Merge pull request #224601 from MicrosoftDocs/main

1/20 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -29954,6 +29954,11 @@
           "source_path": "articles/dotnet-develop-multitenant-applications.md",
           "redirect_URL": "/azure/architecture/guide/multitenant/overview",
           "redirect_document_id": false
-        }
+        },
+        {
+            "source_path": "articles/load-balancer/protect-load-balancer-with-ddos-standard.md",
+            "redirect_URL": "/azure/load-balancer/tutorial-protect-load-balancer",
+            "redirect_document_id": false
+          }
     ]
 }

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -59,7 +59,7 @@ Before you get started with Application Proxy Complex application scenario apps,
 To configure (and update) Application Segments for a complex app using the API, you first [create a wildcard application](application-proxy-wildcard.md#create-a-wildcard-application), and then update the application's onPremisesPublishing property to configure the application segments and respective CORS settings.
 
 > [!NOTE]
-> One application segment is supported in preview. Support for multiple application segment to be announced soon.
+> 2 application segment per complex application are supported for [Microsoft Azure AD premium subscription](https://azure.microsoft.com/pricing/details/active-directory). Licence requirement for more than 2 application segments per complex application to be announced soon.
 
 If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
 ## Example

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -18,7 +18,7 @@ This article answers frequently asked questions (FAQs) about Permissions Managem
 
 ## What's Permissions Management?
 
-Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multi-cloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
+Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
 
 
 ## What are the prerequisites to use Permissions Management?
@@ -39,15 +39,15 @@ No, Permissions Management is a hosted cloud offering.
 
 ## Can non-Azure customers use Permissions Management?
 
-Yes, non-Azure customers can use our solution. Permissions Management is a multi-cloud solution so even customers who have no subscription to Azure can benefit from it.
+Yes, non-Azure customers can use our solution. Permissions Management is a multicloud solution so even customers who have no subscription to Azure can benefit from it.
 
 ## Is Permissions Management available for tenants hosted in the European Union (EU)?
 
 Yes, Permissions Management is currently for tenants hosted in the European Union (EU).
 
 ## If I'm already using Azure AD  Privileged Identity Management (PIM) for Azure, what value does Permissions Management provide?
 
-Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while Permissions Management allows multi-cloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
+Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
 
 ## What public cloud infrastructures are supported by Permissions Management?
 
@@ -132,21 +132,21 @@ You can read our blog and visit our web page. You can also get in touch with you
 
 ## What is the data destruction/decommission process? 
 
-If a customer initiates a free Permissions Management 90-day trial, but does not follow up and convert to a paid license within 90 days of the free trial expiration, we will delete all collected data on or just before 90 days.  
+If a customer initiates a free Permissions Management 45-day trial, but does not follow up and convert to a paid license within 45 days of the free trial expiration, we will delete all collected data on or just before 45 days.  
 
-If a customer decides to discontinue licensing the service, we will also delete all previously collected data within 90 days of license termination.  
+If a customer decides to discontinue licensing the service, we will also delete all previously collected data within 45 days of license termination.  
 
 We also have the ability to remove, export or modify specific data should the Global Admin using the Entra Permissions Management service file an official Data Subject Request. This can be initiated by opening a ticket in the Azure portal [New support request - Microsoft Entra admin center](https://entra.microsoft.com/#blade/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical), or alternately contacting your local Microsoft representative. 
 
 ## Do I require a license to use Entra Permissions Management? 
 
-Yes, as of July 1st, 2022, new customers must acquire a free 90-trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
+Yes, as of July 1st, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
 
 ## What do I do if I’m using Public Preview version of Entra Permissions Management?  
 
 If you are using the Public Preview version of Entra Permissions Management, your current deployment(s) will continue to work through October 1st.  
 
-After October 1st you will need to move over to use the newly released version of the service and enable a 90-day trial or purchase licenses to continue using the service.  
+After October 1st you will need to move over to use the newly released version of the service and enable a 45-day trial or purchase licenses to continue using the service.  
 
 ## What do I do if I’m using the legacy version of the CloudKnox service?  
 

articles/active-directory/cloud-infrastructure-entitlement-management/product-permissions-analytics-reports.md

@@ -8,23 +8,21 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 01/20/2023
 ms.author: jfields
 ---
 
 # Generate and download the Permissions analytics report
 
-This article describes how to generate and download the **Permissions analytics report** in Permissions Management.
+This article describes how to generate and download the **Permissions analytics report** in Permissions Management for AWS, Azure, and GCP. You can generate the report in Excel format, and also as a PDF.
 
