Skip to content

Commit 394bfe2

Browse files
authored
Merge pull request #199280 from MicrosoftDocs/main
Merge Main to Live, 4 AM
2 parents f565bef + c54905a commit 394bfe2

File tree

189 files changed

+2009
-1246
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

189 files changed

+2009
-1246
lines changed

.openpublishing.redirection.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43308,6 +43308,11 @@
4330843308
"source_path_from_root": "/articles/aks/web-app-routing.md",
4330943309
"redirect_url": "/azure/aks/intro-kubernetes",
4331043310
"redirect_document_id":false
43311+
},
43312+
{
43313+
"source_path_from_root": "/articles/private-link/private-endpoint-static-ip-powershell.md",
43314+
"redirect_url": "/azure/private-link/create-private-endpoint-powershell",
43315+
"redirect_document_id": true
4331143316
}
4331243317
]
4331343318
}

articles/active-directory/roles/TOC.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@
5858
href: groups-pim-eligible.md
5959
- name: Assign roles with scope using PowerShell
6060
href: custom-assign-powershell.md
61-
- name: Assign roles using Graph API
61+
- name: Assign roles using Microsoft Graph
6262
href: custom-assign-graph.md
6363
- name: Remove role assignments
6464
items:

articles/active-directory/roles/groups-create-eligible.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ Add-AzureADGroupMember -ObjectId $roleAssignablegroup.Id -RefObjectId $member.Ob
102102
### Create a role-assignable group in Azure AD
103103

