Merge pull request #180228 from MicrosoftDocs/master

11/17 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -9843,7 +9843,7 @@
     },
     {
       "source_path_from_root": "/articles/azure-supportability/low-priority-quota.md",
-      "redirect_url": "/azure/azure-portal/supportability/low-priority-quota",
+      "redirect_url": "/azure/azure-portal/supportability/spot-quota",
       "redirect_document_id": true
     },
     {
@@ -9876,6 +9876,11 @@
       "redirect_url": "/azure/azure-portal/supportability/sku-series-unavailable",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/azure-portal/supportability/low-priority-quota.md",
+      "redirect_url": "/azure/azure-portal/supportability/spot-quota",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/managed-applications/concepts-custom-providers-built-in-policy.md",
       "redirect_url": "/azure/azure-resource-manager/custom-providers/concepts-built-in-policy",
@@ -46326,6 +46331,26 @@
       "redirect_url": "/azure/sentinel/monitor-your-data",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sentinel/connect-azure-security-center.md",
+      "redirect_url": "/azure/sentinel/connect-defender-for-cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/entities-in-azure-sentinel.md",
+      "redirect_url": "/azure/sentinel/entities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/azure-sentinel-billing.md",
+      "redirect_url": "/azure/sentinel/billing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/automation-in-azure-sentinel.md",
+      "redirect_url": "/azure/sentinel/automation",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-desktop/connect-android.md",
       "redirect_url": "/azure/virtual-desktop/user-documentation/connect-android",

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -206,7 +206,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 
 ##### /Users:
 * The entitlements attribute is not supported.
-* Any attributes that are considered for user uniqueness must be usable as part of a filtered query. (e.g. if user uniqueness is evaluated for both userName and emails[type eq "work"], a GET to /Users with a filter must allow for both _userName eq "[email protected]"_ and _emails[type eq "work"] eq "[email protected]"_ queries.
+* Any attributes that are considered for user uniqueness must be usable as part of a filtered query. (e.g. if user uniqueness is evaluated for both userName and emails[type eq "work"], a GET to /Users with a filter must allow for both _userName eq "[email protected]"_ and _emails[type eq "work"].value eq "[email protected]"_ queries.
 
 ##### /Groups:
 * Groups are optional, but only supported if the SCIM implementation supports **PATCH** requests.

articles/active-directory/authentication/how-to-mfa-number-match.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/12/2021
+ms.date: 11/17/2021
 
 ms.author: justinha
 author: mjsantani
@@ -21,11 +21,12 @@ ms.collection: M365-identity-device-management
 This topic covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
 
 >[!NOTE]
->Number matching is a key security upgrade to traditional second factor notifications in the Microsoft Authenticator app that will be enabled by default for all tenants at some point after general availability (GA). We highly recommend enabling number matching in the near-term for improved sign-in security.
+>Number matching is a key security upgrade to traditional second factor notifications in the Microsoft Authenticator app that will be enabled by default for all tenants a few months after general availability (GA).<br> 
+>We highly recommend enabling number matching in the near-term for improved sign-in security.
 
 ## Prerequisites
 
-Your organization will need to enable Microsoft Authenticator (traditional second factor) push notifications for some users or groups using the new Authentication Methods Policy API. For a consistent experience, upgrade to the latest versions of the AD FS adapter and NPS extension. 
+Your organization will need to enable Microsoft Authenticator (traditional second factor) push notifications for some users or groups using the new Authentication Methods Policy API. If your organization is using ADFS adapter or NPS extensions, please upgrade to the latest versions for a consistent experience. 
 
 ## Number matching
 
@@ -52,7 +53,7 @@ When a user responds to an MFA push notification using Microsoft Authenticator,
 During self-service password reset, Microsoft Authenticator notification will show a number that the user will need to type in their Authenticator app notification. This number will only be seen to users who have been enabled for number matching.
 
 >[!NOTE]
->Number matching for admin roles during SSPR is initially pending and unavailable for a couple days.
+>Number matching for admin roles during SSPR is pending and unavailable for a couple days.
 
