Merge pull request #254788 from MicrosoftDocs/main

10/12/2023 AM Publish

Author: Taojunshen

articles/active-directory/develop/index-spa.yml

@@ -31,14 +31,14 @@ landingContent:
     linkLists:
       - linkListType: tutorial
         links:
+          - text: React
+            url: tutorial-single-page-app-react-register-app.md
           - text: Angular
             url: tutorial-v2-angular-auth-code.md
-          - text: Blazor WebAssembly
-            url: tutorial-blazor-webassembly.md
           - text: JavaScript
             url: tutorial-v2-javascript-auth-code.md
-          - text: React
-            url: tutorial-single-page-app-react-register-app.md
+          - text: Blazor WebAssembly
+            url: tutorial-blazor-webassembly.md
   - title: "Scenario in depth"
     linkLists:
       - linkListType: how-to-guide

articles/active-directory/enterprise-users/clean-up-stale-guest-accounts.md

@@ -31,6 +31,9 @@ There are a few recommended patterns that are effective at monitoring and cleani
 
 Use the following instructions to learn how to enhance monitoring of inactive guest accounts at scale and create Access Reviews that follow these patterns. Consider the configuration recommendations and then make the needed changes that suit your environment.
 
+### License requirements
+[!INCLUDE [active-directory-entra-governance-license.md](../../../includes/active-directory-entra-governance-license.md)]
+
 ## Monitor guest accounts at scale with inactive guest insights (Preview)
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
@@ -48,13 +51,6 @@ Use the following instructions to learn how to enhance monitoring of inactive gu
 
 1. The inactive days are calculated based on last sign in date if the user has signed in atleast once. For users who have never signed in, the inactive days are calculated based on creation date.
 
-### License requirements
-[!INCLUDE [active-directory-entra-governance-license.md](../../../includes/active-directory-entra-governance-license.md)]
-
-> [!NOTE]
-> When you access the report for the first time, the insights in this report may not be available immediately and may take some time to generate. If you are getting an error, please follow the instructions ensuring you have Microsoft Entra ID Governance license or wait for some time to see the report generated.  
-> The inactive days calculation is based on the 2 parameters (last sign in date and creation date). If both of the dates are not available in the system, then we consider User state change date i.e. the date when the user state was last changed. This will give us the closest accurate inactivity duration for those special situations.
-
 
 ## Create a multi-stage review for guests to self-attest continued access
 

articles/active-directory/external-identities/customers/overview-customers-ciam.md

@@ -37,10 +37,11 @@ If you've worked with Microsoft Entra ID, you're already familiar with using a M
 
 - **Extensions**: If you need to add user attributes and data from external systems, you can create custom authentication extensions for your user flows.
 
-- **Sign-in methods**: You can enable various options for signing in to your app, including username and password, one-time passcode, and Google or Facebook identities. Learn more
+- **Sign-in methods**: You can enable various options for signing in to your app, including username and password, one-time passcode, and Google or Facebook identities. 
 
 - **Encryption keys**: Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords.
 
+Learn more about [password and one-time passcode](how-to-enable-password-reset-customers.md) login, and about [Google](how-to-google-federation-customers.md) and [Facebook](how-to-facebook-federation-customers.md) federation.
 
 There are two types of user accounts you can manage in your customer tenant:
 

articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 11/17/2022
+ms.date: 10/06/2023
 
 ms.author: cmulligan
 author: csmulligan
@@ -87,4 +87,3 @@ Make sure that you have the correct Client Access Licenses (CALs) or External Co
 
 - [Grant local users access to cloud apps](hybrid-on-premises-to-cloud.md)
 - [Microsoft Entra B2B collaboration for hybrid organizations](hybrid-organizations.md)
-- For an overview of Microsoft Entra Connect, see [Integrate your on-premises directories with Microsoft Entra ID](../hybrid/whatis-hybrid-identity.md).

articles/active-directory/fundamentals/whats-new.md

@@ -29,7 +29,7 @@ Microsoft Entra ID (previously known as Azure AD) receives improvements on an on
 - Deprecated functionality
 - Plans for changes
 
-> ![NOTE] 
+> [!NOTE] 
 > If you're currently using Azure AD today or are have previously deployed Azure AD in your organizations, you can continue to use the service without interruption. All existing deployments, configurations, and integrations continue to function as they do today without any action from you.
 
