Merge branch 'main' into mason/app_msi

Author: jiec-msft

.openpublishing.redirection.azure-monitor.json

@@ -10,11 +10,6 @@
             "redirect_url": "/azure/azure-monitor/app/performance-counters",
             "redirect_document_id": true
         },
-        {
-            "source_path_from_root": "/articles/application-insights/cloudservices.md",
-            "redirect_url": "/azure/azure-monitor/app/azure-web-apps-net",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/azure-monitor/insights/service-bus-insights.md",
             "redirect_url": "/azure/service-bus-messaging/service-bus-insights",

articles/active-directory-b2c/find-help-open-support-ticket.md

@@ -75,10 +75,13 @@ If you're unable to find answers by using self-help resources, you can open an o
 
     1. Select a **[Severity](https://azure.microsoft.com/support/plans/response)**, and your preferred contact method.
 
+    > [!NOTE]
+    > Under **Advanced diagnostic information**, it's highly recommended that you allow the collection of advanced information by selecting **Yes**. It enables Microsoft support team to investigate the issue faster.
 
     :::image type="content" source="media/find-help-and-submit-support-ticket/find-help-and-submit-support-ticket-1.png" alt-text="Screenshot of how to find help and submit support ticket part 1.":::
 
     :::image type="content" source="media/find-help-and-submit-support-ticket/find-help-and-submit-support-ticket-2.png" alt-text="Screenshot of how to find help and submit support ticket part 2.":::
+
 
 1. Select **Next**. Under **4. Review + create**, you'll see a summary of your support ticket. 
 

articles/active-directory-b2c/partner-eid-me.md

@@ -101,7 +101,7 @@ To configure your tenant application as a Relying Party in eID-Me the following
 | Name                               | Azure AD B2C/your desired application name                                                                                                                                                                                                                                                                                                                                                                       |
 | Domain                             | name.onmicrosoft.com                                                                                                                                                                                                                                                                                                                                                                                             |
 | Redirect URIs                      | https://jwt.ms                                                                                                                                                                                                                                                                                                                                                                       |
-| Redirect URLs                      | https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
+| Redirect URLs                      | `https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp`<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
 | URL for application home page      | Will be displayed to the end user                                                                                                                                                                                                                                                                                                                                                                                |
 | URL for application privacy policy | Will be displayed to the end user                                                                                                                                                                                                                                                                                                                                                                                |
 
@@ -300,7 +300,7 @@ There are additional identity claims that eID-Me supports and can be added.
 
 1. Open the `TrustFrameworksExtension.xml`
 
-2. Find the `BuildingBlocks` element.  This is where additional identity claims that eID-Me supports can be added. Full lists of supported eID-Me identity claims with descriptions are mentioned at [http://www.oid-info.com/get/1.3.6.1.4.1.50715](http://www.oid-info.com/get/1.3.6.1.4.1.50715) with the OIDC identifiers used here [https://eid-me.bluink.ca/.well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
+2. Find the `BuildingBlocks` element.  This is where additional identity claims that eID-Me supports can be added. Full lists of supported eID-Me identity claims with descriptions are mentioned at `http://www.oid-info.com/get/1.3.6.1.4.1.50715` with the OIDC identifiers used here [https://eid-me.bluink.ca/.well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
 
    ```xml
    <BuildingBlocks>

articles/active-directory-domain-services/TOC.yml

@@ -91,6 +91,8 @@
           href: migrate-from-classic-vnet.md
         - name: Change SKU
           href: change-sku.md
+        - name: Retrieve data
+          href: how-to-data-retrieval.md
     - name: Secure Azure AD DS
       items:
         - name: Secure your managed domain