 ### Combined registration
 
@@ -246,7 +247,7 @@ To enable number matching in the Azure AD portal, complete the following steps:
 
 ## Known issues
 
-- Number matching for admin roles during SSPR is initially pending and unavailable for a couple days.
+- Number matching for admin roles during SSPR is pending and unavailable for a couple days.
 
 ## Next steps
 

articles/active-directory/authentication/media/howto-authentication-passwordless-phone/enable-number-matching.png

@@ -49,7 +49,7 @@ Users can register application | Setting this option to No prevents users from c
 Allow users to connect work or school account with LinkedIn | Setting this option to No prevents users from connecting their work or school account with their LinkedIn account. For more information, see [LinkedIn account connections data sharing and consent](../enterprise-users/linkedin-user-consent.md).
 Ability to create security groups | Setting this option to No prevents users from creating security groups. Global administrators and User administrators can still create security groups. See [Azure Active Directory cmdlets for configuring group settings](../enterprise-users/groups-settings-cmdlets.md) to learn how.
 Ability to create Microsoft 365 groups | Setting this option to No prevents users from creating Microsoft 365 groups. Setting this option to Some allows a select set of users to create Microsoft 365 groups. Global administrators and User administrators will still be able to create Microsoft 365 groups. See [Azure Active Directory cmdlets for configuring group settings](../enterprise-users/groups-settings-cmdlets.md) to learn how.
-Restrict access to Azure AD administration portal | <p>Setting this option to No lets non-administrators use the Azure AD administration portal to read and manage Azure AD resources. Yes restricts all non-administrators from accessing any Azure AD data in the administration portal.</p><p>**Note**: this setting does not restrict access to Azure AD data using PowerShell or other clients such as Visual Studio.When set to Yes, to grant a specific non-admin user the ability to use the Azure AD administration portal assign any administrative role such as the Directory Readers role.</p><p>**Note**: this settings will block non-admin users who are owners of groups or applications from using the Azure portal to manage their owned resources.</p><p>This role allows reading basic directory information, which member users have by default (guests and service principals do not).</p>
+Restrict access to Azure AD administration portal | <p>Setting this option to No lets non-administrators use the Azure AD administration portal to read and manage Azure AD resources. Yes restricts all non-administrators from accessing any Azure AD data in the administration portal.</p><p>**Note**: this setting does not restrict access to Azure AD data using PowerShell or other clients such as Visual Studio.When set to Yes, to grant a specific non-admin user the ability to use the Azure AD administration portal assign any administrative role such as the Directory Readers role.</p><p>**Note**: this settings will block non-admin users who are owners of groups or applications from using the Azure portal to manage their owned resources.</p><p>This role allows reading basic directory information, which member users have by default (guests and service principals do not).</p><p>**Note**: this setting does not restrict access as long as a user is assigned a custom role or any role for that matter and is not just a user.</p>
 Ability to read other users | This setting is available in PowerShell only. Setting this flag to $false prevents all non-admins from reading user information from the directory. This flag does not prevent reading user information in other Microsoft services like Exchange Online. This setting is meant for special circumstances, and setting this flag to $false is not recommended.
 
 >[!NOTE]

articles/active-directory/fundamentals/users-default-permissions.md

@@ -64,6 +64,8 @@ The following scenarios are supported for staged rollout. The feature works only
 
 - Windows 10 Hybrid Join or Azure AD Join primary refresh token acquisition without line-of-sight to the federation server for Windows 10 version 1903 and newer, when user’s UPN is routable and domain suffix is verified in Azure AD.
 
+- Autopilot enrollment is supported in Staged rollout with Windows 10 version 1909 or later. 
+
 ## Unsupported scenarios
 
 The following scenarios are not supported for staged rollout:
@@ -93,8 +95,6 @@ The following scenarios are not supported for staged rollout:
 
 - If you have a Windows Hello for Business hybrid certificate trust with certs that are issued via your federation server acting as Registration Authority or smartcard users, the scenario isn't supported on a staged rollout. 
 
