vnet-v2.md

@@ -88,7 +88,7 @@ When you [create](get-started-create-service-instance.md) a Premium v2 instance
 
 1. In the **Create API Management service** wizard, select the **Networking** tab.
 1. In **Connectivity type**, select **Virtual network**.
-1. In **Type**, select **Injection**. 
+1. In **Type**, select **Virtual Network injection**. 
 1. In **Configure virtual networks**, select the virtual network and the delegated subnet that you want to inject. 
 1. Complete the wizard to create the API Management instance.
 

articles/api-management/llm-semantic-cache-lookup-policy.md

@@ -34,7 +34,6 @@ Use the `llm-semantic-cache-lookup` policy to perform cache lookup of responses
 <llm-semantic-cache-lookup
     score-threshold="similarity score threshold"
     embeddings-backend-id ="backend entity ID for embeddings API"
-    embeddings-backend-auth ="system-assigned"             
     ignore-system-messages="true | false"      
     max-message-count="count" >
     <vary-by>"expression to partition caching"</vary-by>
@@ -47,7 +46,6 @@ Use the `llm-semantic-cache-lookup` policy to perform cache lookup of responses
 | ----------------- | ------------------------------------------------------ | -------- | ------- |
 | score-threshold	| Similarity score threshold used to determine whether to return a cached response to a prompt. Value is a decimal between 0.0 and 1.0. [Learn more](../azure-cache-for-redis/cache-tutorial-semantic-cache.md#change-the-similarity-threshold). | Yes |	N/A |
 | embeddings-backend-id | [Backend](backends.md) ID for OpenAI embeddings API call. |	Yes |	N/A |
-| embeddings-backend-auth | Authentication used for Azure OpenAI embeddings API backend. | Yes. Must be set to `system-assigned`. | N/A |
 | ignore-system-messages | Boolean. If set to `true`, removes system messages from a GPT chat completion prompt before assessing cache similarity. | No | false |
 | max-message-count | If specified, number of remaining dialog messages after which caching is skipped. | No | N/A |
                                              
@@ -62,7 +60,7 @@ Use the `llm-semantic-cache-lookup` policy to perform cache lookup of responses
 
 - [**Policy sections:**](./api-management-howto-policies.md#sections) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) v2
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
 
 ### Usage notes