Merge pull request #219047 from MicrosoftDocs/main

11/18 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -7028,6 +7028,11 @@
             "redirect_url": "/azure/azure-functions/functions-monitoring",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-functions/azure-functions-az-redundancy.md",
+            "redirect_url": "/azure/reliability/reliability-functions",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-government/documentation-government-k8.md",
             "redirect_url": "/azure/azure-government",

articles/active-directory/reports-monitoring/reference-audit-activities.md

@@ -369,6 +369,7 @@ This article lists the audit activities that can be logged in your audit logs.
 |Application Management|AdminUserJourneys-GetResources|
 |Directory Management|AdminUserJourneys-RemoveResources|
 |Directory Management|AdminUserJourneys-SetResources|
+|Directory Management|Create company|
 |Directory Management|Create IdentityProvider|
 |Directory Management|Create a new AdminUserJourney|
 |Directory Management|Create localized resource json|

articles/active-directory/saas-apps/arcgis-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/18/2021
+ms.date: 11/18/2022
 ms.author: jeedes
 ---
 # Tutorial: Azure Active Directory integration with ArcGIS Online
@@ -119,7 +119,15 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure ArcGIS Online SSO
 
-1. If you want to setup ArcGIS Online manually, open a new web browser window and log into your ArcGIS company site as an administrator and perform the following steps:
+1. To automate the configuration within ArcGIS Online, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
+
+	![My apps extension](common/install-myappssecure-extension.png)
+
+1. After adding extension to the browser, click on **Set up ArcGIS Online** will direct you to the ArcGIS Online application. From there, provide the admin credentials to sign in to ArcGIS Online. The browser extension will automatically configure the application for you and automate steps 3-7.
+
+	![Setup configuration](common/setup-sso.png)
+
+1. If you want to setup ArcGIS Online manually, open a new web browser window and log into your ArcGIS Online company site as an administrator and perform the following steps:
 
 2. Go to the **Organization** -> **Settings**. 
 

articles/active-directory/saas-apps/citrix-cloud-saml-sso-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/22/2021
+ms.date: 11/18/2022
 ms.author: jeedes
 
 ---
@@ -135,7 +135,15 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Citrix Cloud SAML SSO
 
-1. Log in to your Citrix Cloud SAML SSO company site as an administrator.
+1. To automate the configuration within Citrix Cloud SAML SSO, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
+
+	![My apps extension](common/install-myappssecure-extension.png)
+
+1. After adding extension to the browser, click on **Set up Citrix Cloud SAML SSO** will direct you to the Citrix Cloud SAML SSO application. From there, provide the admin credentials to sign in to Citrix Cloud SAML SSO. The browser extension will automatically configure the application for you and automate steps 3-6.
+
+	![Setup configuration](common/setup-sso.png)
+
+1. If you want to set up Citrix Cloud SAML SSO manually, log in to your Citrix Cloud SAML SSO company site as an administrator.
 
 1. Navigate to the Citrix Cloud menu and select **Identity and Access Management**.
 

articles/active-directory/saas-apps/embed-signage-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/01/2021
+ms.date: 11/18/2022
 ms.author: jeedes
 
 ---
@@ -116,7 +116,15 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure embed signage SSO
 
-1. Log in to your embed signage company site as an administrator.
+1. To automate the configuration within Embed Signage, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
+
+	![My apps extension](common/install-myappssecure-extension.png)
+
+1. After adding extension to the browser, click on **Set up Embed Signage** will direct you to the Embed Signage application. From there, provide the admin credentials to sign in to Embed Signage. The browser extension will automatically configure the application for you and automate steps 3-5.
+
+	![Setup configuration](common/setup-sso.png)
+
+1. If you want to set up Embed Signage manually, log in to your Embed Signage company site as an administrator.
 
 1. Go to **Account settings** and click **Security** > **Single sign on**.
 

articles/active-directory/saas-apps/sharepoint-on-premises-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/31/2021
+ms.date: 11/14/2022
 ms.author: jeedes
 ---
 # Tutorial: Implement federated authentication between Azure Active Directory and SharePoint on-premises
@@ -343,4 +343,38 @@ $t.Update()
 
 1. In the section **Reply URL (Assertion Consumer Service URL)**, add the URL (for example, `https://otherwebapp.contoso.local/`) of all additional web applications that need to sign in users with Azure Active Directory and click **Save**.
 
