Merge pull request #220777 from MicrosoftDocs/main

12/07 AM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -45,6 +45,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/iauditor-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/safety-culture-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/icertisicm-tutorial.md",
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",

articles/active-directory/conditional-access/terms-of-use.md

@@ -413,7 +413,7 @@ A: You can [review previously accepted terms of use policies](#how-users-can-rev
 A: If you've configured both Azure AD terms of use and [Intune terms and conditions](/intune/terms-and-conditions-create), the user will be required to accept both. For more information, see the [Choosing the right Terms solution for your organization blog post](https://go.microsoft.com/fwlink/?linkid=2010506&clcid=0x409).
 
 **Q: What endpoints does the terms of use service use for authentication?**<br />
-A: Terms of use utilize the following endpoints for authentication: https://tokenprovider.termsofuse.identitygovernance.azure.com and https://account.activedirectory.windowsazure.com. If your organization has an allowlist of URLs for enrollment, you'll need to add these endpoints to your allowlist, along with the Azure AD endpoints for sign-in.
+A: Terms of use utilize the following endpoints for authentication: https://tokenprovider.termsofuse.identitygovernance.azure.com, https://myaccount.microsoft.com and https://account.activedirectory.windowsazure.com. If your organization has an allowlist of URLs for enrollment, you'll need to add these endpoints to your allowlist, along with the Azure AD endpoints for sign-in.
 
 ## Next steps
 

articles/active-directory/develop/msal-net-token-cache-serialization.md

@@ -548,149 +548,7 @@ A product-quality, file-based token cache serializer for public client applicati
 
