Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -80,10 +80,11 @@ After the first failure, the first retry happens within the next 2 hours (usuall
 - The third retry happens 12 hours after the first failure.
 - The fourth retry happens 24 hours after the first failure.
 - The fifth retry happens 48 hours after the first failure.
-- The sixth retry happens 96 hours after the first failure
-- The seventh retry happens 168 hours after the first failure.
+- The sixth retry happens 72 hours after the first failure.
+- The seventh retry happens 96 hours after the first failure.
+- The eigth retry happens 120 hours after the first failure.
 
-After the 7th failure, entry is flagged and no further retries are run.
+This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
 
 
 ## How do I get my application out of quarantine?

articles/active-directory/app-provisioning/provision-on-demand.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/30/2022
+ms.date: 07/06/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -146,7 +146,6 @@ There are currently a few known limitations to on-demand provisioning. Post your
 > [!NOTE]
 > The following limitations are specific to the on-demand provisioning capability. For information about whether an application supports provisioning groups, deletions, or other capabilities, check the tutorial for that application.
 
-* Amazon Web Services (AWS) application does not support on-demand provisioning. 
 * On-demand provisioning of groups supports updating up to 5 members at a time
 * On-demand provisioning of roles isn't supported.
 * On-demand provisioning supports disabling users that have been unassigned from the application. However, it doesn't support disabling or deleting users that have been disabled or deleted from Azure AD. Those users won't appear when you search for a user.

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-aws.md

@@ -18,11 +18,6 @@ This article describes how to onboard an Amazon Web Services (AWS) account on Pe
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
-
-## View a training video on configuring and onboarding an AWS account
-
-To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).
-
 ## Onboard an AWS account
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md

@@ -24,11 +24,6 @@ To add Permissions Management to your Azure AD tenant:
 - You must have an Azure AD user account and an Azure command-line interface (Azure CLI) on your system, or an Azure subscription. If you don't already have one, [create a free account](https://azure.microsoft.com/free/).
 - You must have **Microsoft.Authorization/roleAssignments/write** permission at the subscription or management group scope to perform these tasks. If you don't have this permission, you can ask someone who has this permission to perform these tasks for you.
 
-
-## View a training video on enabling Permissions Management in your Azure AD tenant
-
-To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).
-
 ## How to onboard an Azure subscription
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-tenant.md

@@ -28,13 +28,6 @@ To enable Permissions Management in your organization:
 > [!NOTE]
 > During public preview, Permissions Management doesn't perform a license check.
 
-## View a training video on enabling Permissions Management
-
-- To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).
-- To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).
-- To view a video on how to configure and onboard GCP accounts in Permissions Management, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).
-
-
 ## How to enable Permissions Management on your Azure AD tenant
 
 1. In your browser:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md

@@ -18,11 +18,6 @@ This article describes how to onboard a Google Cloud Platform (GCP) project on P
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
-## View a training video on configuring and onboarding a GCP account
-
-To view a video on how to configure and onboard GCP accounts in Permissions Management, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).
-
-
 ## Onboard a GCP project
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/saas-apps/sap-analytics-cloud-provisioning-tutorial.md

@@ -51,7 +51,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 2. Configure SAP Analytics Cloud to support provisioning with Azure AD
 
-1. Sign into [SAP Identity Provisioning admin console](https://ips-xlnk9v890j.dispatcher.us1.hana.ondemand.com/) with your administrator account and then select **Proxy Systems**.
+1. Sign into the SAP Identity Provisioning admin console with your administrator account and then select **Proxy Systems**.
 
    ![SAP Proxy Systems](./media/sap-analytics-cloud-provisioning-tutorial/sap-proxy-systems.png)
 
@@ -159,4 +159,4 @@ Once you've configured provisioning, use the following resources to monitor your
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/active-directory/verifiable-credentials/how-to-use-quickstart-idtoken.md

@@ -7,7 +7,7 @@ manager: rkarlin
 ms.service: decentralized-identity
 ms.topic: how-to
 ms.subservice: verifiable-credentials
-ms.date: 06/22/2022
+ms.date: 07/06/2022
 ms.author: barclayn
 
 #Customer intent: As an administrator, I am looking for information to help me create verifiable credentials for ID tokens. 
@@ -86,6 +86,7 @@ The JSON attestation definition should contain the **idTokens** name, the [OIDC
 
 The claims mapping in the following example requires that you configure the token as explained in the [Claims in the ID token from the identity provider](#claims-in-the-id-token-from-the-identity-provider) section.
 
+
 ```json
 {
   "attestations": {
@@ -124,10 +125,17 @@ The claims mapping in the following example requires that you configure the toke
         "required": false
       }
     ]
+  },
+  "validityInterval": 2592000,
+  "vc": {
+    "type": [
+      "VerifiedCredentialExpert"
+    ]
   }
 }
 ```
 
+
 ## Application registration
 
 The clientId attribute is the application ID of a registered application in the OIDC identity provider. For Azure Active Directory, you create the application by doing the following:

articles/active-directory/verifiable-credentials/how-to-use-quickstart-selfissued.md

@@ -7,7 +7,7 @@ manager: rkarlin
 ms.service: decentralized-identity
 ms.topic: how-to
 ms.subservice: verifiable-credentials
-ms.date: 06/22/2022
+ms.date: 07/06/2022
 ms.author: barclayn
 
 #Customer intent: As a verifiable credentials administrator, I want to create a verifiable credential for self-asserted claims scenario. 
@@ -94,6 +94,12 @@ The JSON attestation definition should contain the **selfIssued** name and the c
       ],
       "required": false
     }
+  },
+  "validityInterval": 2592000,
+  "vc": {
+    "type": [
+      "VerifiedCredentialExpert"
+    ]
   }
 }
 ```

articles/active-directory/verifiable-credentials/how-to-use-quickstart.md

@@ -7,7 +7,7 @@ manager: rkarlin
 ms.service: decentralized-identity
 ms.topic: how-to
 ms.subservice: verifiable-credentials
-ms.date: 06/16/2022
+ms.date: 07/06/2022
 ms.author: barclayn
 
 #Customer intent: As a verifiable credentials administrator, I want to create a verifiable credential for the ID token hint scenario. 
@@ -105,10 +105,17 @@ The expected JSON for the rules definitions is the inner content of the rules at
             "required": false
           }
         ]
+      },
+      "validityInterval":  2592000,
+      "vc": {
+        "type": [
+          "VerifiedCredentialExpert"
+        ]
       }
 }
 ```
 
+
 ## Configure the samples to issue and verify your custom credential
 
 To configure your sample code to issue and verify by using custom credentials, you need: