Skip to content

Commit 4bc3491

Browse files
authored
Merge pull request #249526 from MicrosoftDocs/main
8/28/2023 AM Publish
2 parents 94721ac + 46cfe37 commit 4bc3491

File tree

51 files changed

+659
-207
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+659
-207
lines changed

articles/active-directory/develop/reply-url.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ This table shows the maximum number of redirect URIs you can add to an app regis
4646
| Microsoft work or school accounts in any organization's Azure Active Directory (Azure AD) tenant | 256 | `signInAudience` field in the application manifest is set to either *AzureADMyOrg* or *AzureADMultipleOrgs* |
4747
| Personal Microsoft accounts and work and school accounts | 100 | `signInAudience` field in the application manifest is set to *AzureADandPersonalMicrosoftAccount* |
4848

49-
The maximum number of redirect URIS can't be raised for [security reasons](#restrictions-on-wildcards-in-redirect-uris). If your scenario requires more redirect URIs than the maximum limit allowed, consider the following [state parameter approach](#use-a-state-parameter) as the solution.
49+
The maximum number of redirect URIs can't be raised for [security reasons](#restrictions-on-wildcards-in-redirect-uris). If your scenario requires more redirect URIs than the maximum limit allowed, consider the following [state parameter approach](#use-a-state-parameter) as the solution.
5050

5151
## Maximum URI length
5252

articles/active-directory/devices/hybrid-join-plan.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints:
159159
> [!WARNING]
160160
> Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust Windows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
161161
162-
Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to configure hybrid Azure AD join. The wizard enables you to significantly simplify the configuration process. If installing the required version of Azure AD Connect isn't an option for you, see [how to manually configure device registration](hybrid-join-manual.md).
162+
Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to configure hybrid Azure AD join. The wizard enables you to significantly simplify the configuration process. If installing the required version of Azure AD Connect isn't an option for you, see [how to manually configure device registration](hybrid-join-manual.md). If contoso.com is registered as a confirmed custom domain, users can get a PRT even if their syncronized on-premises AD DS UPN suffix is in a subdomain like test.contoso.com.
163163

164164
## Review on-premises AD users UPN support for hybrid Azure AD join
165165

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-overview.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.workload: identity
99
ms.subservice: multi-tenant-organizations
1010
ms.topic: overview
11-
ms.date: 06/16/2023
11+
ms.date: 08/28/2023
1212
ms.author: rolyon
1313
ms.custom: it-pro
1414

@@ -269,8 +269,6 @@ Does cross-tenant synchronization support deprovisioning users?
269269
- Remove the user from a group that is assigned to the cross-tenant synchronization configuration
270270
- An attribute on the user changes such that they do not meet the scoping filter conditions defined on the cross-tenant synchronization configuration anymore
271271

272-
- Currently only regular users, Helpdesk Admins and User Account Admins can be deleted. Users with other Azure AD roles such as directory reader currently cannot be deleted by cross-tenant synchronization. This is subject to change in the future.
273-
274272
- If the user is blocked from sign-in in the source tenant (accountEnabled = false) they will be blocked from sign-in in the target. This is not a deletion, but an updated to the accountEnabled property.
275273

276274
Does cross-tenant synchronization support restoring users?

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -245,7 +245,6 @@ Use the following table to better understand how to resolve errors that you find
245245
> | AzureDirectoryB2BManagementPolicyCheckFailure | The cross-tenant synchronization policy allowing automatic redemption failed.<br/><br/>The synchronization engine checks to ensure that the administrator of the target tenant has created an inbound cross-tenant synchronization policy allowing automatic redemption. The synchronization engine also checks if the administrator of the source tenant has enabled an outbound policy for automatic redemption. | Ensure that the automatic redemption setting has been enabled for both the source and target tenants. For more information, see [Automatic redemption setting](../multi-tenant-organizations/cross-tenant-synchronization-overview.md#automatic-redemption-setting). |
246246
> | AzureActiveDirectoryQuotaLimitExceeded | The number of objects in the tenant exceeds the directory limit.<br/><br/>Azure AD has limits for the number of objects that can be created in a tenant. | Check whether the quota can be increased. For information about the directory limits and steps to increase the quota, see [Azure AD service limits and restrictions](../enterprise-users/directory-service-limits-restrictions.md). |
247247
> |InvitationCreationFailure| The Azure AD provisioning service attempted to invite the user in the target tenant. That invitation failed.| Further investigation likely requires contacting support.|
248-
> |AzureActiveDirectoryInsufficientRights|When a B2B user in the target tenant has a role other than User, Helpdesk Admin, or User Account Admin, they cannot be deleted.| Remove the role(s) on the user in the target tenant in order to successfully delete the user in the target tenant.|
249248
> |AzureActiveDirectoryForbidden|External collaboration settings have blocked invitations.|Navigate to user settings and ensure that [external collaboration settings](../external-identities/external-collaboration-settings-configure.md) are permitted.|
250249
> |InvitationCreationFailureInvalidPropertyValue|Potential causes:<br/>* The Primary SMTP Address is an invalid value.<br/>* UserType is neither guest nor member<br/>* Group email Address is not supported | Potential solutions:<br/>* The Primary SMTP Address has an invalid value. Resolving this issue will likely require updating the mail property of the source user. For more information, see [Prepare for directory synchronization to Microsoft 365](https://aka.ms/DirectoryAttributeValidations)<br/>* Ensure that the userType property is provisioned as type guest or member. This can be fixed by checking your attribute mappings to understand how the userType attribute is mapped.<br/>* The email address address of the user matches with the email address of a group in the tenant. Update the email address for one of the two objects.|
251250
> |InvitationCreationFailureAmbiguousUser| The invited user has a proxy address that matches an internal user in the target tenant. The proxy address must be unique. | To resolve this error, delete the existing internal user in the target tenant or remove this user from sync scope.|

