Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into erapi

Author: duongau

.openpublishing.redirection.json

@@ -46532,6 +46532,11 @@
       "source_path_from_root": "/articles/azure-monitor/app/how-do-i.md",
       "redirect_url": "/azure/azure-monitor/faq",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/web-sites-integrate-with-vnet.md",
+      "redirect_url": "/azure/app-service/overview-vnet-integration",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-domain-services/tutorial-create-forest-trust.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/26/2021
+ms.date: 10/19/2021
 ms.author: justinha
 
 #Customer intent: As an identity administrator, I want to create a one-way outbound forest from an Azure Active Directory Domain Services resource forest to an on-premises Active Directory Domain Services forest to provide authentication and resource access between forests.
@@ -72,9 +72,20 @@ Before you configure a forest trust in Azure AD DS, make sure your networking be
 To correctly resolve the managed domain from the on-premises environment, you may need to add forwarders to the existing DNS servers. If you haven't configured the on-premises environment to communicate with the managed domain, complete the following steps from a management workstation for the on-premises AD DS domain:
 
 1. Select **Start** > **Administrative Tools** > **DNS**.
-1. Right-select DNS server, such as *myAD01*, then select **Properties**.
-1. Choose **Forwarders**, then **Edit** to add additional forwarders.
-1. Add the IP addresses of the managed domain, such as *10.0.2.4* and *10.0.2.5*.
+1. Select your DNS zone, such as *aaddscontoso.com*.
+1. Select **Conditional Forwarders**, then right-select and choose **New Conditional Forwarder...**
+1. Enter your other **DNS Domain**, such as *contoso.com*, then enter the IP addresses of the DNS servers for that namespace, as shown in the following example:
+
+    ![Screenshot of how to add and configure a conditional forwarder for the DNS server.](./media/manage-dns/create-conditional-forwarder.png)
+
+1. Check the box for **Store this conditional forwarder in Active Directory, and replicate it as follows**, then select the option for *All DNS servers in this domain*, as shown in the following example:
+
+    ![Screenshot of how to select All DNS servers in this domain.](./media/manage-dns/store-in-domain.png)
+
+    > [!IMPORTANT]
+    > If the conditional forwarder is stored in the *forest* instead of the *domain*, the conditional forwarder fails.
+
+1. To create the conditional forwarder, select **OK**.
 
 ## Create inbound forest trust in the on-premises domain
 

articles/active-directory/saas-apps/cbre-serviceinsight-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CBRE ServiceInsight | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with CBRE ServiceInsight'
 description: Learn how to configure single sign-on between Azure Active Directory and CBRE ServiceInsight.
 services: active-directory
 author: jeevansd
@@ -9,20 +9,18 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 08/29/2019
+ms.date: 10/13/2021
 ms.author: jeedes
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with CBRE ServiceInsight
+# Tutorial: Azure AD SSO integration with CBRE ServiceInsight
 
 In this tutorial, you'll learn how to integrate CBRE ServiceInsight with Azure Active Directory (Azure AD). When you integrate CBRE ServiceInsight with Azure AD, you can:
 
 * Control in Azure AD who has access to CBRE ServiceInsight.
 * Enable your users to be automatically signed-in to CBRE ServiceInsight with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-
 ## Prerequisites
 
 To get started, you need the following items:
@@ -34,25 +32,28 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* CBRE ServiceInsight supports **SP** initiated SSO
-* CBRE ServiceInsight supports **Just In Time** user provisioning
+* CBRE ServiceInsight supports **SP** initiated SSO.
+* CBRE ServiceInsight supports **Just In Time** user provisioning.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
 
-## Adding CBRE ServiceInsight from the gallery
+## Add CBRE ServiceInsight from the gallery
 
 To configure the integration of CBRE ServiceInsight into Azure AD, you need to add CBRE ServiceInsight from the gallery to your list of managed SaaS apps.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
 1. In the **Add from the gallery** section, type **CBRE ServiceInsight** in the search box.
 1. Select **CBRE ServiceInsight** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD single sign-on for CBRE ServiceInsight
+## Configure and test Azure AD SSO for CBRE ServiceInsight
 
 Configure and test Azure AD SSO with CBRE ServiceInsight using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in CBRE ServiceInsight.
 
-To configure and test Azure AD SSO with CBRE ServiceInsight, complete the following building blocks:
+To configure and test Azure AD SSO with CBRE ServiceInsight, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -65,15 +66,15 @@ To configure and test Azure AD SSO with CBRE ServiceInsight, complete the follow
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **CBRE ServiceInsight** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **CBRE ServiceInsight** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following step:
 
-    In the **Sign-on URL** text box, type a URL:
+    In the **Sign-on URL** text box, type the URL:
     `https://adfs4.mainstreamsasp.com/adfs/ls/`
 
 	> [!NOTE]
@@ -102,13 +103,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
 1. In the applications list, select **CBRE ServiceInsight**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
-   ![The "Users and groups" link](common/users-groups-blade.png)
-
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
-	![The Add User link](common/add-assign-user.png)
-
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
@@ -123,16 +118,14 @@ In this section, a user called Britta Simon is created in CBRE ServiceInsight. C
 
 ## Test SSO 
 
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the CBRE ServiceInsight tile in the Access Panel, you should be automatically signed in to the CBRE ServiceInsight for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+In this section, you test your Azure AD single sign-on configuration with following options. 
 
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to CBRE ServiceInsight Sign-on URL where you can initiate the login flow. 
 
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to CBRE ServiceInsight Sign-on URL directly and initiate the login flow from there.
 
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the CBRE ServiceInsight tile in the My Apps, this will redirect to CBRE ServiceInsight Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
 
-- [Try CBRE ServiceInsight with Azure AD](https://aad.portal.azure.com/)
+Once you configure CBRE ServiceInsight you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).