resolve merge conflict

Author: ktoliver

.openpublishing.redirection.active-directory.json

@@ -1942,8 +1942,8 @@
     },
     {
       "source_path_from_root": "/articles/active-directory/active-directory-b2b-add-user-without-invite.md",
-      "redirect_url": "/azure/active-directory/b2b/add-user-without-invite",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory/external-identities/redemption-experience",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/active-directory-b2b-allow-deny-list.md",
@@ -3908,8 +3908,8 @@
     },
     {
       "source_path_from_root": "/articles/active-directory/b2b/add-user-without-invite.md",
-      "redirect_url": "/azure/active-directory/external-identities/add-user-without-invite",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory/external-identities/redemption-experience",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/b2b/allow-deny-list.md",
@@ -4089,7 +4089,7 @@
     {
       "source_path_from_root": "/articles/active-directory/b2b/redemption-experience.md",
       "redirect_url": "/azure/active-directory/external-identities/redemption-experience",
-      "redirect_document_id": true
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/active-directory/b2b/self-service-portal.md",

.openpublishing.redirection.json

@@ -1163,6 +1163,11 @@
             "redirect_url": "/azure",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/external-identities/add-user-without-invite.md",
+            "redirect_url": "/azure/active-directory/external-identities/redemption-experience",
+            "redirect_document_id": true
+    	 },
         {
             "source_path_from_root": "/articles/active-directory-b2c/active-directory-b2c-landing-custom.md",
             "redirect_url": "/azure/active-directory-b2c",
@@ -27839,6 +27844,11 @@
             "redirect_url": "/azure/virtual-machines/workloads/sap/deployment-checklist",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/sap-get-started-classic.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/get-started",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/migrate/how-to-scale-assessment.md",
             "redirect_url": "scale-hyper-v-assessment",

articles/active-directory-b2c/configure-authentication-sample-ios-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 07/29/2021
+ms.date: 01/06/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -110,10 +110,10 @@ This sample acquires an access token with the relevant scopes that the mobile ap
 
 ## Step 4: Get the iOS mobile app sample
 
-1. [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/archive/refs/heads/vNext.zip), or clone the sample web app from the [GitHub repo](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal). 
+1. [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/archive/refs/heads/master.zip), or clone the sample web app from the [GitHub repo](https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal). 
 
     ```bash
-    git clone https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/tree/vNext.git
+    git clone https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal
     ``` 
 
 1. Use [CocoaPods](https://cocoapods.org/) to install the MSAL library. In a terminal window, go to the project root folder. This folder contains the *podfile* file. Run the following command:

articles/active-directory-b2c/partner-akamai-secure-hybrid-access.md

@@ -385,8 +385,8 @@ Once the Application is deployed in a private environment and a connector is cap
 
   | Header Name  | Attribute |
   |--------------|-----------|
-  | ps-sso-first | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name      |
-  | ps-sso-last  | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
+  | ps-sso-first | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` |
+  | ps-sso-last  | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname` |
   | ps-sso-EmailAddress      | emailaddress |
   | ps-sso-uid   | objectId |
 

articles/active-directory-b2c/whats-new-docs.md

@@ -15,6 +15,30 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+## December 2022
+
+### New articles
+
+- [Build a global identity solution with funnel-based approach](azure-ad-b2c-global-identity-funnel-based-design.md)
+- [Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration](azure-ad-b2c-global-identity-proof-of-concept-funnel.md)
+- [Azure Active Directory B2C global identity framework proof of concept for region-based configuration](azure-ad-b2c-global-identity-proof-of-concept-regional.md)
+- [Build a global identity solution with region-based approach](azure-ad-b2c-global-identity-region-based-design.md)
+- [Azure Active Directory B2C global identity framework](azure-ad-b2c-global-identity-solutions.md)
+
+### Updated articles
+
+- [Set up a resource owner password credentials flow in Azure Active Directory B2C](add-ropc-policy.md)
+- [Use API connectors to customize and extend sign-up user flows and custom policies with external identity data sources](api-connectors-overview.md)
+- [Azure Active Directory B2C: Region availability & data residency](data-residency.md)
+- [Tutorial: Configure Experian with Azure Active Directory B2C](partner-experian.md)
+- [Tutorial: Configure Microsoft Dynamics 365 Fraud Protection with Azure Active Directory B2C](partner-dynamics-365-fraud-protection.md)
+- [Tutorial: Configure Azure Active Directory B2C with Datawiza to provide secure hybrid access](partner-datawiza.md)
+- [Configure TheAccessHub Admin Tool with Azure Active Directory B2C](partner-n8identity.md)
+- [Tutorial: Configure Cloudflare Web Application Firewall with Azure Active Directory B2C](partner-cloudflare.md)
+- [Set up a password reset flow in Azure Active Directory B2C](add-password-reset-policy.md)
+- [What is Azure Active Directory B2C?](overview.md)
+- [Technical and feature overview of Azure Active Directory B2C](technical-overview.md)
+
 ## November 2022
 
 ### New articles
@@ -138,4 +162,4 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 - [Application types that can be used in Active Directory B2C](application-types.md)
 - [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
 - [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](quickstart-native-app-desktop.md)
-- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)
+- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)

articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md

@@ -19,7 +19,7 @@ ms.custom: has-adal-ref
 
 # Certificate user IDs 
 
-Azure AD has a multivalued attribute named **certificateUserIds** on the user object that can be used in Username bindings. The attribute allows up to four values, and each value can be of 120-character length. It can store any value, and doesn't require email ID format. It can store non-routable User Principal Names (UPNs) like _bob@woodgrove_ or _bob@local_.
+Users in Azure AD can have a multivalued attribute named **certificateUserIds**. The attribute allows up to four values, and each value can be of 120-character length. It can store any value, and doesn't require email ID format. It can store non-routable User Principal Names (UPNs) like _bob@woodgrove_ or _bob@local_.
 
