Merge pull request #245588 from alexbuckgit/alexbuckgit/docutune-autopr-20230719-235527-3398959

[BULK] DocuTune - Standardize formatting of Azure portal links (part 1)

Author: Jill Grant

articles/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility.md

@@ -24,7 +24,7 @@ This article describes current and past issues with the Azure AD user provisioni
 ## Understanding the provisioning job
 The provisioning service uses the concept of a job to operate against an application. The jobID can be found in the [progress bar](application-provisioning-when-will-provisioning-finish-specific-user.md#view-the-provisioning-progress-bar). All new provisioning applications are created with a jobID starting with "scim". The scim job represents the current state of the service. Older jobs have the ID "customappsso". This job represents the state of the service in 2018. 
 
-If you are using an application in the gallery, the job generally contains the name of the app (e.g. zoom snowFlake, dataBricks, etc.). You can skip this documentation when using a gallery application. This primarily applies for non-gallery applications with jobID SCIM or customAppSSO.
+If you are using an application in the gallery, the job generally contains the name of the app (such as zoom snowFlake or dataBricks). You can skip this documentation when using a gallery application. This primarily applies for non-gallery applications with jobID SCIM or customAppSSO.
 
 ## SCIM 2.0 compliance issues and status
 In the table below, any item marked as fixed means that the proper behavior can be found on the SCIM job. We have worked to ensure backwards compatibility for the changes we have made. We recommend using the new behavior for any new implementations and updating existing implementations. Please note that the customappSSO behavior that was the default prior to December 2018 is not supported anymore. 
@@ -234,13 +234,12 @@ Below are sample requests to help outline what the sync engine currently sends v
 
 
 ## Upgrading from the older customappsso job to the SCIM job
-Following the steps below will delete your existing customappsso job and create a new scim job. 
+Following the steps below will delete your existing customappsso job and create a new SCIM job.
 
-1. Sign into the Azure portal at https://portal.azure.com.
+1. Sign into the [Azure portal](https://portal.azure.com).
 2. In the **Azure Active Directory > Enterprise Applications** section of the Azure portal, locate and select your existing SCIM application.
 3. In the **Properties** section of your existing SCIM app, copy the **Object ID**.
-4. In a new web browser window, go to https://developer.microsoft.com/graph/graph-explorer 
-   and sign in as the administrator for the Azure AD tenant where your app is added.
+4. In a new web browser window, go to https://developer.microsoft.com/graph/graph-explorer and sign in as the administrator for the Azure AD tenant where your app is added.
 5. In the Graph Explorer, run the command below to locate the ID of your provisioning job. Replace "[object-id]" with the service principal ID (object ID) copied from the third step.
 
    `GET https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs` 
@@ -276,11 +275,10 @@ Following the steps below will delete your existing customappsso job and create
 ## Downgrading from the SCIM job to the customappsso job (not recommended)
  We allow you to downgrade back to the old behavior but don't recommend it as the customappsso does not benefit from some of the updates we make, and may not be supported forever. 
 
-1. Sign into the Azure portal at https://portal.azure.com.
-2. in the **Azure Active Directory > Enterprise Applications > Create application** section of the Azure portal, create a new **Non-gallery** application.
+1. Sign into the [Azure portal](https://portal.azure.com).
+2. In the **Azure Active Directory > Enterprise Applications > Create application** section of the Azure portal, create a new **Non-gallery** application.
 3. In the **Properties** section of your new custom app, copy the **Object ID**.
-4. In a new web browser window, go to https://developer.microsoft.com/graph/graph-explorer 
-   and sign in as the administrator for the Azure AD tenant where your app is added.
+4. In a new web browser window, go to https://developer.microsoft.com/graph/graph-explorer and sign in as the administrator for the Azure AD tenant where your app is added.
 5. In the Graph Explorer, run the command below to initialize the provisioning configuration for your app.
    Replace "[object-id]" with the service principal ID (object ID) copied from the third step.
 

articles/active-directory/app-provisioning/configure-automatic-user-provisioning-portal.md

@@ -24,7 +24,7 @@ This article describes the general steps for managing automatic user account pro
 
 Use the Azure portal to view and manage all applications that are configured for single sign-on in a directory. Enterprise apps are apps that are deployed and used within your organization. Follow these steps to view and manage your enterprise applications:
 
-1. Open the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Browse to **Azure Active Directory** > **Enterprise applications**.
 1. A list of all configured apps is shown, including apps that were added from the gallery.
 1. Select any app to load its resource pane, where you can view reports and manage app settings.