 #### Dual token cache serialization (MSAL unified cache and ADAL v3)
 
-If you want to implement token cache serialization with the unified cache format (common to ADAL.NET 4.x, MSAL.NET 2.x, and other MSALs of the same generation or older, on the same platform), take a look at the following code:
-
-```csharp
-string appLocation = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location;
-string cacheFolder = Path.GetFullPath(appLocation) + @"..\..\..\..");
-string adalV3cacheFileName = Path.Combine(cacheFolder, "cacheAdalV3.bin");
-string unifiedCacheFileName = Path.Combine(cacheFolder, "unifiedCache.bin");
-
-IPublicClientApplication app;
-app = PublicClientApplicationBuilder.Create(clientId)
-                                    .Build();
-FilesBasedTokenCacheHelper.EnableSerialization(app.UserTokenCache,
-                                               unifiedCacheFileName,
-                                               adalV3cacheFileName);
-
-```
-
-This time, the helper class is defined as:
-
-```csharp
-using System;
-using System.IO;
-using System.Security.Cryptography;
-using Microsoft.Identity.Client;
-
-namespace CommonCacheMsalV3
-{
- /// <summary>
- /// Simple persistent cache implementation of the dual cache serialization (ADAL v3 legacy
- /// and unified cache format) for a desktop applications (from MSAL 2.x)
- /// </summary>
- static class FilesBasedTokenCacheHelper
- {
-  /// <summary>
-  /// Enables the serialization of the token cache
-  /// </summary>
-  /// <param name="adalV3CacheFileName">File name where the cache is serialized with the
-  /// ADAL v3 token cache format. Can
-  /// be <c>null</c> if you don't want to implement the legacy ADAL v3 token cache
-  /// serialization in your MSAL 2.x+ application</param>
-  /// <param name="unifiedCacheFileName">File name where the cache is serialized
-  /// with the unified cache format, common to
-  /// ADAL v4 and MSAL v2 and later, and also across ADAL/MSAL on the same platform.
-  ///  Should not be <c>null</c></param>
-  /// <returns></returns>
-  public static void EnableSerialization(ITokenCache tokenCache, string unifiedCacheFileName, string adalV3CacheFileName)
-  {
-   UnifiedCacheFileName = unifiedCacheFileName;
-   AdalV3CacheFileName = adalV3CacheFileName;
-
-   tokenCache.SetBeforeAccess(BeforeAccessNotification);
-   tokenCache.SetAfterAccess(AfterAccessNotification);
-  }
-
-  /// <summary>
-  /// File path where the token cache is serialized with the unified cache format
-  /// (ADAL.NET v4, MSAL.NET v3)
-  /// </summary>
-  public static string UnifiedCacheFileName { get; private set; }
-
-  /// <summary>
-  /// File path where the token cache is serialized with the legacy ADAL v3 format
-  /// </summary>
-  public static string AdalV3CacheFileName { get; private set; }
-
-  private static readonly object FileLock = new object();
-
-  public static void BeforeAccessNotification(TokenCacheNotificationArgs args)
-  {
-   lock (FileLock)
-   {
-    args.TokenCache.DeserializeAdalV3(ReadFromFileIfExists(AdalV3CacheFileName));
-    try
-    {
-     args.TokenCache.DeserializeMsalV3(ReadFromFileIfExists(UnifiedCacheFileName));
-    }
-    catch(Exception ex)
-    {
-     // Compatibility with the MSAL v2 cache if you used one
-     args.TokenCache.DeserializeMsalV2(ReadFromFileIfExists(UnifiedCacheFileName));
-    }
-   }
-  }
-
-  public static void AfterAccessNotification(TokenCacheNotificationArgs args)
-  {
-   // if the access operation resulted in a cache update
-   if (args.HasStateChanged)
-   {
-    lock (FileLock)
-    {
-     WriteToFileIfNotNull(UnifiedCacheFileName, args.TokenCache.SerializeMsalV3());
-     if (!string.IsNullOrWhiteSpace(AdalV3CacheFileName))
-     {
-      WriteToFileIfNotNull(AdalV3CacheFileName, args.TokenCache.SerializeAdalV3());
-     }
-    }
-   }
-  }
-
-  /// <summary>
-  /// Read the content of a file if it exists
-  /// </summary>
-  /// <param name="path">File path</param>
-  /// <returns>Content of the file (in bytes)</returns>
-  private static byte[] ReadFromFileIfExists(string path)
-  {
-   byte[] protectedBytes = (!string.IsNullOrEmpty(path) && File.Exists(path))
-       ? File.ReadAllBytes(path) : null;
-   byte[] unprotectedBytes = encrypt ?
-       ((protectedBytes != null) ? ProtectedData.Unprotect(protectedBytes, null, DataProtectionScope.CurrentUser) : null)
-       : protectedBytes;
-   return unprotectedBytes;
-  }
-
-  /// <summary>
-  /// Writes a blob of bytes to a file. If the blob is <c>null</c>, deletes the file
-  /// </summary>
-  /// <param name="path">path to the file to write</param>
-  /// <param name="blob">Blob of bytes to write</param>
-  private static void WriteToFileIfNotNull(string path, byte[] blob)
-  {
-   if (blob != null)
-   {
-    byte[] protectedBytes = encrypt
-      ? ProtectedData.Protect(blob, null, DataProtectionScope.CurrentUser)
-      : blob;
-    File.WriteAllBytes(path, protectedBytes);
-   }
-   else
-   {
-    File.Delete(path);
-   }
-  }
-
-  // Change if you want to test with an unencrypted blob (this is a JSON format)
-  private static bool encrypt = true;
- }
-}
-```
-
-For more details see the sample: https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/TokenCacheMigration/ADAL2MSAL
-
+If you want to implement token cache serialization with the unified cache format (common to ADAL.NET 4.x, MSAL.NET 2.x, and other MSALs of the same generation or older, on the same platform), take a look at the following sample: https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/TokenCacheMigration/ADAL2MSAL.
 
