Skip to content

Commit 16c5374

Browse files
authored
Merge pull request #95370 from MicrosoftDocs/master
11/08 AM Publish
2 parents 35715a7 + c51ad0c commit 16c5374

File tree

50 files changed

+978
-706
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+978
-706
lines changed

articles/active-directory/authentication/howto-mfa-getstarted.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,9 @@ function Set-MfaState {
206206
Get-MsolUser -All | Set-MfaState -State Disabled
207207
```
208208

209+
> [!NOTE]
210+
> We recently changed the behavior and PowerShell script above accordingly. Previously, the script saved off the MFA methods, disabled MFA, and restored the methods. This is no longer necessary now that the default behavior for disable doesn't clear the methods.
211+
209212
## Plan Conditional Access policies
210213

211214
To plan your Conditional Access policy strategy, which will determine when MFA and other controls are required, refer to [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md).

articles/active-directory/hybrid/how-to-connect-staged-rollout.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ manager: daveba
66
ms.service: active-directory
77
ms.workload: identity
88
ms.topic: conceptual
9-
ms.date: 10/28/2019
9+
ms.date: 11/07/2019
1010
ms.subservice: hybrid
1111
ms.author: billmath
1212
ms.collection: M365-identity-device-management
@@ -113,18 +113,18 @@ Enable Seamless SSO on the AD forests using PowerShell. If you have more than
113113

114114
2. Navigate to the %programfiles%\\Microsoft Azure Active Directory Connect folder.
115115

116-
3. Import the Seamless SSO PowerShell module using this command: `Import-Module .\\AzureADSSO.psd1`.
116+
3. Import the Seamless SSO PowerShell module using this command: `Import-Module .\AzureADSSO.psd1`.
117117

118118
4. Run PowerShell as an Administrator. In PowerShell, call `New-AzureADSSOAuthenticationContext`. This command should give you a dialog box where you can enter your tenant's Global Administrator credentials.
119119

120-
5. Call `Get-AzureADSSOStatus \| ConvertFrom-Json`. This command provides you the list of AD forests (look at the \"Domains\" list) on which this feature has been enabled. By default, it is set to false at the tenant level.
120+
5. Call `Get-AzureADSSOStatus | ConvertFrom-Json`. This command provides you the list of AD forests (look at the \"Domains\" list) on which this feature has been enabled. By default, it is set to false at the tenant level.
121121

122122
> **Example:**
123123
> ![Example of the Windows PowerShell output](./media/how-to-connect-staged-rollout/sr3.png)
124124
125-
6. Call `\$creds = Get-Credential`. When prompted, enter the Domain Administrator credentials for the intended AD forest.
125+
6. Call `$creds = Get-Credential`. When prompted, enter the Domain Administrator credentials for the intended AD forest.
126126

127-
7. Call `Enable-AzureADSSOForest -OnPremCredentials \$creds`. This command creates the AZUREADSSOACC computer account from the on-premises domain controller for this specific Active Directory forest that is required for Seamless SSO.
127+
7. Call `Enable-AzureADSSOForest -OnPremCredentials $creds`. This command creates the AZUREADSSOACC computer account from the on-premises domain controller for this specific Active Directory forest that is required for Seamless SSO.
128128

129129
8. Seamless SSO requires URLs to be in the intranet zone. Please refer to the [seamless single sign-on quickstart](how-to-connect-sso-quick-start.md#step-3-roll-out-the-feature) to deploy those URL's using Group Policies.
130130

@@ -236,7 +236,7 @@ Here is how you can track user sign-ins still happening on AD FS for selected st
236236

237237
- **Q: Can we use PowerShell to perform staged rollout?**
238238

239-
- A: Yes, Please find the documentation to use PowerShell to perform staged rollout here.
239+
- A: Yes, Please find the documentation to use PowerShell to perform staged rollout [here](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview#staged_rollout).
240240

241241
## Next Steps
242242
- [AzureAD 2.0 preview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview#staged_rollout )

articles/active-directory/hybrid/reference-connect-sync-attributes-synchronized.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ In this case, start with the list of attributes in this topic and identify those
5959
| company |X |X | | |
6060
| countryCode |X |X | | |
6161
| department |X |X | | |
62-
| description |X |X |X | |
62+
| description | | |X | |
6363
| displayName |X |X |X | |
6464
| dLMemRejectPerms |X |X |X | |
6565
| dLMemSubmitPerms |X |X |X | |

articles/active-directory/hybrid/reference-connect-version-history.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -75,8 +75,8 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
7575
- Added a deprecation warning for the sync service manager on the connector properties page. This warning notifies the user that changes should be made through the AADC wizard.
7676
- Added new error for issues with a user's password policy.
7777
- Prevent misconfiguration of group filtering by domain and OU filters. Group filtering will show an error when the domain/OU of the entered group is already filtered out and keep the user from moving forward until the issue is resolved.
78-
- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the old UI.
79-
- Fixed accessibility of custom UI controls in the Sync Service Manager
78+
- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the Synchronization Service Manager UI.
79+
- Fixed accessibility of custom UI controls in the Synchronization Service Manager.
8080
- Enabled six federation management tasks for all sign-in methods in Azure AD Connect. (Previously, only the “Update AD FS SSL certificate” task was available for all sign-ins.)
8181
- Added a warning when changing the sign-in method from federation to PHS or PTA that all Azure AD domains and users will be converted to managed authentication.
8282
- Removed token-signing certificates from the “Reset Azure AD and AD FS trust” task and added a separate sub-task to update these certificates.
