Merge branch 'main' into release-limited-time-reservations

Author: v-alje

.openpublishing.redirection.json

@@ -23387,6 +23387,11 @@
             "redirect_url": "/azure/devtest-labs/samples-cli",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/devtest-labs/how-to-move-schedule-to-new-region.md",
+            "redirect_url": "/azure/devtest-labs/how-to-move-labs",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure/virtual-desktop/azure-advisor.md",
             "redirect_url": "/azure/advisor/advisor-overview",

articles/active-directory/app-provisioning/toc.yml

@@ -35,7 +35,7 @@ items:
         href: on-premises-web-services-connector.md
       - name: Provisioning with custom connectors
         href: on-premises-custom-connector.md
-      - name: Provisioning to SAP ECC 7.0
+      - name: Provisioning to SAP ECC (formerly SAP R/3)
         href: on-premises-sap-connector-configure.md
     - name: API-driven inbound provisioning tutorials
       items:

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -176,7 +176,7 @@ This setting has an effect on access attempts made from the following mobile app
 | Outlook mobile app | Exchange Online | Android, iOS |
 | Power BI app | Power BI service | Windows 10, Windows 8.1, Windows 7, Android, and iOS |
 | Skype for Business | Exchange Online| Android, iOS |
-| Visual Studio Team Services app | Visual Studio Team Services | Windows 10, Windows 8.1, Windows 7, iOS, and Android |
+| Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) app | Azure DevOps Services (formerly Visual Studio Team Services, or VSTS) | Windows 10, Windows 8.1, Windows 7, iOS, and Android |
 
 ### Exchange ActiveSync clients
 

articles/active-directory/develop/msal-android-single-sign-on.md

@@ -179,6 +179,9 @@ If the application uses a `WebView` strategy without integrating Microsoft Authe
 
 If the application uses MSAL with a broker like Microsoft Authenticator or Intune Company Portal, then users can have SSO experience across applications if they have an active sign-in with one of the apps.
 
+> [!NOTE]
+> MSAL with broker utilizes WebViews instead of Custom Tabs. As a result, the Single Sign-On (SSO) state is not extended to other apps that use Custom Tabs.
+
 ### WebView
 
 To use the in-app WebView, put the following line in the app configuration JSON that is passed to MSAL:

articles/active-directory/develop/test-setup-environment.md

@@ -65,16 +65,15 @@ You can [manually create a tenant](quickstart-create-new-tenant.md), which will
 
 For convenience, you may want to invite yourself and other members of your development team to be guest users in the tenant. This will create separate guest objects in the test tenant, but means you only have to manage one set of credentials for your corporate account and your test account.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Users**.
-3. Click on **New guest user** and invite your work account email address.
-4. Repeat for other members of the development and/or testing team for your application.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Invite external user** and invite your work account email address.
+1. Repeat for other members of the development and/or testing team for your application.
 
 You can also create test users in your test tenant. If you used one of the Microsoft 365 sample packs, you may already have some test users in your tenant. If not, you should be able to create some yourself as the tenant administrator.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select on **Azure Active Directory**.
-2. Go to **Users**.
-3. Click **New user** and create some new test users in your directory.
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Create new user** and create some new test users in your directory.
 
 ### Get an Azure AD subscription (optional)
 
@@ -96,26 +95,22 @@ Replicating Conditional Access policies ensures you don't encounter unexpected b
 
 Viewing your production tenant Conditional Access policies may need to be performed by a company administrator.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using your production tenant account.
 1. Go to **Azure Active Directory** > **Enterprise applications** > **Conditional Access**.
 1. View the list of policies in your tenant. Click the first one.
 1. Navigate to **Cloud apps or actions**.
 1. If the policy only applies to a select group of apps, then move on to the next policy. If not, then it will likely apply to your app as well when you move to production. You should copy the policy over to your test tenant.
 
 In a new tab or browser session, sign in to the [Azure portal](https://portal.azure.com) to access your test tenant.
 
-1. Go to **Azure Active Directory** > **Enterprise applications** > **Conditional Access**.
-1. Click on **New policy**
+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **Conditional Access**.
+1. Select **Create new policy**
 1. Copy the settings from the production tenant policy, identified through the previous steps.
 
