Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory/fundamentals/8-secure-access-sensitivity-labels.md

@@ -63,7 +63,7 @@ As you plan the governance of external access to your content, consider content,
 
 To define High, Medium, or Low Business Impact (HBI, MBI, LBI) for data, sites, and groups, consider the effect on your organization if the wrong content types are shared. 
 
-* Credit card, passport, national-ID numbers
+* Credit card, passport, national/regional ID numbers
   * [Apply a sensitivity label to content automatically](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide&preserve-view=true)
 * Content created by corporate officers: compliance, finance, executive, etc.
 * Strategic or financial data in libraries or sites. 

articles/active-directory/saas-apps/cisco-unity-connection-tutorial.md

@@ -0,0 +1,121 @@
+---
+title: Azure Active Directory SSO integration with Cisco Unity Connection
+description: Learn how to configure single sign-on between Azure Active Directory and Cisco Unity Connection.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: how-to
+ms.date: 05/05/2023
+ms.author: jeedes
+
+---
+
+# Azure Active Directory SSO integration with Cisco Unity Connection
+
+In this article, you learn how to integrate Cisco Unity Connection with Azure Active Directory (Azure AD). Cisco Unity Connection is a robust unified messaging and voicemail solution that provides users with flexible message access options including support for voice commands, STT transcriptions etc. When you integrate Cisco Unity Connection with Azure AD, you can:
+
+* Control in Azure AD who has access to Cisco Unity Connection.
+* Enable your users to be automatically signed-in to Cisco Unity Connection with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+You configure and test Azure AD single sign-on for Cisco Unity Connection in a test environment. Cisco Unity Connection supports **SP** initiated single sign-on.
+
+## Prerequisites
+
+To integrate Azure Active Directory with Cisco Unity Connection, you need:
+
+* An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Cisco Unity Connection single sign-on (SSO) enabled subscription.
+
+## Add application and assign a test user
+
+Before you begin the process of configuring single sign-on, you need to add the Cisco Unity Connection application from the Azure AD gallery. You need a test user account to assign to the application and test the single sign-on configuration.
+
+### Add Cisco Unity Connection from the Azure AD gallery
+
+Add Cisco Unity Connection from the Azure AD application gallery to configure single sign-on with Cisco Unity Connection. For more information on how to add application from the gallery, see the [Quickstart: Add application from the gallery](../manage-apps/add-application-portal.md).
+
+### Create and assign Azure AD test user
+
+Follow the guidelines in the [create and assign a user account](../manage-apps/add-application-portal-assign-users.md) article to create a test user account in the Azure portal called B.Simon.
+
+Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, and assign roles. The wizard also provides a link to the single sign-on configuration pane in the Azure portal. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides). 
+
+## Configure Azure AD SSO
+
+Complete the following steps to enable Azure AD single sign-on in the Azure portal.
+
+1. In the Azure portal, on the **Cisco Unity Connection** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+   ![Screenshot shows how to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, if you have **Service Provider metadata file** then perform the following steps:
+
+	a. Click **Upload metadata file**.
+
+    ![Screenshot shows how to upload metadata file.](common/upload-metadata.png "File")
+
+	b. Click on **folder logo** to select the metadata file and click **Upload**.
+
+	![Screenshot shows to choose and browse metadata file.](common/browse-upload-metadata.png "Folder")
+
+	c. After the metadata file is successfully uploaded, the **Identifier** and **Reply URL** values get auto populated in Basic SAML Configuration section.
+
+	d. In the **Sign on URL** textbox, type a URL using the following pattern:
+	`https://<FQDN_CUC_node>`
+
+	> [!Note]
+	> You will get the **Service Provider metadata file** from the [Cisco Unity Connection support team](mailto:[email protected]). If the **Identifier** and **Reply URL** values do not get auto populated, then fill the values manually according to your requirement.
+
+1. Cisco Unity Connection application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
+
+	![Screenshot shows the image of attributes configuration.](common/default-attributes.png "Image")
+
+1. In addition to above, Cisco Unity Connection application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+
+	| Name |  Source Attribute|
+	| ---------------|  --------- |
+	| uid | user.onpremisessamaccountname |
+
+1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
+
+    ![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
+
+1. On the **Set up Cisco Unity Connection** section, copy the appropriate URL(s) based on your requirement.
+
+	![Screenshot shows how to copy configuration appropriate URL.](common/copy-configuration-urls.png "Metadata")
+
+## Configure Cisco Unity Connection SSO
+
+To configure single sign-on on **Cisco Unity Connection** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Cisco Unity Connection support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Cisco Unity Connection test user
+
+In this section, you create a user called Britta Simon in Cisco Unity Connection. Work with [Cisco Unity Connection support team](mailto:[email protected]) to add the users in the Cisco Unity Connection platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+* Click on **Test this application** in Azure portal. This will redirect to Cisco Unity Connection Sign-on URL where you can initiate the login flow. 
+
+* Go to Cisco Unity Connection Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the Cisco Unity Connection tile in the My Apps, this will redirect to Cisco Unity Connection Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Additional resources
+
+* [What is single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* [Plan a single sign-on deployment](../manage-apps/plan-sso-deployment.md).
+
+## Next steps
+
+Once you configure Cisco Unity Connection you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