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -118,7 +118,7 @@ Applications and systems that support customization of the attribute list includ
 
 
 > [!NOTE]
-> Editing the list of supported attributes is only recommended for administrators who have customized the schema of their applications and systems, and have first-hand knowledge of how their custom attributes have been defined or if a source attribute isn't automatically displayed in the Azure Portal UI. This sometimes requires familiarity with the APIs and developer tools provided by an application or system. The ability to edit the list of supported attributes is locked down by default, but customers can enable the capability by navigating to the following URL: https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true . You can then navigate to your application to view the [attribute list](#editing-the-list-of-supported-attributes). 
+> Editing the list of supported attributes is only recommended for administrators who have customized the schema of their applications and systems, and have first-hand knowledge of how their custom attributes have been defined or if a source attribute isn't automatically displayed in the Azure portal UI. This sometimes requires familiarity with the APIs and developer tools provided by an application or system. The ability to edit the list of supported attributes is locked down by default, but customers can enable the capability by navigating to the following URL: https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true . You can then navigate to your application to view the [attribute list](#editing-the-list-of-supported-attributes). 
 
 > [!NOTE]
 > When a directory extension attribute in Azure AD doesn't show up automatically in your attribute mapping drop-down, you can manually add it to the "Azure AD attribute list".  When manually adding Azure AD directory extension attributes to your provisioning app, note that directory extension attribute names are case-sensitive. For example: If you have a directory extension attribute named `extension_53c9e2c0exxxxxxxxxxxxxxxx_acmeCostCenter`, make sure you enter it in the same format as defined in the directory.     
@@ -157,60 +157,63 @@ Custom attributes can't be referential attributes, multi-value or complex-typed
 **Example representation of a user with an extension attribute:**
 
 ```json
-   {
-     "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User",
-     "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
-     "userName":"bjensen",
-     "id": "48af03ac28ad4fb88478",
-     "externalId":"bjensen",
-     "name":{
-       "formatted":"Ms. Barbara J Jensen III",
-       "familyName":"Jensen",
-       "givenName":"Barbara"
-     },
-     "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
-     "employeeNumber": "701984",
-     "costCenter": "4130",
-     "organization": "Universal Studios",
-     "division": "Theme Park",
-     "department": "Tour Operations",
-     "manager": {
-       "value": "26118915-6090-4610-87e4-49d8ca9f808d",
-       "$ref": "../Users/26118915-6090-4610-87e4-49d8ca9f808d",
-       "displayName": "John Smith"
-     }
-   },
-     "urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User": {
-     "CustomAttribute": "701984",
-   },
-   "meta": {
-     "resourceType": "User",
-     "created": "2010-01-23T04:56:22Z",
-     "lastModified": "2011-05-13T04:42:34Z",
-     "version": "W\/\"3694e05e9dff591\"",
-     "location":
- "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
-   }
- }
+{
+  "schemas":[
+    "urn:ietf:params:scim:schemas:core:2.0:User",
+      "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
+  ],
+  "userName":"bjensen",
+  "id": "48af03ac28ad4fb88478",
+  "externalId":"bjensen",
+  "name":{
+    "formatted":"Ms. Barbara J Jensen III",
+    "familyName":"Jensen",
+    "givenName":"Barbara"
+  },
+  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
+    "employeeNumber": "701984",
+    "costCenter": "4130",
+    "organization": "Universal Studios",
+    "division": "Theme Park",
+    "department": "Tour Operations",
+    "manager": {
+      "value": "26118915-6090-4610-87e4-49d8ca9f808d",
+      "$ref": "../Users/26118915-6090-4610-87e4-49d8ca9f808d",
+      "displayName": "John Smith"
+    }
+  },
+  "urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User": {
+    "CustomAttribute": "701984",
+  },
+  "meta": {
+    "resourceType": "User",
+    "created": "2010-01-23T04:56:22Z",
+    "lastModified": "2011-05-13T04:42:34Z",
+    "version": "W\/\"3694e05e9dff591\"",
+    "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
+  }
+}
 ```
 
-
 ## Provisioning a role to a SCIM app
 Use the steps in the example to provision roles for a user to your application. The description is specific to custom SCIM applications. For gallery applications such as Salesforce and ServiceNow, use the predefined role mappings. The bullets describe how to transform the AppRoleAssignments attribute to the format your application expects.
 
