Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into alerts-articles-batch-7

Author: paulth1

.openpublishing.redirection.active-directory.json

@@ -55,6 +55,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/trello-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/atlassian-cloud-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/iauditor-tutorial.md",
       "redirect_url": "/azure/active-directory/saas-apps/safety-culture-tutorial",

articles/active-directory/authentication/concept-authentication-oath-tokens.md

@@ -16,6 +16,7 @@ ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to understand how to use OATH tokens in Azure AD to improve and secure user sign-in events.
 ---
+
 # Authentication methods in Azure Active Directory - OATH tokens 
 
 OATH TOTP (Time-based One Time Password) is an open standard that specifies how one-time password (OTP) codes are generated. OATH TOTP can be implemented using either software or hardware to generate the codes. Azure AD doesn't support OATH HOTP, a different code generation standard.
@@ -48,7 +49,7 @@ Once tokens are acquired they must be uploaded in a comma-separated values (CSV)
 ```csv
 upn,serial number,secret key,time interval,manufacturer,model
 [email protected],1234567,2234567abcdef2234567abcdef,60,Contoso,HardwareKey
-```  
+```
 
 > [!NOTE]
 > Make sure you include the header row in your CSV file. 
@@ -61,9 +62,11 @@ Once any errors have been addressed, the administrator then can activate each ke
 
 Users may have a combination of up to five OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time. Hardware OATH tokens cannot be assigned to guest users in the resource tenant. 
 
-.[!IMPORTANT]
->Make sure to only assign each token to a single user.
->In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
+> [!IMPORTANT]
+> Make sure to only assign each token to a single user.
+> In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
+
+
 
 
 ## Determine OATH token registration type in mysecurityinfo 
@@ -75,7 +78,9 @@ OATH software token   | <img width="63" alt="Software OATH token" src="media/con
 OATH hardware token | <img width="63" alt="Hardware OATH token" src="media/concept-authentication-methods/hardware-oath-token-icon.png">
 
 
+
 ## Next steps
 
 Learn more about configuring authentication methods using the [Microsoft Graph REST API](/graph/api/resources/authenticationmethods-overview).
 Learn about [FIDO2 security key providers](concept-authentication-passwordless.md#fido2-security-key-providers) that are compatible with passwordless authentication.
+

articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md

@@ -10,7 +10,7 @@ ms.date: 01/29/2023
 
 ms.author: justinha
 author: justinha
-manager: daveba
+manager: amycolannino
 ms.reviewer: vimrang
 
 ms.collection: M365-identity-device-management

articles/active-directory/authentication/concept-certificate-based-authentication-limitations.md

@@ -10,7 +10,7 @@ ms.date: 01/29/2023
 
 ms.author: justinha
 author: justinha
-manager: daveba
+manager: amycolannino
 ms.reviewer: vimrang
 
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-infrastructure-entitlement-management/ui-autopilot.md

@@ -8,13 +8,13 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: overview
-ms.date: 02/23/2022
+ms.date: 02/16/2023
 ms.author: jfields
 ---
 
 # View rules in the Autopilot dashboard
 
-The **Autopilot** dashboard in Permissions Management provides a table of information about **Autopilot rules** for administrators.
+The **Autopilot** dashboard in Permissions Management provides a table of information about Autopilot rules for administrators. Creating Autopilot rules allows you to automate right-sizing policies so you can automatically remove unused roles and permissions assigned to identities in your authorization system.
 
 
 > [!NOTE]
@@ -30,13 +30,13 @@ The **Autopilot** dashboard in Permissions Management provides a table of inform
     The following information displays in the **Autopilot Rules** table:
 
     - **Rule Name**: The name of the rule.
-    - **State**: The status of the rule: idle (not being use) or active (being used).
-    - **Rule Type**: The type of rule being applied.
+    - **State**: The status of the rule: idle (not in use) or active (in use).
+    - **Rule Type**: The type of rule that's applied.
     - **Mode**: The status of the mode: on-demand or not.
     - **Last Generated**: The date and time the rule was last generated.
     - **Created By**: The email address of the user who created the rule.
     - **Last Modified**: The date and time the rule was last modified.
-    - **Subscription**: Provides an **On** or **Off** subscription that allows you to receive email notifications when recommendations have been generated, applied, or unapplied.
