Merge pull request #200752 from MicrosoftDocs/main

6/07 AM Publish

Author: huypub

.openpublishing.publish.config.json

@@ -977,6 +977,7 @@
     "articles/container-apps/.openpublishing.redirection.container-apps.json",
     "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json",
     "articles/load-testing/.openpublishing.redirection.azure-load-testing.json",
-    "articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json"
+    "articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json",
+    "articles/machine-learning/.openpublishing.redirection.machine-learning.json"
   ]
 }

.openpublishing.redirection.json

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/25/2021
+ms.date: 05/25/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -27,10 +27,10 @@ The provisioning service uses the concept of a job to operate against an applica
 If you are using an application in the gallery, the job generally contains the name of the app (e.g. zoom snowFlake, dataBricks, etc.). You can skip this documentation when using a gallery application. This primarily applies for non-gallery applications with jobID SCIM or customAppSSO.
 
 ## SCIM 2.0 compliance issues and status
-In the table below, any item marked as fixed means that the proper behavior can be found on the SCIM job. We have worked to ensure backwards compatibility for the changes we have made. However, we do not recommend implementing old behavior. We recommend using the new behavior for any new implementations and updating existing implementations.
+In the table below, any item marked as fixed means that the proper behavior can be found on the SCIM job. We have worked to ensure backwards compatibility for the changes we have made. We recommend using the new behavior for any new implementations and updating existing implementations. Please note that the customappSSO behavior that was the default prior to December 2018 is not supported anymore. 
 
 > [!NOTE]
-> For the changes made in 2018, you can revert back to the customappsso behavior. For the changes made since 2018, you can use the URLs to revert back to the older behavior. We have worked to ensure backwards compatibility for the changes we have made by allowing you to revert back to the old jobID or by using a flag. However, as previously mentioned, we do not recommend implementing old behavior. We recommend using the new behavior for any new implementations and updating existing implementations.
+> For the changes made in 2018, it is possible to revert back to the customappsso behavior. For the changes made since 2018, you can use the URLs to revert back to the older behavior. We have worked to ensure backwards compatibility for the changes we have made by allowing you to revert back to the old jobID or by using a flag. However, as previously mentioned, we do not recommend implementing old behavior as it is not supported anymore. We recommend using the new behavior for any new implementations and updating existing implementations.
 
 | **SCIM 2.0 compliance issue** |  **Fixed?** | **Fix date**  |  **Backwards compatibility** |
 |---|---|---|

articles/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility.md

@@ -108,7 +108,7 @@ This article describes how you can use the **Audit** dashboard in Permissions Ma
 1. In the **Audit** dashboard, load the query you want to duplicate.
 2. Select the ellipses menu **(…)** on the far right, and then select **Duplicate**.
 
-    CloudKnox creates a copy of the query. Both the copy of the query and the original query display in the **Saved Queries** list.
+    Permissions Management creates a copy of the query. Both the copy of the query and the original query display in the **Saved Queries** list.
 
     You can rename the original or copy of the query, change it, and save it without changing the other query.
 

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-custom-queries.md

@@ -45,9 +45,14 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 2. Configure TAP App Security to support provisioning with Azure AD
 
-Contact [TAP App Security support](mailto:[email protected]) in order to obtain a SCIM Token.
-
-
+1. Log in to [TAP App Security back-end control panel](https://app.tapappsecurity.com/).
+1. Navigate to **Single Sign On > Active Directory**.
+1. Click on the **Integrate Active Directory app** button. Then enter the domain of your organization and click **Save** button.
+	[![Screenshot on how to add domain.](media/tap-app-security-provisioning-tutorial/add-domain.png)](media/tap-app-security-provisioning-tutorial/add-domain.png#lightbox)
+1. After entering the domain, a new line in the table appears showing domain name and its status as **initialize**. Click on the gear icon to reveal technical data about TAP app Security server and to complete initialization. 
+	[![Screenshot showing initialize.](media/tap-app-security-provisioning-tutorial/initialize.png)](media/tap-app-security-provisioning-tutorial/initialize.png#lightbox)
+1. Technical data about TAP App Security servers is revealed.You can now copy the **Tenant Url** and **Authorization Token** from this page to be used later on while setting up provisioning in Azure AD.
+	[![Screenshot showing domain details.](media/tap-app-security-provisioning-tutorial/domain-details.png)](media/tap-app-security-provisioning-tutorial/domain-details.png#lightbox)
 ## Step 3. Add TAP App Security from the Azure AD application gallery
 
 Add TAP App Security from the Azure AD application gallery to start managing provisioning to TAP App Security. If you have previously setup TAP App Security for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 

articles/active-directory/saas-apps/media/tap-app-security-provisioning-tutorial/add-domain.png

@@ -97,7 +97,6 @@ az aks create \
     --generate-ssh-keys \
     --windows-admin-username $WINDOWS_USERNAME \
     --vm-set-type VirtualMachineScaleSets \
-    --kubernetes-version 1.20.7 \
     --network-plugin azure
 ```
 

articles/active-directory/saas-apps/media/tap-app-security-provisioning-tutorial/domain-details.png

@@ -23,6 +23,11 @@ By combining API Management provisioned in an internal virtual network with the
 * Use a single API Management resource and have a subset of APIs defined in API Management available for external consumers.
 * Provide a turnkey way to switch access to API Management from the public internet on and off.
 
+For architectural guidance, see:
+* **Basic enterprise integration**: [Reference architecture](/azure/architecture/reference-architectures/enterprise-integration/basic-enterprise-integration?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
+* **API Management landing zone accelerator**: [Reference architecture](/azure/architecture/example-scenario/integration/app-gateway-internal-api-management-function?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json) and [design guidance](/azure/cloud-adoption-framework/scenarios/app-platform/api-management/land?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
+
+
 > [!NOTE]
 > This article has been updated to use the [Application Gateway WAF_v2 SKU](../application-gateway/application-gateway-autoscaling-zone-redundant.md).