Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: amsliu

.openpublishing.publish.config.json

@@ -931,6 +931,12 @@
       "url": "https://github.com/Azure-Samples/cosmos-db-sql-api-dotnet-samples",
       "branch": "v3",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "azure-cosmos-mongodb-dotnet",
+      "url": "https://github.com/Azure-Samples/cosmos-db-mongodb-api-dotnet-samples",
+      "branch": "quickstart-test",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/plan-network-monitoring.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/best-practices/plan-network-monitoring",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-identify-required-appliances.md",
             "redirect_url": "/azure/defender-for-iot/organizations/ot-appliance-sizing",

articles/active-directory-domain-services/concepts-forest-trust.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/07/2021
+ms.date: 07/05/2022
 ms.author: justinha
 ---
 
@@ -280,11 +280,8 @@ Administrators can use *Active Directory Domains and Trusts*, *Netdom* and *Nlte
 
 ## Next steps
 
-To learn more about forest trusts, see [How do forest trusts work in Azure AD DS?][concepts-trust]
-
 To get started with creating a managed domain with a forest trust, see [Create and configure an Azure AD DS managed domain][tutorial-create-advanced]. You can then [Create an outbound forest trust to an on-premises domain][create-forest-trust].
 
 <!-- LINKS - INTERNAL -->
-[concepts-trust]: concepts-forest-trust.md
 [tutorial-create-advanced]: tutorial-create-instance-advanced.md
 [create-forest-trust]: tutorial-create-forest-trust.md

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -80,10 +80,11 @@ After the first failure, the first retry happens within the next 2 hours (usuall
 - The third retry happens 12 hours after the first failure.
 - The fourth retry happens 24 hours after the first failure.
 - The fifth retry happens 48 hours after the first failure.
-- The sixth retry happens 96 hours after the first failure
-- The seventh retry happens 168 hours after the first failure.
+- The sixth retry happens 72 hours after the first failure.
+- The seventh retry happens 96 hours after the first failure.
+- The eigth retry happens 120 hours after the first failure.
 
-After the 7th failure, entry is flagged and no further retries are run.
+This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
 
 
 ## How do I get my application out of quarantine?

articles/active-directory/app-provisioning/media/provision-on-demand/on-demand-provision-user.png

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/17/2021
+ms.date: 07/05/2022
 ms.author: billmath
 ms.reviewer: arvinh
 ---
@@ -27,7 +27,6 @@ The Azure Active Directory (Azure AD) provisioning service supports a [SCIM 2.0]
 To provision users to SCIM-enabled apps:
 
  1. [Download](https://aka.ms/OnPremProvisioningAgent) the provisioning agent and copy it onto the virtual machine or server that your SCIM endpoint is hosted on.
- 1. Copy the agent onto the virtual machine or server that your SCIM endpoint is hosted on.
  1. Open the provisioning agent installer, agree to the terms of service, and select **Install**.
  1. Open the provisioning agent wizard, and select **On-premises provisioning** when prompted for the extension you want to enable.
  1. Provide credentials for an Azure AD administrator when you're prompted to authorize. Hybrid administrator or global administrator is required.

articles/active-directory/app-provisioning/media/provision-on-demand/success-on-demand-provision.png

@@ -1,5 +1,5 @@
 ---
-title: Provision a user on demand by using Azure Active Directory
+title: Provision a user or group on demand using the Azure Active Directory provisioning service
 description: Learn how to provision users on demand in Azure Active Directory.
 services: active-directory
 author: kenwith
@@ -8,13 +8,13 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/09/2022
+ms.date: 07/06/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
 
 # On-demand provisioning in Azure Active Directory
-Use on-demand provisioning to provision a user into an application in seconds. Among other things, you can use this capability to:
+Use on-demand provisioning to provision a user or group in seconds. Among other things, you can use this capability to:
 
