Merge pull request #199310 from MicrosoftDocs/main

5/25 AM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -84,6 +84,26 @@
             "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections-scsm.md" ,
             "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections.md",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-metric-overview.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#metric-alerts",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-managing-alert-instances.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alerts-page.md",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-unified-log.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#log-alerts",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/activity-log-alerts.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#activity-log-alerts",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.defender-for-cloud.json

@@ -15,6 +15,11 @@
             "redirect_url": "/azure/defender-for-cloud/policy-reference",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/security-center/security-center-identity-access.md",
+            "redirect_url": "/articles/defender-for-cloud/multi-factor-authentication-enforcement",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/security-center/security-center-policy-definitions.md",
             "redirect_url": "/azure/defender-for-cloud/policy-reference",

articles/active-directory/develop/scenario-spa-acquire-token.md

@@ -154,6 +154,8 @@ For success and failure of the silent token acquisition, MSAL Angular provides e
 import { MsalBroadcastService } from '@azure/msal-angular';
 import { EventMessage, EventType } from '@azure/msal-browser';
 
+import { filter, Subject, takeUntil } from 'rxjs';
+
 // In app.component.ts
 export class AppComponent implements OnInit {
 	private readonly _destroying$ = new Subject<void>();
@@ -226,7 +228,7 @@ For success and failure of the silent token acquisition, MSAL Angular provides c
 ```javascript
 // In app.component.ts
  ngOnInit() {
-    this.subscription=  this.broadcastService.subscribe("msal:acquireTokenFailure", (payload) => {
+    this.subscription = this.broadcastService.subscribe("msal:acquireTokenFailure", (payload) => {
     });
 }
 ngOnDestroy() {
@@ -394,15 +396,18 @@ You can use optional claims for the following purposes:
 To request optional claims in `IdToken`, you can send a stringified claims object to the `claimsRequest` field of the `AuthenticationParameters.ts` class.
 
 ```javascript
-"optionalClaims":
-   {
-      "idToken": [
-            {
-                  "name": "auth_time",
-                  "essential": true
-             }
-      ],
-
+var claims = {
+  optionalClaims:
+    {
+       idToken: [
+          {
+             name: "auth_time",
+             essential: true
+           }
+      	],
+   }
+};
+   
 var request = {
     scopes: ["user.read"],
     claimsRequest: JSON.stringify(claims)

articles/active-directory/external-identities/cross-cloud-settings.md

@@ -44,9 +44,16 @@ After each organization has completed these steps, Azure AD B2B collaboration be
 
 In your Microsoft cloud settings, enable the Microsoft Azure cloud you want to collaborate with.
 
+> [!NOTE]
+> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links: 
+>
+>Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
+>
+>Microsoft Azure China - https://aka.ms/cloudsettingschina
+
 1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or Security administrator account. Then open the **Azure Active Directory** service.
 1. Select **External Identities**, and then select **Cross-tenant access settings (Preview)**.
-1. Select **Cross cloud settings**.
+1. Select **Microsoft cloud settings (Preview)**.
 1. Select the checkboxes next to the external Microsoft Azure clouds you want to enable.
 
    ![Screenshot showing Microsoft cloud settings.](media/cross-cloud-settings/cross-cloud-settings.png)

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -71,6 +71,13 @@ To set up B2B collaboration, both organizations configure their Microsoft cloud
 
 For configuration steps, see [Configure Microsoft cloud settings for B2B collaboration (Preview)](cross-cloud-settings.md).
 
+> [!NOTE]
+> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links: 
+>
+>Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
+>
+>Microsoft Azure China - https://aka.ms/cloudsettingschina
+
 ### Default settings in cross-cloud scenarios
 
 To collaborate with a partner tenant in a different Microsoft Azure cloud, both organizations need to mutually enable B2B collaboration with each other. The first step is to enable the partner's cloud in your cross-tenant settings. When you first enable another cloud, B2B collaboration is blocked for all tenants in that cloud. You need to add the tenant you want to collaborate with to your Organizational settings, and at that point your default settings go into effect for that tenant only. You can allow the default settings to remain in effect, or you can modify the organizational settings for the tenant.