-- Autopilot enrollment is not supported in Staged rollout. Users enabled for Staged rollout will continue using federated authentication at autopilot enrollment time. If your device has Windows 10 version 1903 or later, after autopilot enrollment, all auth requests will go through Staged rollout. 
-
   >[!NOTE]
   >You still need to make the final cutover from federated to cloud authentication by using Azure AD Connect or PowerShell. Staged rollout doesn't switch domains from  federated to managed.  For more information about domain cutover, see [Migrate from federation to password hash synchronization](./migrate-from-federation-to-cloud-authentication.md) and [Migrate from federation to pass-through authentication](./migrate-from-federation-to-cloud-authentication.md).
   

articles/active-directory/hybrid/how-to-connect-staged-rollout.md

@@ -98,14 +98,14 @@ We expect TLS 1.0/1.1 to be deprecated in January 2022, and you need to make sur
 In June 2022, ADAL will go out of support. When ADAL goes out of support authentication may stop working unexpectedly and this will block the Azure AD Connect server from working properly. We strongly advise you to upgrade to Azure AD Connect V2.0 before June 2022. You cannot upgrade to a supported authentication library with your current Azure AD Connect version. 
 
 **After upgrading to 2.0 the ADSync PowerShell cmdlets do not work?** </br>
-This is a known issue.  To resolve this, restart your PowerShell session after installing or upgrading to version 2.0 and then re-import the module.  Use the following instructions to import the module.
+This is a known issue. To resolve this, restart your PowerShell session after installing or upgrading to version 2.0 and then re-import the module. Use the following instructions to import the module.
 
- 1.  Open Windows PowerShell with administrative privileges
- 2.  Type or copy and paste the following: 
-    ``` powershell
-              Import-module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync"
-    ```
+ 1.  Open Windows PowerShell with administrative privileges.
+ 1.  Type or copy and paste the following code: 
 
+     ```powershell
+     Import-module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync"
+     ```
 
 ## License requirements for using Azure AD Connect V2.0
 

articles/active-directory/hybrid/whatis-azure-ad-connect-v2.md

@@ -20,7 +20,7 @@ ms.author: Thwimmer
 
 # Tutorial: Configure BIC Cloud Design for automatic user provisioning
 
-This tutorial describes the steps you need to perform in both BIC Cloud Design and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [BIC Cloud Design](https://www.gbtec.de/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
+This tutorial describes the steps you need to perform in both BIC Cloud Design and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [BIC Cloud Design](https://www.gbtec.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
 
 
 ## Capabilities supported
@@ -37,7 +37,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md). 
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator). 
-
+* BIC Cloud Design User Management API enabled subscription.
 
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
@@ -73,7 +73,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 1. In the applications list, select **BIC Cloud Design**.
 
-	![The Contoso link in the Applications list](common/all-applications.png)
+	![The BIC Cloud Design link in the Applications list](common/all-applications.png)
 
 1. Select the **Provisioning** tab.
 
@@ -97,7 +97,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 1. Review the user attributes that are synchronized from Azure AD to BIC Cloud Design in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in BIC Cloud Design for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the BIC Cloud Design API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
-   |Attribute|Type|Supported for filtering|Required by Real Links|
+   |Attribute|Type|Supported for filtering|Required by BIC Cloud Design|
    |---|---|---|---|
     |userName|String|✓|✓
     |emails[type eq "work"].value|String|✓|✓
@@ -110,7 +110,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 1. Review the group attributes that are synchronized from Azure AD to BIC Cloud Design in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in BIC Cloud Design for update operations. Select the **Save** button to commit any changes.
 
-   |Attribute|Type|Supported for filtering|Required by Real Links|
+   |Attribute|Type|Supported for filtering|Required by BIC Cloud Design|
    |---|---|---|---|
       |displayName|String|✓|✓
       |externalId|String||✓