Merge branch 'main' into user-group-quota-reporting

Author: netapp-manishc

.openpublishing.publish.config.json

@@ -500,6 +500,12 @@
             "branch": "v1.x",
             "branch_mapping": {}
         },
+        {
+            "path_to_root": "functions-scenarios-quickstart-sql",
+            "url": "https://github.com/Azure-Samples/functions-quickstart-dotnet-azd-sql",
+            "branch": "main",
+            "branch_mapping": {}
+        },        
         {
             "path_to_root": "functions-sql-todo-sample",
             "url": "https://github.com/Azure-Samples/azure-sql-binding-func-dotnet-todo",

.openpublishing.redirection.json

@@ -69,7 +69,7 @@ In summary, you'll use Azure Lighthouse to allow a user or group in your Azure A
 
 - An Azure AD B2C account with [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) role on the Azure AD B2C tenant.
 
--  A Microsoft Entra account with the [Owner](../role-based-access-control/built-in-roles.md#owner) role in the Microsoft Entra subscription. See how to [Assign a user as an administrator of an Azure subscription](../role-based-access-control/role-assignments-portal-subscription-admin.yml). 
+-  A Microsoft Entra account with the [Owner](../role-based-access-control/built-in-roles.md#owner) role in the Microsoft Entra subscription. See how to [Assign a user as an administrator of an Azure subscription](/azure/role-based-access-control/role-assignments-portal-subscription-admin). 
 
 ## 1. Create or choose resource group
 

articles/active-directory-b2c/azure-monitor.md

@@ -18,7 +18,7 @@ ms.subservice: b2c
 
 [!INCLUDE [active-directory-b2c-end-of-sale-notice-b](../../includes/active-directory-b2c-end-of-sale-notice-b.md)]
 
-In this sample tutorial, learn how to migrate a legacy application using header-based authentication to Azure Active Directory B2C (Azure AD B2C) with [Grit's app proxy](https://www.gritiam.com/appProxy.html).
+In this sample tutorial, learn how to migrate a legacy application using header-based authentication to Azure Active Directory B2C (Azure AD B2C) with [Grit's app proxy](https://www.gritiam.com/grit_legacy_app_proxy.html).
 
 Benefits of using Grit's app proxy are as follows:
 
@@ -122,7 +122,7 @@ From the list, select the IdP.
 
 ## Additional resources
 
-- [Grit app proxy documentation](https://www.gritiam.com/appProxy.html)
+- [Grit app proxy documentation](https://www.gritiam.com/grit_legacy_app_proxy.html)
 
 - [Configure the Grit IAM B2B2C solution with Azure AD B2C](partner-grit-iam.md)
 

articles/active-directory-b2c/partner-grit-app-proxy.md

@@ -19,7 +19,7 @@ ms.subservice: b2c
 
 [!INCLUDE [active-directory-b2c-end-of-sale-notice-b](../../includes/active-directory-b2c-end-of-sale-notice-b.md)]
 
-[Grit Software Systems Visual Identity Experience Framework (IEF) Editor](https://www.gritiam.com/iefeditor.html), is a tool that saves time during Azure Active Directory B2C (Azure AD B2C) authentication deployment. It supports multiple languages without the need to write code. It also has a no code debugger for user journeys.
+[Grit Software Systems Visual Identity Experience Framework (IEF) Editor](https://www.gritiam.com/visual_authentication.html), is a tool that saves time during Azure Active Directory B2C (Azure AD B2C) authentication deployment. It supports multiple languages without the need to write code. It also has a no code debugger for user journeys.
 