articles/active-directory/saas-apps/breadcrumb/toc.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,6 @@
1010
tocHref: /azure/azure-databricks/administration-guide/
1111
topicHref: /azure/active-directory/manage-apps/
1212
items:
13-
- name: SaaS application tutorials
13+
- name: Application tutorials
1414
tocHref: /azure/azure-databricks/administration-guide/users-groups/scim/
15-
topicHref: /azure/active-directory/saas-apps/tutorial-list/
15+
topicHref: /azure/active-directory/saas-apps/tutorial-list/

articles/active-directory/saas-apps/toc.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
items:
2-
- name: SaaS application tutorials
2+
- name: Application tutorials
33
href: tutorial-list.md
44
- name: Single sign-on tutorials
55
expanded: true

articles/active-directory/saas-apps/tutorial-list.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: SaaS App Integration Tutorials for use with Azure AD
2+
title: App Integration Tutorials for use with Azure AD
33
description: Configure Azure Active Directory single sign-on integration with a variety of third-party software as a service applications.
44
services: active-directory
55
author: jeevansd
@@ -14,9 +14,9 @@ ms.custom: contperf-fy21q3-portal
1414
ms.reviewer: celested
1515
---
1616

17-
# Tutorials for integrating SaaS applications with Azure Active Directory
17+
# Tutorials for integrating applications with Azure Active Directory
1818

19-
To help integrate your cloud-enabled [software as a service (SaaS)](https://azure.microsoft.com/overview/what-is-saas/) applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration.
19+
To help integrate your cloud-enabled [software as a service (SaaS)](https://azure.microsoft.com/overview/what-is-saas/) and on-premises applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration.
2020

2121
For a list of all SaaS apps that have been pre-integrated into Azure AD, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps).
2222

articles/aks/support-policies.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Support policies for Azure Kubernetes Service (AKS)
33
description: Learn about Azure Kubernetes Service (AKS) support policies, shared responsibility, and features that are in preview (or alpha or beta).
44
ms.topic: article
5-
ms.date: 05/22/2023
5+
ms.date: 08/28/2023
66

77
#Customer intent: As a cluster operator or developer, I want to understand what AKS components I need to manage, what components are managed by Microsoft (including security patches), and networking and preview features.
88
---
@@ -78,7 +78,7 @@ Microsoft doesn't provide technical support for the following scenarios:
7878
* Third-party closed-source software. This software can include security scanning tools and networking devices or software.
7979
* Network customizations other than the ones listed in the [AKS documentation](./index.yml).
8080
* Custom or third-party CNI plugins used in [BYOCNI](use-byo-cni.md) mode.
81-
* Stand-by and proactive scenarios. Microsoft Support provides reactive support to help solve active issues in a timely and professional manner. However, standby or proactive support to help you eliminate operational risks, increase availability, and optimize performance are not covered. [Eligible customers](https://www.microsoft.com/unifiedsupport) can contact their account team to get nominated for Azure Event Management service[https://devblogs.microsoft.com/premier-developer/proactively-plan-for-your-critical-event-in-azure-with-enhanced-support-and-engineering-services/]. It's a paid service delivered by Microsoft support engineers that includes a proactive solution risk assessment and coverage during the event.
81+
* Stand-by and proactive scenarios. Microsoft Support provides reactive support to help solve active issues in a timely and professional manner. However, standby or proactive support to help you eliminate operational risks, increase availability, and optimize performance are not covered. [Eligible customers](https://www.microsoft.com/unifiedsupport) can contact their account team to get nominated for [Azure Event Management service](https://devblogs.microsoft.com/premier-developer/proactively-plan-for-your-critical-event-in-azure-with-enhanced-support-and-engineering-services/). It's a paid service delivered by Microsoft support engineers that includes a proactive solution risk assessment and coverage during the event.
8282

