MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 4 additions & 0 deletions b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/media/partner-gallery/idemia-logo.png
6.17 KB b/‎articles/active-directory-b2c/media/partner-gallery/idemia-logo.png
6.17 KB
diff --git a/‎articles/active-directory-b2c/media/partner-idemia/idemia-architecture-diagram.png
79.7 KB b/‎articles/active-directory-b2c/media/partner-idemia/idemia-architecture-diagram.png
79.7 KB
diff --git a/‎articles/active-directory-b2c/partner-gallery.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory-b2c/partner-gallery.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory-b2c/partner-idemia.md
Lines changed: 301 additions & 0 deletions b/‎articles/active-directory-b2c/partner-idemia.md
Lines changed: 301 additions & 0 deletions
diff --git a/‎articles/active-directory/hybrid/reference-connect-version-history-archive.md
Lines changed: 194 additions & 1 deletion b/‎articles/active-directory/hybrid/reference-connect-version-history-archive.md
Lines changed: 194 additions & 1 deletion
diff --git a/‎articles/azure-app-configuration/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/azure-app-configuration/TOC.yml
Lines changed: 2 additions & 0 deletions
@@ -309,6 +309,10 @@
           href: partner-bloksec.md
         - name: HYPR
           href: partner-hypr.md
+        - name: IDEMIA
+          href: partner-idemia.md
+        - name: itsme
+          href: partner-itsme.md
         - name: Keyless
           href: partner-keyless.md
         - name: Nevis
 
@@ -43,6 +43,7 @@ Microsoft partners with the following ISVs for MFA and Passwordless authenticati
 |:-------------------------|:--------------|
 | ![Screenshot of a bloksec logo](./media/partner-gallery/bloksec-logo.png) | [BlokSec](./partner-bloksec.md) is a passwordless authentication and tokenless MFA solution, which provides real-time consent-based services and protects customers against identity-centric cyber-attacks such as password stuffing, phishing, and man-in-the-middle attacks. |
 | ![Screenshot of a hypr logo](./media/partner-gallery/hypr-logo.png) | [Hypr](./partner-hypr.md) is a passwordless authentication provider, which replaces passwords with public key encryptions eliminating fraud, phishing, and credential reuse. |
+| ![Screenshot of a idemia logo](./media/partner-gallery/idemia-logo.png) | [IDEMIA](./partner-idemia.md) is a passwordless authentication provider, which provides real-time consent-based services with biometric authentication like faceID and fingerprinting eliminating fraud and credential reuse. |
 | ![Screenshot of a itsme logo](./media/partner-gallery/itsme-logo.png) | [itsme](./partner-itsme.md) is an Electronic Identification, Authentication and Trust Services (eiDAS) compliant digital ID solution to allow users to sign in securely without card readers, passwords, two-factor authentication, and multiple PIN codes. |
 |![Screenshot of a Keyless logo.](./media/partner-gallery/keyless-logo.png) | [Keyless](./partner-keyless.md) is a passwordless authentication provider that provides authentication in the form of a facial biometric scan and eliminates fraud, phishing, and credential reuse.
 | ![Screenshot of a nevis logo](./media/partner-gallery/nevis-logo.png) | [Nevis](./partner-nevis.md) enables passwordless authentication and provides a mobile-first, fully branded end-user experience with Nevis Access app for strong customer authentication and to comply with PSD2 transaction requirements. |
 
@@ -19,7 +19,200 @@ ms.custom: has-adal-ref
 The Azure Active Directory (Azure AD) team regularly updates Azure AD Connect with new features and functionality. Not all additions are applicable to all audiences.
 
 >[!NOTE] 
-> This article contains version reference information about all archived versions of Azure AD - 1.3.20.0 and older.  For current releases, see the [Azure AD Connect Version release history](reference-connect-version-history.md)
+> This article contains version reference information about all archived versions of Azure AD - 1.5.42.0 and older.  For current releases, see the [Azure AD Connect Version release history](reference-connect-version-history.md)
+
+## 1.5.42.0
+
+### Release status
+07/10/2020: Released for download
+
+### Functional changes
+This release includes a public preview of the functionality to export the configuration of an existing Azure AD Connect server into a .JSON file which can then be used when installing a new Azure AD Connect server to create a copy of the original server.
+
+A detailed description of this new feature can be found in [this article](./how-to-connect-import-export-config.md)
+
+### Fixed issues
+- Fixed a bug where there would be a false warning about the local DB size on the localized builds during upgrade.
