Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

.openpublishing.redirection.azure-monitor.json

@@ -35,6 +35,11 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
+            "redirect_url": "/azure/azure-monitor/app/app-insights-overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/resource-manager-web-app.md",
             "redirect_url": "/previous-versions/azure/azure-monitor/app/resource-manager-web-app",

.openpublishing.redirection.json

@@ -6313,16 +6313,6 @@
             "redirect_url": "/azure/architecture/service-fabric/migrate-from-cloud-services",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/batch/batch-custom-image-pools-to-azure-compute-gallery-migration-guide.md",
-            "redirect_url": "/azure/batch",
-            "redirect_document_id": false
-        },
-        {
-            "source_path_from_root": "/articles/batch/batch-pools-to-simplified-compute-node-communication-model-migration-guide.md",
-            "redirect_url": "/azure/batch",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/batch/big-compute-resources.md",
             "redirect_url": "/azure/architecture/topics/high-performance-computing/",

.openpublishing.redirection.virtual-desktop.json

@@ -169,6 +169,11 @@
             "source_path_from_root": "/articles/virtual-desktop/deploy-windows-server-virtual-machine.md",
             "redirect_url": "/azure/virtual-desktop/add-session-hosts-host-pool",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/environment-setup.md",
+            "redirect_url": "/azure/virtual-desktop/terminology",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/partner-saviynt.md

@@ -1,105 +1,126 @@
 ---
-title: Tutorial for configuring Saviynt with Azure Active Directory B2C
+title: Tutorial to configure Saviynt with Azure Active Directory B2C
 titleSuffix: Azure AD B2C
-description: Tutorial to configure Azure Active Directory B2C with Saviynt for cross application integration to streamline IT modernization and promote better security, governance, and compliance. 
+description: Learn to configure Azure AD B2C with Saviynt for cross-application integration for better security, governance, and compliance. 
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.reviewer: kengaderdus
-
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/20/2021
+ms.date: 03/07/2023
 ms.author: gasinh
 ms.subservice: B2C
 ---
 
-# Tutorial for configuring Saviynt with Azure Active Directory B2C
-
-In this sample tutorial, we provide guidance on how to integrate Azure Active Directory (AD) B2C with [Saviynt](https://saviynt.com/integrations/azure-ad/for-b2c/). Saviynt’s Security Manager platform provides the visibility, security, and governance today’s businesses need, in a single unified platform. Saviynt incorporates application risk and governance, infrastructure management, privileged account management, and customer risk analysis.
+# Tutorial to configure Saviynt with Azure Active Directory B2C
 
-In this sample tutorial, you'll set up Saviynt to provide fine grained access control based delegated administration for Azure AD B2C users. Saviynt does the following checks to determine if a user is authorized to manage Azure AD B2C users.
+Learn to integrate Azure Active Directory B2C (Azure AD B2C) with the Saviynt Security Manager platform, which has visibility, security, and governance. Saviynt incorporates application risk and governance, infrastructure management, privileged account management, and customer risk analysis.
 
-- Feature level security to determine if a user can perform a specific operation. For example, Create user, Update user, Reset user password, and so on.
+Learn more: [Saviynt for Azure AD B2C](https://saviynt.com/integrations/azure-ad/for-b2c/)
 
-- Field level security to determine if a user can read/write a specific attribute of another user during user management operations. For example, help desk agent can only update phone number and all other attributes are read-only.
+Use the following instructions to set up access control delegated administration for Azure AD B2C users. Saviynt determines if a user is authorized to manage Azure AD B2C users with:
 
-- Data level security to determine if a user can perform a certain operation on a specific user. For example, help desk administrator for UK region can manage UK users only.
+* Feature level security to determine if users can perform an operation
+  * For example, create user, update user, reset user password, and so on
+* Field level security to determine if users can read/write user attributes during user management operations 
+  * For example, a Help Desk agent can update a phone number; other attributes are read-only
+* Data level security to determine if users can perform an operation on another user
+  * For example, a Help Desk administrator for the United Kingdom region manages UK users
 
 ## Prerequisites
 
-To get started, you'll need:
-
-- An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-
-- An [Azure AD B2C tenant](./tutorial-create-tenant.md). Tenant is linked to your Azure subscription.
+To get started, you need:
 
-- A Saviynt [subscription](https://saviynt.com/contact-us/)
+* An Azure AD subscription
+  * If you don't have on, get an [Azure free account](https://azure.microsoft.com/free/)
+* An [Azure AD B2C tenant](./tutorial-create-tenant.md) linked to your Azure subscription
+* Go to saviynt.com [Contact Us](https://saviynt.com/contact-us/) to request a demo
 
 ## Scenario description
 
 The Saviynt integration includes the following components:
 