8383
## AKS support coverage for agent nodes
8484

Lines changed: 147 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,147 @@
1+
---
2+
author: cephalin
3+
ms.service: app-service
4+
ms.devlang: java
5+
ms.topic: include
6+
ms.date: 08/30/2023
7+
ms.author: cephalin
8+
---
9+
10+
In this quickstart, you'll use the [Maven Plugin for Azure App Service Web Apps](https://github.com/microsoft/azure-maven-plugins/blob/develop/azure-webapp-maven-plugin/README.md) to deploy a Java web application to a Linux JBoss EAP server in [Azure App Service](/azure/app-service/). App Service provides a highly scalable, self-patching web app hosting service. Use the tabs to switch between Tomcat, JBoss, or embedded server (Java SE) instructions.
11+
12+
![Screenshot of Maven Hello World web app running in Azure App Service.](../../media/quickstart-java/jboss-sample-in-app-service.png)
13+
14+
If Maven isn't your preferred development tool, check out our similar tutorials for Java developers:
15+
+ [Gradle](../../configure-language-java.md?pivots=platform-linux#gradle)
16+
+ [IntelliJ IDEA](/azure/developer/java/toolkit-for-intellij/create-hello-world-web-app)
17+
+ [Eclipse](/azure/developer/java/toolkit-for-eclipse/create-hello-world-web-app)
18+
+ [Visual Studio Code](https://code.visualstudio.com/docs/java/java-webapp)
19+
20+
[!INCLUDE [quickstarts-free-trial-note](../../../../includes/quickstarts-free-trial-note.md)]
21+
22+
## 1 - Use Azure Cloud Shell
23+
24+
[!INCLUDE [cloud-shell-try-it-no-header.md](../../../../includes/cloud-shell-try-it-no-header.md)]
25+
26+
## 2 - Create a Java app
27+
28+
Clone the Pet Store demo application.
29+
30+
```azurecli-interactive
31+
git clone https://github.com/Azure-Samples/app-service-java-quickstart
32+
```
33+
34+
Change directory to the completed pet store project and build it.
35+
36+
> [!TIP]
37+
> The `petstore-ee7` sample requires **Java 11 or newer**. The `booty-duke-app-service` sample project requires **Java 17**. If your installed version of Java is less than 17, run the build from within the `petstore-ee7` directory, rather than at the top level.
38+
39+
```azurecli-interactive
40+
cd app-service-java-quickstart
41+
git checkout 20230308
42+
cd petstore-ee7
43+
mvn clean install
44+
```
45+
46+
If you see a message about being in **detached HEAD** state, this message is safe to ignore. Because you won't make any Git commit in this quickstart, detached HEAD state is appropriate.
47+
48+
## 3 - Configure the Maven plugin
49+
50+
The deployment process to Azure App Service uses your Azure credentials from the Azure CLI automatically. If the Azure CLI isn't installed locally, then the Maven plugin authenticates with OAuth or device sign-in. For more information, see [authentication with Maven plugins](https://github.com/microsoft/azure-maven-plugins/wiki/Authentication).
51+
52+
Run the Maven command shown next to configure the deployment. This command helps you to set up the App Service operating system, Java version, and Tomcat version.
53+
54+
```azurecli-interactive
55+
mvn com.microsoft.azure:azure-webapp-maven-plugin:2.12.0:config
56+
```
57+
58+
1. For **Create new run configuration**, type **Y**, then **Enter**.
59+
1. For **Define value for OS**, type **2** for Linux, then **Enter**.
60+
1. For **Define value for javaVersion**, type **2** for Java 11, then **Enter**.
61+
1. For **webContainer** option, type **1** for Jbosseap 7, then **Enter**.
62+
1. For **Define value for pricingTier**, type **1** for P1v3, then **Enter**.
63+
1. For **Confirm**, type **Y**, then **Enter**.
64+
65+
```
66+
Please confirm webapp properties
67+
AppName : petstoreee7-1690443003536
68+
ResourceGroup : petstoreee7-1690443003536-rg
69+
Region : centralus
70+
PricingTier : P1v3
71+
OS : Linux
72+
Java Version: Java 11
73+
Web server stack: Jbosseap 7
74+
Deploy to slot : false
75+
Confirm (Y/N) [Y]:
76+
[INFO] Saving configuration to pom.
77+
[INFO] ------------------------------------------------------------------------
78+
[INFO] BUILD SUCCESS
79+
[INFO] ------------------------------------------------------------------------
80+
[INFO] Total time: 19.914 s
81+