 This page updates monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Active Directory](whats-new-archive.md).

articles/active-directory/hybrid/cloud-sync/what-is-cloud-sync.md

@@ -79,7 +79,7 @@ The following table provides a comparison between Microsoft Entra Connect and Mi
 | Support for device writeback|● |Customers should use [Cloud Kerberos trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune) for this moving forward|
 | Support for group writeback|● | |
 | Support for merging user attributes from multiple domains|● | |
-| Active Directory Domain Services support|● | |
+| Microsoft Entra Domain Services support|● | |
 | [Exchange hybrid writeback](exchange-hybrid.md) |● |● |
 | Unlimited number of objects per AD domain |● | |
 | Support for up to 150,000 objects per AD domain |● |● |

articles/active-directory/hybrid/connect/reference-connect-version-history.md

@@ -98,7 +98,7 @@ To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade]
 
 ### Bug fixes
 
- - We fixed a bug where the new employeeLeaveDateTime attribute wasn't syncing correctly in version 2.1.19.0. Note that if the incorrect attribute was already used in a rule, then the rule must be updated with the new attribute and any objects in the Microsoft Entra connector space that have the incorrect attribute must be removed with the "Remove-ADSyncCSObject" cmdlet, and then a full sync cycle must be run.
+- We fixed a bug where the new employeeLeaveDateTime attribute wasn't syncing correctly in version 2.1.19.0. Note that if the incorrect attribute was already used in a rule, then the rule must be updated with the new attribute and any objects in the Microsoft Entra connector space that have the incorrect attribute must be removed with the "Remove-ADSyncCSObject" cmdlet, and then a full sync cycle must be run.
 
 ## 2.1.19.0
 
@@ -107,11 +107,11 @@ To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade]
 
 ### Functional changes
 
- - We added a new attribute 'employeeLeaveDateTime' for syncing to Microsoft Entra ID. To learn more about how to use this attribute to manage your users' life cycles, please refer to [this article](../../governance/how-to-lifecycle-workflow-sync-attributes.md)
+- We added a new attribute 'employeeLeaveDateTime' for syncing to Microsoft Entra ID. To learn more about how to use this attribute to manage your users' life cycles, please refer to [this article](../../governance/how-to-lifecycle-workflow-sync-attributes.md)
 
 ### Bug fixes
 
- - we fixed a bug where Microsoft Entra Connect Password writeback stopped with error code "SSPR_0029 ERROR_ACCESS_DENIED"
+- we fixed a bug where Microsoft Entra Connect Password writeback stopped with error code "SSPR_0029 ERROR_ACCESS_DENIED"
 
 ## 2.1.18.0
 
@@ -128,7 +128,7 @@ To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade]
 8/2/2022: Released for download and autoupgrade.
 
 ### Bug fixes
- - We fixed a bug where autoupgrade fails when the service account is in "UPN" format.
+- We fixed a bug where autoupgrade fails when the service account is in "UPN" format.
 
 ## 2.1.15.0
 
@@ -282,7 +282,7 @@ When you upgrade to this V1.6 build or any newer builds, the group membership li
 ### Functional changes
 
 - We added the latest versions of Microsoft Identity Manager (MIM) Connectors (1.1.1610.0). For more information, see the [release history page of the MIM Connectors](/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-version-history#1116100-september-2021).
-- We added a configuration option to disable the Soft Matching feature in Microsoft Entra Connect. We recommend that you disable Soft Matching unless you need it to take over cloud-only accounts. To disable Soft Matching, see [this reference article](/powershell/module/msonline/set-msoldirsyncfeature#example-2--block-soft-matching-for-the-tenant).
+- We added a configuration option to disable the Soft Matching feature in Microsoft Entra Connect. We recommend that you disable Soft Matching unless you need it to take over cloud-only accounts. To disable Soft Matching, see [this reference article](../../hybrid/connect/how-to-connect-install-existing-tenant.md#hard-match-vs-soft-match).
 