 #### Permission grant policies
 
 Replicating permission grant policies ensures you don't encounter unexpected prompts for admin consent when moving to production.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using your production tenant account.
-1. Click on **Azure Active Directory**.
-1. Go to **Enterprise applications**.
-1. From your production tenant, go to **Azure Active Directory** > **Enterprise applications** > **Consent and permissions** > **User consent** settings. Copy the settings there to your test tenant.
+Browse to **Identity** > **Applications** > **Enterprise applications** > **Consent and permissions** > **User consent** settings. Copy the settings there to your test tenant.
 
 #### Token lifetime policies
 
@@ -134,20 +129,18 @@ You'll need to create an app registration to use in your test environment. This
 
 You'll need to create some test users with associated test data to use while testing your scenarios. This step might need to be performed by an admin.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Users**.
-3. Select **New user** and create some new test users in your directory.
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Create new user** and create some new test users in your directory.
 
 ### Add the test users to a group (optional)
 
 For convenience, you can assign all these users to a group, which makes other assignment operations easier.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Groups**.
-3. Click **New group**.
-4. Select either **Security** or **Microsoft 365** for group type.
-5. Name your group.
-6. Add the test users created in the previous step.
+1. Browse to **Identity** > **Groups** > **All groups**.
+1. Select **New group**.
+1. Select either **Security** or **Microsoft 365** for group type.
+1. Name your group.
+1. Add the test users created in the previous step.
 
 ### Restrict your test application to specific users
 

articles/active-directory/devices/concept-primary-refresh-token.md

@@ -158,6 +158,9 @@ The following diagrams illustrate the underlying details in issuing, renewing, a
 > [!NOTE]
 > In Azure AD joined devices, Azure AD PRT issuance (steps A-F) happens synchronously before the user can logon to Windows. In hybrid Azure AD joined devices, on-premises Active Directory is the primary authority. So, the user is able to login hybrid Azure AD joined Windows after they can acquire a TGT to login, while the PRT issuance happens asynchronously. This scenario does not apply to Azure AD registered devices as logon does not use Azure AD credentials.
 
+> [!NOTE]
+> In a Hybrid Azure AD joined Windows environment, the issuance of the PRT occurs asynchronously. The issuance of the PRT may fail due to issues with the federation provider. This failure can result in sign on issues when users try to access cloud resources. It is important to troubleshoot this scenario with the federation provider.
+
 | Step | Description |
 | :---: | --- |
 | A | User enters their password in the sign in UI. LogonUI passes the credentials in an auth buffer to LSA, which in turns passes it internally to CloudAP. CloudAP forwards this request to the CloudAP plugin. |

articles/active-directory/fundamentals/security-defaults.md

@@ -147,6 +147,7 @@ It's important to verify the identity of users who want to access Azure Resource
 After you enable security defaults in your tenant, any user accessing the following services must complete multifactor authentication: 
 
 - Azure portal
+- Microsoft Entra admin center
 - Azure PowerShell 
 - Azure CLI 
 

articles/active-directory/governance/create-lifecycle-workflow.md

@@ -19,28 +19,24 @@ Lifecycle workflows allow for tasks associated with the lifecycle process to be
 - **Tasks**: Actions taken when a workflow is triggered.
 - **Execution conditions**: The who and when of a workflow. These conditions define which users (scope) this workflow should run against, and when (trigger) the workflow should run.
 
-You can create and customize workflows for common scenarios by using templates, or you can build a workflow from scratch without using a template. Currently, if you use the Azure portal, any workflow that you create must be based on a template. If you want to create a workflow without using a template, use Microsoft Graph.
+You can create and customize workflows for common scenarios by using templates, or you can build a workflow from scratch without using a template. Currently, if you use the Microsoft Entra admin center, any workflow that you create must be based on a template. If you want to create a workflow without using a template, use Microsoft Graph.
 
 ## Prerequisites
 
 [!INCLUDE [Microsoft Entra ID Governance license](../../../includes/active-directory-entra-governance-license.md)]
 
 
-## Create a lifecycle workflow by using a template in the Azure portal
+## Create a lifecycle workflow by using a template in the Microsoft Entra admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-If you're using the Azure portal to create a workflow, you can customize existing templates to meet your organization's needs. These templates include one for pre-hire common scenarios.
 
