MicrosoftDocs
diff --git a/‎.openpublishing.redirection.active-directory.json
Lines changed: 75 additions & 0 deletions b/‎.openpublishing.redirection.active-directory.json
Lines changed: 75 additions & 0 deletions
diff --git a/‎CODEOWNERS
Lines changed: 0 additions & 9 deletions b/‎CODEOWNERS
Lines changed: 0 additions & 9 deletions
diff --git a/‎articles/active-directory-b2c/enable-authentication-spa-app.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/enable-authentication-spa-app.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/app-proxy/application-proxy-add-on-premises-application.md
Lines changed: 9 additions & 1 deletion b/‎articles/active-directory/app-proxy/application-proxy-add-on-premises-application.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎articles/active-directory/app-proxy/application-proxy-configure-complex-application.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/app-proxy/application-proxy-configure-complex-application.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/architecture/deployment-plans.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/architecture/deployment-plans.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md
Lines changed: 3 additions & 3 deletions
@@ -1715,6 +1715,21 @@
       "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
       "redirect_document_id": false 
     },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-prepare-tenant.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-prepare-tenant",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-prepare-app.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-prepare-app",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-sign-out.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-sign-out",
+      "redirect_document_id": false 
+    },
     {
       "source_path_from_root": "/articles/active-directory/external-identities/conditional-access.md",
       "redirect_url": "/azure/active-directory/external-identities/authentication-conditional-access",
@@ -5250,6 +5265,61 @@
       "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-use-workbooks",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/concept-log-monitoring-integration-options-considerations",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/tutorial-log-analytics-wizard.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/tutorial-configure-log-analytics-workspace",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-archive-logs-to-storage-account",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-monitoring.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-monitoring-health",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-reports.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-monitoring-health",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-azure-monitor-logs",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-service-health-notifications.md",
+      "redirect_url": "/azure/service-health/service-health-portal-update",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/quickstart-configure-named-locations.md",
       "redirect_url": "/azure/active-directory/conditional-access/location-condition",
@@ -13561,6 +13631,11 @@
       "source_path_from_root": "/articles/active-directory/fundamentals/add-users-azure-active-directory.md",
       "redirect_url": "/azure/active-directory/fundamentals/add-users",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/privileged-identity-management/subscription-requirements.md",
+      "redirect_url": "/azure/active-directory/governance/licensing-fundamentals",
+      "redirect_document_id": false
     }
 
   ]
 
@@ -4,11 +4,6 @@
 # Background: https://github.blog/2017-07-06-introducing-code-owners/
 # NOTE: The people you choose as code owners must have _write_ permissions for the repository. When the code owner is a team, that team must be _visible_ and it must have _write_ permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.
 
-# Azure Policy: Samples and Compliance Controls
-/articles/**/policy-reference.md @davidsmatlak
-/articles/**/security-controls-policy.md @davidsmatlak
-/includes/policy/ @davidsmatlak
-
 # Azure Monitor
 articles/azure-monitor/* @bwren
 articles/azure-monitor/agents @guywi-ms @bwren
@@ -56,10 +51,6 @@ articles/service-health @rboucher
 /articles/container-instances/ @macolso @mimckitt
 /articles/container-registry/ @dlepow @mimckitt
 
-# Governance
-/articles/governance/policy @davidsmatlak
-/articles/governance/resource-graph @davidsmatlak
-
 # Security
 /articles/security/fundamentals/feature-availability.md @msmbaldwin @terrylanfear
 
 
@@ -215,7 +215,7 @@ To specify your Azure AD B2C user flows, do the following:
 
 1. Replace `B2C_1_SUSI` with your sign-in Azure AD B2C Policy name.
 1. Replace `B2C_1_EditProfile` with your edit profile Azure AD B2C policy name.
-1. Replace all instances of `contoso` with your [Azure AD B2C tenant name](./ tenant-management-read-tenant-name.md#get-your-tenant-name).
+1. Replace all instances of `contoso` with your [Azure AD B2C tenant name](./tenant-management-read-tenant-name.md#get-your-tenant-name).
 
 ## Step 7: Use the MSAL to sign in the user
 
 
@@ -123,7 +123,7 @@ Applications and systems that support customization of the attribute list includ
 > Editing the list of supported attributes is only recommended for administrators who have customized the schema of their applications and systems, and have first-hand knowledge of how their custom attributes have been defined or if a source attribute isn't automatically displayed in the Azure portal UI. This sometimes requires familiarity with the APIs and developer tools provided by an application or system. The ability to edit the list of supported attributes is locked down by default, but customers can enable the capability by navigating to the following URL: https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true . You can then navigate to your application to view the [attribute list](#editing-the-list-of-supported-attributes). 
 
 > [!NOTE]
-> When a directory extension attribute in Azure AD doesn't show up automatically in your attribute mapping drop-down, you can manually add it to the "Azure AD attribute list".  When manually adding Azure AD directory extension attributes to your provisioning app, note that directory extension attribute names are case-sensitive. For example: If you have a directory extension attribute named `extension_53c9e2c0exxxxxxxxxxxxxxxx_acmeCostCenter`, make sure you enter it in the same format as defined in the directory.     
+> When a directory extension attribute in Azure AD doesn't show up automatically in your attribute mapping drop-down, you can manually add it to the "Azure AD attribute list".  When manually adding Azure AD directory extension attributes to your provisioning app, note that directory extension attribute names are case-sensitive. For example: If you have a directory extension attribute named `extension_53c9e2c0exxxxxxxxxxxxxxxx_acmeCostCenter`, make sure you enter it in the same format as defined in the directory. Provisioning multi-valued directory extension attributes is not supported.    
 
