Skip to content

Commit 1839d63

Browse files
authored
Merge pull request #223761 from MicrosoftDocs/main
Merge main to live, 4AM
2 parents f252f6a + 71d99d9 commit 1839d63

File tree

75 files changed

+625
-325
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

75 files changed

+625
-325
lines changed

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ For every user in SuccessFactors, Azure AD provisioning service retrieves the fo
7171
| 26 | Manager User | employmentNav/jobInfoNav/managerUserNav | Only if `managerUserNav` is mapped |
7272

7373
## How full sync works
74-
Based on the attribute-mapping, during full sync Azure AD provisioning service sends the following "GET" OData API query to fetch effective data of all active users.
74+
Based on the attribute-mapping, during full sync Azure AD provisioning service sends the following "GET" OData API query to fetch effective data of all active and terminated workers.
7575

7676
> [!div class="mx-tdCol2BreakAll"]
7777
>| Parameter | Description |
@@ -216,9 +216,11 @@ Extending this scenario:
216216

217217
### Mapping employment status to account status
218218

219-
By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://launchpad.support.sap.com/#/notes/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work.
219+
By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. You may encounter one of the following issues with this attribute.
220+
1. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://launchpad.support.sap.com/#/notes/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work.
221+
1. If the `PersonEmpTerminationInfo` object gets set to null, during termination, then AD account disabling will not work, as the provisioning engine filters out records where `personEmpTerminationInfoNav` object is set to null.
220222

221-
If you are running into this issue or prefer mapping employment status to account status, you can update the mapping to expand the `emplStatus` field and use the employment status code present in the field `emplStatus.externalCode`. Based on [SAP support note 2505526](https://launchpad.support.sap.com/#/notes/2505526), here is a list of employment status codes that you can retrieve in the provisioning app.
223+
If you are running into any of these issues or prefer mapping employment status to account status, you can update the mapping to expand the `emplStatus` field and use the employment status code present in the field `emplStatus.externalCode`. Based on [SAP support note 2505526](https://launchpad.support.sap.com/#/notes/2505526), here is a list of employment status codes that you can retrieve in the provisioning app.
222224
* A = Active
223225
* D = Dormant
224226
* U = Unpaid Leave

articles/active-directory/develop/permissions-consent-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ There are other ways in which applications can be granted authorization for app-
5252

5353
### Comparison of delegated and application permissions
5454

55-
| <!-- No header--> | Delegated permissions | Application permissions |
55+
| | Delegated permissions | Application permissions |
5656
|--|--|--|
5757
| Types of apps | Web / Mobile / single-page app (SPA) | Web / Daemon |
5858
| Access context | Get access on behalf of a user | Get access without a user |

articles/active-directory/develop/whats-new-docs.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: active-directory
55
author: henrymbuguakiarie
66
manager: CelesteDG
77

8-
ms.date: 01/05/2023
8+
ms.date: 01/11/2023
99
ms.service: active-directory
1010
ms.subservice: develop
1111
ms.topic: reference
@@ -27,14 +27,14 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
2727

2828
### Updated articles
2929

30-
- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
30+
- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
3131
- [Quickstart: Get a token and call the Microsoft Graph API by using a console app's identity](quickstart-v2-netcore-daemon.md)
32+
- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
33+
- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
3234
- [Tutorial: Sign in users and call a protected API from a Blazor WebAssembly app](tutorial-blazor-webassembly.md)
33-
- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
34-
- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)
3535
- [Web app that signs in users: App registration](scenario-web-app-sign-user-app-registration.md)
36-
- [Microsoft identity platform docs: What's new](whats-new-docs.md)
37-
- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
36+
- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)
37+
3838
## November 2022
3939

