Merge pull request #175334 from MicrosoftDocs/master

10/11 PM Publish

Author: huypub

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 09/17/2021
+ms.date: 10/11/2021
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/authentication/howto-authentication-passwordless-deployment.md

@@ -297,7 +297,7 @@ Here are the sample test cases for passwordless authentication with security key
 | User can't perform combined registration.| Ensure [combined registration](concept-registration-mfa-sspr-combined.md) is enabled. |
 | User can't add a security key in their [security settings](https://aka.ms/mysecurityinfo).| Ensure that [security keys](howto-authentication-passwordless-security-key.md) are enabled. |
 | User can't add security key in Windows 10 sign-in options.| [Ensure that security keys for Windows sign in](concept-authentication-passwordless.md) are enabled |
-| **Error message**: We detected that this browser or OS doesn't support FIDO2 security keys.| Passwordless FIDO2 security devices can only be registered in supported browsers (Microsoft Edge, Firefox version 67) o Windows 10 version 1809 or higher. |
+| **Error message**: We detected that this browser or OS doesn't support FIDO2 security keys.| Passwordless FIDO2 security devices can only be registered in supported browsers (Microsoft Edge, Firefox version 67) on Windows 10 version 1809 or higher. |
 | **Error message**: Your company policy requires that you use a different method to sign in.| Ensure security keys are enabled in the tenant. |
 | User unable to manage my security key on Windows 10 version 1809| Version 1809 requires that you use the security key management software provided by the FIDO2 key vendor. Contact the vendor for support. |
 | I think my FIDO2 security key may be defective—how can I test it.| Navigate to [https://webauthntest.azurewebsites.net/](https://webauthntest.azurewebsites.net/), enter credentials for a test account, plug in the suspect security key, select the + button at the top right of the screen, select create, and go through the creation process. If this scenario fails, your device may be defective. |
@@ -382,4 +382,4 @@ Select the user row, and then select the **Authentication Details** tab to view
 
 * [Learn how passwordless authentication works](concept-authentication-passwordless.md)
 
-* [Deploy other identity features](../fundamentals/active-directory-deployment-plans.md)
+* [Deploy other identity features](../fundamentals/active-directory-deployment-plans.md)

articles/active-directory/conditional-access/resilience-defaults.md

@@ -83,7 +83,7 @@ You can configure Conditional Access resilience defaults from the Azure portal,
 
 ### MS Graph APIs
 
-You can also manage resilience defaults for your Conditional Access policies using the MS Graph API and the [Microsoft Graph Explorer](/graph/graph-explorer). 
+You can also manage resilience defaults for your Conditional Access policies using the MS Graph API and the [Microsoft Graph Explorer](/graph/graph-explorer/graph-explorer-overview). 
 
 Sample request URL: 
 

articles/active-directory/fundamentals/security-operations-introduction.md

@@ -68,6 +68,10 @@ Microsoft has many products and services that enable you to customize your IT en
 
    * [Security baseline (FINAL) for Windows 10 v1909 and Windows Server v1909](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093)
 
+   * [Security baseline for Windows 11](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772)
+   
+   * [Security baseline for Windows Server 2022](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685)
+   
 * On-premises environments
 
    * [Microsoft Defender for Identity architecture](/defender-for-identity/architecture)

articles/active-directory/governance/entitlement-management-group-licenses.md

@@ -53,7 +53,7 @@ For more information, see [License requirements](entitlement-management-overview
 
 1. Select **Next: Resource roles** to go to the **Resource roles** tab.
 
-2. On this tab, you select the resources and the resource role to include in the access package. In this scenario, select **Groups and Teams** and search for your group that has assigned [Office licenses](/active-directory/enterprise-users/licensing-groups-assign.md).
+2. On this tab, you select the resources and the resource role to include in the access package. In this scenario, select **Groups and Teams** and search for your group that has assigned [Office licenses](/azure/active-directory/enterprise-users/licensing-groups-assign).
 
 3. In the **Role** list, select **Member**.
 
@@ -139,4 +139,4 @@ In this step, you can delete the Office Licenses access package.
 
