Syncing with main. Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into work-desktoppub-mar23

Author: Heidilohr

.openpublishing.publish.config.json

@@ -914,6 +914,12 @@
       "branch": "main",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "azure-ai-vision-sdk",
+      "url": "https://github.com/Azure-Samples/azure-ai-vision-sdk",
+      "branch": "main",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azure-cache-redis-samples",
       "url": "https://github.com/Azure-Samples/azure-cache-redis-samples",

articles/active-directory-b2c/configure-authentication-sample-web-app.md

@@ -75,7 +75,7 @@ To create the web app registration, use the following steps:
 1. Under **Name**, enter a name for the application (for example, *webapp1*).
 1. Under **Supported account types**, select **Accounts in any identity provider or organizational directory (for authenticating users with user flows)**. 
 1. Under **Redirect URI**, select **Web** and then, in the URL box, enter `https://localhost:44316/signin-oidc`.
-1. Under **Implicit grant and hybrid flows**, select the **ID tokens (used for implicit and hybrid flows)** checkbox.
+1. Under  **Authentication**, go to **Implicit grant and hybrid flows**, select the **ID tokens (used for implicit and hybrid flows)** checkbox.
 1. Under **Permissions**, select the **Grant admin consent to openid and offline access permissions** checkbox.
 1. Select **Register**.
 1. Select **Overview**.

articles/active-directory-domain-services/concepts-custom-attributes.md

@@ -2,15 +2,15 @@
 title: Create and manage custom attributes for Azure AD Domain Services | Microsoft Docs
 description: Learn how to create and manage custom attributes in an Azure AD DS managed domain.
 services: active-directory-ds
-author: justinha
+author: AlexCesarini
 manager: amycolannino
 
 ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/06/2023
+ms.date: 03/07/2023
 ms.author: justinha
 
 ---
@@ -44,7 +44,7 @@ After you create a managed domain, click **Custom Attributes (Preview)** under *
 
 ## Enable predefined attribute synchronization 
 
-Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1.0).
+Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes).
 
 ## Synchronize Azure AD directory extension attributes 
 

articles/active-directory/develop/msal-b2c-overview.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 06/05/2020
+ms.date: 03/07/2023
 ms.author: henrymbugua
 ms.reviewer: nacanuma, negoe
 ms.custom: aaddev devx-track-js
@@ -20,7 +20,7 @@ ms.custom: aaddev devx-track-js
 
 The [Microsoft Authentication Library for JavaScript (MSAL.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js) enables JavaScript developers to authenticate users with social and local identities using [Azure Active Directory B2C](../../active-directory-b2c/overview.md) (Azure AD B2C).
 
-By using Azure AD B2C as an identity management service, you can customize and control how your customers sign up, sign in, and manage their profiles when they use your applications. 
+By using Azure AD B2C as an identity management service, you can customize and control how your customers sign up, sign in, and manage their profiles when they use your applications.
 
 Azure AD B2C also enables you to brand and customize the UI that your application displays during the authentication process.
 
@@ -40,4 +40,4 @@ For more information, see: [Working with Azure AD B2C](https://github.com/AzureA
 Follow the tutorial on how to:
 
 - [Sign in users with Azure AD B2C in a single-page application](../../active-directory-b2c/configure-authentication-sample-spa-app.md)
-- [Call an Azure AD B2C protected web API](../../active-directory-b2c/enable-authentication-web-api.md)
+- [Call an Azure AD B2C protected web API](../../active-directory-b2c/enable-authentication-web-api.md)

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-overview.md

@@ -51,7 +51,7 @@ With cross-tenant synchronization, you can do the following:
 
 ## Teams and Microsoft 365
 
-Users created by cross-tenant synchronization will have the same experience when accessing Microsoft Teams and other Microsoft 365 services as B2B collaboration users created through a manual invitation. The [userType](../external-identities/user-properties.md) property on the B2B user, whether guest or member, does change the end user experience. Over time, the member userType will be used by the various Microsoft 365 services to provide differentiated end user experiences for users in a multi-tenant organization. 
+Users created by cross-tenant synchronization will have the same experience when accessing Microsoft Teams and other Microsoft 365 services as B2B collaboration users created through a manual invitation. The [userType](../external-identities/user-properties.md) property on the B2B user, whether guest or member, does not change the end user experience. Over time, the member userType will be used by the various Microsoft 365 services to provide differentiated end user experiences for users in a multi-tenant organization. 
 
 ## Properties
 

articles/active-directory/saas-apps/ardoq-provisioning-tutorial.md

@@ -40,12 +40,23 @@ The scenario outlined in this tutorial assumes that you already have the followi
 1. Determine what data to [map between Azure AD and Ardoq](../app-provisioning/customize-application-attributes.md).
 
