Merge pull request #249526 from MicrosoftDocs/main

8/28/2023 AM Publish

Author: Taojunshen

articles/active-directory/develop/reply-url.md

@@ -46,7 +46,7 @@ This table shows the maximum number of redirect URIs you can add to an app regis
 | Microsoft work or school accounts in any organization's Azure Active Directory (Azure AD) tenant | 256 | `signInAudience` field in the application manifest is set to either *AzureADMyOrg* or *AzureADMultipleOrgs* |
 | Personal Microsoft accounts and work and school accounts | 100 | `signInAudience` field in the application manifest is set to *AzureADandPersonalMicrosoftAccount* |
 
-The maximum number of redirect URIS can't be raised for [security reasons](#restrictions-on-wildcards-in-redirect-uris). If your scenario requires more redirect URIs than the maximum limit allowed, consider the following [state parameter approach](#use-a-state-parameter) as the solution.
+The maximum number of redirect URIs can't be raised for [security reasons](#restrictions-on-wildcards-in-redirect-uris). If your scenario requires more redirect URIs than the maximum limit allowed, consider the following [state parameter approach](#use-a-state-parameter) as the solution.
 
 ## Maximum URI length
 

articles/active-directory/devices/hybrid-join-plan.md

@@ -159,7 +159,7 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints:
 > [!WARNING]
 > Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust Windows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
 
-Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to configure hybrid Azure AD join. The wizard enables you to significantly simplify the configuration process. If installing the required version of Azure AD Connect isn't an option for you, see [how to manually configure device registration](hybrid-join-manual.md).
+Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to configure hybrid Azure AD join. The wizard enables you to significantly simplify the configuration process. If installing the required version of Azure AD Connect isn't an option for you, see [how to manually configure device registration](hybrid-join-manual.md). If contoso.com is registered as a confirmed custom domain, users can get a PRT even if their syncronized on-premises AD DS UPN suffix is in a subdomain like test.contoso.com.
 
 ## Review on-premises AD users UPN support for hybrid Azure AD join
 

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-overview.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: multi-tenant-organizations
 ms.topic: overview
-ms.date: 06/16/2023
+ms.date: 08/28/2023
 ms.author: rolyon
 ms.custom: it-pro
 
@@ -269,8 +269,6 @@ Does cross-tenant synchronization support deprovisioning users?
   - Remove the user from a group that is assigned to the cross-tenant synchronization configuration
   - An attribute on the user changes such that they do not meet the scoping filter conditions defined on the cross-tenant synchronization configuration anymore 
 
-- Currently only regular users, Helpdesk Admins and User Account Admins can be deleted. Users with other Azure AD roles such as directory reader currently cannot be deleted by cross-tenant synchronization. This is subject to change in the future.
-
 - If the user is blocked from sign-in in the source tenant (accountEnabled = false) they will be blocked from sign-in in the target. This is not a deletion, but an updated to the accountEnabled property.
 
 Does cross-tenant synchronization support restoring users? 

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

@@ -245,7 +245,6 @@ Use the following table to better understand how to resolve errors that you find
 > | AzureDirectoryB2BManagementPolicyCheckFailure | The cross-tenant synchronization policy allowing automatic redemption failed.<br/><br/>The synchronization engine checks to ensure that the administrator of the target tenant has created an inbound cross-tenant synchronization policy allowing automatic redemption. The synchronization engine also checks if the administrator of the source tenant has enabled an outbound policy for automatic redemption. | Ensure that the automatic redemption setting has been enabled for both the source and target tenants. For more information, see [Automatic redemption setting](../multi-tenant-organizations/cross-tenant-synchronization-overview.md#automatic-redemption-setting). |
 > | AzureActiveDirectoryQuotaLimitExceeded | The number of objects in the tenant exceeds the directory limit.<br/><br/>Azure AD has limits for the number of objects that can be created in a tenant. | Check whether the quota can be increased. For information about the directory limits and steps to increase the quota, see [Azure AD service limits and restrictions](../enterprise-users/directory-service-limits-restrictions.md). |
 > |InvitationCreationFailure| The Azure AD provisioning service attempted to invite the user in the target tenant. That invitation failed.| Further investigation likely requires contacting support.|
-> |AzureActiveDirectoryInsufficientRights|When a B2B user in the target tenant has a role other than User, Helpdesk Admin, or User Account Admin, they cannot be deleted.| Remove the role(s) on the user in the target tenant in order to successfully delete the user in the target tenant.|
 > |AzureActiveDirectoryForbidden|External collaboration settings have blocked invitations.|Navigate to user settings and ensure that [external collaboration settings](../external-identities/external-collaboration-settings-configure.md) are permitted.|
 > |InvitationCreationFailureInvalidPropertyValue|Potential causes:<br/>* The Primary SMTP Address is an invalid value.<br/>* UserType is neither guest nor member<br/>* Group email Address is not supported | Potential solutions:<br/>* The Primary SMTP Address has an invalid value. Resolving this issue will likely require updating the mail property of the source user. For more information, see [Prepare for directory synchronization to Microsoft 365](https://aka.ms/DirectoryAttributeValidations)<br/>* Ensure that the userType property is provisioned as type guest or member. This can be fixed by checking your attribute mappings to understand how the userType attribute is mapped.<br/>* The email address address of the user matches with the email address of a group in the tenant. Update the email address for one of the two objects.|
 > |InvitationCreationFailureAmbiguousUser| The invited user has a proxy address that matches an internal user in the target tenant. The proxy address must be unique. | To resolve this error, delete the existing internal user in the target tenant or remove this user from sync scope.|

