Merge branch 'main' into zr-menu

Author: b-ahibbard

.openpublishing.publish.config.json

@@ -834,12 +834,6 @@
             "branch": "tutorial",
             "branch_mapping": {}
         },
-        {
-            "path_to_root": "samples-tsi",
-            "url": "https://github.com/Azure-Samples/Azure-Time-Series-Insights",
-            "branch": "master",
-            "branch_mapping": {}
-        },
         {
             "path_to_root": "storage-mgmt-devguide-dotnet",
             "url": "https://github.com/Azure-Samples/storage-mgmt-devguide-dotnet",

.openpublishing.redirection.json

@@ -2892,7 +2892,12 @@
     },
     {
       "source_path_from_root": "/articles/bastion/quickstart-developer-sku.md",
-      "redirect_url": "/azure/bastion/quickstart-developer",
+      "redirect_url": "/azure/bastion/quickstart-host-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/bastion/quickstart-developer.md",
+      "redirect_url": "/azure/bastion/quickstart-host-portal",
       "redirect_document_id": false
     },
     {
@@ -2907,7 +2912,12 @@
     },
     {
       "source_path_from_root": "/articles/bastion/bastion-create-host-portal.md",
-      "redirect_url": "/azure/bastion/tutorial-create-host-portal",
+      "redirect_url": "/azure/bastion/quickstart-host-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/bastion/tutorial-create-host-portal.md",
+      "redirect_url": "/azure/bastion/quickstart-host-portal",
       "redirect_document_id": false
     },
     {
@@ -6628,7 +6638,7 @@
     {
       "source_path": "articles/vpn-gateway/about-zone-redundant-vnet-gateways.md",
       "redirect_url": "/azure/reliability/reliability-virtual-network-gateway",
-      "redirect_document_id": true
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/dns/dns-sdk.md",
@@ -6640,10 +6650,35 @@
       "redirect_url": "/azure/oracle/oracle-db/database-overview",
       "redirect_document_id": false
     },
+    { 
+      "source_path": "articles/cyclecloud/how-to/ccws/register-entra-id-app.md",
+      "redirect_url": "/azure/cyclecloud/how-to/create-app-registration",
+      "redirect_document_id": false
+    },
+    { 
+      "source_path": "articles/cyclecloud/how-to/ccws/open-ondemand-add-users.md",
+      "redirect_url": "/azure/cyclecloud/how-to/ccws/configure-open-ondemand",
+      "redirect_document_id": false
+    },   
+    {
+      "source_path": "articles/reliability/reliability-health-insights.md",
+      "redirect_url": "/azure/azure-health-insights/reliability-health-insights",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/migrate-load-balancer.md",
+      "redirect_url": "/azure/reliability/reliability-load-balancer",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/nat-gateway/nat-availability-zones.md",
       "redirect_url": "/azure/reliability/reliability-nat-gateway",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path": "articles/cyclecloud/how-to/collect-custom-metrics-gpu-infiniband-telegraf.md",
+      "redirect_url": "/azure/cyclecloud/how-to/monitor-cyclecloud-cluster-using-prometheus-grafana",
+      "redirect_document_id": false
+    }    
   ]
-}
+}

articles/active-directory-b2c/add-captcha.md

@@ -11,7 +11,7 @@ ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
 
-#Customer intent: As a developer, I want to enable CAPTCHA in consumer-facing application that is secured by Azure Active Directory B2C, so that I can protect my sign-in and sign-up flows from automated attacks.
+#Customer intent: As a developer, I want to enable CAPTCHA in a consumer-facing application that is secured by Azure Active Directory B2C, so that I can protect my sign-in and sign-up flows from automated attacks.
 
 ---
 
@@ -21,7 +21,7 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA to prevent automated attacks on your consumer-facing applications. Azure AD B2C’s CAPTCHA supports both audio and visual CAPTCHA challenges. You can enable this security feature in both sign-up and sign-in flows for your local accounts. CAPTCHA isn't applicable for social identity providers' sign-in.   
+Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA to prevent automated attacks on your consumer-facing applications. Azure AD B2C CAPTCHA supports both audio and visual challenges. You can enable this security feature in both sign-up and sign-in flows for your local accounts. CAPTCHA isn't applicable for social identity providers' sign-in.   
 
 > [!NOTE]
 > This feature is in public preview
@@ -52,7 +52,7 @@ Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA to preven
 
 ## Test the user flow
 
-Use the steps in [Test the user flow](tutorial-create-user-flows.md?pivots=b2c-user-flow#test-the-user-flow-1) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type, visual, or audio, you choose.
+Use the steps in [Test the user flow](tutorial-create-user-flows.md?pivots=b2c-user-flow#test-the-user-flow-1) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type (visual or audio) that you choose.
 
