Merge pull request #199280 from MicrosoftDocs/main

Merge Main to Live, 4 AM

Author: PMEds28

.openpublishing.redirection.json

@@ -43308,6 +43308,11 @@
       "source_path_from_root": "/articles/aks/web-app-routing.md",
       "redirect_url": "/azure/aks/intro-kubernetes",
       "redirect_document_id":false
+    },
+    {
+      "source_path_from_root": "/articles/private-link/private-endpoint-static-ip-powershell.md",
+      "redirect_url": "/azure/private-link/create-private-endpoint-powershell",
+      "redirect_document_id": true
     }
   ]
 }

articles/active-directory/roles/TOC.yml

@@ -58,7 +58,7 @@
       href: groups-pim-eligible.md
     - name: Assign roles with scope using PowerShell
       href: custom-assign-powershell.md
-    - name: Assign roles using Graph API
+    - name: Assign roles using Microsoft Graph
       href: custom-assign-graph.md
   - name: Remove role assignments
     items: 

articles/active-directory/roles/groups-create-eligible.md

@@ -102,7 +102,7 @@ Add-AzureADGroupMember -ObjectId $roleAssignablegroup.Id -RefObjectId $member.Ob
 ### Create a role-assignable group in Azure AD
 
 ```http
-POST https://graph.microsoft.com/beta/groups
+POST https://graph.microsoft.com/v1.0/groups
 {
   "description": "This group is assigned to Helpdesk Administrator built-in role of Azure AD.",
   "displayName": "Contoso_Helpdesk_Administrators",

articles/active-directory/roles/manage-roles-portal.md

@@ -156,18 +156,13 @@ If PIM is enabled, you have additional capabilities, such as making a user eligi
     $roleAssignmentEligible = Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId 'aadRoles' -ResourceId $aadTenant.Id -RoleDefinitionId $roleDefinition.Id -SubjectId $user.objectId -Type 'AdminAdd' -AssignmentState 'Eligible' -schedule $schedule -reason "Review billing info"
     ```
 
-## Microsoft Graph API
+## Microsoft Graph PIM API
 
-Follow these instructions to assign a role using the Microsoft Graph API in [Graph Explorer](https://aka.ms/ge).
+Follow these instructions to assign a role using the Microsoft Graph PIM API.
 
 ### Assign a role
 
-In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. If you want to see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
-
-1. Sign in to the [Graph Explorer](https://aka.ms/ge).
-2. Select **POST** as the HTTP method from the dropdown. 
-3. Select the API version to **v1.0**.
-4. Use the [Create unifiedRoleAssignment](/graph/api/rbacapplication-post-roleassignments) API to assign roles. Add following details to the URL and Request Body and select **Run query**.
+In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. To see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
 
 ```http
 POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments
@@ -183,69 +178,72 @@ Content-type: application/json
 
 ### Assign a role using PIM
 
-In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
+#### Assign a time-bound eligible role assignment
 
-1. Sign in to the [Graph Explorer](https://aka.ms/ge).
-2. Select **POST** as the HTTP method from the dropdown. 
-3. Select the API version to **beta**.
-4. Use the [Create unifiedRoleEligibilityScheduleRequest](/graph/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests) API to assign roles using PIM. Add following details to the URL and Request Body and select **Run query**.
+In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
 
 ```http
-POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
+POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
 Content-type: application/json
 
 {
-    "action": "AdminAssign",
+    "action": "adminAssign",
     "justification": "for managing admin tasks",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "scheduleInfo": {
         "startDateTime": "2021-07-15T19:15:08.941Z",
         "expiration": {
-            "type": "AfterDuration",
+            "type": "afterDuration",
             "duration": "PT180D"
         }
     }
 }
 ```
 
+#### Assign a permanent eligible role assignment
+
 In the following example, a security principal is assigned a permanent eligible role assignment to Billing Administrator.
 
 ```http
-POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
+POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
 Content-type: application/json
 
 {
-    "action": "AdminAssign",
+    "action": "adminAssign",
     "justification": "for managing admin tasks",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "scheduleInfo": {
         "startDateTime": "2021-07-15T19:15:08.941Z",
         "expiration": {
-            "type": "NoExpiration"
+            "type": "noExpiration"
         }
     }
 }
 ```
 