-> [!NOTE]
-> This topic applies only to Amazon Web Services (AWS) users.
 
 ## Generate the Permissions analytics report
 
 1. In the Permissions Management home page, select the **Reports** tab, and then select the **Systems Reports** subtab.
 
     The **Systems Reports** subtab displays a list of reports the **Reports** table.
-1. Find **Permissions Analytics Report** in the list, and to download the report, select the down arrow to the right of the report name, or from the ellipses **(...)** menu, select **Download**.
+1. Select **Permissions Analytics Report** from the list. o download the report, select the down arrow to the right of the report name, or from the ellipses **(...)** menu, select **Download**.
 
     The following message displays: **Successfully Started To Generate On Demand Report.**
 

articles/active-directory/cloud-sync/how-to-attribute-mapping.md

@@ -7,15 +7,17 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/11/2023
+ms.date: 01/20/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
 # Attribute mapping in Azure AD Connect cloud sync
 
-You can use the cloud sync feature of Azure Active Directory (Azure AD) Connect to map attributes between your on-premises user or group objects and the objects in Azure AD. This capability has been added to the cloud sync configuration.
+You can use the cloud sync attribute mapping feature to map attributes between your on-premises user or group objects and the objects in Azure AD. 
+
+ :::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-1.png" alt-text="Screenshot of new UX screen attribute mapping." lightbox="media/how-to-attribute-mapping/new-ux-mapping-1.png":::
 
 You can customize (change, delete, or create) the default attribute mappings according to your business needs. For a list of attributes that are synchronized, see [Attributes synchronized to Azure Active Directory](../hybrid/reference-connect-sync-attributes-synchronized.md?context=azure%2factive-directory%2fcloud-provisioning%2fcontext%2fcp-context/hybrid/reference-connect-sync-attributes-synchronized.md).
 
@@ -54,7 +56,10 @@ For more information on how to map UserType, see [Map UserType with cloud sync](
 
 ## Understand properties of attribute mappings
 
-Along with the type property, attribute mappings support certain attributes.  These attributes will depend on the type of mapping you have selected.  The following sections describe the supported attribute mappings for each of the individual types
+Along with the type property, attribute mappings support certain attributes.  These attributes will depend on the type of mapping you have selected.  The following sections describe the supported attribute mappings for each of the individual types.  The following type of attribute mapping is available.
+- Direct
+- Constant
+- Expression
 
 ### Direct mapping attributes
 The following are the attributes supported by a direct mapping:
@@ -66,7 +71,7 @@ The following are the attributes supported by a direct mapping:
   - **Always**: Apply this mapping on both user-creation and update actions.
   - **Only during creation**: Apply this mapping only on user-creation actions.
 
- ![Screenshot for direct](media/how-to-attribute-mapping/mapping-7.png)
+:::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-2.png" alt-text="Screenshot of editing attribute mapping." lightbox="media/how-to-attribute-mapping/new-ux-mapping-2.png":::
 
 ### Constant mapping attributes
 The following are the attributes supported by a constant mapping:
@@ -77,8 +82,6 @@ The following are the attributes supported by a constant mapping:
   - **Always**: Apply this mapping on both user-creation and update actions.
   - **Only during creation**: Apply this mapping only on user-creation actions.
 
- ![Screenshot for constant](media/how-to-attribute-mapping/mapping-9.png)
-
 ### Expression mapping attributes
 The following are the attributes supported by an expression mapping:
 
@@ -90,61 +93,59 @@ The following are the attributes supported by an expression mapping:
   - **Always**: Apply this mapping on both user-creation and update actions.
   - **Only during creation**: Apply this mapping only on user-creation actions.
 
- ![Screenshot for expression](media/how-to-attribute-mapping/mapping-10.png)
-
 ## Add an attribute mapping
 
-To use the new capability, follow these steps:
-
-1.  In the Azure portal, select **Azure Active Directory**.
-2.  Select **Azure AD Connect**.
-3.  Select **Manage cloud sync**.
-
-    ![Screenshot that shows the link for managing cloud sync.](media/how-to-install/install-6.png)
-
-4. Under **Configuration**, select your configuration.
-5. Select **Click to edit mappings**.  This link opens the **Attribute mappings** screen.
+To use attribute mapping, follow these steps:
 
-    ![Screenshot that shows the link for adding attributes.](media/how-to-attribute-mapping/mapping-6.png)
+ 1.  In the Azure portal, select **Azure Active Directory**.
+ 2.  On the left, select **Azure AD Connect**.
+ 3.  On the left, select **Cloud sync**.
+ 
+ :::image type="content" source="media/how-to-on-demand-provision/new-ux-1.png" alt-text="Screenshot of new UX screen." lightbox="media/how-to-on-demand-provision/new-ux-1.png":::
 
-6.  Select **Add attribute**.
+ 4. Under **Configuration**, select your configuration.
+ 5. On the left, select **Attribute mapping**.
+ 6. At the top, ensure that you have the correct object type selected.  That is, user, group, or contact.
+ 7. Click **Add attribute mapping**.
 