[INFO] Finished at: 2023-07-27T07:30:20Z
82+
[INFO] ------------------------------------------------------------------------
83+
```
84+
85+
After you've confirmed your choices, the plugin adds the above plugin element and requisite settings to your project's `pom.xml` file that configure your web app to run in Azure App Service.
86+
87+
The relevant portion of the `pom.xml` file should look similar to the following example.
88+
89+
```xml-interactive
90+
<build>
91+
<plugins>
92+
<plugin>
93+
<groupId>com.microsoft.azure</groupId>
94+
<artifactId>>azure-webapp-maven-plugin</artifactId>
95+
<version>x.xx.x</version>
96+
<configuration>
97+
<schemaVersion>v2</schemaVersion>
98+
<resourceGroup>your-resourcegroup-name</resourceGroup>
99+
<appName>your-app-name</appName>
100+
...
101+
</configuration>
102+
</plugin>
103+
</plugins>
104+
</build>
105+
```
106+
107+
You can modify the configurations for App Service directly in your `pom.xml`. Some common configurations are listed in the following table:
108+
109+
Property | Required | Description | Version
110+
---|---|---|---
111+
`<schemaVersion>` | false | Specify the version of the configuration schema. Supported values are: `v1`, `v2`. | 1.5.2
112+
`<subscriptionId>` | false | Specify the subscription ID. | 0.1.0+
113+
`<resourceGroup>` | true | Azure Resource Group for your Web App. | 0.1.0+
114+
`<appName>` | true | The name of your Web App. | 0.1.0+
115+
`<region>` | false | Specifies the region to host your Web App; the default value is **centralus**. All valid regions at [Supported Regions](https://azure.microsoft.com/global-infrastructure/services/?products=app-service) section. | 0.1.0+
116+
`<pricingTier>` | false | The pricing tier for your Web App. The default value is **P1v2** for production workload, while **B2** is the recommended minimum for Java dev/test. For more information, see [App Service Pricing](https://azure.microsoft.com/pricing/details/app-service/linux/)| 0.1.0+
117+
`<runtime>` | false | The runtime environment configuration. For more information, see [Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details). | 0.1.0+
118+
`<deployment>` | false | The deployment configuration. For more information, see [Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details). | 0.1.0+
119+
120+
For the complete list of configurations, see the plugin reference documentation. All the Azure Maven Plugins share a common set of configurations. For these configurations see [Common Configurations](https://github.com/microsoft/azure-maven-plugins/wiki/Common-Configuration). For configurations specific to App Service, see [Azure Web App: Configuration Details](https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details).
121+
122+
Be careful about the values of `<appName>` and `<resourceGroup>` (`petstoreee7-1690443003536` and `petstoreee7-1690443003536-rg` accordingly in the demo). They're used later.
123+
124+
## 4 - Deploy the app
125+
126+
With all the configuration ready in your *pom.xml* file, you can deploy your Java app to Azure with one single command.
127+
128+
```azurecli-interactive
129+
# Disable testing, as it requires Wildfly to be installed locally.
130+
mvn package azure-webapp:deploy -DskipTests
131+
```
132+
133+
Once deployment is completed, your application is ready at `http://<appName>.azurewebsites.net/` (`http://petstoreee7-1690443003536.azurewebsites.net` in the demo). Open the url with your local web browser, you should see
134+
135+
![Screenshot of Maven Hello World web app running in Azure App Service.](../../media/quickstart-java/jboss-sample-in-app-service.png)
136+
137+
**Congratulations!** You've deployed your first Java app to App Service.
138+
139+
## 5 - Clean up resources
140+
141+
In the preceding steps, you created Azure resources in a resource group. If you don't need the resources in the future, delete the resource group from portal, or by running the following command in the Cloud Shell:
142+
143+
```azurecli-interactive
144+
az group delete --name <your resource group name; for example: petstoreee7-1690443003536-rg> --yes
145+
```
146+
147+
This command may take a minute to run.

0 commit comments

Comments
 (0)