 ## Supported patterns for certificate user IDs
 

articles/active-directory/authentication/how-to-mfa-number-match.md

@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/05/2023
+ms.date: 01/06/2023
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -85,7 +85,7 @@ To create the registry key that overrides push notifications:
    Value = TRUE
 1. Restart the NPS Service. 
 
-If you're using Remote Desktop Gateway, the user account must be configured for phone verification, or Microsoft Authenticator push notifications. If neither option is configured, the user won't be able to meet the Azure AD MFA challenge, and Remote Desktop Gateway sign-in will fail. In this case, you can set OVERRIDE_NUMBER_MATCHING_WITH_OTP = FALSE. 
+If you're using Remote Desktop Gateway and the user is registered for OTP code along with Microsoft Authenticator push notifications, the user won't be able to meet the Azure AD MFA challenge and Remote Desktop Gateway sign-in will fail. In this case, you can set OVERRIDE_NUMBER_MATCHING_WITH_TOP = FALSE to fall back to push notifications with Microsoft Authenticator.
 
 ### Apple Watch supported for Microsoft Authenticator
 
@@ -323,7 +323,7 @@ They'll see a prompt to supply a verification code. They must select their accou
 
 ### Can I opt out of number matching?
 
-Yes, currently you can disable number matching. We highly recommend that you enable number matching for all users in your tenant to protect yourself from MFA fatigue attacks. Microsoft will enable number matching for all tenants starting February 27, 2023. After protection is enabled by default, users can't opt out of number matching in Microsoft Authenticator push notifications. 
+Yes, currently you can disable number matching. We highly recommend that you enable number matching for all users in your tenant to protect yourself from MFA fatigue attacks. To protect the ecosystem and mitigate these threats, Microsoft will enable number matching for all tenants starting February 27, 2023. After protection is enabled by default, users can't opt out of number matching in Microsoft Authenticator push notifications. 
 
 ### Does number matching only apply if Microsoft Authenticator is set as the default authentication method?
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -104,11 +104,11 @@ When you install the extension, you need the *Tenant ID* and admin credentials f
 
 ### Network requirements
 
-The NPS server must be able to communicate with the following URLs over ports 80 and 443:
+The NPS server must be able to communicate with the following URLs over TCP port 443:
 
-* *https:\//strongauthenticationservice.auth.microsoft.com*
-* *https:\//strongauthenticationservice.auth.microsoft.us*
-* *https:\//strongauthenticationservice.auth.microsoft.cn*
+* *https:\//strongauthenticationservice.auth.microsoft.com* (for Azure Public cloud customers).
+* *https:\//strongauthenticationservice.auth.microsoft.us* (for Azure Government customers).
+* *https:\//strongauthenticationservice.auth.microsoft.cn* (for Azure China 21Vianet customers). 
 * *https:\//adnotifications.windowsazure.com*
 * *https:\//login.microsoftonline.com*
 * *https:\//credentials.azure.com*

articles/active-directory/azuread-dev/index.yml

@@ -4,11 +4,11 @@ title: Azure Active Directory for developers
 summary: |
   Azure Active Directory (Azure AD) is a cloud identity service that allows developers to build apps that sign in users with a Microsoft work or school account. Azure AD supports building single-tenant line-of-business (LOB) apps as well as multi-tenant apps.
 
-  IMPORTANT: This content is for the older Azure AD v1.0 endpoint, use the Microsoft identity platform for new projects.
+  IMPORTANT: This content is for the older Azure AD v1.0 endpoint, use the Microsoft identity platform (https://aka.ms/identityplatform) for new projects.
 
 metadata:
    ms.topic: landing-page
-   ms.date: 01/27/2020
+   ms.date: 01/06/2023
    author: CelesteDG
    ms.author: celested
    ms.service: active-directory

articles/active-directory/conditional-access/howto-conditional-access-policy-risk-user.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 08/22/2022
+ms.date: 01/06/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -39,7 +39,7 @@ Organizations can choose to deploy this policy using the steps outlined below or
    1. Under **Configure user risk levels needed for policy to be enforced**, select **High**.
    1. Select **Done**.
 1. Under **Access controls** > **Grant**.
-   1. Select **Grant access**, **Require password change**.
+   1. Select **Grant access**, **Require multifactor authentication** and **Require password change**.
    1. Select **Select**.
 1. Under **Session**.
    1. Select **Sign-in frequency**.