 When you're editing the list of supported attributes, the following properties are provided:
 
@@ -348,7 +348,7 @@ Selecting this option forces a resynchronization of all users while the provisio
 - The attribute `IsSoftDeleted` is often part of the default mappings for an application. `IsSoftdeleted` can be true in one of four scenarios: 1) The user is out of scope due to being unassigned from the application. 2) The user is out of scope due to not meeting a scoping filter. 3) The user has been soft deleted in Azure AD. 4) The property `AccountEnabled` is set to false on the user. It's not recommended to remove the `IsSoftDeleted` attribute from your attribute mappings.
 - The Azure AD provisioning service doesn't support provisioning null values.
 - They primary key, typically "ID", shouldn't be included as a target attribute in your attribute mappings. 
-- The role attribute typically needs to be mapped using an expression, rather than a direct mapping. For more information about role mapping, see [Provisioning a role to a SCIM app](#Provisioning a role to a SCIM app). 
+- The role attribute typically needs to be mapped using an expression, rather than a direct mapping. For more information about role mapping, see [Provisioning a role to a SCIM app](#provisioning-a-role-to-a-scim-app). 
 - While you can disable groups from your mappings, disabling users isn't supported. 
 
 ## Next steps
 
@@ -49,7 +49,15 @@ To use Application Proxy, you need a Windows server running Windows Server 2012
 For high availability in your production environment, we recommend having more than one Windows server. For this tutorial, one Windows server is sufficient.
 
 > [!IMPORTANT]
-> If you are installing the connector on Windows Server 2019, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019. Note that this is a machine-wide registry key.
+> **.NET Framework**
+>
+> You must have .NET version 4.7.1 or higher to install, or upgrade, Application Proxy version 1.5.3437.0 or later. Windows Server 2012 R2 and Windows Server 2016 may not have this by default.
+>
+> See [How to: Determine which .NET Framework versions are installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed) for more information.
+> 
+> **HTTP 2.0**
+>
+>  If you are installing the connector on Windows Server 2019, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019. Note that this is a machine-wide registry key.
 >
 > ```
 > Windows Registry Editor Version 5.00
 
@@ -51,7 +51,7 @@ This article provides you with the information you need to configure wildcard ap
 
 ## Pre-requisites
 Before you get started with Application Proxy Complex application scenario apps, make sure your environment is ready with the following settings and configurations:
-- You need to enable Application Proxy and install a connector that has line of site to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
+- You need to enable Application Proxy and install a connector that has line of sight to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
 
 
 ## Configure application segment(s) for complex application. 
 
@@ -2,7 +2,7 @@
 title: Azure Active Directory deployment plans
 description: Guidance on Azure Active Directory deployment, such as authentication, devices, hybrid scenarios, governance, and more.
 services: active-directory
-author: gargisinha
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: fundamentals
 
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/28/2023
+ms.date: 08/15/2023
 
 ms.author: justinha
 author: justinha
@@ -20,7 +20,7 @@ Azure Active Directory (Azure AD) has multiple settings that determine how often
 
 The Azure AD default configuration for user sign-in frequency is a rolling window of 90 days. Asking users for credentials often seems like a sensible thing to do, but it can backfire. If users are trained to enter their credentials without thinking, they can unintentionally supply them to a malicious credential prompt.
 
-It might sound alarming to not ask for a user to sign back in, though any violation of IT policies revokes the session. Some examples include a password change, an incompliant device, or an account disable operation. You can also explicitly [revoke users' sessions using PowerShell](/powershell/module/azuread/revoke-azureaduserallrefreshtoken).
+It might sound alarming to not ask for a user to sign back in, though any violation of IT policies revokes the session. Some examples include a password change, an incompliant device, or an account disable operation. You can also explicitly [revoke users' sessions by using Microsoft Graph PowerShell](/powershell/module/microsoft.graph.users.actions/revoke-mgusersigninsession).
 
 This article details recommended configurations and how different settings work and interact with each other.
 
 
@@ -81,12 +81,12 @@ To enable Controller mode **On** for any projects, add these roles to the specif
 - Role Administrators
 - Security Admin 
 
-The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GCP console.
 
 3. Select **Next**.
 
 #### Option 2: Enter authorization systems 
-You have the ability to specify only certain GCP member projects to manage and monitor with MEPM (up to 100 per collector). Follow the steps to configure these GCP member projects to be monitored: 
+You have the ability to specify only certain GCP member projects to manage and monitor with Permissions Management (up to 100 per collector). Follow the steps to configure these GCP member projects to be monitored: 
 1. In the **Permissions Management Onboarding - GCP Project Ids** page, enter the **Project IDs**.
 
     You can enter up to comma separated 100 GCP project IDs. 
@@ -109,7 +109,7 @@ To enable Controller mode **On** for any projects, add these roles to the specif
 - Role Administrators
 - Security Admin 
 
-The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GCP console.
 
 3. Select **Next**.