@@ -128,7 +128,7 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
128128
- Add support for Domain Refresh
129129
- Exchange Mail Public Folders feature goes GA
130130
- Improve wizard error handling for service failures
131-
- Added warning link for old UI on connector properties page.
131+
- Added warning link on Synchronization Service Manager UI in the connector properties page.
132132
- The Unified Groups Writeback feature is now GA
133133
- Improved SSPR error message when the DC is missing an LDAP control
134134
- Added diagnostics for DCOM registry errors during install
@@ -154,7 +154,7 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
154154
- Fix VSS Errors with LocalDB
155155
- Fix misleading error message when object type is not in scope
156156
- Corrected an issue where installation of Azure AD PowerShell on a server could potentially cause an assembly conflict with Azure AD Connect.
157-
- Fixed PHS bug on Staging Server when Connector Credentials are updated in the old UI.
157+
- Fixed PHS bug on Staging Server when Connector Credentials are updated in the Synchronization Service Manager UI.
158158
- Fixed some memory leaks
159159
- Miscellaneous Autoupgrade fixes
160160
- Miscellaneous fixes to Export and Unconfirmed Import Processing

articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: Approve or deny requests for Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
2+
title: Approve or deny requests for Azure AD roles in PIM - Azure AD | Microsoft Docs
33
description: Learn how to approve or deny requests for Azure AD roles in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
@@ -13,7 +13,7 @@ ms.topic: article
1313
ms.tgt_pltfrm: na
1414
ms.workload: identity
1515
ms.subservice: pim
16-
ms.date: 04/09/2019
16+
ms.date: 11/08/2019
1717
ms.author: curtand
1818
ms.custom: pim
1919
ms.collection: M365-identity-device-management

articles/active-directory/privileged-identity-management/azure-pim-resource-rbac.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: View activity and audit history for Azure resource roles in PIM - Azure Active Directory | Microsoft Docs
2+
title: View audit report for Azure resource roles in PIM - Azure AD | Microsoft Docs
33
description: View activity and audit history for Azure resource roles in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
@@ -14,7 +14,7 @@ ms.topic: article
1414
ms.tgt_pltfrm: na
1515
ms.workload: identity
1616
ms.subservice: pim
17-
ms.date: 04/09/2019
17+
ms.date: 11/08/2019
1818
ms.author: curtand
1919

2020
ms.collection: M365-identity-device-management

articles/active-directory/privileged-identity-management/pim-how-to-perform-security-review.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
---
2-
title: Review access to Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
3-
description: Learn how to review access of Azure AD roles in Azure AD Privileged Identity Management (PIM).
2+
title: Review access to Azure AD roles in PIM - Azure AD | Microsoft Docs
3+
description: Learn how to review access of Azure Active Directory roles in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
66
author: curtand
7-
manager: mtillman
7+
manager: daveba
88
editor: ''
99

1010
ms.service: active-directory

articles/active-directory/privileged-identity-management/pim-how-to-start-security-review.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
---
2-
title: Create an access review of Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
2+
title: Create an access review of Azure AD roles in PIM - Azure AD | Microsoft Docs
33
description: Learn how to create an access review of Azure AD roles in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
66
author: curtand
7-
manager: mtillman
7+
manager: daveba
88
editor: ''
99

1010
ms.service: active-directory
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
1919

2020
# Create an access review of Azure AD roles in Privileged Identity Management
2121

22-
Requirements for users to obtain access to privileged Azure Active Directory (Azure AD) roles can change over time. To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically.
22+
To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically.
2323

2424
This article describes how to create one or more access reviews for privileged Azure AD roles.
2525

articles/active-directory/privileged-identity-management/pim-resource-roles-custom-role-policy.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
---
2-
title: Use custom roles for Azure resources in Privileged Identity Management - Azure Active Directory | Microsoft Docs
2+
title: Use custom roles for Azure resources in PIM - Azure AD | Microsoft Docs
33
description: Learn how to use custom roles for Azure resources in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
66
author: curtand
7-
manager: mtillman
7+
manager: daveba
88
ms.service: active-directory
99
ms.devlang: na
1010
ms.topic: conceptual
1111
ms.tgt_pltfrm: na
1212
ms.workload: identity
1313
ms.subservice: pim
14-
ms.date: 10/23/2019
14+
ms.date: 11/08/2019
1515
ms.author: curtand
1616
ms.collection: M365-identity-device-management
1717
---

articles/active-directory/privileged-identity-management/pim-resource-roles-overview-dashboards.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
---
2-
title: Use a resource dashboard to perform an access review in Privileged Identity Management - Azure Active Directory | Microsoft Docs
2+
title: Resource dashboards for access reviews in PIM - Azure AD | Microsoft Docs
33
description: Describes how to use a resource dashboard to perform an access review in Azure AD Privileged Identity Management (PIM).
44
services: active-directory
55
documentationcenter: ''
66
author: curtand
7-
manager: mtillman
7+
manager: daveba
88
editor: markwahl-msft
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.devlang: na
1313
ms.topic: conceptual
1414
ms.subservice: pim
15-
ms.date: 10/23/2019
15+
ms.date: 11/08/2019
1616
ms.author: curtand
1717
ms.custom: pim
1818
ms.collection: M365-identity-device-management

0 commit comments

Comments
 (0)