Merge pull request #178797 from MicrosoftDocs/master

11/04 PM Publish

Author: huypub

.openpublishing.redirection.synapse-analytics.json

@@ -64,6 +64,11 @@
             "source_path_from_root": "/articles/synapse-analytics/machine-learning/tutorial-spark-pool-filesystem-spec.md",
             "redirect_url": "/azure/synapse-analytics/spark/tutorial-spark-pool-filesystem-spec",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/synapse-analytics/security/synapse-workspace-managed-identity.md",
+            "redirect_url": "/azure/data-factory/data-factory-service-identity",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/app-provisioning/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application provisioning"
 description: "New and updated documentation for the Azure Active Directory application provisioning."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: reference
@@ -15,6 +15,13 @@ manager: karenh444
 
 Welcome to what's new in Azure Active Directory application provisioning documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the provisioning service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### New articles
+
+- [Configuring Azure AD to provision users into LDAP directories](on-premises-ldap-connector-configure.md)
+
+
 ## September 2021
 
 ### New articles

articles/active-directory/app-proxy/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application proxy"
 description: "New and updated documentation for the Azure Active Directory application proxy."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-proxy
 ms.topic: reference
@@ -15,6 +15,14 @@ manager: karenh444
 
 Welcome to what's new in Azure Active Directory application proxy documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### Updated articles
+
+- [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md)
+- [Active Directory (Azure AD) Application Proxy frequently asked questions](application-proxy-faq.yml)
+
+
 ## September 2021
 
 ### Updated articles

articles/active-directory/conditional-access/concept-conditional-access-session.md

@@ -78,6 +78,9 @@ For more information, see the article [Configure authentication session manageme
    - Non-CAE capable clients shouldn't get a regular token for CAE-capable services.
    - Reject when IP seen by resource provider isn't in the allowed range.
 
+> [!NOTE] 
+> You should only enable strict enforcement after you ensure that all the client applications support CAE and you have included all your IP addresses seen by Azure AD and the resource providers, like Exchange online and Azure Resource Mananger, in your location policy under Conditional Access. Otherwise, users in your tenants could be blocked.
+
 :::image type="content" source="media/concept-conditional-access-session/continuous-access-evaluation-session-controls.png" alt-text="CAE Settings in a new Conditional Access policy in the Azure portal." lightbox="media/concept-conditional-access-session/continuous-access-evaluation-session-controls.png":::
 
 ## Disable resilience defaults (Preview)

articles/active-directory/manage-apps/tenant-restrictions.md

@@ -73,7 +73,7 @@ The headers should include the following elements:
 
 - For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, as well as the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`
 
-- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`.  You **must** use your own directory ID in this spot in order to get logs for these authentications.
+- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`. You *must* use your own directory ID here to get logs for these authentications. If you use any directory ID other than your own, those sign-in logs *will* appear in someone else’s tenant, with all personal information removed. For more information, see [Admin experience](#admin-experience).
 
 > [!TIP]
 > You can find your directory ID in the [Azure Active Directory portal](https://aad.portal.azure.com/). Sign in as an administrator, select **Azure Active Directory**, then select **Properties**.

articles/active-directory/manage-apps/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application management"
 description: "New and updated documentation for the Azure Active Directory application management."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: reference
@@ -16,6 +16,23 @@ reviewer: napuri
 
 Welcome to what's new in Azure Active Directory application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### Updated articles
+
+- [Manage consent to applications and evaluate consent requests in Azure Active Directory](manage-consent-requests.md)
+- [What is application management in Azure Active Directory?](what-is-application-management.md)
+- [Configure how end-users consent to applications using Azure Active Directory](configure-user-consent.md)
+- [What is single sign-on in Azure Active Directory?](what-is-single-sign-on.md)
+- [Assign enterprise application owners](assign-app-owners.md)
+- [Configure the admin consent workflow](configure-admin-consent-workflow.md)
+- [Secure hybrid access: Secure legacy apps with Azure Active Directory](secure-hybrid-access.md)
+- [Azure Active Directory application management: What's new](whats-new-docs.md)
+- [Tutorial: Migrate Okta sign on policies to Azure Active Directory Conditional Access](migrate-okta-sign-on-policies-to-azure-active-directory-conditional-access.md)
+- [Tutorial: Migrate Okta sync provisioning to Azure AD Connect-based synchronization](migrate-okta-sync-provisioning-to-azure-active-directory.md)
+- [Manage certificates for federated single sign-on in Azure Active Directory](manage-certificates-for-federated-single-sign-on.md)
+
+
 ## September 2021
 
 ### New articles

articles/active-directory/roles/security-planning.md

@@ -5,9 +5,9 @@ description: Ensure that your organization's administrative access and administr
 services: active-directory 
 keywords: 
 author: rolyon
-manager: daveba
+manager: KarenH444
 ms.author: rolyon
-ms.date: 11/05/2020
+ms.date: 11/04/2021
 ms.topic: conceptual
 ms.service: active-directory
 ms.workload: identity
@@ -174,7 +174,7 @@ Azure AD Identity Protection is an algorithm-based monitoring and reporting tool
 
 #### Obtain your Microsoft 365 Secure Score (if using Microsoft 365)
 
-Secure Score looks at your settings and activities for the Microsoft 365 services you're using and compares them to a baseline established by Microsoft. You'll get a score based on how aligned you are with security practices. Anyone who has the administrator permissions for a Microsoft 365 Business Standard or Enterprise subscription can access the Secure Score at `https://securescore.office.com`.
+Secure Score looks at your settings and activities for the Microsoft 365 services you're using and compares them to a baseline established by Microsoft. You'll get a score based on how aligned you are with security practices. Anyone who has the administrator permissions for a Microsoft 365 Business Standard or Enterprise subscription can access the Secure Score at `https://security.microsoft.com/securescore`.
 
 #### Review the Microsoft 365 security and compliance guidance (if using Microsoft 365)
 

articles/aks/TOC.yml

@@ -186,6 +186,8 @@
           href: availability-zones.md
         - name: Use node pools
           items:
+            - name: Node pool snapshot
+              href: node-pool-snapshot.md
             - name: Use multiple node pools
               href: use-multiple-node-pools.md
             - name: Use spot node pools
@@ -320,9 +322,9 @@
           href: azure-disk-customer-managed-keys.md
         - name: Enable host-based encryption
           href: enable-host-encryption.md
-        - name: Secrets Store CSI driver
+        - name: Secrets Store CSI Driver
           items:
-          - name: Secrets Store CSI driver configuration
+          - name: Secrets Store CSI Driver configuration
             href: csi-secrets-store-driver.md
           - name: Provide Azure Key Vault access
             href: csi-secrets-store-identity-access.md

articles/aks/csi-secrets-store-driver.md

@@ -202,7 +202,7 @@ When creating a SecretProviderClass, use the `secretObjects` field to define the
 > Make sure the `objectName` in `secretObjects` matches the file name of the mounted content. If `objectAlias` is used instead, then it should match the object alias.
 
 ```yml
-apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
+apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
   name: azure-sync

articles/aks/csi-secrets-store-nginx-tls.md

@@ -67,7 +67,7 @@ Select a [method to provide an access identity][csi-ss-identity-access] and conf
 See the following for an example of what your SecretProviderClass might look like:
 
 ```yml
-apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
+apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
   name: azure-tls