Merge pull request #204448 from MicrosoftDocs/main

7/12 AM Publish

Author: huypub

articles/active-directory-b2c/validation-technical-profile.md

@@ -86,7 +86,7 @@ Following example uses these validation technical profiles:
 ```xml
 <ValidationTechnicalProfiles>
   <ValidationTechnicalProfile ReferenceId="login-NonInteractive" ContinueOnError="false" />
-  <ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomertsDatabase" ContinueOnError="true" >
+  <ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomersDatabase" ContinueOnError="true" >
     <Preconditions>
       <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
         <Value>userType</Value>

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -82,7 +82,7 @@ After the first failure, the first retry happens within the next 2 hours (usuall
 - The fifth retry happens 48 hours after the first failure.
 - The sixth retry happens 72 hours after the first failure.
 - The seventh retry happens 96 hours after the first failure.
-- The eigth retry happens 120 hours after the first failure.
+- The eighth retry happens 120 hours after the first failure.
 
 This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
 

articles/active-directory/external-identities/google-federation.md

@@ -7,12 +7,11 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 03/02/2022
+ms.date: 07/12/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
-ms.reviewer: mal
 ms.custom: "it-pro, seo-update-azuread-jan, has-adal-ref"
 ms.collection: M365-identity-device-management
 ---
@@ -33,7 +32,7 @@ By setting up federation with Google, you can allow invited users to sign in to
 
 ## What is the experience for the Google user?
 
-When a Google user redeems your invitation, their experience varies depending on whether they're already signed in to Google:
+You can invite a Google user to B2B collaboration in various ways. For example, you can [add them to your directory via the Azure portal](b2b-quickstart-add-guest-users-portal.md). When they redeem your invitation, their experience varies depending on whether they're already signed in to Google:
 
 - Guest users who aren't signed in to Google will be prompted to do so.
 - Guest users who are already signed in to Google will be prompted to choose the account they want to use. They must choose the account you used to invite them.

articles/active-directory/fundamentals/road-to-the-cloud-implement.md

@@ -24,9 +24,7 @@ You can enrich user attributes in Azure AD to make more user attributes availabl
 
 * App provisioning - The data source of app provisioning is Azure AD and necessary user attributes must be in there.
 
-* Application authorization - Token issued by Azure AD can include claims generated from user attributes. 
-
-* Application can make authorization decision based on the claims in token.
+* Application authorization - Token issued by Azure AD can include claims generated from user attributes so that applications can make authorization decision based on the claims in token.
 
 * Group membership population and maintenance - Dynamic groups enables dynamic population of group membership based on user attributes such as department information.
 

articles/active-directory/fundamentals/road-to-the-cloud-posture.md

@@ -34,7 +34,7 @@ The five states have exit criteria to help you determine where your environment
 
 The content then provides more detailed guidance organized to help with intentional changes to people, process, and technology to:
 
-* Establish Azure AD capabilities
+* Establish Azure AD footprint
 
 * Implement a cloud-first approach
 
@@ -101,7 +101,7 @@ In enterprise-sized organizations, IAM transformation, or even transformation fr
 
 The transformation between the states is similar to moving locations:
 
-* **Establish new location** - You purchase your destination and establish connectivity between the current location and the new location. This enables you to maintain your productivity and ability to operate. In this content, the activities are described in **[Establish Azure AD capabilities](road-to-the-cloud-establish.md)**. The results transition you to State 2.
+* **Establish new location** - You purchase your destination and establish connectivity between the current location and the new location. This enables you to maintain your productivity and ability to operate. In this content, the activities are described in **[Establish Azure AD footprint](road-to-the-cloud-establish.md)**. The results transition you to State 2.
 
 * **Limit new items in old location** - You stop investing in the old location and set policy to stage new items in new location. In this content, the activities are described in **[Implement cloud-first approach](road-to-the-cloud-implement.md)**. The activities set the foundation to migrate at scale and reach State 3.
 
@@ -122,7 +122,7 @@ As a migration of IAM to Azure AD is started, organizations must determine the p
 
 :::image type="content" source="media/road-to-cloud-posture/road-to-the-cloud-migration.png" alt-text="Table depicting three major milestones that organizations move through when implementing an AD to Azure AD migration. These include Establish Azure AD capabilities, Implement cloud-first approach, and Move workloads to the cloud." border="false":::
 
-## Establish Azure AD capabilities
+## Establish Azure AD footprint
 
 * **Initialize tenant** - Create your new Azure AD tenant that supports the vision for your end-state deployment.
 

articles/active-directory/governance/what-is-identity-lifecycle-management.md

@@ -35,19 +35,19 @@ The typical process for establishing identity lifecycle management in an organiz
 
 2. Connect those systems of record with one or more directories and databases used by applications, and resolve any inconsistencies between the directories and the systems of record. For example, a directory may have obsolete data, such as an account for a former employee, that is no longer needed. 
 