 ## Step 2. Configure Ardoq to support provisioning with Azure AD
+* Provisioning is gated by a feature toggle in Ardoq.  If you intend to configure SSO or have already done so, Ardoq will automatically recognize that Azure AD is in use, and the provisioning feature will be automatically enabled.
 
-1. Log in to [Ardoq](https://aad.ardoq.com/). 
+* If you don't intend to use the provisioning features of Azure AD along with SSO, please reach out to Ardoq customer support and they'll manually enable support for provisioning.
+
+Before we proceed we need to obtain a *Tenant Url* and a *Secret Token*, to configure secure communcation between Azure AD and Ardoq.
+
+
+
+
+1. Log in to Ardoq admin console. 
 1. In the left menu click on profile logo and, navigate to **Organization Settings->Manage Organization->Manage SCIM Token**.
 1. Click on **Generate new**.
 1. Copy and save the **Token**.This value will be entered in the **Secret Token** field in the Provisioning tab of your Ardoq application in the Azure portal. 
-1. And `https://aad.ardoq.com/api/scim/v2` will be entered in the **Tenant Url** field in the Provisioning tab of your Ardoq application in the Azure portal.
+1. To create your *tenant URL*, use this template: `https://<YOUR-SUBDOMAIN>.ardoq.com/api/scim/v2` by replacing the placeholder text `<YOUR-SUBDOMAIN>`.This value will be entered in the **Tenant Url** field in the Provisioning tab of your Ardoq application in the Azure portal.
+
+	>[!NOTE]
+	>`<YOUR-SUBDOMAIN>` is the subdomain your organization has chosen to access Ardoq. This is the same URL segment you use when you access the Ardoq app. For example, if your organization accesses Ardoq at `https://acme.ardoq.com` you'd fill in `acme.  If you're in the US and access Ardoq at `https://piedpiper.us.ardoq.com`  then you'd fill in `piedpiper.us`.
 
 ## Step 3. Add Ardoq from the Azure AD application gallery
 

articles/api-management/TOC.yml

@@ -88,8 +88,6 @@
         href: devops-api-development-templates.md  
       - name: APIs
         items:
-            - name: GraphQL APIs
-              href: graphql-apis-overview.md
             - name: API design ebook
               href: https://azure.microsoft.com/mediahandler/files/resourcefiles/api-design/Azure_API-Design_Guide_eBook.pdf?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
             - name: RESTful web API design
@@ -267,8 +265,6 @@
                 - name: Manage secrets using named values
                   displayName: Azure CLI, az apim nv
                   href: api-management-howto-properties.md
-                - name: Configure a GraphQL resolver
-                  href: configure-graphql-resolver.md
       - name: Secure your APIs
         items:
           - name: Secure API access
@@ -436,8 +432,6 @@
               href: forward-request-policy.md
             - name: get-authorization-context
               href: get-authorization-context-policy.md
-            - name: http-data-source
-              href: http-data-source-policy.md
             - name: include-fragment
               href: include-fragment-policy.md
             - name: invoke-dapr-binding
@@ -454,8 +448,6 @@
               href: mock-response-policy.md
             - name: proxy
               href: proxy-policy.md
-            - name: publish-event
-              href: publish-event-policy.md
             - name: publish-to-dapr
               href: publish-to-dapr-policy.md
             - name: quota

articles/api-management/api-management-features.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 02/22/2023
+ms.date: 02/07/2022
 ms.author: danlep
 ---
 
@@ -38,11 +38,12 @@ Each API Management [pricing tier](https://aka.ms/apimpricing) offers a distinct
 | Direct management API                                                                        | No          | Yes       | Yes   | Yes      | Yes     |
 | Azure Monitor logs and metrics                                                               | No          | Yes       | Yes   | Yes      | Yes     |
 | Static IP                                                                                    | No          | Yes       | Yes   | Yes      | Yes     |
-| [Pass-through WebSocket APIs](websocket-api.md)                                                                                    | No          | Yes       | Yes   | Yes      | Yes     |
-| [Pass-through GraphQL APIs](graphql-apis-overview.md)                                                                               | Yes          | Yes       | Yes   | Yes      | Yes     |
-| [Synthetic GraphQL APIs](graphql-apis-overview.md)                                            | Yes           | Yes       | Yes   | Yes      | Yes     |
+| [WebSocket APIs](websocket-api.md)                                                                                    | No          | Yes       | Yes   | Yes      | Yes     |
+| [GraphQL APIs](graphql-api.md)<sup>5</sup>                                                                               | Yes          | Yes       | Yes   | Yes      | Yes     |
+| [Synthetic GraphQL APIs (preview)](graphql-schema-resolve-api.md)                                            | No           | Yes       | Yes   | Yes      | Yes     |
 