articles/active-directory/saas-apps/breadcrumb/toc.yml

@@ -10,6 +10,6 @@
       tocHref: /azure/azure-databricks/administration-guide/
       topicHref: /azure/active-directory/manage-apps/
       items: 
-      - name: SaaS application tutorials
+      - name: Application tutorials
         tocHref: /azure/azure-databricks/administration-guide/users-groups/scim/
-        topicHref: /azure/active-directory/saas-apps/tutorial-list/
+        topicHref: /azure/active-directory/saas-apps/tutorial-list/

articles/active-directory/saas-apps/toc.yml

@@ -1,5 +1,5 @@
   items:
-  - name: SaaS application tutorials
+  - name: Application tutorials
     href: tutorial-list.md
   - name: Single sign-on tutorials
     expanded: true

articles/active-directory/saas-apps/tutorial-list.md

@@ -1,5 +1,5 @@
 ---
-title: SaaS App Integration Tutorials for use with Azure AD
+title: App Integration Tutorials for use with Azure AD
 description: Configure Azure Active Directory single sign-on integration with a variety of third-party software as a service applications.
 services: active-directory
 author: jeevansd
@@ -14,9 +14,9 @@ ms.custom: contperf-fy21q3-portal
 ms.reviewer: celested
 ---
 
-# Tutorials for integrating SaaS applications with Azure Active Directory
+# Tutorials for integrating applications with Azure Active Directory
 
-To help integrate your cloud-enabled [software as a service (SaaS)](https://azure.microsoft.com/overview/what-is-saas/) applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration.
+To help integrate your cloud-enabled [software as a service (SaaS)](https://azure.microsoft.com/overview/what-is-saas/) and on-premises applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration.
 
 For a list of all SaaS apps that have been pre-integrated into Azure AD, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps).
 

articles/aks/support-policies.md

@@ -2,7 +2,7 @@
 title: Support policies for Azure Kubernetes Service (AKS)
 description: Learn about Azure Kubernetes Service (AKS) support policies, shared responsibility, and features that are in preview (or alpha or beta).
 ms.topic: article
-ms.date: 05/22/2023
+ms.date: 08/28/2023
 
 #Customer intent: As a cluster operator or developer, I want to understand what AKS components I need to manage, what components are managed by Microsoft (including security patches), and networking and preview features.
 ---
@@ -78,7 +78,7 @@ Microsoft doesn't provide technical support for the following scenarios:
 * Third-party closed-source software. This software can include security scanning tools and networking devices or software.
 * Network customizations other than the ones listed in the [AKS documentation](./index.yml).
 * Custom or third-party CNI plugins used in [BYOCNI](use-byo-cni.md) mode.
-* Stand-by and proactive scenarios. Microsoft Support provides reactive support to help solve active issues in a timely and professional manner. However, standby or proactive support to help you eliminate operational risks, increase availability, and optimize performance are not covered. [Eligible customers](https://www.microsoft.com/unifiedsupport) can contact their account team to get nominated for Azure Event Management service[https://devblogs.microsoft.com/premier-developer/proactively-plan-for-your-critical-event-in-azure-with-enhanced-support-and-engineering-services/]. It's a paid service delivered by Microsoft support engineers that includes a proactive solution risk assessment and coverage during the event.
+* Stand-by and proactive scenarios. Microsoft Support provides reactive support to help solve active issues in a timely and professional manner. However, standby or proactive support to help you eliminate operational risks, increase availability, and optimize performance are not covered. [Eligible customers](https://www.microsoft.com/unifiedsupport) can contact their account team to get nominated for [Azure Event Management service](https://devblogs.microsoft.com/premier-developer/proactively-plan-for-your-critical-event-in-azure-with-enhanced-support-and-engineering-services/). It's a paid service delivered by Microsoft support engineers that includes a proactive solution risk assessment and coverage during the event.
 
 ## AKS support coverage for agent nodes
 

articles/app-service/includes/quickstart-java/quickstart-java-jboss.md

@@ -0,0 +1,147 @@
+---
+author: cephalin
+ms.service: app-service
+ms.devlang: java
+ms.topic: include
+ms.date: 08/30/2023
+ms.author: cephalin
+---
+
+In this quickstart, you'll use the [Maven Plugin for Azure App Service Web Apps](https://github.com/microsoft/azure-maven-plugins/blob/develop/azure-webapp-maven-plugin/README.md) to deploy a Java web application to a Linux JBoss EAP server in [Azure App Service](/azure/app-service/). App Service provides a highly scalable, self-patching web app hosting service. Use the tabs to switch between Tomcat, JBoss, or embedded server (Java SE) instructions.
+
+![Screenshot of Maven Hello World web app running in Azure App Service.](../../media/quickstart-java/jboss-sample-in-app-service.png)
+
+If Maven isn't your preferred development tool, check out our similar tutorials for Java developers:
++ [Gradle](../../configure-language-java.md?pivots=platform-linux#gradle)
++ [IntelliJ IDEA](/azure/developer/java/toolkit-for-intellij/create-hello-world-web-app)
++ [Eclipse](/azure/developer/java/toolkit-for-eclipse/create-hello-world-web-app)
++ [Visual Studio Code](https://code.visualstudio.com/docs/java/java-webapp)
+
+[!INCLUDE [quickstarts-free-trial-note](../../../../includes/quickstarts-free-trial-note.md)]
+
+## 1 - Use Azure Cloud Shell
+
+[!INCLUDE [cloud-shell-try-it-no-header.md](../../../../includes/cloud-shell-try-it-no-header.md)]
+
+## 2 - Create a Java app
+
+Clone the Pet Store demo application.
+
+```azurecli-interactive
+git clone https://github.com/Azure-Samples/app-service-java-quickstart
+```
+
+Change directory to the completed pet store project and build it.
+
+> [!TIP]
+> The `petstore-ee7` sample requires **Java 11 or newer**. The `booty-duke-app-service` sample project requires **Java 17**. If your installed version of Java is less than 17, run the build from within the `petstore-ee7` directory, rather than at the top level.
+
+```azurecli-interactive
+cd app-service-java-quickstart
+git checkout 20230308
+cd petstore-ee7
+mvn clean install
+```
+
+If you see a message about being in **detached HEAD** state, this message is safe to ignore. Because you won't make any Git commit in this quickstart, detached HEAD state is appropriate.
+
+## 3 - Configure the Maven plugin
+
+The deployment process to Azure App Service uses your Azure credentials from the Azure CLI automatically. If the Azure CLI isn't installed locally, then the Maven plugin authenticates with OAuth or device sign-in. For more information, see [authentication with Maven plugins](https://github.com/microsoft/azure-maven-plugins/wiki/Authentication).
+
+Run the Maven command shown next to configure the deployment. This command helps you to set up the App Service operating system, Java version, and Tomcat version.
+
+```azurecli-interactive
+mvn com.microsoft.azure:azure-webapp-maven-plugin:2.12.0:config
+```
+
+1. For **Create new run configuration**, type **Y**, then **Enter**.
+1. For **Define value for OS**, type **2** for Linux, then **Enter**.
+1. For **Define value for javaVersion**, type **2** for Java 11, then **Enter**.
+1. For **webContainer** option, type **1** for Jbosseap 7, then **Enter**.
+1. For **Define value for pricingTier**, type **1** for P1v3, then **Enter**.
+1. For **Confirm**, type **Y**, then **Enter**.
+
+    ```
+    Please confirm webapp properties
+    AppName : petstoreee7-1690443003536
+    ResourceGroup : petstoreee7-1690443003536-rg
+    Region : centralus
+    PricingTier : P1v3
+    OS : Linux
+    Java Version: Java 11
+    Web server stack: Jbosseap 7
+    Deploy to slot : false
+    Confirm (Y/N) [Y]: 
+    [INFO] Saving configuration to pom.
+    [INFO] ------------------------------------------------------------------------
+    [INFO] BUILD SUCCESS
+    [INFO] ------------------------------------------------------------------------
+    [INFO] Total time:  19.914 s