-- [Azure AD B2C](https://azure.microsoft.com/services/active-directory/external-identities/b2c/) – The business-to-customer identity as a service that enables custom control of how your customers sign up, sign in, and manage their profiles.
+* **Azure AD B2C** – identity as a service for custom control of customer sign-up, sign-in, and profile management
+  * See, [Azure AD B2C, Get started](https://azure.microsoft.com/services/active-directory/external-identities/b2c/) 
+* **Saviynt for Azure AD B2C** – identity governance for delegated administration of user life-cycle management and access governance
+  * See, [Saviynt for Azure AD B2C](https://saviynt.com/integrations/azure-ad/for-b2c/)
+* **Microsoft Graph API** – interface for Saviynt to manage Azure AD B2C users and their access
+  * See, [Use the Microsoft Graph API](/graph/use-the-api)
+    
 
-- [Saviynt](https://saviynt.com/integrations/azure-ad/for-b2c/) – The identity governance platform that provides fine grained delegated administration for user life-cycle management and access governance of Azure AD B2C users.  
+The following architecture diagram illustrates the implementation.
 
-- [Microsoft Graph API](/graph/use-the-api) – This API provides the interfaces for Saviynt to manage the Azure AD B2C users and their access in Azure AD B2C.
+   ![Diagram of the Saviynt architecture.](./media/partner-saviynt/saviynt-architecture-diagram.png)
 
-The following architecture diagram shows the implementation.
+1. A delegated administrator starts the Azure AD B2C user operation with Saviynt.
+2. Saviynt verifies the delegated administrator can perform the operation.
+3. Saviynt sends an authorization success or failure response.
+4. Saviynt allows the delegated administrator to perform the operation.
+5. Saviynt invokes Microsoft Graph API, with user attributes, to manage the user in Azure AD B2C.
+6. Microsoft Graph API creates, updates, or deletes the user in Azure AD B2C.
+7. Azure AD B2C sends a success or failure response.
+8. Microsoft Graph API returns the response to Saviynt.
 
-![Image showing saviynt architecture diagram](./media/partner-saviynt/saviynt-architecture-diagram.png)
+## Create a Saviynt account and create delegated policies
 
-|Step | Description |
-|:-----| :-----------|
-| 1. | A delegated administrator starts a manage Azure AD B2C user operation through Saviynt.
-| 2. | Saviynt verifies with its authorization engine if the delegated administrator can do the specific operation.
-| 3. | Saviynt’s authorization engine sends an authorization success/failure response.
-| 4. | Saviynt allows the delegated administrator to do the required operation.
-| 5. | Saviynt invokes Microsoft Graph API along with user attributes to manage the user in Azure AD B2C
-| 6. | Microsoft Graph API will in turn create/update/delete the user in Azure AD B2C.
-| 7. | Azure AD B2C will send a success/failure response.
-| 8. | Microsoft Graph API will then return the response to Saviynt.
-
-## Onboard with Saviynt
-
-1. To create a Saviynt account, contact [Saviynt](https://saviynt.com/contact-us/)
-
-2. Create delegated administration policies and assign users as delegated administrators with various roles.
+1. Create a Saviynt account. To get started, go to saviynt.com [Contact Us](https://saviynt.com/contact-us/).
+2. Create delegated administration policies.
+3. Assign users the delegated administrator role.
 
 ## Configure Azure AD B2C with Saviynt
 
-### Create an Azure AD Application for Saviynt
-
-1. Sign in to the [Azure portal](https://portal.azure.com/#home).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-1. In the Azure portal, search and select **Azure AD B2C**.
-1. Select **App registrations** > **New registration**.
-1. Enter a Name for the application. For example, Saviynt and select **Create**.
-1. Go to **API Permissions** and select **+ Add a permission.**
-1. The Request API permissions page appears. Select **Microsoft APIs** tab and select **Microsoft Graph** as commonly used Microsoft APIs.
-1. Go to the next page, and select **Application permissions**.
-1. Select **Directory**, and select **Directory.Read.All** and **Directory.ReadWrite.All** checkboxes.
-1. Select **Add Permissions**. Review the permissions added.
-1. Select **Grant admin consent for Default Directory** > **Save**.
-1. Go to **Certificates and Secrets** and select **+ Add Client Secret**. Enter the client secret description, select the expiry option, and select **Add**.
-1. The Secret key is generated and displayed in the Client secret section. You'll need to use it later.
-
-1. Go to **Overview** and get the **Client ID** and **Tenant ID**.
-1. Tenant ID, client ID, and client secret will be needed to  complete the setup in Saviynt.
-
-### Enable Saviynt to Delete users
-
-The below steps explain how to enable Saviynt to perform user delete operations in Azure AD B2C.
+Use the following instructions to create an application, delete users, and more. 
 
->[!NOTE]
->[Evaluate the risk before granting admin roles access to a service principal.](../active-directory/develop/app-objects-and-service-principals.md)
+### Create an Azure AD application for Saviynt
 
-1. Install the latest version of MSOnline PowerShell Module on a Windows workstation/server.
+For the following instructions, use the directory with the Azure AD B2C tenant.
 