-To create a workflow based on a template:
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
+If you're using the Microsoft Entra admin center to create a workflow, you can customize existing templates to meet your organization's needs. These templates include one for pre-hire common scenarios.
 
-1. Select **Azure Active Directory** > **Identity Governance**.
+To create a workflow based on a template:
 
-1. On the left menu, select **Lifecycle Workflows**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 
-1. Select **Workflows**.
+1. Browse to **Identity governance** > **Lifecycle workflows** > **Create a workflow**.
 
 1. On the **Choose a workflow** page, select the workflow template that you want to use.
 

articles/active-directory/governance/manage-workflow-properties.md

@@ -28,13 +28,11 @@ You can update the following basic information without creating a new workflow.
 
 If you change any other parameters, a new version is required to be created as outlined in the [Managing workflow versions](manage-workflow-tasks.md) article.
 
-If done via the Azure portal, the new version is created automatically. If done using Microsoft Graph, you must manually create a new version of the workflow.  For more information, see [Edit the properties of a workflow using Microsoft Graph](#edit-the-properties-of-a-workflow-using-microsoft-graph).
+If done via the Microsoft Entra Admin center, the new version is created automatically. If done using Microsoft Graph, you must manually create a new version of the workflow.  For more information, see [Edit the properties of a workflow using Microsoft Graph](#edit-the-properties-of-a-workflow-using-microsoft-graph).
 
-## Edit the properties of a workflow using the Azure portal
+## Edit the properties of a workflow using the Microsoft Entra Admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-To edit the properties of a workflow using the Azure portal, you do the following steps:
+To edit the properties of a workflow using the Microsoft Entra admin center, you do the following steps:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 

articles/active-directory/governance/manage-workflow-tasks.md

@@ -16,15 +16,12 @@ ms.custom: template-how-to
 
 Workflows created with Lifecycle Workflows are able to grow and change with the needs of your organization. Workflows exist as versions from creation. When making changes to other than basic information, you create a new version of the workflow. For more information, see  [Manage a workflow's properties](manage-workflow-properties.md).
 
-Changing a workflow's tasks or execution conditions requires the creation of a new version of that workflow. Tasks within workflows can be added, reordered, and removed at will. Updating a workflow's tasks or execution conditions within the Azure portal will trigger the creation of a new version of the workflow automatically. Making these updates in Microsoft Graph will require the new workflow version to be created manually.
+Changing a workflow's tasks or execution conditions requires the creation of a new version of that workflow. Tasks within workflows can be added, reordered, and removed at will. Updating a workflow's tasks or execution conditions within the Microsoft Entra admin center will trigger the creation of a new version of the workflow automatically. Making these updates in Microsoft Graph will require the new workflow version to be created manually.
 
 
-## Edit the tasks of a workflow using the Azure portal
+## Edit the tasks of a workflow using the Microsoft Entra admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-
-Tasks within workflows can be added, edited, reordered, and removed at will. To edit the tasks of a workflow using the Azure portal, you complete the following steps:
+Tasks within workflows can be added, edited, reordered, and removed at will. To edit the tasks of a workflow using the Microsoft Entra admin center, you complete the following steps:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 
@@ -45,9 +42,9 @@ Tasks within workflows can be added, edited, reordered, and removed at will. To
 1. After making changes, select **save** to capture changes to the tasks.
 
 
-## Edit the execution conditions of a workflow using the Azure portal
+## Edit the execution conditions of a workflow using the Microsoft Entra admin center
 
-To edit the execution conditions of a workflow using the Azure portal, you do the following steps:
+To edit the execution conditions of a workflow using the Microsoft Entra admin center, you do the following steps:
 
 
 1. On the left menu of Lifecycle Workflows, select **Workflows**.
@@ -66,7 +63,7 @@ To edit the execution conditions of a workflow using the Azure portal, you do th
 1. After making changes, select **save** to capture changes to the execution conditions.
 
 
-## See versions of a workflow using the Azure portal
+## See versions of a workflow using the Microsoft Entra admin center
 
 1. On the left menu of Lifecycle Workflows, select **Workflows**.