 ### Bug fixes
 
@@ -315,7 +315,7 @@ When you upgrade to this V1.6 build or any newer builds, the group membership li
 ### Functional changes
 
 - We added the latest versions of MIM Connectors (1.1.1610.0). For more information, see the [release history page of the MIM Connectors](/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-version-history#1116100-september-2021).
-- We added a configuration option to disable the Soft Matching feature in Microsoft Entra Connect. We recommend that you disable Soft Matching unless you need it to take over cloud-only accounts. To disable Soft Matching, see [this reference article](/powershell/module/msonline/set-msoldirsyncfeature#example-2--block-soft-matching-for-the-tenant).
+- We added a configuration option to disable the Soft Matching feature in Microsoft Entra Connect. We recommend that you disable Soft Matching unless you need it to take over cloud-only accounts. To disable Soft Matching, see [this reference article](../../hybrid/connect/how-to-connect-install-existing-tenant.md#hard-match-vs-soft-match).
 
 ## 2.0.10.0
 
@@ -618,3 +618,4 @@ This is a bug fix release. There are no functional changes in this release.
 ## Next steps
 
 Learn more about how to [integrate your on-premises identities with Microsoft Entra ID](../whatis-hybrid-identity.md).
+

articles/ai-services/Anomaly-Detector/toc.yml

@@ -120,7 +120,7 @@
           href: https://azure.microsoft.com/support/legal/cognitive-services-compliance-and-privacy/
         - name: Set up Virtual Networks
           href: ../cognitive-services-virtual-networks.md?context=/azure/ai-services/anomaly-detector/context/context
-        - name: Use Azure AD authentication
+        - name: Use Microsoft Entra authentication
           href: ../authentication.md?context=/azure/ai-services/anomaly-detector/context/context
     - name: Support and help options
       href: ../cognitive-services-support-options.md?context=/azure/ai-services/anomaly-detector/context/context

articles/ai-services/LUIS/encrypt-data-at-rest.md

@@ -32,7 +32,7 @@ By default, your subscription uses Microsoft-managed encryption keys. There is a
 
 There is also an option to manage your subscription with your own keys. Customer-managed keys (CMK), also known as Bring your own key (BYOK), offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your data.
 
-You must use Azure Key Vault to store your customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. The Azure AI services resource and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](../../key-vault/general/overview.md).
+You must use Azure Key Vault to store your customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. The Azure AI services resource and the key vault must be in the same region and in the same Microsoft Entra tenant, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](../../key-vault/general/overview.md).
 
 ### Customer-managed keys for Language Understanding
 
@@ -59,13 +59,13 @@ To learn how to use customer-managed keys with Azure Key Vault for Azure AI serv
 
 - [Configure customer-managed keys with Key Vault for Azure AI services encryption from the Azure portal](../Encryption/cognitive-services-encryption-keys-portal.md)
 
-Enabling customer managed keys will also enable a system assigned managed identity, a feature of Azure AD. Once the system assigned managed identity is enabled, this resource will be registered with Azure Active Directory. After being registered, the managed identity will be given access to the Key Vault selected during customer managed key setup. You can learn more about [Managed Identities](../../active-directory/managed-identities-azure-resources/overview.md).
+Enabling customer managed keys will also enable a system assigned managed identity, a feature of Microsoft Entra ID. Once the system assigned managed identity is enabled, this resource will be registered with Microsoft Entra ID. After being registered, the managed identity will be given access to the Key Vault selected during customer managed key setup. You can learn more about [Managed Identities](../../active-directory/managed-identities-azure-resources/overview.md).
 
 > [!IMPORTANT]
 > If you disable system assigned managed identities, access to the key vault will be removed and any data encrypted with the customer keys will no longer be accessible. Any features depended on this data will stop working.
 
 > [!IMPORTANT]
-> Managed identities do not currently support cross-directory scenarios. When you configure customer-managed keys in the Azure portal, a managed identity is automatically assigned under the covers. If you subsequently move the subscription, resource group, or resource from one Azure AD directory to another, the managed identity associated with the resource is not transferred to the new tenant, so customer-managed keys may no longer work. For more information, see **Transferring a subscription between Azure AD directories** in [FAQs and known issues with managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/known-issues.md#transferring-a-subscription-between-azure-ad-directories).  
+> Managed identities do not currently support cross-directory scenarios. When you configure customer-managed keys in the Azure portal, a managed identity is automatically assigned under the covers. If you subsequently move the subscription, resource group, or resource from one Microsoft Entra directory to another, the managed identity associated with the resource is not transferred to the new tenant, so customer-managed keys may no longer work. For more information, see **Transferring a subscription between Microsoft Entra directories** in [FAQs and known issues with managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/known-issues.md#transferring-a-subscription-between-azure-ad-directories).  
 