+    [INFO] Finished at: 2023-07-27T07:30:20Z
+    [INFO] ------------------------------------------------------------------------
+    ```
+
+After you've confirmed your choices, the plugin adds the above plugin element and requisite settings to your project's `pom.xml` file that configure your web app to run in Azure App Service.
+
+The relevant portion of the `pom.xml` file should look similar to the following example.
+
+```xml-interactive
+<build>
+    <plugins>
+        <plugin>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>>azure-webapp-maven-plugin</artifactId>
+            <version>x.xx.x</version>
+            <configuration>
+                <schemaVersion>v2</schemaVersion>
+                <resourceGroup>your-resourcegroup-name</resourceGroup>
+                <appName>your-app-name</appName>
+            ...
+            </configuration>
+        </plugin>
+    </plugins>
+</build>           
+```
+
+You can modify the configurations for App Service directly in your `pom.xml`. Some common configurations are listed in the following table:
+
+Property | Required | Description | Version
+---|---|---|---
+`<schemaVersion>` | false | Specify the version of the configuration schema. Supported values are: `v1`, `v2`. | 1.5.2
+`<subscriptionId>` | false | Specify the subscription ID. | 0.1.0+
+`<resourceGroup>` | true | Azure Resource Group for your Web App. | 0.1.0+
+`<appName>` | true | The name of your Web App. | 0.1.0+
+`<region>` | false | Specifies the region to host your Web App; the default value is **centralus**. All valid regions at [Supported Regions](https://azure.microsoft.com/global-infrastructure/services/?products=app-service) section. | 0.1.0+
+`<pricingTier>` | false | The pricing tier for your Web App. The default value is **P1v2** for production workload, while **B2** is the recommended minimum for Java dev/test. For more information, see [App Service Pricing](https://azure.microsoft.com/pricing/details/app-service/linux/)| 0.1.0+
+`<runtime>` | false | The runtime environment configuration. For more information, see [Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details). | 0.1.0+
+`<deployment>` | false | The deployment configuration. For more information, see [Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details). | 0.1.0+
+
+For the complete list of configurations, see the plugin reference documentation. All the Azure Maven Plugins share a common set of configurations. For these configurations see [Common Configurations](https://github.com/microsoft/azure-maven-plugins/wiki/Common-Configuration). For configurations specific to App Service, see [Azure Web App: Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details).
+
+Be careful about the values of `<appName>` and `<resourceGroup>` (`petstoreee7-1690443003536` and `petstoreee7-1690443003536-rg` accordingly in the demo). They're used later.
+
+## 4 - Deploy the app
+
+With all the configuration ready in your *pom.xml* file, you can deploy your Java app to Azure with one single command.
+
+```azurecli-interactive
+# Disable testing, as it requires Wildfly to be installed locally.
+mvn package azure-webapp:deploy -DskipTests
+```
+
+Once deployment is completed, your application is ready at `http://<appName>.azurewebsites.net/` (`http://petstoreee7-1690443003536.azurewebsites.net` in the demo). Open the url with your local web browser, you should see
+
+![Screenshot of Maven Hello World web app running in Azure App Service.](../../media/quickstart-java/jboss-sample-in-app-service.png)
+
+**Congratulations!** You've deployed your first Java app to App Service.
+
+## 5 - Clean up resources
+
+In the preceding steps, you created Azure resources in a resource group. If you don't need the resources in the future, delete the resource group from portal, or by running the following command in the Cloud Shell:
+
+```azurecli-interactive
+az group delete --name <your resource group name; for example: petstoreee7-1690443003536-rg> --yes
+```
+
+This command may take a minute to run.