Merge pull request #201041 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.azure-monitor.json

@@ -200,6 +200,16 @@
             "redirect_url": "/azure/data-explorer/data-explorer-insights",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-ga-release-faq.md" ,
+            "redirect_url": "/azure/azure-monitor/faq#vm-insights",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-log-search.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/vminsights-log-query",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/cli-samples.md" ,
             "redirect_url": "/cli/azure/azure-cli-reference-for-monitor",
@@ -209,6 +219,12 @@
             "source_path_from_root": "/articles/azure-monitor/powershell-samples.md" ,
             "redirect_url": "/powershell/module/az.monitor",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/insights/azure-cli-application-insights-component.md" ,
+            "redirect_url": "/cli/azure/monitor/app-insights",
+            "redirect_document_id": false
         }
     ]
-}
+}
+

articles/active-directory-b2c/saml-identity-provider-technical-profile.md

@@ -176,7 +176,7 @@ The **CryptographicKeys** element contains the following attributes:
 | Attribute |Required | Description |
 | --------- | ----------- | ----------- |
 | SamlMessageSigning |Yes | The X509 certificate (RSA key set) to use to sign SAML messages. Azure AD B2C uses this key to sign the requests and send them to the identity provider. |
-| SamlAssertionDecryption |No* | The X509 certificate (RSA key set). A SAML identity provider uses the public portion of the certificate to encrypt the assertion of the SAML response. Azure AD B2C uses the private portion of the certificate to decrypt the assertion. <br/><br/> * Required if the external IDP Encryts SAML assertions.|
+| SamlAssertionDecryption |No* | The X509 certificate (RSA key set). A SAML identity provider uses the public portion of the certificate to encrypt the assertion of the SAML response. Azure AD B2C uses the private portion of the certificate to decrypt the assertion. <br/><br/> * Required if the external IDP encrypts SAML assertions.|
 | MetadataSigning |No | The X509 certificate (RSA key set) to use to sign SAML metadata. Azure AD B2C uses this key to sign the metadata.  |
 
 ## Next steps

articles/active-directory/saas-apps/agile-provisioning-tutorial.md

@@ -0,0 +1,144 @@
+---
+title: 'Tutorial: Azure AD SSO integration with Agile Provisioning'
+description: Learn how to configure single sign-on between Azure Active Directory and Agile Provisioning.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 05/23/2022
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure AD SSO integration with Agile Provisioning
+
+In this tutorial, you'll learn how to integrate Agile Provisioning with Azure Active Directory (Azure AD). When you integrate Agile Provisioning with Azure AD, you can:
+
+* Control in Azure AD who has access to Agile Provisioning.
+* Enable your users to be automatically signed-in to Agile Provisioning with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Agile Provisioning single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Agile Provisioning supports **SP** and **IDP** initiated SSO.
+
+## Add Agile Provisioning from the gallery
+
+To configure the integration of Agile Provisioning into Azure AD, you need to add Agile Provisioning from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Agile Provisioning** in the search box.
+1. Select **Agile Provisioning** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+
+## Configure and test Azure AD SSO for Agile Provisioning
+
+Configure and test Azure AD SSO with Agile Provisioning using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Agile Provisioning.
+
+To configure and test Azure AD SSO with Agile Provisioning, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Agile Provisioning SSO](#configure-agile-provisioning-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create Agile Provisioning test user](#create-agile-provisioning-test-user)** - to have a counterpart of B.Simon in Agile Provisioning that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Agile Provisioning** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+    ![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, perform the following steps:
+
+    a. In the **Identifier** text box, type a value using the following pattern:
+    `<CustomerFullyQualifiedName>`
+    
+    b. In the **Reply URL** text box, type a URL using the following pattern:
+    `https://<CustomerFullyQualifiedName>/web-portal/saml/SSO`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+    In the **Sign-on URL** text box, type a URL using the following pattern:
+    `https://<CustomerFullyQualifiedName>/web-portal/`
+
+    > [!NOTE]
+	> These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Agile Provisioning Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+
+	![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate")
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+   1. In the **Name** field, enter `B.Simon`.  
+   1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
+   1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+   1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Agile Provisioning.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Agile Provisioning**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Agile Provisioning SSO
+
+To configure single sign-on on **Agile Provisioning** side, you need to send the **App Federation Metadata Url** to [Agile Provisioning support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Agile Provisioning test user
+
+In this section, you create a user called Britta Simon in Agile Provisioning. Work with [Agile Provisioning support team](mailto:[email protected]) to add the users in the Agile Provisioning platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Agile Provisioning Sign on URL where you can initiate the login flow.  
+
+* Go to Agile Provisioning Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Agile Provisioning for which you set up the SSO. 
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the Agile Provisioning tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Agile Provisioning for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Next steps
+
+Once you configure Agile Provisioning you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

articles/active-directory/saas-apps/airwatch-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with AirWatch | Microsoft Docs'
+title: 'Tutorial: Azure Active Directory integration with AirWatch'
 description: Learn how to configure single sign-on between Azure Active Directory and AirWatch.
 services: active-directory
 author: jeevansd
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 01/20/2021
+ms.date: 06/08/2022
 ms.author: jeedes
 ---
 
@@ -28,6 +28,9 @@ To get started, you need the following items:
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * AirWatch single sign-on (SSO)-enabled subscription.
 
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment. 
@@ -70,14 +73,22 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Basic SAML Configuration** page, enter the values for the following fields:
 
-    1. In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://<subdomain>.awmdm.com/AirWatch/Login?gid=companycode`
-
-    1. In the **Identifier (Entity ID)** text box, type the value as:
+   a. In the **Identifier (Entity ID)** text box, type the value as:
     `AirWatch`
 
+   b. In the **Reply URL** text box, type a URL using one of the following patterns:
+
+   | Reply URL|
+   |-----------|
+   | `https://<SUBDOMAIN>.awmdm.com/<COMPANY_CODE>` |
+   | `https://<SUBDOMAIN>.airwatchportals.com/<COMPANY_CODE>` |
+   |
+
+   c. In the **Sign on URL** text box, type a URL using the following pattern:
+    `https://<subdomain>.awmdm.com/AirWatch/Login?gid=companycode`
+
 	> [!NOTE]
-	> This value is not the real. Update this value with the actual Sign-on URL. Contact [AirWatch Client support team](https://www.vmware.com/in/support/acquisitions/airwatch.html) to get this value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not the real. Update these values with the actual Reply URL and Sign-on URL. Contact [AirWatch Client support team](https://www.vmware.com/in/support/acquisitions/airwatch.html) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. AirWatch application expects the SAML assertions in a specific format. Configure the following claims for this application. You can manage the values of these attributes from the **User Attributes** section on application integration page. On the **Set up Single Sign-On with SAML** page, click **Edit** button to open **User Attributes** dialog.