 ---
 

articles/active-directory/external-identities/reset-redemption-status.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 11/28/2022
+ms.date: 12/07/2022
 
 ms.author: mimart
 author: msmimart
@@ -32,7 +32,7 @@ To manage these scenarios previously, you had to manually delete the guest user
 
 To reset a user's redemption status, you'll need one of the following roles:
 
-- [Guest Inviter](../roles/permissions-reference.md#guest-inviter) (least privileged)
+- [Helpdesk Administrator](../roles/permissions-reference.md#helpdesk-administrator) (least privileged)
 - [User Administrator](../roles/permissions-reference.md#user-administrator)
 - [Global Administrator](../roles/permissions-reference.md#global-administrator)
 
@@ -76,7 +76,7 @@ If a user wants to sign in using a different email:
 
 ```powershell
 Install-Module Microsoft.Graph
-Select-MgProfile -Name beta
+Select-MgProfile -Name v1.0
 Connect-MgGraph -Scopes "User.ReadWrite.All"
 
 $user = Get-MgUser -Filter "startsWith(mail, '[email protected]')"
@@ -93,7 +93,7 @@ New-MgInvitation `
 To use the [Microsoft Graph invitation API](/graph/api/resources/invitation), set the `resetRedemption` property  to `true` and specify the new email address in the `invitedUserEmailAddress` property.
 
 ```json
-POST https://graph.microsoft.com/beta/invitations  
+POST https://graph.microsoft.com/v1.0/invitations  
 Authorization: Bearer eyJ0eX...  
 ContentType: application/json  
 {  

articles/active-directory/fundamentals/recoverability-overview.md

@@ -10,7 +10,7 @@ ms.subservice: fundamentals
 ms.topic: conceptual
 ms.date: 08/26/2022
 ms.author: jricketts
-ms.reviewer: baselden
+ms.reviewer: jricketts
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---

articles/active-directory/fundamentals/whats-new-archive.md

@@ -1336,7 +1336,7 @@ For more information about how to better secure your organization by using autom
 
 In September 2021, we have added following 44 new applications in our App gallery with Federation support
 