 <sup>1</sup> Enables the use of Azure AD (and Azure AD B2C) as an identity provider for user sign in on the developer portal.<br/>
 <sup>2</sup> Including related functionality such as users, groups, issues, applications, and email templates and notifications.<br/>
 <sup>3</sup> See [Gateway overview](api-management-gateways-overview.md#feature-comparison-managed-versus-self-hosted-gateways) for a feature comparison of managed versus self-hosted gateways. In the Developer tier self-hosted gateways are limited to a single gateway node. <br/>
-<sup>4</sup> The following policies aren't available in the Consumption tier: rate limit by key and quota by key.
+<sup>4</sup> The following policies aren't available in the Consumption tier: rate limit by key and quota by key. <br/>
+<sup>5</sup> GraphQL subscriptions aren't supported in the Consumption tier.

articles/api-management/api-management-gateways-overview.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: conceptual
-ms.date: 02/22/2023
+ms.date: 08/04/2022
 ms.author: danlep
 ---
 
@@ -91,9 +91,11 @@ The following table compares features available in the managed gateway versus th
 | [Function App](import-function-app-as-api.md) |  ✔️ | ✔️ | ✔️ |
 | [Container App](import-container-app-with-oas.md) |  ✔️ | ✔️ | ✔️ |
 | [Service Fabric](../service-fabric/service-fabric-api-management-overview.md) |  Developer, Premium |  ❌ | ❌ |
-| [Pass-through GraphQL](graphql-apis-overview.md) |  ✔️ | ✔️ | ❌ |
-| [Synthetic GraphQL](graphql-apis-overview.md)|  ✔️ |  ✔️ | ❌ |
-| [Pass-through WebSocket](websocket-api.md) |  ✔️ |  ❌ | ❌ |
+| [Passthrough GraphQL](graphql-api.md) |  ✔️ | ✔️<sup>1</sup> | ❌ |
+| [Synthetic GraphQL](graphql-schema-resolve-api.md) |  ✔️ |  ❌ | ❌ |
+| [Passthrough WebSocket](websocket-api.md) |  ✔️ |  ❌ | ❌ |
+
+<sup>1</sup> GraphQL subscriptions aren't supported in the Consumption tier.
 
 ### Policies
 
@@ -102,9 +104,9 @@ Managed and self-hosted gateways support all available [policies](api-management
 | Policy | Managed (Dedicated)  | Managed (Consumption) | Self-hosted<sup>1</sup>  |
 | --- | ----- | ----- | ---------- |
 | [Dapr integration](api-management-policies.md#dapr-integration-policies) |  ❌ | ❌ | ✔️ |
-| [GraphQL resolvers](api-management-policies.md#graphql-resolver-policies) and [GraphQL validation](api-management-policies.md#validation-policies)|  ✔️ | ✔️ | ❌ |
-| [Get authorization context](get-authorization-context-policy.md) |  ✔️ |  ✔️ | ❌ |
+| [Get authorization context](get-authorization-context-policy.md) |  ✔️ |  ❌ | ❌ |
 | [Quota and rate limit](api-management-policies.md#access-restriction-policies) |  ✔️ |  ✔️<sup>2</sup> | ✔️<sup>3</sup>
+| [Set GraphQL resolver](set-graphql-resolver-policy.md) |  ✔️ |  ❌ | ❌ |
 
 <sup>1</sup> Configured policies that aren't supported by the self-hosted gateway are skipped during policy execution.<br/>
 <sup>2</sup> The rate limit by key and quota by key policies aren't available in the Consumption tier.<br/>

articles/api-management/api-management-howto-developer-portal-customize.md

@@ -168,8 +168,7 @@ Although you don't need to adjust any styles, you may consider adjusting particu
 You can control which portal content appears to different users, based on their identity. For example, you might want to display certain pages only to users who have access to a specific product or API. Or, make a section of a page appear only for certain [groups of users](api-management-howto-create-groups.md). The developer portal has built-in controls for these needs.
 
 > [!NOTE]
-> * These controls are being released during December 2022. It may take several weeks for your API Management service to receive the update.
-> * Visibility and access controls are supported only in the managed developer portal. They are not supported in the [self-hosted portal](developer-portal-self-host.md).
+> Visibility and access controls are supported only in the managed developer portal. They are not supported in the [self-hosted portal](developer-portal-self-host.md).
 
 * When you add or edit a page, select the **Access** tab to control the users or groups that can access the page