-To activate the role assignment, use the [Create unifiedRoleAssignmentScheduleRequest](/graph/api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests) API.
+#### Activate a role assignment
+
+To activate the role assignment, use the [Create roleAssignmentScheduleRequests](/graph/api/rbacapplication-post-roleeligibilityschedulerequests) API.
 
 ```http
-POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests
+POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
 Content-type: application/json
 
 {
-    "action": "SelfActivate",
+    "action": "selfActivate",
     "justification": "activating role assignment for admin privileges",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
 }
 ```
 
+For more information about managing Azure AD roles through the PIM API in Microsoft Graph, see [Overview of role management through the privileged identity management (PIM) API](/graph/api/resources/privilegedidentitymanagementv3-overview).
+
 ## Next steps
 
 - [List Azure AD role assignments](view-assignments.md)

articles/active-directory/saas-apps/cisco-umbrella-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with Cisco Umbrella Admin SSO | Microsoft Docs'
+title: 'Tutorial: Azure AD integration with Cisco Umbrella Admin SSO'
 description: Learn how to configure single sign-on between Azure Active Directory and Cisco Umbrella Admin SSO.
 services: active-directory
 author: jeevansd
@@ -9,10 +9,10 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/16/2021
+ms.date: 05/24/2022
 ms.author: jeedes
 ---
-# Tutorial: Azure Active Directory integration with Cisco Umbrella Admin SSO
+# Tutorial: Azure AD integration with Cisco Umbrella Admin SSO
 
 In this tutorial, you'll learn how to integrate Cisco Umbrella Admin SSO with Azure Active Directory (Azure AD). When you integrate Cisco Umbrella Admin SSO with Azure AD, you can:
 
@@ -27,6 +27,9 @@ To get started, you need the following items:
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * Cisco Umbrella Admin SSO single sign-on (SSO) enabled subscription.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD single sign-on in a test environment.
@@ -65,7 +68,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Select a single sign-on method** page, select **SAML**.
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
-   ![Edit Basic SAML Configuration](common/edit-urls.png)
+    ![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
 
 4. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
 
@@ -77,11 +80,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Metadata XML** from the given options as per your requirement and save it on your computer.
 
-    ![The Certificate download link](common/metadataxml.png)
+    ![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
 
 6. On the **Set up Cisco Umbrella Admin SSO** section, copy the appropriate URL(s) as per your requirement.
 
-    ![Copy configuration URLs](common/copy-configuration-urls.png)
+    ![Screenshot shows to copy configuration appropriate U R L.](common/copy-configuration-urls.png "Attributes")
 
 ### Create an Azure AD test user
 
@@ -113,27 +116,27 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 2. From the left side of menu, click **Admin** and navigate to **Authentication** and then click on **SAML**.
 
-    ![The Admin](./media/cisco-umbrella-tutorial/admin.png)
+    ![Screenshot shows the Admin menu window.](./media/cisco-umbrella-tutorial/admin.png "Administrator")
 
 3. Choose **Other** and click on **NEXT**.
 
-    ![The Other](./media/cisco-umbrella-tutorial/other.png)
+    ![Screenshot shows the Other menu window.](./media/cisco-umbrella-tutorial/other.png "Folder")
 
 4. On the **Cisco Umbrella Admin SSO Metadata**, page, click **NEXT**.
 
-    ![The metadata](./media/cisco-umbrella-tutorial/metadata.png)
+    ![Screenshot shows the metadata file page.](./media/cisco-umbrella-tutorial/metadata.png "File")
 
 5. On the **Upload Metadata** tab, if you had pre-configured SAML, select **Click here to change them** option and follow the below steps.
 