104104
```http
105-
POST https://graph.microsoft.com/beta/groups
105+
POST https://graph.microsoft.com/v1.0/groups
106106
{
107107
"description": "This group is assigned to Helpdesk Administrator built-in role of Azure AD.",
108108
"displayName": "Contoso_Helpdesk_Administrators",

articles/active-directory/roles/manage-roles-portal.md

Lines changed: 20 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -156,18 +156,13 @@ If PIM is enabled, you have additional capabilities, such as making a user eligi
156156
$roleAssignmentEligible = Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId 'aadRoles' -ResourceId $aadTenant.Id -RoleDefinitionId $roleDefinition.Id -SubjectId $user.objectId -Type 'AdminAdd' -AssignmentState 'Eligible' -schedule $schedule -reason "Review billing info"
157157
```
158158
159-
## Microsoft Graph API
159+
## Microsoft Graph PIM API
160160
161-
Follow these instructions to assign a role using the Microsoft Graph API in [Graph Explorer](https://aka.ms/ge).
161+
Follow these instructions to assign a role using the Microsoft Graph PIM API.
162162
163163
### Assign a role
164164
165-
In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. If you want to see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
166-
167-
1. Sign in to the [Graph Explorer](https://aka.ms/ge).
168-
2. Select **POST** as the HTTP method from the dropdown.
169-
3. Select the API version to **v1.0**.
170-
4. Use the [Create unifiedRoleAssignment](/graph/api/rbacapplication-post-roleassignments) API to assign roles. Add following details to the URL and Request Body and select **Run query**.
165+
In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. To see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
171166
172167
```http
173168
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments
@@ -183,69 +178,72 @@ Content-type: application/json
183178

184179
### Assign a role using PIM
185180

186-
In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
181+
#### Assign a time-bound eligible role assignment
187182

188-
1. Sign in to the [Graph Explorer](https://aka.ms/ge).
189-
2. Select **POST** as the HTTP method from the dropdown.
190-
3. Select the API version to **beta**.
191-
4. Use the [Create unifiedRoleEligibilityScheduleRequest](/graph/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests) API to assign roles using PIM. Add following details to the URL and Request Body and select **Run query**.
183+
In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
192184

193185
```http
194-
POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
186+
POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
195187
Content-type: application/json
196188
197189
{
198-
"action": "AdminAssign",
190+
"action": "adminAssign",
199191
"justification": "for managing admin tasks",
200192
"directoryScopeId": "/",
201193
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
202194
"roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
203195
"scheduleInfo": {
204196
"startDateTime": "2021-07-15T19:15:08.941Z",
205197
"expiration": {
206-
"type": "AfterDuration",
198+
"type": "afterDuration",
207199
"duration": "PT180D"
208200
}
209201
}
210202
}
211203
```
212204

205+
#### Assign a permanent eligible role assignment
206+
213207
In the following example, a security principal is assigned a permanent eligible role assignment to Billing Administrator.
214208

215209
```http
216-
POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
210+
POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
217211
Content-type: application/json
218212
219213
{
220-
"action": "AdminAssign",
214+
"action": "adminAssign",
221215
"justification": "for managing admin tasks",
222216
"directoryScopeId": "/",
223217
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
224218
"roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
225219
"scheduleInfo": {
226220
"startDateTime": "2021-07-15T19:15:08.941Z",
227221
"expiration": {
228-
"type": "NoExpiration"
222+
"type": "noExpiration"
229223
}
230224
}
231225
}
232226
```
233227

234-
To activate the role assignment, use the [Create unifiedRoleAssignmentScheduleRequest](/graph/api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests) API.
228+
#### Activate a role assignment
229+
230+
To activate the role assignment, use the [Create roleAssignmentScheduleRequests](/graph/api/rbacapplication-post-roleeligibilityschedulerequests) API.
235231

236232
```http
237-
POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests
233+
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
238234
Content-type: application/json
239235
240236
{
241-
"action": "SelfActivate",
237+
"action": "selfActivate",
242238
"justification": "activating role assignment for admin privileges",
243239
"roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
244240
"directoryScopeId": "/",
245241
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
246242
}
247243
```
248244

245+
For more information about managing Azure AD roles through the PIM API in Microsoft Graph, see [Overview of role management through the privileged identity management (PIM) API](/graph/api/resources/privilegedidentitymanagementv3-overview).
246+
249247
## Next steps
250248

251249
- [List Azure AD role assignments](view-assignments.md)

articles/active-directory/saas-apps/cisco-umbrella-tutorial.md

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: 'Tutorial: Azure Active Directory integration with Cisco Umbrella Admin SSO | Microsoft Docs'
2+
title: 'Tutorial: Azure AD integration with Cisco Umbrella Admin SSO'
33
description: Learn how to configure single sign-on between Azure Active Directory and Cisco Umbrella Admin SSO.
44
services: active-directory
55
author: jeevansd
@@ -9,10 +9,10 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 03/16/2021
12+
ms.date: 05/24/2022
1313
ms.author: jeedes
1414
---
15-
# Tutorial: Azure Active Directory integration with Cisco Umbrella Admin SSO
15+
# Tutorial: Azure AD integration with Cisco Umbrella Admin SSO
1616

1717
In this tutorial, you'll learn how to integrate Cisco Umbrella Admin SSO with Azure Active Directory (Azure AD). When you integrate Cisco Umbrella Admin SSO with Azure AD, you can:
1818

@@ -27,6 +27,9 @@ To get started, you need the following items:
2727
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
2828
* Cisco Umbrella Admin SSO single sign-on (SSO) enabled subscription.
2929

30+
> [!NOTE]
31+
> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
32+
3033
## Scenario description
3134

3235
In this tutorial, you configure and test Azure AD single sign-on in a test environment.
@@ -65,7 +68,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
6568
1. On the **Select a single sign-on method** page, select **SAML**.
6669
1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
6770

68-
![Edit Basic SAML Configuration](common/edit-urls.png)
71+
![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
6972

7073
4. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
7174

@@ -77,11 +80,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
7780

7881
5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Metadata XML** from the given options as per your requirement and save it on your computer.
7982

80-
