MicrosoftDocs
diff --git a/‎.openpublishing.redirection.active-directory.json
Lines changed: 25 additions & 0 deletions b/‎.openpublishing.redirection.active-directory.json
Lines changed: 25 additions & 0 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory/app-provisioning/on-premises-powershell-connector.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/app-provisioning/on-premises-powershell-connector.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/active-directory/authentication/certificate-based-authentication-faq.yml
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/authentication/certificate-based-authentication-faq.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/active-directory-optional-claims.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory/develop/active-directory-optional-claims.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-assignments.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/governance/entitlement-management-access-package-assignments.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/privileged-identity-management/TOC.yml
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/privileged-identity-management/TOC.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md renamed to ‎articles/active-directory/privileged-identity-management/pim-approval-workflow.md
Lines changed: 1 addition & 2 deletions b/‎articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md renamed to ‎articles/active-directory/privileged-identity-management/pim-approval-workflow.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎articles/active-directory/privileged-identity-management/pim-complete-azure-ad-roles-and-resource-roles-review.md renamed to ‎articles/active-directory/privileged-identity-management/pim-complete-roles-and-resource-roles-review.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/privileged-identity-management/pim-complete-azure-ad-roles-and-resource-roles-review.md renamed to ‎articles/active-directory/privileged-identity-management/pim-complete-roles-and-resource-roles-review.md
Lines changed: 1 addition & 1 deletion
@@ -12450,6 +12450,31 @@
       "source_path_from_root": "/articles/active-directory/hybrid/whatis-phs.md",
       "redirect_url": "/azure/active-directory/hybrid/connect/whatis-phs",
       "redirect_document_id": false
+      },
+
+      {
+        "source_path_from_root": "/articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md",
+        "redirect_url": "/azure/active-directory/privileged-identity-management/pim-approval-workflow",
+        "redirect_document_id": false
+      },
+
+      {
+        "source_path_from_root": "/articles/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md",
+        "redirect_url": "/azure/active-directory/privileged-identity-management/pim-create-roles-and-resource-roles-review",
+        "redirect_document_id": false
+      },
+
+      {
+        "source_path_from_root": "/articles/active-directory/privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md",
+        "redirect_url": "/azure/active-directory/privileged-identity-management/pim-perform-roles-and-resource-roles-review",
+        "redirect_document_id": false
+      },
+
+      {
+        "source_path_from_root": "/articles/active-directory/privileged-identity-management/pim-complete-azure-ad-roles-and-resource-roles-review.md",
+        "redirect_url": "/azure/active-directory/privileged-identity-management/pim-complete-roles-and-resource-roles-review",
+        "redirect_document_id": false
       }
+
   ]
 }
@@ -17429,6 +17429,11 @@
             "redirect_url": "/azure/virtual-network/virtual-networks-using-network-configuration-file",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/virtual-network-manager/how-to-exclude-elements.md",
+            "redirect_url": "/azure/virtual-network-manager/how-to-define-network-group-membership-azure-policy",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/networking/virtual-network-test-latency.md",
             "redirect_url": "/azure/virtual-network/virtual-network-test-latency",
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: how-to
 ms.workload: identity
-ms.date: 02/08/2022
+ms.date: 05/11/2023
 ms.author: billmath
 ms.reviewer: arvinh
 ---
@@ -167,7 +167,7 @@ The capabilities tab defines the behavior and functionality of the connector. Th
 |No Reference Values In First Export Pass|Unchecked|When checked, reference attributes are exported in a second export pass. |
 |Enable Object Rename|Unchecked|When checked, distinguished names can be modified. |
 |Delete-Add As Replace|Checked|Not supported. This will be ignored.|
-|Enable Export Password in First Pass|Checked|Not supported. This will be ignored.|
+|Enable Export Password in First Pass|Unchecked|Not supported. This will be ignored.|
 
 
 ### Global Parameters
@@ -182,10 +182,10 @@ The Global Parameters tab enables you to configure the Windows PowerShell script
 |Partition Script|\<Blank>|
 |Hierarchy Script|\<Blank>|
 |Begin Import Script|\<Blank>|
-|Import Script|Paste ImportData code as value|
+|Import Script|[Paste the import script as the value](https://github.com/microsoft/MIMPowerShellConnectors/blob/master/src/ECMA2HostCSV/Scripts/Import%20Scripts.ps1)|
 |End Import Script|\<Blank>|
-|Begin Export Script|Paste Begin export code as value|
-|Export Script|Paste ExportData code as value|
+|Begin Export Script|\<Blank>|
+|Export Script|[Paste the import script as the value](https://github.com/microsoft/MIMPowerShellConnectors/blob/master/src/ECMA2HostCSV/Scripts/Export%20Script.ps1)|
 |End Export Script|\<Blank>|
 |Begin Password Script|\<Blank>|
 |Password Extension Script|\<Blank>|
 
@@ -37,7 +37,9 @@ sections:
           How can an administrator enable Azure AD CBA?
         answer: |
           1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator.
-          1. Click **Azure Active Directory** > **Security** > **Authentication methods** > **Certificate-based Authentication** > **Basics**, click **Yes** to enable certificate-based authentication.
+          2. Select **Azure Active Directory** > **Security** > **Authentication methods** > **Policies**.
+          3. Select policy: **Certificate-based Authentication**.
+          4. On the **Enable and Target** tab, select the **Enable** toggle to enable certificate-based authentication.
 