-[Studybugs](https://studybugs.com/signin), [Yello](https://yello.co/yello-for-microsoft-teams/), [LawVu](../saas-apps/lawvu-tutorial.md), [Formate eVo Mail](https://www.document-genetics.co.uk/formate-evo-erp-output-management), [Revenue Grid](https://app.revenuegrid.com/login), [Orbit for Office 365](https://azuremarketplace.microsoft.com/marketplace/apps/aad.orbitforoffice365?tab=overview), [Upmarket](https://app.upmarket.ai/), [Alinto Protect](https://protect.alinto.net/), [Cloud Concinnity](https://cloudconcinnity.com/), [Matlantis](https://matlantis.com/), [ModelGen for Visio (MG4V)](https://crecy.com.au/model-gen/), [NetRef: Classroom Management](https://oauth.net-ref.com/microsoft/sso), [VergeSense](../saas-apps/vergesense-tutorial.md), [iAuditor](../saas-apps/iauditor-tutorial.md), [Secutraq](https://secutraq.net/login), [Active and Thriving](../saas-apps/active-and-thriving-tutorial.md), [Inova](https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=1bacdba3-7a3b-410b-8753-5cc0b8125f81&response_type=code&redirect_uri=https:%2f%2fbroker.partneringplace.com%2fpartner-companion%2f&code_challenge_method=S256&code_challenge=YZabcdefghijklmanopqrstuvwxyz0123456789._-~&scope=1bacdba3-7a3b-410b-8753-5cc0b8125f81/.default), [TerraTrue](../saas-apps/terratrue-tutorial.md), [Beyond Identity Admin Console](../saas-apps/beyond-identity-admin-console-tutorial.md), [Visult](https://visult.app), [ENGAGE TAG](https://app.engagetag.com/), [Appaegis Isolation Access Cloud](../saas-apps/appaegis-isolation-access-cloud-tutorial.md), [CrowdStrike Falcon Platform](../saas-apps/crowdstrike-falcon-platform-tutorial.md), [MY Emergency Control](https://my-emergency.co.uk/app/auth/login), [AlexisHR](../saas-apps/alexishr-tutorial.md), [Teachme Biz](../saas-apps/teachme-biz-tutorial.md), [Zero Networks](../saas-apps/zero-networks-tutorial.md), [Mavim iMprove](https://improve.mavimcloud.com/), [Azumuta](https://app.azumuta.com/login?microsoft=true), [Frankli](https://beta.frankli.io/login), [Amazon Managed Grafana](../saas-apps/amazon-managed-grafana-tutorial.md), [Productive](../saas-apps/productive-tutorial.md), [Create!Webフロー](../saas-apps/createweb-tutorial.md), [Evercate](https://evercate.com/), [Ezra Coaching](../saas-apps/ezra-coaching-tutorial.md), [Baldwin Safety and Compliance](../saas-apps/baldwin-safety-&-compliance-tutorial.md), [Nulab Pass (Backlog,Cacoo,Typetalk)](../saas-apps/nulab-pass-tutorial.md), [Metatask](../saas-apps/metatask-tutorial.md), [Contrast Security](../saas-apps/contrast-security-tutorial.md), [Animaker](../saas-apps/animaker-tutorial.md), [Traction Guest](../saas-apps/traction-guest-tutorial.md), [True Office Learning - LIO](../saas-apps/true-office-learning-lio-tutorial.md), [Qiita Team](../saas-apps/qiita-team-tutorial.md)
+[Studybugs](https://studybugs.com/signin), [Yello](https://yello.co/yello-for-microsoft-teams/), [LawVu](../saas-apps/lawvu-tutorial.md), [Formate eVo Mail](https://www.document-genetics.co.uk/formate-evo-erp-output-management), [Revenue Grid](https://app.revenuegrid.com/login), [Orbit for Office 365](https://azuremarketplace.microsoft.com/marketplace/apps/aad.orbitforoffice365?tab=overview), [Upmarket](https://app.upmarket.ai/), [Alinto Protect](https://protect.alinto.net/), [Cloud Concinnity](https://cloudconcinnity.com/), [Matlantis](https://matlantis.com/), [ModelGen for Visio (MG4V)](https://crecy.com.au/model-gen/), [NetRef: Classroom Management](https://oauth.net-ref.com/microsoft/sso), [VergeSense](../saas-apps/vergesense-tutorial.md), [SafetyCulture](../saas-apps/safety-culture-tutorial.md), [Secutraq](https://secutraq.net/login), [Active and Thriving](../saas-apps/active-and-thriving-tutorial.md), [Inova](https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=1bacdba3-7a3b-410b-8753-5cc0b8125f81&response_type=code&redirect_uri=https:%2f%2fbroker.partneringplace.com%2fpartner-companion%2f&code_challenge_method=S256&code_challenge=YZabcdefghijklmanopqrstuvwxyz0123456789._-~&scope=1bacdba3-7a3b-410b-8753-5cc0b8125f81/.default), [TerraTrue](../saas-apps/terratrue-tutorial.md), [Beyond Identity Admin Console](../saas-apps/beyond-identity-admin-console-tutorial.md), [Visult](https://visult.app), [ENGAGE TAG](https://app.engagetag.com/), [Appaegis Isolation Access Cloud](../saas-apps/appaegis-isolation-access-cloud-tutorial.md), [CrowdStrike Falcon Platform](../saas-apps/crowdstrike-falcon-platform-tutorial.md), [MY Emergency Control](https://my-emergency.co.uk/app/auth/login), [AlexisHR](../saas-apps/alexishr-tutorial.md), [Teachme Biz](../saas-apps/teachme-biz-tutorial.md), [Zero Networks](../saas-apps/zero-networks-tutorial.md), [Mavim iMprove](https://improve.mavimcloud.com/), [Azumuta](https://app.azumuta.com/login?microsoft=true), [Frankli](https://beta.frankli.io/login), [Amazon Managed Grafana](../saas-apps/amazon-managed-grafana-tutorial.md), [Productive](../saas-apps/productive-tutorial.md), [Create!Webフロー](../saas-apps/createweb-tutorial.md), [Evercate](https://evercate.com/), [Ezra Coaching](../saas-apps/ezra-coaching-tutorial.md), [Baldwin Safety and Compliance](../saas-apps/baldwin-safety-&-compliance-tutorial.md), [Nulab Pass (Backlog,Cacoo,Typetalk)](../saas-apps/nulab-pass-tutorial.md), [Metatask](../saas-apps/metatask-tutorial.md), [Contrast Security](../saas-apps/contrast-security-tutorial.md), [Animaker](../saas-apps/animaker-tutorial.md), [Traction Guest](../saas-apps/traction-guest-tutorial.md), [True Office Learning - LIO](../saas-apps/true-office-learning-lio-tutorial.md), [Qiita Team](../saas-apps/qiita-team-tutorial.md)
 