 * Troubleshoot configuration issues quickly.
 * Validate expressions that you've defined.
@@ -27,15 +27,16 @@ Use on-demand provisioning to provision a user into an application in seconds. A
 1. Select your application, and then go to the provisioning configuration page.
 1. Configure provisioning by providing your admin credentials.
 1. Select **Provision on demand**.
-1. Search for a user by first name, last name, display name, user principal name, or email address.
+1. Search for a user by first name, last name, display name, user principal name, or email address. Alternatively, you can search for a group and pick up to 5 users. 
    > [!NOTE]
    > For Cloud HR provisioning app (Workday/SuccessFactors to AD/Azure AD), the input value is different. 
    > For Workday scenario, please provide "WorkerID" or "WID" of the user in Workday. 
    > For SuccessFactors scenario, please provide "personIdExternal" of the user in SuccessFactors. 
  
 1. Select **Provision** at the bottom of the page.
 
-:::image type="content" source="media/provision-on-demand/on-demand-provision-user.jpg" alt-text="Screenshot that shows the Azure portal UI for provisioning a user on demand.":::
+:::image type="content" source="media/provision-on-demand/on-demand-provision-user.png" alt-text="Screenshot that shows the Azure portal UI for provisioning a user on demand." lightbox="media/provision-on-demand/on-demand-provision-user.png":::
+
 
 ## Understand the provisioning steps
 
@@ -121,7 +122,7 @@ Finally, the provisioning service takes an action, such as creating, updating, d
 
 Here's an example of what you might see after the successful on-demand provisioning of a user:
 
-:::image type="content" source="media/provision-on-demand/success-on-demand-provision.jpg" alt-text="Screenshot that shows the successful on-demand provisioning of a user.":::
+:::image type="content" source="media/provision-on-demand/success-on-demand-provision.png" alt-text="Screenshot that shows the successful on-demand provisioning of a user." lightbox="media/provision-on-demand/success-on-demand-provision.png":::
 
 #### View details
 
@@ -130,6 +131,7 @@ The **View details** section displays the attributes that were modified in the t
 #### Troubleshooting tips
 
 * Failures for exporting changes can vary greatly. Check the [documentation for provisioning logs](../reports-monitoring/concept-provisioning-logs.md#error-codes) for common failures.
+* On-demand provisioning says the group or user can't be provisioned because they're not assigned to the application. Note that there is a replicate delay of up to a few minutes between when an object is assigned to an application and that assignment being honored by on-demand provisioning. You may need to wait a few minutes and try again.  
 
 ## Frequently asked questions
 
@@ -144,10 +146,9 @@ There are currently a few known limitations to on-demand provisioning. Post your
 > [!NOTE]
 > The following limitations are specific to the on-demand provisioning capability. For information about whether an application supports provisioning groups, deletions, or other capabilities, check the tutorial for that application.
 
-* Amazon Web Services (AWS) application does not support on-demand provisioning. 
-* On-demand provisioning of groups and roles isn't supported.
+* On-demand provisioning of groups supports updating up to 5 members at a time
+* On-demand provisioning of roles isn't supported.
 * On-demand provisioning supports disabling users that have been unassigned from the application. However, it doesn't support disabling or deleting users that have been disabled or deleted from Azure AD. Those users won't appear when you search for a user.
-* Provisioning multiple roles on a user isn't supported by on-demand provisioning. 
 
 ## Next steps
 

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -18,11 +18,6 @@ This article describes how to onboard an Amazon Web Services (AWS) account on Pe
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
-
-## View a training video on configuring and onboarding an AWS account
-
-To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).
-
 ## Onboard an AWS account
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/app-provisioning/provision-on-demand.md

@@ -24,11 +24,6 @@ To add Permissions Management to your Azure AD tenant:
 - You must have an Azure AD user account and an Azure command-line interface (Azure CLI) on your system, or an Azure subscription. If you don't already have one, [create a free account](https://azure.microsoft.com/free/).
 - You must have **Microsoft.Authorization/roleAssignments/write** permission at the subscription or management group scope to perform these tasks. If you don't have this permission, you can ask someone who has this permission to perform these tasks for you.
 
-
-## View a training video on enabling Permissions Management in your Azure AD tenant
-
-To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).
-
 ## How to onboard an Azure subscription
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches: