Merge branch 'main' into cm-linkfix-20230207-0

Author: cmcclister

.openpublishing.redirection.active-directory.json

@@ -11095,6 +11095,11 @@
       "source_path_from_root": "/articles/active-directory/cloud-infrastructure-entitlement-management/product-data-inventory.md",
       "redirect_url": "/azure/active-directory/cloud-infrastructure-entitlement-management/product-data-billable-resources",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/governance/create-access-review-privileged-access-groups.md",
+      "redirect_url": "/azure/active-directory/governance/create-access-review-pim-for-groups",
+      "redirect_document_id": false
     }
   ]
 }

.openpublishing.redirection.azure-monitor.json

@@ -25,6 +25,11 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/java-in-process-agent-redirect.md",
+            "redirect_url": "/azure/azure-monitor/app/opentelemetry-enable",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/legacy-pricing.md",
             "redirect_url": "/azure/azure-monitor/best-practices-cost",
@@ -5703,13 +5708,18 @@
             "redirect_document_id": false
         },
         {
+            "source_path_from_root": "/articles/azure-monitor/alerts/proactive-performance-diagnostics.md",
+            "redirect_url": "https://azure.microsoft.com/updates/public-preview-alerts-based-smart-detection-for-application-insights/",
+            "redirect_document_id": false
+        },
+      {
             "source_path_from_root": "/articles/azure-monitor/autoscale/autoscale-resource-log-schema.md",
             "redirect_url": "/azure/azure-monitor/autoscale/autoscale-diagnostics",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/azure-monitor/alerts/proactive-performance-diagnostics.md",
-            "redirect_url": "https://azure.microsoft.com/updates/public-preview-alerts-based-smart-detection-for-application-insights/",
+      {
+            "source_path_from_root": "/articles/azure-monitor/app/java-in-process-agent.md",
+            "redirect_url": "/azure/azure-monitor/app/opentelemetry-enable",
             "redirect_document_id": false
         }
     ]

.openpublishing.redirection.healthcare-apis.json

@@ -634,7 +634,11 @@
         "redirect_document_id": false
     },
     {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-calculated-functions-mappings.md",
-        "redirect_url": "/azure/healthcare-apis/iot/how-to-use-calculatedcontenttemplate-mappings",
+        "redirect_url": "/azure/healthcare-apis/iot/how-to-use-calculatedcontent-mappings",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-calculatedcontenttemplate-mappings.md",
+        "redirect_url": "/azure/healthcare-apis/iot/how-to-use-calculatedcontent-mappings",
         "redirect_document_id": false
     },
     {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings.md",

.openpublishing.redirection.json

@@ -22695,6 +22695,11 @@
             "source_path": "articles/application-gateway/tutorial-protect-application-gateway.md",
             "redirect_URL": "/azure/application-gateway/tutorial-protect-application-gateway-ddos",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/virtual-machines/workloads/sap/index.md",
+            "redirect_URL": "/azure/sap/workloads/get-started",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md

@@ -3,14 +3,14 @@ title: Set up a sign-up and sign-in flow
 titleSuffix: Azure AD B2C
 description: Learn how to set up a sign-up and sign-in flow in Azure Active Directory B2C.
 services: active-directory-b2c
-author: kengaderdus
+author: garrodonnell
 manager: CelesteDG
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/21/2021
-ms.author: kengaderdus
+ms.date: 02/09/2023
+ms.author: godonnell
 ms.subservice: B2C
 ms.custom: "b2c-support"
 zone_pivot_groups: b2c-policy-type
@@ -37,7 +37,7 @@ Watch this video to learn how the user sign-up and sign-in policy works.
 
 ## Prerequisites
 
-If you haven't already done so, [register a web application in Azure Active Directory B2C](tutorial-register-applications.md).
+[!INCLUDE [active-directory-b2c-customization-prerequisites](../../includes/active-directory-b2c-customization-prerequisites.md)]
 
 ::: zone pivot="b2c-user-flow"
 

articles/active-directory-b2c/faq.yml

@@ -3,14 +3,14 @@ metadata:
   title: 'Frequently asked questions (FAQ) for Azure Active Directory B2C'
   description: Answers to frequently asked questions about Azure Active Directory B2C.
   services: active-directory-b2c
-  author: kengaderdus
+  author: garrodonnell
   manager: CelesteDG
 
   ms.service: active-directory
   ms.workload: identity
   ms.topic: faq
-  ms.date: 01/03/2022
-  ms.author: kengaderdus
+  ms.date: 02/09/2023
+  ms.author: godonnell
   ms.subservice: B2C
   ms.custom: "b2c-support"
 title: 'Azure AD B2C: Frequently asked questions (FAQ)'

articles/active-directory-b2c/identity-provider-microsoft-account.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/13/2022
+ms.date: 02/13/2023
 ms.custom: project-no-code
 ms.author: godonnell
 ms.subservice: B2C
@@ -51,7 +51,7 @@ To enable sign-in for users with a Microsoft account in Azure Active Directory B
 1. Under **Supported account types**, select **Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)**.
 
    For more information on the different account type selections, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md).
-1. Under **Redirect URI (optional)**, select **Web** and enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain.
+1. Under **Redirect URI (optional)**, select **Web** and enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your Azure AD B2C tenant, and `your-domain-name` with your custom domain.
 1. Select **Register**
 1. Record the **Application (client) ID** shown on the application Overview page. You need the client ID when you configure the identity provider in the next section.
 1. Select **Certificates & secrets**

articles/active-directory/app-provisioning/how-provisioning-works.md

@@ -8,14 +8,14 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 10/20/2022
+ms.date: 02/10/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
 
 # How Application Provisioning works in Azure Active Directory
 
-Automatic provisioning refers to creating user identities and roles in the cloud applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Before you start a deployment, you can review this article to learn how Azure AD provision works and get configuration recommendations. 
+Automatic provisioning refers to creating user identities and roles in the cloud applications that users need to access. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Before you start a deployment, you can review this article to learn how Azure AD provisioning works and get configuration recommendations. 
 
 The **Azure AD Provisioning Service** provisions users to SaaS apps and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create, update, and remove users. For selected applications, the provisioning service can also create, update, and remove additional identity-related objects, such as groups and roles. The channel used for provisioning between Azure AD and the application is encrypted using HTTPS TLS 1.2 encryption.
 
@@ -136,7 +136,7 @@ After the initial cycle, all other cycles will:
 The provisioning service continues running back-to-back incremental cycles indefinitely, at intervals defined in the [tutorial specific to each application](../saas-apps/tutorial-list.md). Incremental cycles continue until one of the following events occurs:
 
 - The service is manually stopped using the Azure portal, or using the appropriate Microsoft Graph API command.
-- A new initial cycle is triggered using the **Restart provisioning** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again. This will not break the links between source and target objects. To break the links use [Restart synchronizationJob](https://learn.microsoft.com/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http) with the following request: 
+- A new initial cycle is triggered using the **Restart provisioning** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again. This will not break the links between source and target objects. To break the links use [Restart synchronizationJob](/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http&preserve-view=true) with the following request: 
 
 <!-- {
   "blockType": "request",

articles/active-directory/app-provisioning/user-provisioning.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: overview
 ms.workload: identity
-ms.date: 10/20/2022
+ms.date: 02/09/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -18,7 +18,7 @@ In Azure Active Directory (Azure AD), the term *app provisioning* refers to auto
 
 ![Diagram that shows provisioning scenarios.](../governance/media/what-is-provisioning/provisioning.png)
 
-Azure AD application provisioning refers to automatically creating user identities and roles in the applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into SaaS applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and more.
+Azure AD application provisioning refers to automatically creating user identities and roles in the applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into SaaS applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and many more.
 
 Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If your application supports [SCIM](https://aka.ms/scimoverview), or you've built a SCIM gateway to connect to your legacy application, you can use the Azure AD Provisioning agent to [directly connect](./on-premises-scim-provisioning.md) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](./on-premises-ldap-connector-configure.md) user store or a [SQL](./tutorial-ecma-sql-connector.md) database, Azure AD can support those as well. 
 
@@ -91,4 +91,4 @@ For other applications that support SCIM 2.0, follow the steps in [Build a SCIM
 
 - [List of tutorials on how to integrate SaaS apps](../saas-apps/tutorial-list.md)
 - [Customizing attribute mappings for user provisioning](customize-application-attributes.md)
-- [Scoping filters for user provisioning](define-conditional-rules-for-provisioning-user-accounts.md)
+- [Scoping filters for user provisioning](define-conditional-rules-for-provisioning-user-accounts.md)

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -22,11 +22,11 @@ When applications are made up of multiple individual web application using diffe
 
 The following figure shows an example for complex application domain structure.
 
-![Diagram of domain structure for a complex application showing resource sharing between primary and secondary application.](./media/application-proxy-configure-complex-application/complex-app-structure.png)
+:::image type="content" source="./media/application-proxy-configure-complex-application/complex-app-structure-1.png" alt-text="Diagram of domain structure for a complex application showing resource sharing between primary and secondary application.":::
 
 With [Azure AD Application Proxy](application-proxy.md), you can address this issue by using complex application publishing that is made up of multiple URLs across various domains. 
 
-![Diagram of a Complex application with multiple application segments definition.](./media/application-proxy-configure-complex-application/complex-app-flow.png)
+:::image type="content" source="./media/application-proxy-configure-complex-application/complex-app-flow-1.png" alt-text="Diagram of a Complex application with multiple application segments definition.":::
 
 A complex app has multiple app segments, with each app segment being a pair of an internal & external URL.
 There is one conditional access policy associated with the app and access to any of the external URLs work with pre-authentication with the same set of policies that are enforced for all.
@@ -42,7 +42,7 @@ This article provides you with the information you need to configure wildcard ap
 ## Characteristics of application segment(s) for complex application. 
 1. Application segments can be configured only for a wildcard application.
 2. External and alternate URL should match the wildcard external and alternate URL domain of the application respectively.
-3. Application segment URL’s (internal and external) need to maintain uniqueness across complex applications.
+3. Application segment URLs (internal and external) need to maintain uniqueness across complex applications.
 4. CORS Rules (optional) can be configured per application segment.
 5. Access will only be granted to defined application segments for a complex application.
     - Note - If all application segments are deleted, a complex application will behave as a wildcard application opening access to all valid URL by specified domain. 
@@ -56,61 +56,48 @@ Before you get started with Application Proxy Complex application scenario apps,
 
 ## Configure application segment(s) for complex application. 
 
-To configure (and update) Application Segments for a complex app using the API, you first [create a wildcard application](application-proxy-wildcard.md#create-a-wildcard-application), and then update the application's onPremisesPublishing property to configure the application segments and respective CORS settings.
-
 > [!NOTE]
-> 2 application segment per complex application are supported for [Microsoft Azure AD premium subscription](https://azure.microsoft.com/pricing/details/active-directory). Licence requirement for more than 2 application segments per complex application to be announced soon.
-
-If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
-## Example
-
-##### Request
-Here is an example of the request.
-
-```http
-PATCH https://graph.microsoft.com/beta/applications/{<object-id-of--the-complex-app-under-APP-Registrations}
-Content-type: application/json
-
-{
-    "onPremisesPublishing": {
-		"onPremisesApplicationSegments": [
-			{
-				"externalUrl": "https://home.contoso.net/",
-				"internalUrl": "https://home.test.com/",
-				"alternateUrl": "",
-				"corsConfigurations": []
-			},
-			{
-				"externalUrl": "https://assets.constoso.net/",
-				"internalUrl": "https://assets.test.com",
-				"alternateUrl": "",
-				"corsConfigurations": [
-					{
-						"resource": "/",
-						"allowedOrigins": [
-							"https://home.contoso.net/"
-						],
-						"allowedHeaders": [
-							"*"
-						],
-						"allowedMethods": [
-							"*"
-						],
-						"maxAgeInSeconds": 0
-					}
-				]
-			}	
-		]
-	}
-}
-
-```
-##### Response
-
-```http
-HTTP/1.1 204 No Content
-```
+> Two application segment per complex distributed application are supported for [Microsoft Azure AD premium subscription](https://azure.microsoft.com/pricing/details/active-directory). License requirement for more than two application segments per complex application to be announced soon.
+
+To publish complex distributed app through Application Proxy with application segments:
+
+1. [Create a wildcard application.](application-proxy-wildcard.md#create-a-wildcard-application)
+
+1. On the Application Proxy Basic settings page, select "Add application segments".
+
+    :::image type="content" source="./media/application-proxy-configure-complex-application/add-application-segments.png" alt-text="Screenshot of link to add an application segment.":::
+
+3. On the Manage and configure application segments page, select "+ Add app segment"
+
+    :::image type="content" source="./media/application-proxy-configure-complex-application/add-application-segment-1.png" alt-text="Screenshot pf Manage and configure application segment blade.":::
+
+4. In the Internal Url field, enter the internal URL for your app.
+
+5. In the External Url field, drop down the list and select the custom domain you want to use.
+
+6. Add CORS Rules (optional).  For more information see [Configuring CORS Rule](https://learn.microsoft.com/graph/api/resources/corsconfiguration_v2?view=graph-rest-beta)
+
+7. Select Create.
+
+    :::image type="content" source="./media/application-proxy-configure-complex-application/create-app-segment.png" alt-text="Screenshot of add or edit application segment context plane.":::
+
+Your application is now set up to use the configured application segments. Be sure to assign users to your application before you test or release it.
+
+To edit/update an application segment, select respective application segment from the list in Manage and configure application segments page. Upload a certificate for the updated domain, if necessary, and update the DNS record. 
+
+## DNS updates
+
+When using custom domains, you need to create a DNS entry with a CNAME record for the external URL (for example,  `*.adventure-works.com`) pointing to the external URL of the application proxy endpoint. For wildcard applications, the CNAME record needs to point to the relevant external URL:
+
+> `<yourAADTenantId>.tenant.runtime.msappproxy.net`
+
+Alternatively, a DNS entry with a CNAME record for every individual application segment can be created as follows:
+
+> `'External URL of application segment'` > `'<External URL without domain>-<tenantname>.msapproxy.net'` <br>
+for example in above instance  >`'home.contoso.ashcorp.us'` points to > `home-ashcorp1.msappproxy.net`
+
 
+For more detailed instructions for Application Proxy, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md).
 
 ## See also
 - [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md)