 Use the Visual IEF Editor to:
 

articles/active-directory-b2c/partner-grit-editor.md

@@ -18,7 +18,7 @@ ms.subservice: b2c
 
 [!INCLUDE [active-directory-b2c-end-of-sale-notice-b](../../includes/active-directory-b2c-end-of-sale-notice-b.md)]
 
-In this tutorial, you learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with a [Grit IAM B2B2C](https://www.gritiam.com/b2b2c.html) solution. You can use the solution to provide secure, reliable, self-serviceable, and user-friendly identity and access management to your customers. Shared profile data such as first name, last name, home address, and email used in web and mobile applications are stored in a centralized manner with consideration to compliance and regulatory needs.
+In this tutorial, you learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with a [Grit IAM B2B2C](https://www.gritiam.com/IAM_solution_for_B2B2C.html) solution. You can use the solution to provide secure, reliable, self-serviceable, and user-friendly identity and access management to your customers. Shared profile data such as first name, last name, home address, and email used in web and mobile applications are stored in a centralized manner with consideration to compliance and regulatory needs.
 
 
 Use Grit's B2BB2C solution for:
@@ -30,7 +30,7 @@ Use Grit's B2BB2C solution for:
 
 To get started, ensure the following prerequisites are met:
 
-- A Grit IAM account. You can go to [Grit IAM B2B2C solution](https://www.gritiam.com/b2b2c.html) to get a demo.
+- A Grit IAM account. You can go to [Grit IAM B2B2C solution](https://www.gritiam.com/IAM_solution_for_B2B2C.html) to get a demo.
 - A Microsoft Entra subscription. If you don't have one, you can create a [free Azure account](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 - An Azure AD B2C tenant linked to the Azure subscription. You can learn more at [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md). 
 - Configure your application in the Azure portal. 

articles/active-directory-b2c/partner-grit-iam.md

@@ -7,7 +7,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 10/23/2024
+ms.date: 11/05/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: sfi-image-nochange
@@ -93,7 +93,7 @@ Take the following actions to help mitigate fraudulent sign-ups.
    - [Configure a Conditional Access policy](conditional-access-user-flow.md) to block sign-ins based on location (applies to sign-in flows only, not sign-up flows).
    - To prevent automated attacks on your consumer-facing apps, [enable CAPTCHA](add-captcha.md). Azure AD B2C’s CAPTCHA supports both audio and visual CAPTCHA challenges, and applies to both sign-up and sign-in flows for your local accounts.
 
-- Remove country codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups):
+- Remove country/region codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups):
 
    1. Sign in to the [Azure portal](https://portal.azure.com) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
    1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
@@ -104,9 +104,9 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
    1. Open the JSON file that was downloaded in the previous step. In the file, search for `DEFAULT`, and replace the line with `"Value": "{\"DEFAULT\":\"Country/Region\",\"US\":\"United States\"}"`. Be sure to set `Overrides` to `true`.
 
- To implement SMS blocking effectively, make sure the Overrides setting is enabled (set to true) only for your organization’s primary or default language. Do not enable Overrides for any secondary or non-primary languages, as this can cause unexpected SMS blocking. Since the countryList in the JSON file acts as an allow list, be sure to include all countries that should be permitted to send SMS in this list for the primary language configuration when Overrides is true.
+ To implement SMS blocking effectively, make sure the Overrides setting is enabled (set to true) only for your organization’s primary or default language. Do not enable Overrides for any secondary or non-primary languages, as this can cause unexpected SMS blocking. Since the countryList in the JSON file acts as an allow list, be sure to include all countries/regions that should be permitted to send SMS in this list for the primary language configuration when Overrides is true.
    > [!NOTE]
-   > You can customize the list of allowed country codes in the `countryList` element (see the [Phone factor authentication page example](localization-string-ids.md#phone-factor-authentication-page-example)).
+   > You can customize the list of allowed country/region codes in the `countryList` element (see the [Phone factor authentication page example](localization-string-ids.md#phone-factor-authentication-page-example)).
 