+- Fixed a bug where there would be a false error in the app events for the account name/domain name swap.
+- Fixed an error where Azure AD Connect would fail to install on a DC, giving error "member not found".
+
+
+## 1.5.30.0
+
+### Release status
+05/07/2020: Released for download
+
+### Fixed issues
+This hotfix build fixes an issue where unselected domains were getting incorrectly selected from the wizard UI if only grandchild containers were selected.
+
+
+>[!NOTE]
+>This version includes the new Azure AD Connect sync V2 endpoint API.  This new V2 endpoint is currently in public preview.  This version or later is required to use the new V2 endpoint API.  However, simply installing this version does not enable the V2 endpoint. You will continue to use the V1 endpoint unless you enable the V2 endpoint.  You need to follow the steps under [Azure AD Connect sync V2 endpoint API (public preview)](how-to-connect-sync-endpoint-api-v2.md) in order to enable it and opt-in to the public preview.  
+
+## 1.5.29.0
+
+### Release status
+04/23/2020: Released for download
+
+### Fixed issues
+This hotfix build fixes an issue introduced in build 1.5.20.0 where a tenant administrator with MFA was not able to enable DSSO.
+
+## 1.5.22.0
+
+### Release status
+04/20/2020: Released for download
+
+### Fixed issues
+This hotfix build fixes an issue in build 1.5.20.0 if you have cloned the **In from AD - Group Join** rule and have not cloned the **In from AD - Group Common** rule.
+
+## 1.5.20.0
+
+### Release status
+04/09/2020: Released for download
+
+### Fixed issues
+- This hotfix build fixes an issue with build 1.5.18.0 if you have the Group Filtering feature enabled and use mS-DS-ConsistencyGuid as the source anchor.
+- Fixed an issue in the ADSyncConfig PowerShell module, where invoking DSACLS command used in all the Set-ADSync* Permissions cmdlets would cause one of the following errors:
+     - `GrantAclsNoInheritance : The parameter is incorrect.   The command failed to complete successfully.`
+     - `GrantAcls : No GUID Found for computer …`
+
+> [!IMPORTANT]
+> If you have cloned the **In from AD - Group Join** sync rule and have not cloned the **In from AD - Group Common** sync rule and plan to upgrade, complete the following steps as part of the upgrade:
+> 1. During Upgrade, uncheck the option **Start the synchronization process when configuration completes**.
+> 2. Edit the cloned join sync rule and add the following two transformations:
+>     - Set direct flow `objectGUID` to `sourceAnchorBinary`.
+>     - Set expression flow `ConvertToBase64([objectGUID])` to `sourceAnchor`.     
+> 3. Enable the scheduler using `Set-ADSyncScheduler -SyncCycleEnabled $true`.
+
+
+
+## 1.5.18.0
+
+### Release status
+04/02/2020: Released for download
+
+### Functional changes ADSyncAutoUpgrade 
+
+- Added support for the mS-DS-ConsistencyGuid feature for group objects. This allows you to move groups between forests or reconnect groups in AD to Azure AD where the AD group objectID has changed, e.g. when an AD server is rebuilt after a calamity. For more information see [Moving groups between forests](how-to-connect-migrate-groups.md).
+- The mS-DS-ConsistencyGuid attribute is automatically set on all synced groups and you do not have to do anything to enable this feature. 
+- Removed the Get-ADSyncRunProfile because it is no longer in use. 
+- Changed the warning you see when attempting to use an Enterprise Admin or Domain Admin account for the AD DS connector account to provide more context. 
+- Added a new cmdlet to remove objects from the connector space the old CSDelete.exe tool is removed, and it is replaced with the new Remove-ADSyncCSObject cmdlet. The Remove-ADSyncCSObject cmdlet takes a CsObject as input. This object can be retrieved by using the Get-ADSyncCSObject cmdlet.
+
+>[!NOTE]
+>The old CSDelete.exe tool has been removed and replaced with the new Remove-ADSyncCSObject cmdlet 
+
+### Fixed issues
+
+- Fixed a bug in the group writeback forest/OU selector on rerunning the Azure AD Connect wizard after disabling the feature. 
+- Introduced a new error page that will be displayed if the required DCOM registry values are missing with a new help link. Information is also written to log files. 
+- Fixed an issue with the creation of the Azure Active Directory synchronization account where enabling Directory Extensions or PHS may fail because the account has not propagated across all service replicas before attempted use. 