 - Mapping an appRoleAssignment in Azure AD to a role in your application requires that you transform the attribute using an [expression](../app-provisioning/functions-for-customizing-application-data.md). The appRoleAssignment attribute **shouldn't be mapped directly** to a role attribute without using an expression to parse the role details. 
 
-- **SingleAppRoleAssignment** 
+- **SingleAppRoleAssignment**
+
   - **When to use:** Use the SingleAppRoleAssignment expression to provision a single role for a user and to specify the primary role. 
   - **How to configure:** Use the steps described to navigate to the attribute mappings page and use the SingleAppRoleAssignment expression to map to the roles attribute. There are three role attributes to choose from (`roles[primary eq "True"].display`, `roles[primary eq "True"].type`, and `roles[primary eq "True"].value`). You can choose to include any or all of the role attributes in your mappings. If you would like to include more than one, just add a new mapping and include it as the target attribute.
 
-  ![Add SingleAppRoleAssignment](./media/customize-application-attributes/edit-attribute-singleapproleassignment.png)
+    ![Add SingleAppRoleAssignment](./media/customize-application-attributes/edit-attribute-singleapproleassignment.png)
+
   - **Things to consider**
     - Ensure that multiple roles aren't assigned to a user. There's no guarantee which role is provisioned.
     - SingleAppRoleAssignments isn't compatible with setting scope to "Sync All users and groups." 
+
   - **Example request (POST)** 
 
-   ```json
+    ```json
     {
       "schemas": [
           "urn:ietf:params:scim:schemas:core:2.0:User"
@@ -229,25 +232,29 @@ Use the steps in the example to provision roles for a user to your application.
                "value": "Admin"
          }
       ]
-   }
-   ```
-  
+    }
+    ```
+
   - **Example output (PATCH)** 
-    
-   ```json
-   "Operations": [
-     {
-       "op": "Add",
-       "path": "roles",
-       "value": [
-         {
-           "value": "{\"id\":\"06b07648-ecfe-589f-9d2f-6325724a46ee\",\"value\":\"25\",\"displayName\":\"Role1234\"}"
-         }
-       ]
-   ```  
+
+    ```json
+    "Operations": [
+      {
+        "op": "Add",
+        "path": "roles",
+        "value": [
+          {
+            "value": "{\"id\":\"06b07648-ecfe-589f-9d2f-6325724a46ee\",\"value\":\"25\",\"displayName\":\"Role1234\"}"
+          }
+        ]
+      }
+    ]
+    ```
+
 The request formats in the PATCH and POST differ. To ensure that POST and PATCH are sent in the same format, you can use the feature flag described [here](./application-provisioning-config-problem-scim-compatibility.md#flags-to-alter-the-scim-behavior). 
 
-- **AppRoleAssignmentsComplex** 
+- **AppRoleAssignmentsComplex**
+
   - **When to use:** Use the AppRoleAssignmentsComplex expression to provision multiple roles for a user. 
   - **How to configure:** Edit the list of supported attributes as described to include a new attribute for roles: 
 
@@ -256,16 +263,18 @@ The request formats in the PATCH and POST differ. To ensure that POST and PATCH
     Then use the AppRoleAssignmentsComplex expression to map to the custom role attribute as shown in the image:
 
     ![Add AppRoleAssignmentsComplex](./media/customize-application-attributes/edit-attribute-approleassignmentscomplex.png)<br>
+
   - **Things to consider**
+
     - All roles are provisioned as primary = false.
     - The POST contains the role type. The PATCH request doesn't contain type. We're working on sending the type in both POST and PATCH requests.
     - AppRoleAssignmentsComplex isn't compatible with setting scope to "Sync All users and groups."
     - The AppRoleAssignmentsComplex only supports the PATCH add function. For multi-role SCIM applications, roles deleted in Azure Active Directory will therefore not be deleted from the application. We're working to support additional PATCH functions and address the limitation. 
 