articles/active-directory-domain-services/how-to-data-retrieval.md

@@ -0,0 +1,99 @@
+---
+title: Instructions for data retrieval from Azure Active Directory Domain Services | Microsoft Docs
+description: Learn how to retrieve data from Azure Active Directory Domain Services (Azure AD DS).
+services: active-directory-ds
+author: justinha
+manager: karenhoran
+
+ms.service: active-directory
+ms.subservice: domain-services
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 04/14/2022
+ms.author: justinha
+ms.reviewer: manthanm
+---
+
+# Azure AD DS instructions for data retrieval
+
+This document describes how to retrieve data from Azure Active Directory Domain Services (Azure AD DS).
+
+[!INCLUDE [active-directory-app-provisioning.md](../../includes/gdpr-intro-sentence.md)]
+
+## Use Azure Active Directory to create, read, update, and delete user objects
+
+You can create a user in the Azure AD portal or by using Graph PowerShell or Graph API. You can also read, update, and delete users. The next sections show how to do these operations in the Azure AD portal. 
+
+### Create, read, or update a user
+
+You can create a new user using the Azure Active Directory portal.
+To add a new user, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/) in the User Administrator role for the organization.
+
+1. Search for and select *Azure Active Directory* from any page.
+
+1. Select **Users**, and then select **New user**.
+
+    ![Add a user through Users - All users in Azure AD](./media/tutorial-create-management-vm/add-user-in-users-all-users.png)
+
+1. On the **User** page, enter information for this user:
+
+   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
+
+   - **User name**. Required. The user name of the new user. For example, `[email protected]`.
+
+   - **Groups**. Optionally, you can add the user to one or more existing groups. 
+
+   - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. 
+
+   - **Job info**: You can add more information about the user here.
+
+1. Copy the autogenerated password provided in the **Password** box. You'll need to give this password to the user to sign in for the first time.
+
+1. Select **Create**.
+
+The user is created and added to your Azure AD organization.
+
+To read or update a user, search for and select the user such as, _Mary Parker_. Change any property and click **Save**. 
+
+### Delete a user
+
+To delete a user, follow these steps:
+
+1. Search for and select the user you want to delete from your Azure AD tenant. For example, _Mary Parker_.
+
+1. Select **Delete user**.
+
+   ![Users - All users page with Delete user highlighted](./media/tutorial-create-management-vm/delete-user-all-users-blade.png)
+
+
+The user is deleted and no longer appears on the **Users - All users** page. The user can be seen on the **Deleted users** page for the next 30 days and can be restored during that time. 
+
+When a user is deleted, any licenses consumed by the user are made available for other users.
+
+## Use RSAT tools to connect to an Azure AD DS managed domain and view users
+
+Sign in to an administrative workstation with a user account that's a member of the *AAD DC Administrators* group. The following steps require installation of [Remote Server Administration Tools (RSAT)](tutorial-create-management-vm.md#install-active-directory-administrative-tools).
+
+1. From the **Start** menu, select **Windows Administrative Tools**. The Active Directory Administration Tools are listed.
+
+    ![List of Administrative Tools installed on the server](./media/tutorial-create-management-vm/list-admin-tools.png)
+
+1. Select **Active Directory Administrative Center**.
+1. To explore the managed domain, choose the domain name in the left pane, such as *aaddscontoso*. Two containers named *AADDC Computers* and *AADDC Users* are at the top of the list.
+
+    ![List the available containers part of the managed domain](./media/tutorial-create-management-vm/active-directory-administrative-center.png)
+
+1. To see the users and groups that belong to the managed domain, select the **AADDC Users** container. The user accounts and groups from your Azure AD tenant are listed in this container.
+
+    In the following example output, a user account named *Contoso Admin* and a group for *AAD DC Administrators* are shown in this container.
+
+    ![View the list of Azure AD DS domain users in the Active Directory Administrative Center](./media/tutorial-create-management-vm/list-azure-ad-users.png)
+
+1. To see the computers that are joined to the managed domain, select the **AADDC Computers** container. An entry for the current virtual machine, such as *myVM*, is listed. Computer accounts for all devices that are joined to the managed domain are stored in this *AADDC Computers* container.
+
+You can also use the *Active Directory Module for Windows PowerShell*, installed as part of the administrative tools, to manage common actions in your managed domain.
+
+## Next steps
+* [Azure AD DS Overview](overview.md)

articles/active-directory-domain-services/media/tutorial-create-management-vm/add-user-in-users-all-users.png