 ### Store customer-managed keys in Azure Key Vault
 

articles/ai-services/LUIS/luis-how-to-collaborate.md

@@ -35,34 +35,38 @@ After you have been added as a contributor, [sign in to the LUIS portal](how-to/
 
 ### Users with multiple emails
 
-If you add contributors to a LUIS app, you are specifying the exact email address. While Azure Active Directory (Azure AD) allows a single user to have more than one email account used interchangeably, LUIS requires the user to sign in with the email address specified when adding the contributor.
+If you add contributors to a LUIS app, you are specifying the exact email address. While Microsoft Entra ID allows a single user to have more than one email account used interchangeably, LUIS requires the user to sign in with the email address specified when adding the contributor.
 
 <a name="owner-and-collaborators"></a>
 
-### Azure Active Directory resources
+<a name='azure-active-directory-resources'></a>
 
-If you use [Azure Active Directory](../../active-directory/index.yml) (Azure AD) in your organization, Language Understanding (LUIS) needs permission to the information about your users' access when they want to use LUIS. The resources that LUIS requires are minimal.
+### Microsoft Entra resources
+
+If you use [Microsoft Entra ID](../../active-directory/index.yml) (Microsoft Entra ID) in your organization, Language Understanding (LUIS) needs permission to the information about your users' access when they want to use LUIS. The resources that LUIS requires are minimal.
 
 You see the detailed description when you attempt to sign up with an account that has admin consent or does not require admin consent, such as administrator consent:
 
 * Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information. This gives LUIS permission to read basic profile data, such as user ID, email, name
 * Allows the app to see and update your data, even when you are not currently using the app. The permission is required to refresh the access token of the user.
 
 
-### Azure Active Directory tenant user
+<a name='azure-active-directory-tenant-user'></a>
+
+### Microsoft Entra tenant user
 
-LUIS uses standard Azure Active Directory (Azure AD) consent flow.
+LUIS uses standard Microsoft Entra consent flow.
 
-The tenant admin should work directly with the user who needs access granted to use LUIS in the Azure AD.
+The tenant admin should work directly with the user who needs access granted to use LUIS in the Microsoft Entra ID.
 
 * First, the user signs into LUIS, and sees the pop-up dialog needing admin approval. The user contacts the tenant admin before continuing.
 * Second, the tenant admin signs into LUIS, and sees a consent flow pop-up dialog. This is the dialog the admin needs to give permission for the user. Once the admin accepts the permission, the user is able to continue with LUIS. If the tenant admin will not sign in to LUIS, the admin can access [consent](https://account.activedirectory.windowsazure.com/r#/applications) for LUIS. On this page you can filter the list to items that include the name `LUIS`.
 
 If the tenant admin only wants certain users to use LUIS, there are a couple of possible solutions:
-* Giving the "admin consent" (consent to all users of the Azure AD), but then set to "Yes" the "User assignment required" under Enterprise Application Properties, and finally assign/add only the wanted users to the Application. With this method, the Administrator is still providing "admin consent" to the App, however, it's possible to control the users that can access it.
-* A second solution, is by using the [Azure AD identity and access management API in Microsoft Graph](/graph/azuread-identity-access-management-concept-overview) to provide consent to each specific user.
+* Giving the "admin consent" (consent to all users of the Microsoft Entra ID), but then set to "Yes" the "User assignment required" under Enterprise Application Properties, and finally assign/add only the wanted users to the Application. With this method, the Administrator is still providing "admin consent" to the App, however, it's possible to control the users that can access it.
+* A second solution, is by using the [Microsoft Entra identity and access management API in Microsoft Graph](/graph/azuread-identity-access-management-concept-overview) to provide consent to each specific user.
 
-Learn more about Azure active directory users and consent:
+Learn more about Microsoft Entra users and consent:
 * [Restrict your app](../../active-directory/develop/howto-restrict-your-app-to-a-set-of-users.md) to a set of users
 
 ## Next steps