-    ![The Next](./media/cisco-umbrella-tutorial/next.png)
+    ![Screenshot shows the Next Folder window.](./media/cisco-umbrella-tutorial/next.png "Values")
 
 6. In the **Option A: Upload XML file**,  upload the **Federation Metadata XML** file that you downloaded from the Azure portal and after uploading metadata the below values get auto populated automatically then click **NEXT**.
 
-    ![The choosefile](./media/cisco-umbrella-tutorial/choose-file.png)
+    ![Screenshot shows the choosefile from folder.](./media/cisco-umbrella-tutorial/choose-file.png "Federation")
 
 7. Under **Validate SAML Configuration** section, click **TEST YOUR SAML CONFIGURATION**.
 
-    ![The Test](./media/cisco-umbrella-tutorial/test.png)
+    ![Screenshot shows the Test SAML Configuration.](./media/cisco-umbrella-tutorial/test.png "Validate")
 
 8. Click **SAVE**.
 
@@ -148,11 +151,11 @@ In the case of Cisco Umbrella Admin SSO, provisioning is a manual task.
 
 2. From the left side of menu, click **Admin** and navigate to **Accounts**.
 
-    ![The Account](./media/cisco-umbrella-tutorial/account.png)
+    ![Screenshot shows the Account of Cisco Umbrella Admin.](./media/cisco-umbrella-tutorial/account.png "Account")
 
 3. On the **Accounts** page, click on **Add** on the top right side of the page and perform the following steps.
 
-    ![The User](./media/cisco-umbrella-tutorial/create-user.png)
+    ![Screenshot shows the User of Accounts.](./media/cisco-umbrella-tutorial/create-user.png "User")
 
     a. In the **First Name** field, enter the firstname like **Britta**.
 

articles/active-directory/saas-apps/flexera-one-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 12/29/2021
+ms.date: 05/24/2022
 ms.author: jeedes
 
 ---
@@ -29,6 +29,9 @@ To get started, you need the following items:
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * Flexera One single sign-on (SSO) enabled subscription.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
@@ -68,7 +71,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Select a single sign-on method** page, select **SAML**.
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
-   ![Edit Basic SAML Configuration](common/edit-urls.png)
+   ![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
 
 1. On the **Basic SAML Configuration** section, perform the following steps: 
 
@@ -86,7 +89,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. Flexera One application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
-	![image](common/default-attributes.png)
+	![Screenshot shows the image of Flexera One application.](common/default-attributes.png "Attributes")
 
 1. In addition to above, Flexera One application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
 
@@ -97,11 +100,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
 
-	![The Certificate download link](common/certificatebase64.png)
+	![Screenshot shows the Certificate download link.](common/certificatebase64.png "Certificate")
 
 1. On the **Set up Flexera One** section, copy the appropriate URL(s) based on your requirement.
 
-	![Copy configuration URLs](common/copy-configuration-urls.png)
+	![Screenshot shows to copy Configuration appropriate U R L.](common/copy-configuration-urls.png "Configuration")
 
 ### Create an Azure AD test user
 

articles/active-directory/saas-apps/iauditor-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/24/2022
+ms.date: 05/24/2022
 ms.author: jeedes
 
 ---
@@ -31,6 +31,9 @@ To get started, you need the following items:
 * Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
 For more information, see [Azure built-in roles](../roles/permissions-reference.md).
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
@@ -69,7 +72,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Select a single sign-on method** page, select **SAML**.
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
-   ![Edit Basic SAML Configuration](common/edit-urls.png)
+   ![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
 
 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
 
@@ -96,7 +99,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. iAuditor application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
-	![image](common/default-attributes.png)
+	![Screenshot shows the image of iAuditor application.](common/default-attributes.png "Attributes")
 
 1. In addition to above, iAuditor application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre-populated but you can review them as per your requirements.
 
@@ -108,7 +111,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (PEM)** and select **Download** to download the certificate and save it on your computer.
 
-	![The Certificate download link](common/certificate-base64-download.png)
+	![Screenshot shows the Certificate download link.](common/certificate-base64-download.png "Certificate")
 
 ### Create an Azure AD test user