4040
### New articles

articles/aks/configure-kubenet.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -138,10 +138,23 @@ You can create an AKS cluster using a system-assigned managed identity by runnin
138138
az aks create \
139139
--resource-group myResourceGroup \
140140
--name myAKSCluster \
141-
--node-count 3 \
142141
--network-plugin kubenet \
143-
--vnet-subnet-id $SUBNET_ID
142+
--service-cidr 10.0.0.0/16 \
143+
--dns-service-ip 10.0.0.10 \
144+
--pod-cidr 10.244.0.0/16 \
145+
--docker-bridge-address 172.17.0.1/16 \
146+
--vnet-subnet-id $SUBNET_ID
144147
```
148+
* The *--service-cidr* is optional. This address is used to assign internal services in the AKS cluster an IP address. This IP address range should be an address space that isn't in use elsewhere in your network environment, including any on-premises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection.
149+
150+
* The *--dns-service-ip* is optional. The address should be the *.10* address of your service IP address range.
151+
152+
* The *--pod-cidr* is optional. This address should be a large address space that isn't in use elsewhere in your network environment. This range includes any on-premises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection.
153+
* This address range must be large enough to accommodate the number of nodes that you expect to scale up to. You can't change this address range once the cluster is deployed if you need more addresses for additional nodes.
154+
* The pod IP address range is used to assign a */24* address space to each node in the cluster. In the following example, the *--pod-cidr* of *10.244.0.0/16* assigns the first node *10.244.0.0/24*, the second node *10.244.1.0/24*, and the third node *10.244.2.0/24*.
155+
* As the cluster scales or upgrades, the Azure platform continues to assign a pod IP address range to each new node.
156+
157+
* The *--docker-bridge-address* is optional. The address lets the AKS nodes communicate with the underlying management platform. This IP address must not be within the virtual network IP address range of your cluster, and shouldn't overlap with other address ranges in use on your network.
145158

146159
> [!Note]
147160
> If you wish to enable an AKS cluster to include a [Calico network policy][calico-network-policies] you can use the following command.

articles/api-management/api-management-howto-configure-custom-domain-gateway.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ ms.author: danlep
1616

1717
When you provision a [self-hosted Azure API Management gateway](self-hosted-gateway-overview.md), it is not assigned a host name and has to be referenced by its IP address. This article shows how to map an existing custom DNS name (also referred to as hostname) to a self-hosted gateway.
1818

19+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
20+
1921
## Prerequisites
2022

2123
To perform the steps described in this article, you must have:

articles/api-management/api-management-howto-provision-self-hosted-gateway.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ ms.author: danlep
2020

2121
Provisioning a gateway resource in your Azure API Management instance is a prerequisite for deploying a self-hosted gateway. This article walks through the steps to provision a gateway resource in API Management.
2222

23+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
24+
2325
## Prerequisites
2426

2527
Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)

articles/api-management/how-to-configure-cloud-metrics-logs.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ This article provides details for configuring cloud metrics and logs for the [se
2222

2323
The self-hosted gateway has to be associated with an API management service and requires outbound TCP/IP connectivity to Azure on port 443. The gateway leverages the outbound connection to send telemetry to Azure, if configured to do so.
2424

25+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
26+
2527
## Metrics
2628
By default, the self-hosted gateway emits a number of metrics through [Azure Monitor](https://azure.microsoft.com/services/monitor/), same as the managed gateway [in the cloud](api-management-howto-use-azure-monitor.md).
2729

articles/api-management/how-to-configure-local-metrics-logs.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ ms.author: danlep
2020

2121
This article provides details for configuring local metrics and logs for the [self-hosted gateway](./self-hosted-gateway-overview.md) deployed on a Kubernetes cluster. For configuring cloud metrics and logs, see [this article](how-to-configure-cloud-metrics-logs.md).
2222

23+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
24+
2325
## Metrics
2426

2527
The self-hosted gateway supports [StatsD](https://github.com/statsd/statsd), which has become a unifying protocol for metrics collection and aggregation. This section walks through the steps for deploying StatsD to Kubernetes, configuring the gateway to emit metrics via StatsD, and using [Prometheus](https://prometheus.io/) to monitor the metrics.

articles/api-management/how-to-deploy-self-hosted-gateway-azure-arc.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ Deploying the API Management gateway on an Azure Arc-enabled Kubernetes cluster
1919
> [!NOTE]
2020
> You can also deploy the self-hosted gateway [directly to Kubernetes](./how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md).
2121
22+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
23+
2224
## Prerequisites
2325

2426
* [Connect your Kubernetes cluster](../azure-arc/kubernetes/quickstart-connect-cluster.md) within a supported Azure Arc region.

articles/api-management/how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ This article provides the steps for deploying self-hosted gateway component of A
1818
> [!NOTE]
1919
> You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](../azure-arc/kubernetes/extensions.md).
2020
21+
[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
22+
2123
## Prerequisites
2224

2325
- [Create an Azure API Management instance](get-started-create-service-instance.md)

0 commit comments

Comments
 (0)