articles/active-directory/saas-apps/toc.yml

@@ -468,6 +468,8 @@
         href: cisco-intersight-tutorial.md
       - name: Cisco Webex
         href: cisco-spark-tutorial.md
+      - name: Cisco Unity Connection
+        href: cisco-unity-connection-tutorial.md
       - name: Cisco Umbrella
         href: cisco-umbrella-tutorial.md    
       - name: Cisco Unified Communications Manager

articles/aks/TOC.yml

@@ -290,6 +290,7 @@
           href: use-tags.md
         - name: Use labels
           href: use-labels.md
+        - name: Enforce best practices with Guardrails
     - name: Security and authentication
       items:
         - name: Overview of Defender for Containers

articles/aks/deploy-marketplace.md

@@ -1,14 +1,14 @@
 ---
-title: Deploy an Azure container offer from Azure Marketplace 
-description: Learn how to deploy Azure container offers from Azure Marketplace on an Azure Kubernetes Service (AKS) cluster.
+title: Deploy a Kubernetes application from Azure Marketplace 
+description: Learn how to deploy Kubernetes applications from Azure Marketplace on an Azure Kubernetes Service (AKS) cluster.
 author: nickomang
 ms.author: nickoman
 ms.topic: how-to
-ms.date: 09/30/2022
+ms.date: 05/01/2023
 ms.custom: ignite-fall-2022, references_regions
 ---
 
-# Deploy a container offer from Azure Marketplace (preview)
+# Deploy a Kubernetes application from Azure Marketplace (preview)
 
 [Azure Marketplace][azure-marketplace] is an online store that contains thousands of IT software applications and services built by industry-leading technology companies. In Azure Marketplace, you can find, try, buy, and deploy the software and services that you need to build new solutions and manage your cloud infrastructure. The catalog includes solutions for different industries and technical areas, free trials, and consulting services from Microsoft partners.
 
@@ -39,7 +39,7 @@ This feature is currently supported only in the following regions:
 - Australia East
 - Central India
 
-Kubernetes application-based container offers cannot be deployed on AKS for Azure Stack HCI or AKS Edge Essentials.
+Kubernetes application-based container offers can't be deployed on AKS for Azure Stack HCI or AKS Edge Essentials.
 
 ## Register resource providers
 
@@ -52,6 +52,32 @@ az provider register --namespace Microsoft.KubernetesConfiguration --wait
 
 ## Select and deploy a Kubernetes offer
 
+### From the AKS portal screen
+
+1. In the [Azure portal](https://portal.azure.com/), you can deploy a Kubernetes application from an existing cluster by navigating to **Marketplace** or selecting **Extensions + applications**, then selecting **+ Add**.
+
+   :::image type="content" source="./media/deploy-marketplace/add-inline.png" alt-text="The Azure portal page for the A K S cluster is shown. 'Extensions + Applications' is selected, and '+ Add' is highlighted." lightbox="./media/deploy-marketplace/add.png":::
+
+1. You can search for an offer or publisher directly by name, or you can browse all offers.
+
+   :::image type="content" source="./media/deploy-marketplace/marketplace-view-inline.png" alt-text="Screenshot of Kubernetes offers in the Azure portal." lightbox="./media/deploy-marketplace/marketplace-view.png":::
+
+1. After you decide on an application, select the offer.
+
+1. On the **Plans + Pricing** tab, select an option. Ensure that the terms are acceptable, and then select **Create**.
+
+   :::image type="content" source="./media/deploy-marketplace/plan-pricing.png" alt-text="Screenshot of the offer purchasing page in the Azure portal, showing plan and pricing information.":::
+
+1. Follow each page in the wizard, all the way through Review + Create. Fill in information for your resource group, your cluster, and any configuration options that the application requires. You can decide to deploy on a new AKS cluster or use an existing cluster.
+
+   :::image type="content" source="./media/deploy-marketplace/review-create.png" alt-text="Screenshot of the Azure portal wizard for deploying a new offer, with the selector for creating a cluster or using an existing one.":::
+
+1. When the application is deployed, the portal shows your deployment in progress, along with details.
+
+   :::image type="content" source="./media/deploy-marketplace/deploying.png" alt-text="Screenshot of the Azure portal deployments screen, showing that the Kubernetes offer is currently being deployed.":::
+
+### From the Marketplace portal screen
+
 1. In the [Azure portal](https://portal.azure.com/), search for **Marketplace** on the top search bar. In the results, under **Services**, select **Marketplace**.
 
 1. You can search for an offer or publisher directly by name, or you can browse all offers. To find Kubernetes application offers, on the left side under **Categories** select **Containers**.
@@ -61,9 +87,9 @@ az provider register --namespace Microsoft.KubernetesConfiguration --wait
    > [!IMPORTANT]
    > The **Containers** category includes both Kubernetes applications and standalone container images. This walkthrough is specific to Kubernetes applications. If you find that the steps to deploy an offer differ in some way, you're most likely trying to deploy a container image-based offer instead of a Kubernetes application-based offer.
 
