Merge pull request #180822 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.redirection.json

@@ -5733,6 +5733,16 @@
       "redirect_url": "/azure/azure-arc/data/create-data-controller-direct-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-arc/data/create-data-controller-direct-cli.md",
+      "redirect_url": "/azure/azure-arc/data/create-data-controller-direct-prerequisites",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-arc/data/create-data-controller.md",
+      "redirect_url": "/azure/azure-arc/data/plan-azure-arc-data-services",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-arc/data/create-data-controller-azure-data-studio.md",
       "redirect_url": "/azure/azure-arc/data/create-data-controller-indirect-azure-data-studio",

articles/active-directory-b2c/azure-ad-external-identities-videos.md

@@ -38,4 +38,4 @@ Learn how to perform various use cases in Azure AD B2C.
 |:------|:------|:------|:------|
 |[Azure AD: Monitoring and reporting Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=1) 6:57       | [:::image type="icon" source="./media/external-identities-videos/monitoring-reporting-aad-b2c.png" border="false":::](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=1) | [Azure AD B2C user migration using Microsoft Graph API](https://www.youtube.com/watch?v=9BRXBtkBzL4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=5) 7:09       | [:::image type="icon" source="./media/external-identities-videos/user-migration-msgraph-api.png" border="false":::](https://www.youtube.com/watch?v=9BRXBtkBzL4list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=5) |
 | [Azure AD B2C user migration strategies](https://www.youtube.com/watch?v=lCWR6PGUgz0&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=2) 8:22       | [:::image type="icon" source="./media/external-identities-videos/user-migration-stratagies.png" border="false":::](https://www.youtube.com/watch?v=lCWR6PGUgz0&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=2) | [How to localize or customize language using Azure AD B2C](https://www.youtube.com/watch?v=yqrX5_tA7Ms&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) 20:41       | [:::image type="icon" source="./media/external-identities-videos/language-localization.png" border="false":::](https://www.youtube.com/watch?v=yqrX5_tA7Ms&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) | 
-|[Configure monitoring: Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) 17:23    | [:::image type="icon" source="./media/external-identities-videos/configure-monitoring.png" border="false":::](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) |
+|[Configure monitoring: Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) 17:23    | [:::image type="icon" source="./media/external-identities-videos/configure-monitoring.png" border="false":::](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) | [Configuring custom domains in Azure AD B2C using Azure Front Door](https://www.youtube.com/watch?v=mVNB59VK-DQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) 19:45   | [:::image type="icon" source="./media/external-identities-videos/configure-custom-domains.png" border="false":::](https://www.youtube.com/watch?v=mVNB59VK-DQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) |

articles/active-directory-b2c/media/external-identities-videos/configure-custom-domains.png

@@ -59,7 +59,7 @@ Supported features are:
 * **Query the state of the device** to determine if your application is on a device that's in shared device mode.
 * **Query the device state of the user** on the device to determine if anything has changed since the last time your application was used.
 
-Supporting shared device mode should be considered both a security enhancement and feature upgrade for your application, and can help increase its adoption in highly regulated environments like healthcare and finance.
+Supporting shared device mode should be considered a feature upgrade for your application, and can help increase its adoption in environments where the same device is used among multiple users.
 
 Your users depend on you to ensure their data isn't leaked to another user. Share Device Mode provides helpful signals to indicate to your application that a change you should manage has occurred. Your application is responsible for checking the state of the user on the device every time the app is used, clearing the previous user's data. This includes if it is reloaded from the background in multi-tasking. On a user change, you should ensure both the previous user's data is cleared and that any cached data being displayed in your application is removed. We recommend you always perform a thorough security review process after adding shared device mode capability to your app.
 
@@ -76,4 +76,4 @@ An organization's device administrators are able to deploy their devices and you
 We support iOS and Android platforms for shared device mode. Review the documentation below for your platform to begin supporting frontline workers in your applications.
 
 * [Supporting shared device mode for iOS](msal-ios-shared-devices.md)
-* [Supporting shared device mode for Android](msal-android-shared-devices.md)
+* [Supporting shared device mode for Android](msal-android-shared-devices.md)

articles/active-directory/develop/msal-shared-devices.md

@@ -129,13 +129,23 @@ Configure your TodoListClient project by adding the Application ID to the *app.c
 
 1. From the TodoListClient project root folder, open the *app.config* file, and then paste the Application ID value in the `ida:ClientId` parameter.
 
-## Run your TodoListClient project
+## Run your projects
+
+Start both projects. If you are using Visual Studio:
+
+1. Right click on the Visual Studio solution and select **Properties**
+
+1. In the **Common Properties** select **Startup Project** and then **Multiple startup projects**. 
+
+1. For both projects choose **Start** as the action
+
+1. Ensure the TodoListService service starts first by moving it to the fist position in the list, using the up arrow.
 
 Sign in to run your TodoListClient project.
 