       - question: |
           Is Azure AD CBA a free feature?
 
@@ -65,6 +65,9 @@ The set of optional claims available by default for applications to use are list
 | `xms_tpl`                  | Tenant preferred language| JWT | | The resource tenant's preferred language, if set. Formatted LL ("en"). |
 | `ztdid`                    | Zero-touch Deployment ID | JWT | | The device identity used for [Windows AutoPilot](/windows/deployment/windows-autopilot/windows-10-autopilot) |
 
+> [!WARNING]
+> Never use `email` or `upn` claim values to store or determine whether the user in an access token should have access to data. Mutable claim values like these can change over time, making them insecure and unreliable for authorization.
+
 ## v2.0-specific optional claims set
 
 These claims are always included in v1.0 Azure AD tokens, but not included in v2.0 tokens unless requested. These claims are only applicable for JWTs (ID tokens and Access Tokens).
 
@@ -49,7 +49,7 @@ To enable security defaults in your directory:
 1. Sign in to the [Azure portal](https://portal.azure.com) as a security administrator, Conditional Access administrator, or global administrator.
 1. Browse to **Azure Active Directory** > **Properties**.
 1. Select **Manage security defaults**.
-1. Set **Security defaults** to **Enabled **.
+1. Set **Security defaults** to **Enabled**.
 1. Select **Save**.
 
 ![Screenshot of the Azure portal with the toggle to enable security defaults](./media/concept-fundamentals-security-defaults/security-defaults-azure-ad-portal.png)
 
@@ -154,8 +154,8 @@ You can assign a user to an access package in PowerShell with the `New-MgEntitle
 ```powershell
 Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All"
 Select-MgProfile -Name "beta"
-$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "accessPackageAssignmentPolicies"
-$policy = $accesspackage.AccessPackageAssignmentPolicies[0]
+$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "AssignmentPolicies"
+$policy = $accesspackage.AssignmentPolicies[0]
 $req = New-MgEntitlementManagementAccessPackageAssignmentRequest -AccessPackageId $accesspackage.Id -AssignmentPolicyId $policy.Id -TargetId "a43ee6df-3cc5-491a-ad9d-ea964ef8e464"
 ```
 
@@ -170,8 +170,8 @@ For example, if you want to ensure all the users who are currently members of a
 Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All,Directory.Read.All"
 Select-MgProfile -Name "beta"
 $members = Get-MgGroupMember -GroupId "a34abd69-6bf8-4abd-ab6b-78218b77dc15"
-$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "accessPackageAssignmentPolicies"
-$policy = $accesspackage.AccessPackageAssignmentPolicies[0]
+$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "AssignmentPolicies"
+$policy = $accesspackage.AssignmentPolicies[0]
 $req = New-MgEntitlementManagementAccessPackageAssignment -AccessPackageId $accesspackage.Id -AssignmentPolicyId $policy.Id -RequiredGroupMember $members
 ```
 
@@ -183,8 +183,8 @@ If you wish to add an assignment for a user who is not yet in your directory, yo
 ```powershell
 Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All"
 Select-MgProfile -Name "beta"
-$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "accessPackageAssignmentPolicies"
-$policy = $accesspackage.AccessPackageAssignmentPolicies[0]
+$accesspackage = Get-MgEntitlementManagementAccessPackage -DisplayNameEq "Marketing Campaign" -ExpandProperty "AssignmentPolicies"
+$policy = $accesspackage.AssignmentPolicies[0]
 $req = New-MgEntitlementManagementAccessPackageAssignmentRequest -AccessPackageId $accesspackage.Id -AssignmentPolicyId $policy.Id -TargetEmail "[email protected]"
 ```
 
 
@@ -53,7 +53,7 @@
   - name: Approve
     items:
     - name: Azure AD roles
-      href: azure-ad-pim-approval-workflow.md
+      href: pim-approval-workflow.md
     - name: Azure roles
       href: pim-resource-roles-approval-workflow.md
     - name: Groups
@@ -93,11 +93,11 @@
     - name: Azure AD roles and Azure resource roles
       items:
       - name: Create an access review
-        href: pim-create-azure-ad-roles-and-resource-roles-review.md
+        href: pim-create-roles-and-resource-roles-review.md
       - name: Perform an access review
-        href: pim-perform-azure-ad-roles-and-resource-roles-review.md
+        href: pim-perform-roles-and-resource-roles-review.md
       - name: Complete an access review
-        href: pim-complete-azure-ad-roles-and-resource-roles-review.md
+        href: pim-complete-roles-and-resource-roles-review.md
   - name: Discovery & Insights for Azure AD roles
     href: pim-security-wizard.md
   - name: Elevate access to manage Azure subscriptions
 
@@ -11,9 +11,8 @@ ms.subservice: pim
 ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 07/11/2022
+ms.date: 05/11/2023
 ms.author: amsliu
-ms.reviewer: japere
 ms.custom: pim
 ms.collection: M365-identity-device-management
 ---
 
@@ -11,7 +11,7 @@ ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 10/07/2021
+ms.date: 5/11/2023
 ms.author: amsliu
 ms.reviewer: shaunliu
 ms.custom: pim