Merge pull request #203894 from MicrosoftDocs/main

7/06 AM Publish

Author: huypub

articles/active-directory-b2c/partner-akamai.md

@@ -48,7 +48,7 @@ Akamai WAF integration includes the following components:
 
 - **Azure AD B2C Tenant** – The authorization server, responsible for verifying the user’s credentials using the custom policies defined in the tenant.  It's also known as the identity provider.
 
-- [**Azure Front Door**](../frontdoor/front-door-overview.md) – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Cloudflare WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
+- [**Azure Front Door**](../frontdoor/front-door-overview.md) – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Akamai WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
 
 - [**Akamai WAF**](https://www.akamai.com/us/en/resources/waf.jsp) – The web application firewall, which manages all traffic that is sent to the authorization server.
 

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -80,10 +80,11 @@ After the first failure, the first retry happens within the next 2 hours (usuall
 - The third retry happens 12 hours after the first failure.
 - The fourth retry happens 24 hours after the first failure.
 - The fifth retry happens 48 hours after the first failure.
-- The sixth retry happens 96 hours after the first failure
-- The seventh retry happens 168 hours after the first failure.
+- The sixth retry happens 72 hours after the first failure.
+- The seventh retry happens 96 hours after the first failure.
+- The eigth retry happens 120 hours after the first failure.
 
-After the 7th failure, entry is flagged and no further retries are run.
+This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
 
 
 ## How do I get my application out of quarantine?

articles/active-directory/app-provisioning/provision-on-demand.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/30/2022
+ms.date: 07/06/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -146,7 +146,6 @@ There are currently a few known limitations to on-demand provisioning. Post your
 > [!NOTE]
 > The following limitations are specific to the on-demand provisioning capability. For information about whether an application supports provisioning groups, deletions, or other capabilities, check the tutorial for that application.
 
-* Amazon Web Services (AWS) application does not support on-demand provisioning. 
 * On-demand provisioning of groups supports updating up to 5 members at a time
 * On-demand provisioning of roles isn't supported.
 * On-demand provisioning supports disabling users that have been unassigned from the application. However, it doesn't support disabling or deleting users that have been disabled or deleted from Azure AD. Those users won't appear when you search for a user.

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-aws.md

@@ -18,11 +18,6 @@ This article describes how to onboard an Amazon Web Services (AWS) account on Pe
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
-
-## View a training video on configuring and onboarding an AWS account
-
-To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).
-
 ## Onboard an AWS account
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md

@@ -24,11 +24,6 @@ To add Permissions Management to your Azure AD tenant:
 - You must have an Azure AD user account and an Azure command-line interface (Azure CLI) on your system, or an Azure subscription. If you don't already have one, [create a free account](https://azure.microsoft.com/free/).
 - You must have **Microsoft.Authorization/roleAssignments/write** permission at the subscription or management group scope to perform these tasks. If you don't have this permission, you can ask someone who has this permission to perform these tasks for you.
 
-
-## View a training video on enabling Permissions Management in your Azure AD tenant
-
-To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).
-
 ## How to onboard an Azure subscription
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-tenant.md

@@ -28,13 +28,6 @@ To enable Permissions Management in your organization:
 > [!NOTE]
 > During public preview, Permissions Management doesn't perform a license check.
 
-## View a training video on enabling Permissions Management
-
-- To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).
-- To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).
-- To view a video on how to configure and onboard GCP accounts in Permissions Management, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).
-
-
 ## How to enable Permissions Management on your Azure AD tenant
 
 1. In your browser:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md

@@ -18,11 +18,6 @@ This article describes how to onboard a Google Cloud Platform (GCP) project on P
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
-## View a training video on configuring and onboarding a GCP account
-
-To view a video on how to configure and onboard GCP accounts in Permissions Management, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).
-
-
 ## Onboard a GCP project
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md

@@ -41,17 +41,16 @@ In the following example, the `GraphBeta` section specifies these settings.
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
-
-   // To call an API
-   "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
-   "ClientCertificates": [
-  ]
- },
- "GraphBeta": {
+    "TenantId": "common",
+    
+    // To call an API
+    "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
+    "ClientCertificates": []
+  },
+  "GraphBeta": {
     "BaseUrl": "https://graph.microsoft.com/beta",
     "Scopes": "user.read"
-    }
+  }
 }
 ```
 
@@ -62,16 +61,16 @@ Instead of a client secret, you can provide a client certificate. The following
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
-
-   // To call an API
-   "ClientCertificates": [
+    "TenantId": "common",
+    
+    // To call an API
+    "ClientCertificates": [
       {
         "SourceType": "KeyVault",
         "KeyVaultUrl": "https://msidentitywebsamples.vault.azure.net",
         "KeyVaultCertificateName": "MicrosoftIdentitySamplesCert"
       }
-   ]
+    ]
   },
   "GraphBeta": {
     "BaseUrl": "https://graph.microsoft.com/beta",
@@ -91,17 +90,17 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
-            .EnableTokenAcquisitionToCallDownstreamApi()
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 
@@ -119,18 +118,18 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
-            .EnableTokenAcquisitionToCallDownstreamApi()
-               .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 
@@ -143,18 +142,18 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
-            .EnableTokenAcquisitionToCallDownstreamApi()
-               .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 

articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md

@@ -82,7 +82,7 @@ If you want to know for how long the activity data is stored in a Premium tenant
     * To send audit logs to the Log Analytics workspace, select the **AuditLogs** check box. 
     * To send sign-in logs to the Log Analytics workspace, select the **SignInLogs** check box.
     * To send non-interactive user sign-in logs to the Log Analytics workspace, select the **NonInteractiveUserSignInLogs** check box.
-    * To send service principle sign-in logs to the Log Analytics workspace, select the **ServicePrincipleSignInLogs** check box.
+    * To send service principal sign-in logs to the Log Analytics workspace, select the **ServicePrincipalSignInLogs** check box.
     * To send managed identity sign-in logs to the Log Analytics workspace, select the **ManagedIdentitySignInLogs** check box.
     * To send provisioning logs to the Log Analytics workspace, select the **ProvisioningLogs** check box.
     * To send Active Directory Federation Services (ADFS) sign-in logs to the Log Analytics workspace, select **ADFSSignInLogs**.

articles/active-directory/saas-apps/sap-analytics-cloud-provisioning-tutorial.md

@@ -51,7 +51,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 2. Configure SAP Analytics Cloud to support provisioning with Azure AD
 
-1. Sign into [SAP Identity Provisioning admin console](https://ips-xlnk9v890j.dispatcher.us1.hana.ondemand.com/) with your administrator account and then select **Proxy Systems**.
+1. Sign into the SAP Identity Provisioning admin console with your administrator account and then select **Proxy Systems**.
 
    ![SAP Proxy Systems](./media/sap-analytics-cloud-provisioning-tutorial/sap-proxy-systems.png)
 
@@ -159,4 +159,4 @@ Once you've configured provisioning, use the following resources to monitor your
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)