-2. Connect to AzureAD PowerShell module and execute the following commands:
+1. Sign in to the [Azure portal](https://portal.azure.com/#home).
+2. In the portal toolbar, select **Directories + subscriptions**.
+3. On the **Portal settings, Directories + subscriptions** page, in the **Directory name** list, find your Azure AD B2C directory.
+4. Select **Switch**.
+5. In the Azure portal, search and select **Azure AD B2C**.
+6. Select **App registrations** > **New registration**.
+7. Enter an application name. For example, Saviynt.
+8. Select **Create**.
+9. Go to **API Permissions**.
+10. Select **+ Add a permission.**
+11. The Request API permissions page appears. 
+12. Select **Microsoft APIs** tab.
+13. Select **Microsoft Graph** as commonly used Microsoft APIs.
+14. Go to the next page.
+15. Select **Application permissions**.
+16. Select **Directory**.
+17. Select the **Directory.Read.All** and **Directory.ReadWrite.All** checkboxes.
+18. Select **Add Permissions**. 
+19. Review the permissions.
+20. Select **Grant admin consent for Default Directory**.
+21. Select **Save**.
+22. Go to **Certificates and Secrets**.
+23. Select **+ Add Client Secret**. 
+24. Enter the client secret description.
+25. Select the expiry option.
+26. Select **Add**.
+27. The Secret Key appears in the Client Secret section. Save the Client Secret to use later.
+
+1. Go to **Overview**.
+2. Copy the **Client ID** and **Tenant ID**.
+
+Save the Tenant ID, Client ID, and Client Secret to complete the setup.
+
+### Enable Saviynt to delete users
+
+Enable Saviynt to perform user delete operations in Azure AD B2C.
+
+Learn more: [Application and service principal objects in Azure AD](../active-directory/develop/app-objects-and-service-principals.md)
+
+1. Install the latest version of MSOnline PowerShell Module on a Windows workstation or server.
+
+For more information, see [Azure Active Directory V2 PowerShell Module](https://www.powershellgallery.com/packages/AzureAD/2.0.2.140)
+
+2. Connect to the AzureAD PowerShell module and execute the following commands:
 
 ```powershell
 Connect-msolservice #Enter Admin credentials of the Azure portal
@@ -109,14 +130,10 @@ Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrin
 
 ## Test the solution
 
-Browse to your Saviynt application tenant and test user life-cycle management and access governance use case.
+Browse to your Saviynt application tenant and test user life-cycle management and access governance use cases.
 
 ## Next steps
 
-For additional information, review the following articles:
-
-- [Custom policies in Azure AD B2C](./custom-policy-overview.md)
-
-- [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
-
-- [Create a web API application](./add-web-api-application.md)
+* [Azure AD B2C custom policy overview](./custom-policy-overview.md)
+* [Tutorial: Create user flows and custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
+* [Add a web API application to your Azure Active Directory B2C tenant](./add-web-api-application.md)

articles/active-directory-domain-services/concepts-custom-attributes.md

@@ -2,15 +2,15 @@
 title: Create and manage custom attributes for Azure AD Domain Services | Microsoft Docs
 description: Learn how to create and manage custom attributes in an Azure AD DS managed domain.
 services: active-directory-ds
-author: justinha
+author: AlexCesarini
 manager: amycolannino
 
 ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/06/2023
+ms.date: 03/07/2023
 ms.author: justinha
 
 ---
@@ -44,7 +44,7 @@ After you create a managed domain, click **Custom Attributes (Preview)** under *
 
 ## Enable predefined attribute synchronization 
 
-Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1.0).
+Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes).
 
 ## Synchronize Azure AD directory extension attributes 
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 02/28/2023
+ms.date: 03/07/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -195,7 +195,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * Don't require a case-sensitive match on structural elements in SCIM, in particular **PATCH** `op` operation values, as defined in [section 3.5.2](https://tools.ietf.org/html/rfc7644#section-3.5.2). Azure AD emits the values of `op` as **Add**, **Replace**, and **Remove**.
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
 * Support HTTPS on your SCIM endpoint.
-* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
+* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Name/value attributes can be mapped to easily, but flowing data to complex attributes with three or more sub-attributes isn't supported.
 * The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
 * The header for all the responses should be of content-Type: application/scim+json 
 
@@ -914,7 +914,7 @@ TLS 1.2 Cipher Suites minimum bar:
 
 ### IP Ranges
 
-The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You'll need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as  '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
+The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as  '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
 
 Azure AD also supports an agent based solution to provide connectivity to applications in private networks (on-premises, hosted in Azure, hosted in AWS, etc.). Customers can deploy a lightweight agent, which provides connectivity to Azure AD without opening any inbound ports, on a server in their private network. Learn more [here](./on-premises-scim-provisioning.md).