+    - **Subscription**: Provides an **On** or **Off** subscription that allows you to receive email notifications when recommendations are generated, applied, or unapplied.
 
 ## View other available options for rules
 
@@ -48,7 +48,7 @@ The **Autopilot** dashboard in Permissions Management provides a table of inform
     - **Delete Rule**: Select to delete the rule. Only the user who created the selected rule can delete the rule.
     - **Generate Recommendations**: Creates recommendations for each user and the authorization system. Only the user who created the selected rule can create recommendations.
     - **View Recommendations**: Displays the recommendations for each user and authorization system.
-    - **Notification Settings**: Displays the users subscribed to this rule. Only the user who created the selected rule can add other users to be notified.
+    - **Notification Settings**: Displays the users subscribed to this rule. Only the user who created the selected rule can add other users to receive notifications.
 
 You can also select:
 

articles/active-directory/conditional-access/concept-filter-for-applications.md

@@ -8,7 +8,7 @@ ms.date: 09/30/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
-manager: karenhoran
+manager: amycolannino
 ms.reviewer: calebb, oanae
 
 ms.custom: subject-rbac-steps

articles/active-directory/develop/workload-identity-federation.md

@@ -9,9 +9,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 10/31/2022
+ms.date: 02/16/2023
 ms.author: ryanwi
-ms.reviewer: shkhalid, udayh, vakarand
+ms.reviewer: shkhalid, udayh
 ms.custom: aaddev 
 #Customer intent: As a developer, I want to learn about workload identity federation so that I can securely access Azure AD protected resources from external apps and services without needing to manage secrets. 
 ---
@@ -23,6 +23,9 @@ You can use workload identity federation in scenarios such as GitHub Actions, wo
 
 ## Why use workload identity federation?
 
+Watch this video to learn why you would use workload identity federation.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWXamJ]
+
 Typically, a software workload (such as an application, service, script, or container-based application) needs an identity in order to authenticate and access resources or communicate with other services.  When these workloads run on Azure, you can use [managed identities](../managed-identities-azure-resources/overview.md) and the Azure platform manages the credentials for you.  For a software workload running outside of Azure, you need to use application credentials (a secret or certificate) to access Azure AD protected resources (such as Azure, Microsoft Graph, Microsoft 365, or third-party resources).  These credentials pose a security risk and have to be stored securely and rotated regularly. You also run the risk of service downtime if the credentials expire.
 
 You use workload identity federation to configure an Azure AD app registration or [user-assigned managed identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md) to trust tokens from an external identity provider (IdP), such as GitHub.  Once that trust relationship is created, your software workload can exchange trusted tokens from the external IdP for access tokens from Microsoft identity platform.  Your software workload then uses that access token to access the Azure AD protected resources to which the workload has been granted access. This eliminates the maintenance burden of manually managing credentials and eliminates the risk of leaking secrets or having certificates expire.

articles/active-directory/enterprise-users/groups-dynamic-rule-member-of.md

@@ -4,7 +4,7 @@ description: How to create a dynamic membership group that can contain members o
 services: active-directory
 documentationcenter: ''
 author: billmath
-manager: billmath
+manager: amycolannino
 ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity

articles/active-directory/governance/how-to-lifecycle-workflow-sync-attributes.md

@@ -3,7 +3,7 @@ title: 'How to synchronize attributes for Lifecycle workflows'
 description: Describes overview of Lifecycle workflow attributes.
 services: active-directory
 author: owinfreyATL
-manager: billmath
+manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview

articles/active-directory/governance/manage-lifecycle-workflows.md

@@ -4,7 +4,7 @@ description: Learn how to manage user lifecycles with Lifecycle Workflows
 services: active-directory
 documentationcenter: ''
 author: owinfreyATL
-manager: karenhoran
+manager: amycolannino
 editor: markwahl-msft
 ms.service: active-directory
 ms.workload: identity