 Learn how to create access packages to manage access to other types of resources, like applications and sites: 
 
-[Manage access to resources in Azure AD entitlement management](/active-directory/governance/entitlement-management-access-package-first.md)
+[Manage access to resources in Azure AD entitlement management](/azure/active-directory/governance/entitlement-management-access-package-first)

articles/active-directory/governance/entitlement-management-onboard-external-user.md

@@ -129,4 +129,4 @@ In this step, you can delete the **External user package** access package.
 
 ## Next steps
 
-Learn about creating access packages to manage access to other types of resources such as applications, and sites. [Tutorial: Manage access to resources in Azure AD entitlement management](/active-directory/governance/entitlement-management-access-package-first.md)
+Learn about creating access packages to manage access to other types of resources such as applications, and sites. [Tutorial: Manage access to resources in Azure AD entitlement management](/azure/active-directory/governance/entitlement-management-access-package-first)

articles/active-directory/saas-apps/axiad-cloud-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Axiad Cloud | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Axiad Cloud'
 description: Learn how to configure single sign-on between Azure Active Directory and Axiad Cloud.
 services: active-directory
 author: jeevansd
@@ -9,20 +9,18 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 05/15/2020
+ms.date: 10/07/2021
 ms.author: jeedes
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Axiad Cloud
+# Tutorial: Azure AD SSO integration with Axiad Cloud
 
 In this tutorial, you'll learn how to integrate Axiad Cloud with Azure Active Directory (Azure AD). When you integrate Axiad Cloud with Azure AD, you can:
 
 * Control in Azure AD who has access to Axiad Cloud.
 * Enable your users to be automatically signed-in to Axiad Cloud with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-
 ## Prerequisites
 
 To get started, you need the following items:
@@ -34,25 +32,24 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Axiad Cloud supports **SP** initiated SSO
-* Once you configure Axiad Cloud you can enforce session control, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Axiad Cloud supports **SP** initiated SSO.
 
-## Adding Axiad Cloud from the gallery
+## Add Axiad Cloud from the gallery
 
 To configure the integration of Axiad Cloud into Azure AD, you need to add Axiad Cloud from the gallery to your list of managed SaaS apps.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
 1. In the **Add from the gallery** section, type **Axiad Cloud** in the search box.
 1. Select **Axiad Cloud** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD single sign-on for Axiad Cloud
+## Configure and test Azure AD SSO for Axiad Cloud
 
 Configure and test Azure AD SSO with Axiad Cloud using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Axiad Cloud.
 
-To configure and test Azure AD SSO with Axiad Cloud, complete the following building blocks:
+To configure and test Azure AD SSO with Axiad Cloud, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -65,25 +62,25 @@ To configure and test Azure AD SSO with Axiad Cloud, complete the following buil
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Axiad Cloud** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Axiad Cloud** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
-
-	a. In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://portal-<INSTANCE_NAME>.axiadids.net`
+1. On the **Basic SAML Configuration** section, perform the following steps: 
 
-    b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+    a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
     `https://access-<INSTANCE_NAME>.axiadids.net/<CUSTOM_URL>`
 
-    c. In the **Reply URL** textbox, type a URL using the following pattern:
+    b. In the **Reply URL** textbox, type a URL using the following pattern:
     `https://access-<INSTANCE_NAME>.axiadids.net/<CUSTOM_URL>`
 
+    c. In the **Sign on URL** text box, type a URL using the following pattern:
+    `https://portal-<INSTANCE_NAME>.axiadids.net`
+
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact [Axiad Cloud Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Axiad Cloud Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
@@ -112,13 +109,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
 1. In the applications list, select **Axiad Cloud**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
-   ![The "Users and groups" link](common/users-groups-blade.png)
-
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
-	![The Add User link](common/add-assign-user.png)
-
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
@@ -133,20 +124,14 @@ In this section, you create a user called Britta Simon in Axiad Cloud. Work with
 
 ## Test SSO
 
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Axiad Cloud tile in the Access Panel, you should be automatically signed in to the Axiad Cloud for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
-
-## Additional resources
-
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options. 
 
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal. This will redirect to Axiad Cloud Sign-on URL where you can initiate the login flow. 
 
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to Axiad Cloud Sign-on URL directly and initiate the login flow from there.
 
-- [Try Axiad Cloud with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the Axiad Cloud tile in the My Apps, this will redirect to Axiad Cloud Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
 
-- [How to protect Axiad Cloud with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Axiad Cloud you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).