 ::: zone-end
 
@@ -395,7 +395,7 @@ Use the steps in [Test the custom policy](tutorial-create-user-flows.md?pivots=b
 
 > [!NOTE]
 > - You can't add CAPTCHA to an MFA step in a sign-up only user flow.
-> - In an MFA flow, CAPTCHA is applicable where the MFA method you select is SMS or phone call, SMS only or Phone call only.
+> - In an MFA flow, CAPTCHA is applicable where the MFA method you select is SMS or phone call, SMS only, or phone call only.
 
 ## Related content
 

articles/active-directory-b2c/add-password-reset-policy.md

@@ -12,7 +12,7 @@ ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
 ms.custom: sfi-image-nochange
 
-#Customer Intent: As an Azure AD B2C administrator, I want to set up a password reset flow for local accounts, so that users can reset their passwords if they forget them.
+# Customer Intent: As an Azure AD B2C administrator, I want to set up a password reset flow for local accounts, so that users can reset their passwords if they forget them.
 ---
 
 # Set up a password reset flow in Azure Active Directory B2C
@@ -43,7 +43,7 @@ The default name of the **Change email** button in *selfAsserted.html* is **chan
 [!INCLUDE [active-directory-b2c-customization-prerequisites](../../includes/active-directory-b2c-customization-prerequisites.md)]
 
 
-- The B2C Users need to have an authentication method specified for self-service password reset. Select the B2C User, in the left menu under **Manage**, select **Authentication methods**. Ensure **Authentication contact info** is set. B2C users created via a Sign-up flow has this set by default. For users created via Azure Portal or by Graph API, you need to set **Authentication contact info** for SSPR to work. 
+- The B2C users need to have an authentication method specified for self-service password reset. Select the B2C User, in the left menu under **Manage**, select **Authentication methods**. Ensure **Authentication contact info** is set. B2C users created via a Sign-up flow has this set by default. For users created via Azure Portal or by Graph API, you need to set **Authentication contact info** for SSPR to work. 
 
 
 ## Self-service password reset (recommended)
@@ -52,7 +52,7 @@ The new password reset experience is now part of the sign-up or sign-in policy.
 
 ::: zone pivot="b2c-user-flow"
 
-The self-service password reset experience can be configured for the Sign in (Recommended) or Sign up and sign in (Recommended) user flows. If you don't have one of these user flows setup, create a [sign-up or sign-in](add-sign-up-and-sign-in-policy.md) user flow.
+The self-service password reset experience can be configured for the Sign in (Recommended) or Sign up and sign in (Recommended) user flows. If you don't have one of these user flows set up, create a [sign-up or sign-in](add-sign-up-and-sign-in-policy.md) user flow.
 
 To set up self-service password reset for the sign-up or sign-in user flow:
 

articles/active-directory-b2c/authorization-code-flow.md

@@ -69,13 +69,16 @@ client_id=00001111-aaaa-2222-bbbb-3333cccc4444
 | redirect_uri |Required |The redirect URI of your app, where authentication responses are sent and received by your app. It must exactly match one of the redirect URIs that you registered in the portal, except that it must be URL-encoded. |
 | scope |Required |A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application needs a *refresh token* for extended access to resources. The client-id indicates the token issued are intended for use by Azure AD B2C registered client. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). |
 | response_mode |Recommended |The method that you use to send the resulting authorization code back to your app. It can be `query`, `form_post`, or `fragment`. |
-| state |Recommended |A value included in the request that can be a string of any content that you want to use. Usually, a randomly generated unique value is  used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the user flow that was being executed. |
 | prompt |Optional |The type of user interaction that is required. Currently, the only valid value is `login`, which forces the user to enter their credentials on that request. Single sign-on won't take effect. |
 | code_challenge  | recommended / required | Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). Required if `code_challenge_method` is included. You need to add logic in your application to generate the `code_verifier` and `code_challenge`. The `code_challenge` is a Base64 URL-encoded SHA256 hash of the `code_verifier`. You store the `code_verifier` in your application for later use, and send the `code_challenge` along with the authorization request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is now recommended for all application types - native apps, SPAs, and confidential clients like web apps. | 
 | `code_challenge_method` | recommended / required | The method used to encode the `code_verifier` for the `code_challenge` parameter. This *SHOULD* be `S256`, but the spec allows the use of `plain` if for some reason the client can't support SHA256. <br/><br/>If you exclude the `code_challenge_method`, but still include the `code_challenge`, then the  `code_challenge` is assumed to be plaintext. Microsoft identity platform supports both `plain` and `S256`. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is required for [single page apps using the authorization code flow](tutorial-register-spa.md).|
 | login_hint | No| Can be used to prefill the sign-in name field of the sign-in page. For more information, see [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name).  |
 | domain_hint | No| Provides a hint to Azure AD B2C about the social identity provider that should be used for sign-in. If a valid value is included, the user goes directly to the identity provider sign-in page.  For more information, see [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider). |
 | Custom parameters | No| Custom parameters that can be used with [custom policies](custom-policy-overview.md). For example, [dynamic custom page content URI](customize-ui-with-html.md?pivots=b2c-custom-policy#configure-dynamic-custom-page-content-uri), or [key-value claim resolvers](claim-resolver-overview.md#oauth2-key-value-parameters). |
+| state |Recommended |A value included in the request that can be a string of any content that you want to use. Usually, a randomly generated unique value is  used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the user flow that was being executed. |
+
+> [!IMPORTANT]
+> For security and privacy, do not put URLs or other sensitive data directly in the state parameter. Instead, use a key or identifier that corresponds to data stored in browser storage, such as localStorage or sessionStorage. This approach lets your app securely reference the necessary data after authentication.
 