articles/active-directory/manage-apps/datawiza-with-azure-ad.md

@@ -1,89 +1,95 @@
 ---
 title: Secure hybrid access with Datawiza
 titleSuffix: Azure AD
-description: In this tutorial, learn how to integrate Datawiza with Azure AD for secure hybrid access 
+description: Learn how to integrate Datawiza with Azure AD. See how to use Datawiza and Azure AD to authenticate users and give them access to on-premises and cloud apps.
 services: active-directory
 author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
-ms.date: 8/27/2021
+ms.date: 05/19/2022
 ms.author: gasinh
 ms.collection: M365-identity-device-management
+ms.custom: kr2b-contr-experiment
 ---
 
 # Tutorial: Configure Datawiza with Azure Active Directory for secure hybrid access
 
 In this sample tutorial, learn how to integrate Azure Active Directory (Azure AD) with [Datawiza](https://www.datawiza.com/) for secure hybrid access.
 
-Datawiza's [Datawiza Access Broker
-(DAB)](https://www.datawiza.com/access-broker) extends Azure AD to enable Single Sign-on (SSO) and granular access controls to protect on-premise and cloud-hosted applications, such as Oracle E-Business Suite, Microsoft IIS, and SAP.
+Datawiza's [Datawiza Access Broker (DAB)](https://www.datawiza.com/access-broker) extends Azure AD to enable single sign-on (SSO) and provide granular access controls to protect on-premises and cloud-hosted applications, such as Oracle E-Business Suite, Microsoft IIS, and SAP.
 
-Using this solution enterprises can quickly transition from legacy Web Access Managers (WAMs), such as Symantec SiteMinder, NetIQ, Oracle, and IBM to Azure AD without rewriting applications. Enterprises can also use Datawiza as a no-code or low-code solution to integrate new applications to Azure AD. This saves engineering time, reduces cost significantly and delivers the project in a secured manner.
+By using this solution, enterprises can quickly transition from legacy web access managers (WAMs), such as Symantec SiteMinder, NetIQ, Oracle, and IBM, to Azure AD without rewriting applications. Enterprises can also use Datawiza as a no-code or low-code solution to integrate new applications to Azure AD. This approach saves engineering time, reduces cost significantly, and delivers the project in a secured manner.
 
 ## Prerequisites
 
-To get started, you'll need:
+To get started, you need:
 
 - An Azure subscription. If you don\'t have a subscription, you can get a [trial account](https://azure.microsoft.com/free/).
 
 - An [Azure AD tenant](../fundamentals/active-directory-access-create-new-tenant.md)
 that's linked to your Azure subscription.
 
-- [Docker](https://docs.docker.com/get-docker/) and
-[docker-compose](https://docs.docker.com/compose/install/)
-are required to run DAB. Your applications can run on any platform, such as the virtual machine and bare metal.
+- [Docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose/install/), which are required to run DAB. Your applications can run on any platform, such as a virtual machine and bare metal.
 
-- An application that you'll transition from a legacy identity system to Azure AD. In this example, DAB is deployed on the same server where the application is. The application will run on localhost: 3001 and DAB proxies traffic to the application via localhost: 9772. The traffic to the application will reach DAB first and then be proxied to the application.
+- An application that you'll transition from a legacy identity system to Azure AD. In this example, DAB is deployed on the same server as the application. The application runs on localhost: 3001, and DAB proxies traffic to the application via localhost: 9772. The traffic to the application reaches DAB first and is then proxied to the application.
 
 ## Scenario description
 
 Datawiza integration includes the following components:
 
-- [Azure AD](../fundamentals/active-directory-whatis.md) - Microsoft's cloud-based identity and access management service, which helps users sign in and access external and internal resources.
+- [Azure AD](../fundamentals/active-directory-whatis.md) - A cloud-based identity and access management service from Microsoft. Azure AD helps users sign in and access external and internal resources.
 
-- Datawiza Access Broker (DAB) - The service user sign on and transparently passes identity to applications through HTTP headers.
+- Datawiza Access Broker (DAB) - The service that users sign on to. DAB transparently passes identity information to applications through HTTP headers.
 