 You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial
 

articles/active-directory/governance/entitlement-management-request-access.md

@@ -1,5 +1,5 @@
 ---
-title: Request an access package - Microsoft Entra entitlement management
+title: Request an access package - entitlement management
 description: Learn how to use the My Access portal to request access to an access package in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
@@ -20,9 +20,9 @@ ms.collection: M365-identity-device-management
 #Customer intent: As a requestor, I want simple steps for how to request resources I need so that I can start using the resources to perform my job.
 
 ---
-# Request access to an access package in Microsoft Entra entitlement management
+# Request access to an access package in entitlement management
 
-With Microsoft Entra entitlement management, an access package enables a one-time setup of resources and policies that automatically administers access for the life of the access package. 
+With entitlement management, an access package enables a one-time setup of resources and policies that automatically administers access for the life of the access package. 
 
 An access package manager can configure policies to require approval for users to have access to access packages. A user that needs access to an access package can submit a request to get access. This article describes how to submit an access request.
 

articles/active-directory/governance/entitlement-management-request-approve.md

@@ -1,5 +1,5 @@
 ---
-title: Approve or deny access requests - Microsoft Entra entitlement management
+title: Approve or deny access requests - entitlement management
 description: Learn how to use the My Access portal to approve or deny requests to an access package in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
@@ -20,9 +20,9 @@ ms.collection: M365-identity-device-management
 #Customer intent: As a approver, I want steps for how to approve requests for access packages so that I can unlock requestors who need to use the resources.
 
 ---
-# Approve or deny access requests in Microsoft Entra entitlement management
+# Approve or deny access requests in entitlement management
 
-With Microsoft Entra entitlement management, you can configure policies to require approval for access packages, and choose one or more approvers. This article describes how designated approvers can approve or deny requests for access packages.
+With  entitlement management, you can configure policies to require approval for access packages, and choose one or more approvers. This article describes how designated approvers can approve or deny requests for access packages.
 
 ## Open request
 

articles/active-directory/governance/entitlement-management-scenarios.md

@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 #Customer intent: As an administrator, I want the high-level steps that I should follow so that I can quickly start using entitlement management.
 
 ---
-# Common scenarios in Microsoft Entra entitlement management
+# Common scenarios in entitlement management
 
 There are several ways that you can configure entitlement management for your organization. However, if you're just getting started, it's helpful to understand the common scenarios for administrators, catalog owners, access package managers, approvers, and requestors.
 

articles/active-directory/governance/entitlement-management-troubleshoot.md

@@ -20,9 +20,9 @@ ms.collection: M365-identity-device-management
 #Customer intent: As an administrator, I want checklists and tips to help troubleshoot entitlement management to unblock users from performing their job.
 
 ---
-# Troubleshoot Microsoft Entra entitlement management
+# Troubleshoot entitlement management
 
-This article describes some items you should check to help you troubleshoot Microsoft Entra entitlement management.
+This article describes some items you should check to help you troubleshoot entitlement management.
 
 ## Administration