-1. Press F5 to open your TodoListClient project. The project page opens.
+1. Press F5 to start the projects. The service page opens, as well as the desktop application.
 
-1. At the upper right, select **Sign in**, and then sign in with the same credentials you used to register your application, or sign in as a user in the same directory.
+1. In the TodoListClient, at the upper right, select **Sign in**, and then sign in with the same credentials you used to register your application, or sign in as a user in the same directory.
 
    If you're signing in for the first time, you might be prompted to consent to the TodoListService web API.
 

articles/active-directory/develop/quickstart-v2-dotnet-native-aspnet.md

@@ -73,7 +73,7 @@ public class TodoListController : Controller
     /// The web API will accept only tokens that have the `access_as_user` scope for
     /// this API.
     /// </summary>
-    static readonly string[] scopeRequiredByApi = new string[] { "access_as_user" };
+    const string scopeRequiredByApi = "access_as_user";
 
     // GET: api/values
     [HttpGet]

articles/active-directory/develop/scenario-protected-web-api-verification-scope-app-roles.md

@@ -14,7 +14,7 @@ metadata:
   ms.devlang: na
   ms.topic: conceptual
   ms.subservice: report-monitor
-  ms.date: 11/08/2021
+  ms.date: 11/23/2021
   ms.author: markvi
   ms.reviewer: besiler
   ms.collection: M365-identity-device-management
@@ -87,6 +87,10 @@ sections:
 
   - name: Sign-in logs
     questions:
+      - question: |
+          What data is included in the CSV file I can download from the Azure AD sign-in logs?
+        answer: |
+          The CSV includes sign-in logs for your users and service principals. However, data that is represented as a nested array in the MS Graph API for sign in logs is not included. For example, conditional access policies and report-only information are not included. If you need to export all the information contained in your sign-in logs, use the **Export Data Settings** feature. 
       - question: |
           I see .XXX in part of the IP address from a user in my sign in logs. Why is that happening?
         answer: |

articles/active-directory/reports-monitoring/reports-faq.yml

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with Anaplan | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Anaplan'
 description: Learn how to configure single sign-on between Azure Active Directory and Anaplan.
 services: active-directory
 author: jeevansd
@@ -9,10 +9,10 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 04/02/2021
+ms.date: 11/16/2021
 ms.author: jeedes
 ---
-# Tutorial: Azure Active Directory integration with Anaplan
+# Tutorial: Azure AD SSO integration with Anaplan
 
 In this tutorial, you'll learn how to integrate Anaplan with Azure Active Directory (Azure AD). When you integrate Anaplan with Azure AD, you can:
 
@@ -112,7 +112,43 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Anaplan SSO
 
-To configure single sign-on on **Anaplan** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Anaplan support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+1. Login to Anaplan website as an administrator.
+
+1. In Administration page, navigate to **Security > Single Sign-On**.
+
+1. Click **New**.
+
+1. Perform the following steps in the **Metadata** tab:
+
+    ![Screenshot for the security page](./media/anaplan-tutorial/security.png)
+
+    a. Enter a **Connection Name**, should match the name of your connection in the identity provider interface.
+
+    b. Select **Load from XML file** and enter the URL of the metadata XML file with your configuration information in the **Metadata URL** textbox.
+
+    C. Enabled the **Signed** toggle.
+
+    d. Click **Save** to create the connection.
+
+1. When you upload a **metadata XML** file in the **Metadata** tab, the values in **Config** tab pre-populate with the information from that upload. You can skip this tab in your connection setup and click **Save**.
+
+    ![Screenshot for the configuration page](./media/anaplan-tutorial/configuration.png)
+
+1. Perform the following steps in the **Advanced** tab:
+
+    ![Screenshot for the Advanced page](./media/anaplan-tutorial/advanced.png)
+
+    a. Select **Name ID Format** as Email Address from the dropdown and keep the remaining values as default.
+
+    b. Click **Save**.
+
+1. In the **Workspaces** tab, specify the workspaces that will use the identity provider from the dropdown and Click **Save**. 
+
+    ![Screenshot for the Workspaces page](./media/anaplan-tutorial/Workspaces.png)
+
+    > [!NOTE]
+    > Workspace connections are unique. If you have another connection already configured with a workspace, you cannot associate that workspace with a new connection.
+To access the original connection and update it, remove the workspace from the connection and then reassociate it with the new connection.
 
 ### Create Anaplan test user
 

articles/active-directory/saas-apps/anaplan-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/16/2021
+ms.date: 11/18/2021
 ms.author: jeedes
 
 ---
@@ -79,8 +79,8 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
-    In the **Sign-on URL** text box, type the URL:
-    `https://service-portal.benq.com/login`
+    In the **Logout URL** text box, type the URL:
+    `https://service-portal.benq.com/logout`
 
 	> [!NOTE]
 	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [BenQ IAM Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.