-    ![Screenshot that shows the button for adding an attribute, along with lists of attributes and mapping types.](media/how-to-attribute-mapping/mapping-1.png)
+ :::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-3.png" alt-text="Screenshot of adding an attribute mapping." lightbox="media/how-to-attribute-mapping/new-ux-mapping-3.png":::
 
-7. Select the mapping type. This can be one of the following:
+ 8. Select the mapping type. This can be one of the following:
      - **Direct**: The target attribute is populated with the value of an attribute of the linked object in Active Directory.
      - **Constant**: The target attribute is populated with a specific string that you specify.
      - **Expression**: The target attribute is populated based on the result of a script-like expression. 
      - **None**: The target attribute is left unmodified. 
- 
-     For more information see See [Understanding attribute types](#understand-types-of-attribute-mapping) above.
-8. Depending on what you have selected in the previous step, different options will be available for filling in.  See the [Understand properties of attribute mappings](#understand-properties-of-attribute-mappings)sections above for information on these attributes.
-9. Select when to apply this mapping, and then select **Apply**.
-11. Back on the **Attribute mappings** screen, you should see your new attribute mapping.  
-12. Select **Save schema**.
+    
+ 9. Depending on what you have selected in the previous step, different options will be available for filling in.  
+ 10. Select when to apply this mapping, and then select **Apply**.
+ :::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-4.png" alt-text="Screenshot of saving an attribute mapping." lightbox="media/how-to-attribute-mapping/new-ux-mapping-4.png":::
+
+ 11. Back on the **Attribute mappings** screen, you should see your new attribute mapping.
+ 12. Select **Save schema**.  You will be notified that once you save the schema, a synchronization will occur.  Click **OK**.
+ :::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-5.png" alt-text="Screenshot of saving schema." lightbox="media/how-to-attribute-mapping/new-ux-mapping-5.png":::
 
-    ![Screenshot that shows the Save schema button.](media/how-to-attribute-mapping/mapping-3.png)
+ 13. Once the save is successful you will see a notification on the right.
+
+ :::image type="content" source="media/how-to-attribute-mapping/new-ux-mapping-6.png" alt-text="Screenshot of successful schema save." lightbox="media/how-to-attribute-mapping/new-ux-mapping-6.png":::
 
 ## Test your attribute mapping
 
 To test your attribute mapping, you can use [on-demand provisioning](how-to-on-demand-provision.md): 
 
-1. In the Azure portal, select **Azure Active Directory**.
-2. Select **Azure AD Connect**.
-3. Select **Manage provisioning**.
-4. Under **Configuration**, select your configuration.
-5. Under **Validate**, select the **Provision a user** button. 
-6. On the **Provision on demand** screen, enter the distinguished name of a user or group and select the **Provision** button. 
-
-   The screen shows that the provisioning is in progress.
+ 1.  In the Azure portal, select **Azure Active Directory**.
+ 2.  On the left, select **Azure AD Connect**.
+ 3.  On the left, select **Cloud sync**.
+ 4. Under **Configuration**, select your configuration.
+ 5. On the left, select **Provision on demand**.
+ 6. Enter the distinguished name of a user and select the **Provision** button.
+ 
+ :::image type="content" source="media/how-to-on-demand-provision/new-ux-2.png" alt-text="Screenshot of user distinguished name." lightbox="media/how-to-on-demand-provision/new-ux-2.png":::    
 
-   ![Screenshot that shows provisioning in progress.](media/how-to-attribute-mapping/mapping-4.png)
+ 7. After provisioning finishes, a success screen appears with four green check marks. Any errors appear to the left.
 
-8. After provisioning finishes, a success screen appears with four green check marks. 
+ :::image type="content" source="media/how-to-on-demand-provision/new-ux-3.png" alt-text="Screenshot of on-demand success." lightbox="media/how-to-on-demand-provision/new-ux-3.png":::  
 
-   Under **Perform action**, select **View details**. On the right, you should see the new attribute synchronized and the expression applied.
 
-   ![Screenshot that shows success and export details.](media/how-to-attribute-mapping/mapping-5.png)