-![Specify additional web applications](./media/sharepoint-on-premises-tutorial/azure-active-directory-app-reply-urls.png)
+![Specify additional web applications](./media/sharepoint-on-premises-tutorial/azure-active-directory-app-reply-urls.png)
+
+### Configure the lifetime of the security token
+
+By default, Azure AD creates a SAML token that is valid for 1 hour.  
+This lifetime cannot be customized in the Azure portal, or using a conditional access policy, but it can be done by creating a [custom token lifetime policy](../develop/active-directory-configurable-token-lifetimes.md) and apply it to the enterprise application created for SharePoint.  
+To do this, complete the steps below using Windows PowerShell (at the time of this writing, AzureADPreview v2.0.2.149 does not work with PowerShell Core):
+
+1. Install the module [AzureADPreview](https://www.powershellgallery.com/packages/AzureADPreview/):
+
+    ```powershell
+    Install-Module -Name AzureADPreview -Scope CurrentUser
+    ```
+
+1. Run `Connect-AzureAD` to sign-in as a tenant administrator.
+
+1. Run the sample script below to update the application `SharePoint corporate farm` to issue a SAML token valid for 6h (value `06:00:00` of property `AccessTokenLifetime`):
+
+    ```powershell
+    $appDisplayName = "SharePoint corporate farm"
+    
+    $sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '$appDisplayName'"
+    $oldPolicy = Get-AzureADServicePrincipalPolicy -Id $sp.ObjectId | ?{$_.Type -eq "TokenLifetimePolicy"}
+    if ($null -ne $oldPolicy) {
+        # There can be only 1 TokenLifetimePolicy associated to the service principal (or 0, as by default)
+        Remove-AzureADServicePrincipalPolicy -Id $sp.ObjectId -PolicyId $oldPolicy.Id
+    }
+    
+    # Create a custom TokenLifetimePolicy in Azure AD and add it to the service principal
+    $policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"06:00:00"}}') -DisplayName "Custom token lifetime policy" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
+    Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
+    ```
+
+After the script completed, all users who successfully sign-in to the enterprise application will get a SAML 1.1 token valid for 6h in SharePoint.  
+To revert the change, simply remove the custom `TokenLifetimePolicy` object from the service principal, as done at the beginning of the script.

articles/aks/aks-support-help.md

@@ -36,7 +36,7 @@ If you can't find an answer to your problem using search, submit a new question
 | [Azure RBAC](../role-based-access-control/overview.md) | [azure-rbac](/answers/topics/azure-rbac.html)|
 | [Azure Active Directory](../active-directory/fundamentals/active-directory-whatis.md) | [azure-active-directory](/answers/topics/azure-active-directory.html)|
 | [Azure Policy](../governance/policy/overview.md) | [azure-policy](/answers/topics/azure-policy.html)|
-| [Azure Virtual Machine Scale Sets](../virtual-machine-scale-sets/overview.md) | [virtual-machine-scale-sets](/answers/topics/azure-virtual-machine-scale-sets.html)|
+| [Azure Virtual Machine Scale Sets](../virtual-machine-scale-sets/overview.md) | [virtual-machine-scale-sets](/answers/topics/123/azure-virtual-machines-scale-set.html)|
 | [Azure Virtual Network](../virtual-network/network-overview.md) | [azure-virtual-network](/answers/topics/azure-virtual-network.html)|
 | [Azure Application Gateway](../application-gateway/overview.md) | [azure-application-gateway](/answers/topics/azure-application-gateway.html)|
 | [Azure Virtual Machines](../virtual-machines/linux/overview.md) | [azure-virtual-machines](/answers/topics/azure-virtual-machines.html) |
@@ -78,4 +78,4 @@ News and information about Azure Virtual Machines is shared at the [Azure blog](
 
 ## Next steps
 
-Learn more about [Azure Kubernetes Service](./index.yml)
+Learn more about [Azure Kubernetes Service](./index.yml)