    1. Save the JSON file. In the language details panel, under **Upload new overrides**, select the modified JSON file to upload it.
    1. Close the panel and select **Run user flow**. For this example, confirm that **United States** is the only country code available in the dropdown:
@@ -115,11 +115,32 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
 ## Mitigate fraudulent sign-ups for custom policy
 
-To help prevent fraudulent sign-ups, remove any country codes that do not apply to your organization by following these steps:
+To help prevent fraudulent sign-ups, remove any country/region codes that do not apply to your organization by following these steps:
 
-1. Locate the policy file that defines the `RelyingParty`. For example, in the [Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), this is usually the SignUpOrSignin.xml file.
+1. Locate the policy file that defines the `RelyingParty`. For example, in the [Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), this is usually the SignUpOrSignin.xml file. See the following snippet.
 
-1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country codes relevant to your organization:
+     ```xml
+    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+    <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
+    
+      <BasePolicy>
+        <TenantId>yourtenant.onmicrosoft.com</TenantId>
+        <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
+      </BasePolicy>
+    
+      <BuildingBlocks>
+         <!-- Add the XML code outlined in Step 2 if this section. -->
+      </BuildingBlocks>
+    
+      <RelyingParty>
+        ...
+      </RelyingParty>
+    </TrustFrameworkPolicy>
+    ```
+
+1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country/region codes relevant to your organization:
 
    ```xml
     <BuildingBlocks>
@@ -155,10 +176,13 @@ To help prevent fraudulent sign-ups, remove any country codes that do not apply
      </BuildingBlocks>
     ```
 
-The countryList acts as an allow list. Only the countries you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries are blocked.
+    The countryList acts as an allow list. Only the countries/regions you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries/regions are blocked.
+
+  > [!IMPORTANT]
+  > This code must be added to the relying party policy to ensure the country/region code restrictions are properly enforced on the server side. 
 
 ## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md) 
 
-- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)
+- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)

articles/active-directory-b2c/phone-based-mfa.md

@@ -4,7 +4,21 @@
             "source_path_from_root": "/articles/api-center/use-vscode-extension.md",
             "redirect_url": "/azure/api-center/build-register-apis-vscode-extension",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/api-center/add-metadata-properties.md",
+            "redirect_url": "tutorials/add-metadata-properties",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/api-center/configure-environments-deployments.md",
+            "redirect_url": "tutorials/configure-environments-deployments",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/api-center/register-apis.md",
+            "redirect_url": "tutorials/register-apis",
+            "redirect_document_id": true
         }
-
     ]
 }

articles/api-center/.openpublishing.redirection.json

@@ -28,11 +28,13 @@
   - name: Tutorials
     items:
     - name: 1 - Define custom metadata
-      href: add-metadata-properties.md
+      href: ./tutorials/add-metadata-properties.md
     - name: 2 - Add APIs to the inventory
-      href: register-apis.md
+      href: ./tutorials/register-apis.md
     - name: 3 - Add environments and deployments
-      href: configure-environments-deployments.md
+      href: ./tutorials/configure-environments-deployments.md
+    - name: 4 - Link an API Management instance
+      href: ../api-management/tutorials/link-api-center.md
   expanded: true
 - name: API inventory
   items:
@@ -121,4 +123,4 @@
   - name: Azure updates
     href: https://aka.ms/apic/updates
   - name: MCP Center
-    href: https://mcp.azure.com
+    href: https://mcp.azure.com

articles/api-center/TOC.yml

@@ -26,9 +26,9 @@ You can configure settings to authorize access to APIs in your [API center](over
 
 * An API center in your Azure subscription. If you haven't created one already, see [Quickstart: Create your API center](set-up-api-center.md).
 
-* Register at least one API in your API center. For more information, see [Tutorial: Register APIs in your API inventory](register-apis.md).
+* Register at least one API in your API center. For more information, see [Tutorial: Register APIs in your API inventory](./tutorials/register-apis.md).
 
-* Configure an environment and a deployment for the API. For more information, see [Tutorial: Add environments and deployments for APIs](configure-environments-deployments.md).
+* Configure an environment and a deployment for the API. For more information, see [Tutorial: Add environments and deployments for APIs](./tutorials/configure-environments-deployments.md).
 
 * Set up the API Center portal. For more information, see [Set up API Center portal](set-up-api-center-portal.md).