-3. Determine what processes can be used to supply authoritative information in the absence of a system of record.  For example, if there are digital identities but visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
+3. Determine what processes can be used to supply authoritative information in the absence of a system of record.  For example, if there are digital identities for visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
 
-4. Configure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
+4. Ensure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
 
 ## Identity lifecycle management for representing employees and other individuals with an organizational relationship
 
 When planning identity lifecycle management for employees, or other individuals with an organizational relationship such as a contractor or student, many organizations model the "join, move, and leave" process.  These are:
 
    - Join - when an individual comes into scope of needing access, an identity is needed by those applications, so a new digital identity may need to be created if one is not already available
-   - Move - when an individual moves between boundaries, that require additional access authorizations to be added or removed to their digital identity
-   - Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer by required by applications other than for audit or forensics purposes
+   - Move - when an individual moves between boundaries that require additional access authorizations to be added or removed to their digital identity
+   - Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer be required by applications other than for audit or forensics purposes
 
-So for example, if a new employee joins your organization, who has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD.  The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work.  Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process.  This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
+So for example, if a new employee joins your organization and that employee has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD.  The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work.  Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process.  This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
 
 ## Identity lifecycle management for guests
 

articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md

@@ -217,6 +217,7 @@ If your server has been locked down according to Federal Information Processing
 3. Go to the configuration/runtime node at the end of the file.
 4. Add the following node: `<enforceFIPSPolicy enabled="false"/>`
 5. Save your changes.
+6. Reboot for the changes to take effect.
 
 For reference, this snippet is what it should look like:
 

articles/active-directory/hybrid/reference-connect-adconnectivitytools.md

@@ -14,7 +14,7 @@ ms.custom: devx-track-azurepowershell
 ---
 # Azure AD Connect:  ADConnectivityTools PowerShell Reference
 
-The following documentation provides reference information for the ADConnectivityTools.psm1 PowerShell Module that is included with Azure AD Connect.
+The following documentation provides reference information for the ADConnectivityTools PowerShell Module that is included with Azure AD Connect in `C:\Program Files\Microsoft Azure Active Directory Connect\Tools\ADConnectivityTool.psm1`.
 
 ## Confirm-DnsConnectivity
 

articles/azure-functions/functions-app-settings.md

@@ -17,6 +17,9 @@ Example connection string values are truncated for readability.
 > [!NOTE]
 > You can use application settings to override host.json setting values without having to change the host.json file itself. This is helpful for scenarios where you need to configure or modify specific host.json settings for a specific environment. This also lets you change host.json settings without having to republish your project. To learn more, see the [host.json reference article](functions-host-json.md#override-hostjson-values). Changes to function app settings require your function app to be restarted.
 
+> [!IMPORTANT]
+> Do not use an [instrumentation key](../azure-monitor/app/separate-resources.md#about-resources-and-instrumentation-keys) and a [connection string](../azure-monitor/app/sdk-connection-string.md#overview) simultaneously. Whichever was set last will take precedence.
+
 ## APPINSIGHTS_INSTRUMENTATIONKEY
 
 The instrumentation key for Application Insights. Only use one of `APPINSIGHTS_INSTRUMENTATIONKEY` or `APPLICATIONINSIGHTS_CONNECTION_STRING`. When Application Insights runs in a sovereign cloud, use `APPLICATIONINSIGHTS_CONNECTION_STRING`. For more information, see [How to configure monitoring for Azure Functions](configure-monitoring.md).
@@ -25,6 +28,8 @@ The instrumentation key for Application Insights. Only use one of `APPINSIGHTS_I
 |---|------------|
 |APPINSIGHTS_INSTRUMENTATIONKEY|`55555555-af77-484b-9032-64f83bb83bb`|
 
+[!INCLUDE [azure-monitor-log-analytics-rebrand](../../includes/azure-monitor-instrumentation-key-deprecation.md)]
+
 ## APPLICATIONINSIGHTS_CONNECTION_STRING
 
 The connection string for Application Insights. Use `APPLICATIONINSIGHTS_CONNECTION_STRING` instead of `APPINSIGHTS_INSTRUMENTATIONKEY` in the following cases:

articles/azure-monitor/containers/container-insights-enable-aks-policy.md

@@ -78,6 +78,6 @@ Monitoring Addon Custom Policy can be assigned at either the subscription or res
 ## Next steps
 
 - Learn more about [Azure Policy](../../governance/policy/overview.md).
-- Learn how [remediation security works](../../governance/policy/how-to/remediate-resources.md#how-remediation-security-works).
+- Learn how [remediation access control works](../../governance/policy/how-to/remediate-resources.md#how-remediation-access-control-works).
 - Learn more about [Container insights](./container-insights-overview.md).
-- Install the [Azure CLI](/cli/azure/install-azure-cli).
+- Install the [Azure CLI](/cli/azure/install-azure-cli).