-  - **Example output** 
+  - **Example output**
 
-   ```json
-   {
+    ```json
+    {
        "schemas": [
            "urn:ietf:params:scim:schemas:core:2.0:User"
       ],
@@ -290,35 +299,33 @@ The request formats in the PATCH and POST differ. To ensure that POST and PATCH
              "value": "User"
          }
       ]
-   }
-   ```
-
-  
-
+    }
+    ```
 
 ## Provisioning a multi-value attribute
+
 Certain attributes such as phoneNumbers and emails are multi-value attributes where you may need to specify different types of phone numbers or emails. Use the expression for multi-value attributes. It allows you to specify the attribute type and map that to the corresponding Azure AD user attribute for the value. 
 
-* phoneNumbers[type eq "work"].value
-* phoneNumbers[type eq "mobile"].value
-* phoneNumbers[type eq "fax"].value
+* `phoneNumbers[type eq "work"].value`
+* `phoneNumbers[type eq "mobile"]`.value
+* `phoneNumbers[type eq "fax"].value`
 
-   ```json
-   "phoneNumbers": [
-       {
-         "value": "555-555-5555",
-         "type": "work"
-      },
-      {
-         "value": "555-555-5555",
-         "type": "mobile"
-      },
-      {
-         "value": "555-555-5555",
-         "type": "fax"
-      }
-   ]
-   ```
+  ```json
+  "phoneNumbers": [
+     {
+        "value": "555-555-5555",
+        "type": "work"
+     },
+     {
+        "value": "555-555-5555",
+        "type": "mobile"
+     },
+     {
+        "value": "555-555-5555",
+        "type": "fax"
+     }
+  ]
+  ```
 
 ## Restoring the default attributes and attribute-mappings
 

articles/active-directory/app-proxy/application-proxy-integrate-with-tableau.md

@@ -33,7 +33,7 @@ Application Proxy supports the OAuth 2.0 Grant Flow, which is required for Table
 
 ## Publish your applications in Azure 
 
-To publish Tableau, you need to publish an application in the Azure Portal.
+To publish Tableau, you need to publish an application in the Azure portal.
 
 For:
 
@@ -76,4 +76,3 @@ Your application is now ready to test. Access the external URL you used to publi
 ## Next steps
 
 For more information about Azure AD Application Proxy, see [How to provide secure remote access to on-premises applications](application-proxy.md).
-

articles/active-directory/authentication/howto-authentication-sms-signin.md

@@ -59,7 +59,7 @@ There are three main steps to enable and use SMS-based authentication in your or
 
 First, let's enable SMS-based authentication for your Azure AD tenant.
 
-1. Sign-in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
 1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
 1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
 1. From the list of available authentication methods, select **SMS**.

articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md

@@ -344,7 +344,7 @@ To query successful sign-in events in the Gateway operational logs _(Event Viewe
 * `Get-WinEvent -Logname Microsoft-Windows-TerminalServices-Gateway/Operational | where {$_.ID -eq '200'} | FL`
 * This command displays the events that show when user met connection authorization policy requirements.
 
-![viewing the connection authorization policy using PowerShell](./media/howto-mfa-nps-extension-rdg/image29.png)
+![Viewing the connection authorization policy using PowerShell](./media/howto-mfa-nps-extension-rdg/image29.png)
 
 You can also view this log and filter on event IDs, 300 and 200. To query successful logon events in the Security event viewer logs, use the following command:
 
@@ -363,7 +363,7 @@ On the server where you installed the NPS extension for Azure AD MFA, you can fi
 
 ## Troubleshoot Guide
 
-If the configuration is not working as expected, the first place to start to troubleshoot is to verify that the user is configured to use Azure AD MFA. Have the user connect to the [Azure portal](https://portal.azure.com). If users are prompted for secondary verification and can successfully authenticate, you can eliminate an incorrect configuration of Azure AD MFA.
+If the configuration is not working as expected, the first place to start to troubleshoot is to verify that the user is configured to use Azure AD MFA. Have the user sign in to the [Azure portal](https://portal.azure.com). If users are prompted for secondary verification and can successfully authenticate, you can eliminate an incorrect configuration of Azure AD MFA.
 
 If Azure AD MFA is working for the user(s), you should review the relevant Event logs. These include the Security Event, Gateway operational, and Azure AD MFA logs that are discussed in the previous section.