 At this point, the user is asked to complete the user flow's workflow. This might involve the user entering their username and password, signing in with a social identity, signing up for the directory, or any other number of steps. User actions depend on how the user flow is defined.
 

articles/active-directory-b2c/phone-based-mfa.md

@@ -7,7 +7,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 11/05/2025
+ms.date: 1/23/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: sfi-image-nochange
@@ -123,22 +123,29 @@ To help prevent fraudulent sign-ups, remove any country/region codes that do not
     <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
     <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
+      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
+      PolicySchemaVersion="0.3.0.0"
+      TenantId="yourtenant.onmicrosoft.com"
+      PolicyId="B2C_1A_signup_signin"
+      PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
 
       <BasePolicy>
         <TenantId>yourtenant.onmicrosoft.com</TenantId>
         <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
       </BasePolicy>
-    
+
+      <!-- Add this BuildingBlocks section to the relying party policy. -->
       <BuildingBlocks>
-         <!-- Add the XML code outlined in Step 2 if this section. -->
+         <!-- Add the XML code outlined in Step 2 in this section. -->
       </BuildingBlocks>
 
       <RelyingParty>
         ...
       </RelyingParty>
     </TrustFrameworkPolicy>
     ```
+  > [!IMPORTANT]
+  >Add the code in step 2 to the _relying party policy_ to enforce country/region code restrictions on the server side. You must not define these elements only in parent policies; put them in the relying party policy.
 
 1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country/region codes relevant to your organization:
 
@@ -178,11 +185,8 @@ To help prevent fraudulent sign-ups, remove any country/region codes that do not
 
     The countryList acts as an allow list. Only the countries/regions you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries/regions are blocked.
 
-  > [!IMPORTANT]
-  > This code must be added to the relying party policy to ensure the country/region code restrictions are properly enforced on the server side. 
+
 
 ## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md) 
-
-- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)

articles/active-directory-b2c/service-limits.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 01/08/2026
+ms.date: 01/22/2026
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
 
@@ -186,7 +186,7 @@ The following table lists the administrative configuration limits in the Azure A
 
 ## Region specific service limits 
 
-As a protection for our customers, Microsoft places some restrictions on telephony verification for certain region codes. The following table lists the region codes and their corresponding limits. These limits apply to both SMS and Voice verification.
+As a protection for our customers, Microsoft places some restrictions on telephony verification for certain region codes. The following table lists the region codes and their corresponding limits. Only SMS verification is subject to these limits.
 
 | Region Code | Region Name                                    | Limit per tenant per 60 minutes | Limit per tenant per 24 hours            |                         
 |:----------- |:---------------------------------------------- |:------------------------------- | :----------------------------------------|

articles/api-center/agent-to-agent-overview.md

@@ -1,8 +1,8 @@
 ---
 title: Agent registry in Azure API Center
 description: "Overview of the agent registry for discovering, registering, and managing A2A agents in API Center."
-author: ProfessorKendrick
-ms.author: kkendrick
+
+
 ms.service: azure-api-center
 ms.topic: overview
 ms.date: 11/03/2025

articles/api-center/authorize-api-access.md

@@ -1,11 +1,11 @@
 ---
 title: Configure API access in Azure API Center
 description: Learn how to configure access to APIs in the Azure API Center inventory using API keys or OAuth 2.0 authorization. Users authorized for access can test APIs in the API Center portal.
-author: dlepow
+
 ms.service: azure-api-center
 ms.topic: how-to
 ms.date: 06/02/2025
-ms.author: danlep 
+ 
 ms.custom: 
 # Customer intent: As an API program manager, I want to store API authorization information in my API center and enable authorized users to test APIs in the API Center portal.
 ---

articles/api-center/build-register-apis-vscode-extension.md

@@ -1,12 +1,12 @@
 ---
 title: Build and Register APIs - VS Code Extension
 description: Learn how API developers can use the Azure API Center extension for Visual Studio Code to build and register APIs in their organization's API center.
-author: dlepow
+
 ms.service: azure-api-center
 ms.topic: how-to
 ms.date: 08/28/2025
 ms.update-cycle: 180-days
-ms.author: danlep 
+ 
 ms.collection: ce-skilling-ai-copilot
 ms.custom: 
 # Customer intent: As an API developer, I want to use my Visual Studio Code environment to register APIs in my organization's API center as part of my development workflow.