![The Certificate download link](common/metadataxml.png)
83+
![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
8184

8285
6. On the **Set up Cisco Umbrella Admin SSO** section, copy the appropriate URL(s) as per your requirement.
8386

84-
![Copy configuration URLs](common/copy-configuration-urls.png)
87+
![Screenshot shows to copy configuration appropriate U R L.](common/copy-configuration-urls.png "Attributes")
8588

8689
### Create an Azure AD test user
8790

@@ -113,27 +116,27 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
113116

114117
2. From the left side of menu, click **Admin** and navigate to **Authentication** and then click on **SAML**.
115118

116-
![The Admin](./media/cisco-umbrella-tutorial/admin.png)
119+
![Screenshot shows the Admin menu window.](./media/cisco-umbrella-tutorial/admin.png "Administrator")
117120

118121
3. Choose **Other** and click on **NEXT**.
119122

120-
![The Other](./media/cisco-umbrella-tutorial/other.png)
123+
![Screenshot shows the Other menu window.](./media/cisco-umbrella-tutorial/other.png "Folder")
121124

122125
4. On the **Cisco Umbrella Admin SSO Metadata**, page, click **NEXT**.
123126

124-
![The metadata](./media/cisco-umbrella-tutorial/metadata.png)
127+
![Screenshot shows the metadata file page.](./media/cisco-umbrella-tutorial/metadata.png "File")
125128

126129
5. On the **Upload Metadata** tab, if you had pre-configured SAML, select **Click here to change them** option and follow the below steps.
127130

128-
![The Next](./media/cisco-umbrella-tutorial/next.png)
131+
![Screenshot shows the Next Folder window.](./media/cisco-umbrella-tutorial/next.png "Values")
129132

130133
6. In the **Option A: Upload XML file**, upload the **Federation Metadata XML** file that you downloaded from the Azure portal and after uploading metadata the below values get auto populated automatically then click **NEXT**.
131134

132-
![The choosefile](./media/cisco-umbrella-tutorial/choose-file.png)
135+
![Screenshot shows the choosefile from folder.](./media/cisco-umbrella-tutorial/choose-file.png "Federation")
133136

134137
7. Under **Validate SAML Configuration** section, click **TEST YOUR SAML CONFIGURATION**.
135138

136-
![The Test](./media/cisco-umbrella-tutorial/test.png)
139+
![Screenshot shows the Test SAML Configuration.](./media/cisco-umbrella-tutorial/test.png "Validate")
137140

138141
8. Click **SAVE**.
139142

@@ -148,11 +151,11 @@ In the case of Cisco Umbrella Admin SSO, provisioning is a manual task.
148151

149152
2. From the left side of menu, click **Admin** and navigate to **Accounts**.
150153

151-
![The Account](./media/cisco-umbrella-tutorial/account.png)
154+
![Screenshot shows the Account of Cisco Umbrella Admin.](./media/cisco-umbrella-tutorial/account.png "Account")
152155

153156
3. On the **Accounts** page, click on **Add** on the top right side of the page and perform the following steps.
154157

155-
![The User](./media/cisco-umbrella-tutorial/create-user.png)
158+
![Screenshot shows the User of Accounts.](./media/cisco-umbrella-tutorial/create-user.png "User")
156159

157160
a. In the **First Name** field, enter the firstname like **Britta**.
158161

articles/active-directory/saas-apps/flexera-one-tutorial.md

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 12/29/2021
12+
ms.date: 05/24/2022
1313
ms.author: jeedes
1414

1515
---
@@ -29,6 +29,9 @@ To get started, you need the following items:
2929
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
3030
* Flexera One single sign-on (SSO) enabled subscription.
3131

32+
> [!NOTE]
33+
> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
34+
3235
## Scenario description
3336

3437
In this tutorial, you configure and test Azure AD SSO in a test environment.
@@ -68,7 +71,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
6871
1. On the **Select a single sign-on method** page, select **SAML**.
6972
1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
7073

71-
![Edit Basic SAML Configuration](common/edit-urls.png)
74+
![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
7275

7376
1. On the **Basic SAML Configuration** section, perform the following steps:
7477

@@ -86,7 +89,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
8689

8790
1. Flexera One application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
8891

89-
![image](common/default-attributes.png)
92+
![Screenshot shows the image of Flexera One application.](common/default-attributes.png "Attributes")
9093

9194
1. In addition to above, Flexera One application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
9295

@@ -97,11 +100,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
97100

98101
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
99102

100-
![The Certificate download link](common/certificatebase64.png)
103+
![Screenshot shows the Certificate download link.](common/certificatebase64.png "Certificate")
101104

102105
1. On the **Set up Flexera One** section, copy the appropriate URL(s) based on your requirement.
103106

104-
![Copy configuration URLs](common/copy-configuration-urls.png)
107+
![Screenshot shows to copy Configuration appropriate U R L.](common/copy-configuration-urls.png "Configuration")
105108

106109
### Create an Azure AD test user
107110

articles/active-directory/saas-apps/iauditor-tutorial.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 03/24/2022
12+
ms.date: 05/24/2022
1313
ms.author: jeedes
1414

1515
---
@@ -31,6 +31,9 @@ To get started, you need the following items:
3131
* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
3232
For more information, see [Azure built-in roles](../roles/permissions-reference.md).
3333

34+
> [!NOTE]
35+
> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
36+
3437
## Scenario description
3538

3639
In this tutorial, you configure and test Azure AD SSO in a test environment.
@@ -69,7 +72,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
6972
1. On the **Select a single sign-on method** page, select **SAML**.
7073
1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
7174

72-
![Edit Basic SAML Configuration](common/edit-urls.png)
75+
![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
7376

7477
1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
7578

@@ -96,7 +99,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
9699

97100
1. iAuditor application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
98101

99-
![image](common/default-attributes.png)
102+
![Screenshot shows the image of iAuditor application.](common/default-attributes.png "Attributes")
100103

101104
1. In addition to above, iAuditor application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre-populated but you can review them as per your requirements.
102105

@@ -108,7 +111,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
108111

109112
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (PEM)** and select **Download** to download the certificate and save it on your computer.
110113

111-
![The Certificate download link](common/certificate-base64-download.png)
114+
![Screenshot shows the Certificate download link.](common/certificate-base64-download.png "Certificate")
112115

113116
### Create an Azure AD test user
114117

0 commit comments

Comments
 (0)