@@ -84,7 +84,7 @@ Scoping filters are configured as part of the attribute mappings for each Azure
 
    g. **REGEX MATCH**. Clause returns "true" if the evaluated attribute matches a regular expression pattern. For example: ([1-9][0-9]) matches any number between 10 and 99 (case sensitive).
 
-   h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern.
+   h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern. It will return "false" if the attribute is null / empty.
 
    i. **Greater_Than.** Clause returns "true" if the evaluated attribute is greater than the value. The value specified on the scoping filter must be an integer and the attribute on the user must be an integer [0,1,2,...]. 
 
@@ -97,6 +97,7 @@ Scoping filters are configured as part of the attribute mappings for each Azure
 > - The IsMemberOf filter is not supported currently.
 > - The members attribute on a group is not supported currently.
 > - EQUALS and NOT EQUALS are not supported for multi-valued attributes
+> - Scoping filters will return "false" if the value is null / empty
 
 9. Optionally, repeat steps 7-8 to add more scoping clauses.
 

articles/active-directory-domain-services/media/tutorial-create-management-vm/delete-user-all-users-blade.png

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/16/2022
+ms.date: 04/13/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -1237,6 +1237,18 @@ Generate a user alias by taking first three letters of user's first name and fir
 * **INPUT** (surname): "Doe"
 * **OUTPUT**:  "JohDoe"
 
+### Add a comma between last name and first name. 
+Add a comma between last name and first name. 
+
+**Expression:** 
+`Join(", ", "", [surname], [givenName])`
+
+**Sample input/output:** 
+
+* **INPUT** (givenName): "John"
+* **INPUT** (surname): "Doe"
+* **OUTPUT**:  "Doe, John"
+
 
 ## Related Articles
 * [Automate User Provisioning/Deprovisioning to SaaS Apps](../app-provisioning/user-provisioning.md)

articles/active-directory/app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md

@@ -13,7 +13,7 @@ ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Azure AD on-premises application provisioning architecture (preview)
+# Azure AD on-premises application identity provisioning architecture (preview)
 
 ## Overview
 
@@ -97,10 +97,6 @@ You can define one or more matching attribute(s) and prioritize them based on th
 ## Provisioning agent questions
 Some common questions are answered here.
 
-### What is the GA version of the provisioning agent?
-
-For the latest GA version of the provisioning agent, see [Azure AD connect provisioning agent: Version release history](provisioning-agent-release-version-history.md).
-
 ### How do I know the version of my provisioning agent?
 
  1. Sign in to the Windows server where the provisioning agent is installed.
@@ -138,19 +134,19 @@ You can also check whether all the required ports are open.
      - Microsoft Azure AD Connect Agent Updater
      - Microsoft Azure AD Connect Provisioning Agent Package
 
-### Provisioning agent history
+## Provisioning agent history
 This article lists the versions and features of Azure Active Directory Connect Provisioning Agent that have been released. The Azure AD team regularly updates the Provisioning Agent with new features and functionality. Please ensure that you do not use the same agent for on-prem provisioning and Cloud Sync / HR-driven provisioning.
 
 Microsoft provides direct support for the latest agent version and one version before.
 
-## Download link
+### Download link
 You can download the latest version of the agent using [this link](https://aka.ms/onpremprovisioningagent).
 
-## 1.1.846.0
+### 1.1.846.0
 
 April 11th, 2022 - released for download
 
-### Fixed issues
+#### Fixed issues
 
 - We added support for ObjectGUID as an anchor for the generic LDAP connector when provisioning users into AD LDS.