-- Datawiza Cloud Management Console (DCMC) - A centralized management console that manages DAB. DCMC provides UI and RESTful APIs for administrators to manage the configurations of DAB and its access control policies.
+- Datawiza Cloud Management Console (DCMC) - A centralized management console that manages DAB. DCMC provides UI and RESTful APIs for administrators to manage the DAB configuration and access control policies.
 
 The following architecture diagram shows the implementation.
 
-![image shows architecture diagram](./media/datawiza-with-azure-active-directory/datawiza-architecture-diagram.png)
+![Architecture diagram that shows the authentication process that gives a user access to an on-premises application.](./media/datawiza-with-azure-active-directory/datawiza-architecture-diagram.png)
 
-|Steps| Description|
+|Step| Description|
 |:----------|:-----------|
-|  1. | The user makes a request to access the on-premises or cloud-hosted application. DAB proxies the request made by the user to the application.|
-| 2. |The DAB checks the user's authentication state. If it doesn't receive a session token, or the supplied session token is invalid, then it sends the user to Azure AD for authentication.|
+| 1. | The user makes a request to access the on-premises or cloud-hosted application. DAB proxies the request made by the user to the application.|
+| 2. | DAB checks the user's authentication state. If it doesn't receive a session token, or the supplied session token is invalid, it sends the user to Azure AD for authentication.|
 | 3. | Azure AD sends the user request to the endpoint specified during the DAB application's registration in the Azure AD tenant.|
-| 4. | The DAB evaluates access policies and calculates attribute values to be included in HTTP headers forwarded to the application. During this step, the DAB may call out to the Identity provider to retrieve the information needed to set the header values correctly. The DAB sets the header values and sends the request to the application. |
-| 5. |  The user is now authenticated and has access to the application.|
+| 4. | DAB evaluates access policies and calculates attribute values to be included in HTTP headers forwarded to the application. During this step, DAB may call out to the identity provider to retrieve the information needed to set the header values correctly. DAB sets the header values and sends the request to the application. |
+| 5. |  The user is authenticated and has access to the application.|
 
 ## Onboard with Datawiza
 
-To integrate your on-premises or cloud-hosted application with Azure AD, login to [Datawiza Cloud Management
+To integrate your on-premises or cloud-hosted application with Azure AD, sign in to [Datawiza Cloud Management
 Console](https://console.datawiza.com/) (DCMC).
 
 ## Create an application on DCMC
 
-[Create an application](https://docs.datawiza.com/step-by-step/step2.html) and generate a key pair of `PROVISIONING_KEY` and `PROVISIONING_SECRET` for the application on the DCMC.
+In the next step, you create an application on DCMC and generate a key pair for the app. The key pair consists of a `PROVISIONING_KEY` and `PROVISIONING_SECRET`. To create the app and generate the key pair, follow the instructions in [Datawiza Cloud Management Console](https://docs.datawiza.com/step-by-step/step2.html).
 
-For Azure AD, Datawiza offers a convenient [One click integration](https://docs.datawiza.com/tutorial/web-app-azure-one-click.html). This method to integrate Azure AD with DCMC can create an application registration on your behalf in your Azure AD tenant.
+For Azure AD, Datawiza offers a convenient [one-click integration](https://docs.datawiza.com/tutorial/web-app-azure-one-click.html). This method to integrate Azure AD with DCMC can create an application registration on your behalf in your Azure AD tenant.
 
-![image shows configure idp](./media/datawiza-with-azure-active-directory/configure-idp.png)
+![Screenshot of the Datawiza Configure I D P page. Boxes for name, protocol, and other values are visible. An automatic generator option is turned on.](./media/datawiza-with-azure-active-directory/configure-idp.png)
 
-Instead, if you want to use an existing web application in your Azure AD tenant, you can disable the option and populate the fields of the form. You'll need the tenant ID, client ID, and client secret. [Create a web application and get these values in your tenant](https://docs.datawiza.com/idp/azure.html).
+Instead, if you want to use an existing web application in your Azure AD tenant, you can disable the option and populate the fields of the form. You need the tenant ID, client ID, and client secret. For more information about creating a web application and getting these values, see [Microsoft Azure AD in the Datawiza documentation](https://docs.datawiza.com/idp/azure.html).
 