+- Fixed a bug in the sync errors compression utility that was not handling surrogate characters correctly. 
+- Fixed a bug in the auto upgrade which left the server in the scheduler suspended state. 
+
+## 1.4.38.0
+### Release status
+12/9/2019: Release for download. Not available through auto-upgrade.
+### New features and improvements
+- We updated Password Hash Sync for Azure AD Domain Services to properly account for padding in Kerberos hashes.  This will provide a performance improvement during password synchronization from Azure AD to Azure AD Domain Services.
+- We added support for reliable sessions between the authentication agent and service bus.
+- We added a DNS cache for websocket connections between authentication agent and cloud services.
+- We added the ability to target specific agent from cloud to test for agent connectivity.
+
+### Fixed issues
+- Release 1.4.18.0 had a bug where the PowerShell cmdlet for DSSO was using the login Windows credentials instead of the admin credentials provided while running ps. As a result of which it was not possible to enable DSSO in multiple forest through the Azure AD Connect user interface. 
+- A fix was made to enable DSSO simultaneously in all forest through the Azure AD Connect user interface
+
+## 1.4.32.0
+### Release status
+11/08/2019: Released for download. Not available through auto-upgrade.
+
+>[!IMPORTANT]
+>Due to an internal schema change in this release of Azure AD Connect, if you manage AD FS trust relationship configuration settings using MSOnline PowerShell then you must update your MSOnline PowerShell module to version 1.1.183.57 or higher
+
+### Fixed issues
+
+This version fixes an issue with existing Hybrid Azure AD joined devices. This release contains a new device sync rule that corrects this issue.
+Note that this rule change may cause deletion of obsolete devices from Azure AD. This is not a cause for concern, as these device objects are not used by Azure AD during Conditional Access authorization. For some customers, the number of devices that will be deleted through this rule change can exceed the deletion threshold. If you see the deletion of device objects in Azure AD exceeding the Export Deletion Threshold, it is advised to allow the deletions to go through. [How to allow deletes to flow when they exceed the deletion threshold](how-to-connect-sync-feature-prevent-accidental-deletes.md)
+
+## 1.4.25.0
+
+### Release status
+9/28/2019: Released for auto-upgrade to select tenants. Not available for download.
+
+This version fixes a bug where some servers that were auto-upgraded from a previous version to 1.4.18.0 and experienced issues with Self-service password reset (SSPR) and Password Writeback.
+
+### Fixed issues
+
+Under certain circumstances, servers that were auto upgraded to version 1.4.18.0 did not re-enable Self-service password reset and Password Writeback after the upgrade was completed. This auto upgrade release fixes that issue and re-enables Self-service password reset and Password Writeback.
+
+We fixed a bug in the sync errors compression utility that was not handling surrogate characters correctly.
+
+## 1.4.18.0
+
+>[!WARNING]
+>We are investigating an incident where some customers are experiencing an issue with existing Hybrid Azure AD joined devices after upgrading to this version of Azure AD Connect. We advise customers who have deployed Hybrid Azure AD join to postpone upgrading to this version until the root cause of these issues are fully understood and mitigated. More information will be provided as soon as possible.
+
+>[!IMPORTANT]
+>With this version of Azure AD Connect some customers may see some or all of their Windows devices disappear from Azure AD. This is not a cause for concern, as these device identities are not used by Azure AD during Conditional Access authorization. For more information see [Understanding Azure AD Connect 1.4.xx.x device disappearnce](/troubleshoot/azure/active-directory/reference-connect-device-disappearance)
+
+
+### Release status
+9/25/2019: Released for auto-upgrade only.
+
+### New features and improvements
+- New troubleshooting tooling helps troubleshoot "user not syncing", "group not syncing" or "group member not syncing" scenarios.
+- Add support for national clouds in Azure AD Connect troubleshooting script.
+- Customers should be informed that the deprecated WMI endpoints for MIIS_Service have now been removed. Any WMI operations should now be done via PS cmdlets.
+- Security improvement by resetting constrained delegation on AZUREADSSOACC object.
+- When adding/editing a sync rule, if there are any attributes used in the rule that are in the connector schema but not added to the connector, the attributes automatically added to the connector. The same is true for the object type the rule affects. If anything is added to the connector, the connector will be marked for full import on the next sync cycle.
+- Using an Enterprise or Domain admin as the connector account is no longer supported in new Azure AD Connect Deployments. Current Azure AD Connect deployments using an Enterprise or Domain admin as the connector account will not be affected by this release.
+- In the Synchronization Manager a full sync is run on rule creation/edit/deletion. A popup will appear on any rule change notifying the user if full import or full sync is going to be run.
+- Added mitigation steps for password errors to 'connectors > properties > connectivity' page.
+- Added a deprecation warning for the sync service manager on the connector properties page. This warning notifies the user that changes should be made through the Azure AD Connect wizard.
+- Added new error for issues with a user's password policy.
+- Prevent misconfiguration of  group filtering by domain and OU filters. Group filtering will show an error when the domain/OU of the entered group is already filtered out and keep the user from moving forward until the issue is resolved.
+- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the Synchronization Service Manager UI.
+- Fixed accessibility of custom UI controls in the Synchronization Service Manager.
+- Enabled six federation management tasks for all sign-in methods in Azure AD Connect.  (Previously, only the "Update AD FS TLS/SSL certificate" task was available for all sign-ins.)
+- Added a warning when changing the sign-in method from federation to PHS or PTA that all Azure AD domains and users will be converted to managed authentication.
+- Removed token-signing certificates from the "Reset Azure AD and AD FS trust" task and added a separate sub-task to update these certificates.
+- Added a new federation management task called "Manage certificates" which has sub-tasks to update the TLS or token-signing certificates for the AD FS farm.
+- Added a new federation management sub-task called "Specify primary server" which allows administrators to specify a new primary server for the AD FS farm.
+- Added a new federation management task called "Manage servers" which has sub-tasks to deploy an AD FS server, deploy a Web Application Proxy server, and specify primary server.
+- Added a new federation management task called "View federation configuration" that displays the current AD FS settings.  (Because of this addition, AD FS settings have been removed from the "Review your solution" page.)
+
+### Fixed issues
+- Resolved sync error issue for the scenario where a user object taking over its corresponding contact object has a self-reference (e.g. user is their own manager).
+- Help popups now show on keyboard focus.
+- For Auto upgrade, if any conflicting app is running from 6 hours, kill it and continue with upgrade.
+- Limit the number of attributes a customer can select to 100 per object when selecting directory extensions. This will prevent the error from occurring during export as Azure has a maximum of 100 extension attributes per object.
+- Fixed a bug to make the AD Connectivity script more robust.
+- Fixed a bug to make Azure AD Connect install on a machine using an existing Named Pipes WCF service more robust.
+- Improved diagnostics and troubleshooting around group policies that do not allow the ADSync service to start when initially installed.
+- Fixed a bug where display name for a Windows computer was written incorrectly.
+- Fix a bug where OS type for a Windows computer was written incorrectly.
+- Fixed a bug where non-Windows 10 computers were syncing unexpectedly. Note that the effect of this change is that non-Windows-10 computers that were previously synced will now be deleted. This does not affect any features as the sync of Windows computers is only used for Hybrid Azure AD domain join, which only works for Windows-10 devices.
+- Added several new (internal) cmdlets to the ADSync PowerShell module.
+
+## 1.3.21.0
+>[!IMPORTANT]
+>There is a known issue with upgrading Azure AD Connect from an earlier version to 1.3.21.0 where the Microsoft 365 portal does not reflect the updated version even though Azure AD Connect upgraded successfully.
+>
+> To resolve this, you need to import the **AdSync** module and then run the `Set-ADSyncDirSyncConfiguration` PowerShell cmdlet on the Azure AD Connect server.  You can use the following steps:
+>
+>1.    Open PowerShell in administrator mode.
+>2.    Run `Import-Module "ADSync"`.
+>3.    Run `Set-ADSyncDirSyncConfiguration -AnchorAttribute ""`.
+ 
+### Release status 
+
+05/14/2019: Released for download
+
+### Fixed issues 
+
+- Fixed an elevation of privilege vulnerability that exists in Microsoft Azure Active Directory Connect build 1.3.20.0.  This vulnerability, under certain conditions, may allow an attacker to execute two PowerShell cmdlets in the context of a privileged account, and perform privileged actions.  This security update addresses the issue by disabling these cmdlets. For more information see [security update](https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1000).
+
 
 ## 1.3.20.0 
 
 
@@ -48,6 +48,8 @@
       items:
         - name: ASP.NET Core
           href: enable-dynamic-configuration-aspnet-core.md
+        - name: ASP.NET (.NET Framework)
+          href: enable-dynamic-configuration-aspnet-netfx.md
         - name: .NET Core
           href: enable-dynamic-configuration-dotnet-core.md
         - name: .NET Framework