-1. You will see several Kubernetes application offers displayed on the page. To view all of the Kubernetes application offers, select **See more**.
+1. You'll see several Kubernetes application offers displayed on the page. To view all of the Kubernetes application offers, select **See more**.
 
-   :::image type="content" source="./media/deploy-marketplace/see-more-inline.png" alt-text="Screenshot of Azure Marketplace K8s offers in the Azure portal" lightbox="./media/deploy-marketplace/see-more.png":::
+   :::image type="content" source="./media/deploy-marketplace/see-more-inline.png" alt-text="Screenshot of Azure Marketplace K8s offers in the Azure portal. 'See More' is highlighted." lightbox="./media/deploy-marketplace/see-more.png":::
 
 1. After you decide on an application, select the offer.
 
@@ -79,22 +105,54 @@ az provider register --namespace Microsoft.KubernetesConfiguration --wait
 
    :::image type="content" source="./media/deploy-marketplace/deployment-inline.png" alt-text="Screenshot of the Azure portal that shows a successful resource deployment to the cluster." lightbox="./media/deploy-marketplace/deployment-full.png":::
 
-1. Verify the deployment by using the following command to list the extensions that are running on your cluster:
+## Verify the deployment
+
+### [Azure CLI](#tab/azure-cli)
+
+Verify the deployment by using the following command to list the extensions that are running on your cluster:
 
    ```azurecli-interactive
    az k8s-extension list --cluster-name <clusterName> --resource-group <resourceGroupName> --cluster-type managedClusters
    ```
 
+### [Portal](#tab/azure-portal)
+
+Verify the deployment navigating to the cluster you recently installed the extension on, then navigate to "Extensions + Applications", where you'll see the extension status:
+
+   :::image type="content" source="./media/deploy-marketplace/verify-inline.png" lightbox="./media/deploy-marketplace/verify.png" alt-text="The Azure portal page for the A K S cluster is shown. 'Extensions + Applications' is selected, and the deployed extension is listed.":::
+
+---
+
 ## Manage the offer lifecycle
 
 For lifecycle management, an Azure Kubernetes offer is represented as a cluster extension for AKS. For more information, see [Cluster extensions for AKS][cluster-extensions].
 
-Purchasing an offer from Azure Marketplace creates a new instance of the extension on your AKS cluster. You can view the extension instance from the cluster by using the following command:
+Purchasing an offer from Azure Marketplace creates a new instance of the extension on your AKS cluster.
+
+### [Azure CLI](#tab/azure-cli)
+
+You can view the extension instance from the cluster by using the following command:
 
 ```azurecli-interactive
 az k8s-extension show --name <extension-name> --cluster-name <clusterName> --resource-group <resourceGroupName> --cluster-type managedClusters
 ```
 
+### [Portal](#tab/azure-portal)
+
+First, navigate to an existing cluster, then select "Extensions + applications":
+
+:::image type="content" source="./media/deploy-marketplace/cluster-view.png" alt-text="The Azure portal page for the A K S cluster. 'Extensions + Applications' is highlighted.":::
+
+You'll see your recently installed extensions listed:
+
+:::image type="content" source="./media/deploy-marketplace/verify-inline.png" lightbox="./media/deploy-marketplace/verify.png" alt-text="The Azure portal page for the A K S cluster. 'Extensions + Applications' is selected, and deployed extensions are listed.":::
+
+Select an extension name to navigate to a properties view where you're able to disable auto upgrades, check the provisioning state, delete the extension instance, or modify configuration settings as needed.
+
+:::image type="content" source="./media/deploy-marketplace/properties.png" alt-text="The Azure portal page for extension properties.":::
+
+---
+
 ## Monitor billing and usage information
 
 To monitor billing and usage information for the offer that you deployed:
@@ -107,12 +165,22 @@ To monitor billing and usage information for the offer that you deployed:
 
 ## Remove an offer
 
-You can delete a purchased plan for an Azure container offer by deleting the extension instance on the cluster. For example:
+You can delete a purchased plan for an Azure container offer by deleting the extension instance on the cluster.
+
+### [Azure CLI](#tab/azure-cli)
 
 ```azurecli-interactive
 az k8s-extension delete --name <extension-name> --cluster-name <clusterName> --resource-group <resourceGroupName> --cluster-type managedClusters
 ```
 
+### [Portal](#tab/azure-portal)
+
+Select an application, then select the uninstall button to remove the extension from your cluster:
+
+:::image type="content" source="./media/deploy-marketplace/uninstall-inline.png" alt-text="The Azure portal page for the A K S cluster is shown. The deployed extension is listed with the 'uninstall' button highlighted." lightbox="./media/deploy-marketplace/uninstall.png":::
+
+---
+
 ## Troubleshooting
 
 If you experience issues, see the [troubleshooting checklist for failed deployments of a Kubernetes offer][marketplace-troubleshoot].