-![image shows configure idp using form](./media/datawiza-with-azure-active-directory/use-form.png)
+![Screenshot of the Datawiza Configure I D P page. Boxes for name, protocol, and other values are visible. An automatic generator option is turned off.](./media/datawiza-with-azure-active-directory/use-form.png)
 
 ## Run DAB with a header-based application
 
-1. You can use either Docker or Kubernetes to run DAB. The docker image is needed for users to create a sample header-based application. [Configure DAB and SSO
-integration](https://docs.datawiza.com/step-by-step/step3.html). [Deploy DAB with Kubernetes](https://docs.datawiza.com/tutorial/web-app-AKS.html). A sample docker image `docker-compose.yml` file is provided for you to download and use. [Log in to the container registry](https://docs.datawiza.com/step-by-step/step3.html#important-step) to download the images of DAB and the header-based application.
+You can use either Docker or Kubernetes to run DAB. The docker image is needed to create a sample header-based application.
 
-    ```yaml
-    services:
+To run DAB with a header-based application, follow these steps:
+
+1. Use either Docker or Kubernetes to run DAB:
+
+   - For Docker-specific instructions, see [Deploy Datawiza Access Broker With Your App](https://docs.datawiza.com/step-by-step/step3.html).
+   - For Kubernetes-specific instructions, see [Deploy Datawiza Access Broker with a Web App using Kubernetes](https://docs.datawiza.com/tutorial/web-app-AKS.html).
+
+   You can use the following sample docker image docker-compose.yml file:
+
+   ```yaml
+   services:
       datawiza-access-broker:
       image: registry.gitlab.com/datawiza/access-broker
       container_name: datawiza-access-broker
@@ -97,34 +103,37 @@ integration](https://docs.datawiza.com/step-by-step/step3.html). [Deploy DAB wit
       header-based-app:
       image: registry.gitlab.com/datawiza/header-based-app
       restart: always
-     ports:
-     - "3001:3001"
+   ports:
+   - "3001:3001"
    ```
 
-2. After executing `docker-compose -f docker-compose.yml up`, the
-header-based application should have SSO enabled with Azure AD. Open a browser and type in `http://localhost:9772/`.
+1. To sign in to the container registry and download the images of DAB and the header-based application, follow the instructions in [Important Step](https://docs.datawiza.com/step-by-step/step3.html#important-step).
 
-3. An Azure AD login page will show up.
+1. Run the following command:
 
-## Pass user attributes to the header-based application
+   `docker-compose -f docker-compose.yml up`
 
-1. DAB gets user attributes from IdP and can pass the user attributes to the application via header or cookie. See the instructions on how to [pass user attributes](https://docs.datawiza.com/step-by-step/step4.html) such as email address, firstname, and lastname to the header-based application.
+   The header-based application should now have SSO enabled with Azure AD.
 
-2. After successfully configuring the user attributes, you should see the green check sign for each of the user attributes.
+1. In a browser, go to `http://localhost:9772/`. An Azure AD sign-in page appears.
 
-   ![image shows datawiza application home page](./media/datawiza-with-azure-active-directory/datawiza-application-home-page.png)
+## Pass user attributes to the header-based application
 
-## Test the flow
+DAB gets user attributes from Azure AD and can pass these attributes to the application via a header or cookie.
+
+To pass user attributes such as an email address, a first name, and a last name to the header-based application, follow the instructions in [Pass User Attributes](https://docs.datawiza.com/step-by-step/step4.html).
 
-1. Navigate to the application URL.
+After successfully configuring the user attributes, you should see a green check mark next to each attribute.
 
-2. The DAB should redirect to the Azure AD login page.
+![Screenshot that shows the Datawiza application home page. Green check marks are visible next to the host, email, firstname, and lastname attributes.](./media/datawiza-with-azure-active-directory/datawiza-application-home-page.png)
+
+## Test the flow
 
-3. After successfully authenticating, you should be redirected to DAB.
+1. Go to the application URL. DAB should redirect you to the Azure AD sign-in page.
 
-4. The DAB evaluates policies, calculates headers, and sends the user to the upstream application.
+1. After successfully authenticating, you should be redirected to DAB.
 
-5. Your requested application should show up.
+DAB evaluates policies, calculates headers, and sends you to the upstream application. Your requested application should appear.
 
 ## Next steps