Skip to content

Commit 58d9162

Browse files
authored
Merge branch 'MicrosoftDocs:main' into cosmos-gremlin-quickstarts
2 parents 6c79a70 + c6be238 commit 58d9162

File tree

139 files changed

+3080
-3171
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

139 files changed

+3080
-3171
lines changed

.openpublishing.publish.config.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1223,6 +1223,7 @@
12231223
"articles/virtual-machines/.openpublishing.redirection.virtual-machines.json",
12241224
"articles/dev-box/.openpublishing.redirection.dev-box.json",
12251225
"articles/deployment-environments/.openpublishing.redirection.deployment-environments.json",
1226-
"articles/network-watcher/.openpublishing.redirection.network-watcher.json"
1226+
"articles/network-watcher/.openpublishing.redirection.network-watcher.json",
1227+
"articles/route-server/.openpublishing.redirection.route-server.json"
12271228
]
12281229
}

.openpublishing.redirection.json

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,6 @@
2020
"redirect_URL": "tutorial-assess-webapps",
2121
"redirect_document_id": false
2222
},
23-
{
24-
"source_path": "articles/route-server/tutorial-protect-route-server.md",
25-
"redirect_URL": "/azure/route-server/tutorial-protect-route-server-ddos",
26-
"redirect_document_id": false
27-
},
28-
{
29-
"source_path": "articles/route-server/routing-preference.md",
30-
"redirect_url": "/azure/route-server/overview",
31-
"redirect_document_id": false
32-
},
3323
{
3424
"source_path": "articles/cloud-services-extended-support/deploy-visual-studio.md",
3525
"redirect_url": "/visualstudio/azure/cloud-services-extended-support?context=%2Fazure%2Fcloud-services-extended-support%2Fcontext%2Fcontext",

articles/active-directory/authentication/concept-authentication-strengths.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ services: multi-factor-authentication
66
ms.service: active-directory
77
ms.subservice: authentication
88
ms.topic: conceptual
9-
ms.date: 09/14/2023
9+
ms.date: 09/27/2023
1010

1111
ms.author: justinha
1212
author: justinha
@@ -232,7 +232,7 @@ An authentication strength Conditional Access policy works together with [MFA tr
232232

233233
- **Authentication methods that aren't currently supported by authentication strength** - The **Email one-time pass (Guest)** authentication method isn't included in the available combinations.
234234

235-
- **Windows Hello for Business** – If the user signed in with Windows Hello for Business as their primary authentication method, it can be used to satisfy an authentication strength requirement that includes Windows Hello for Business. But if the user signed in with another method like password as their primary authenticating method, and the authentication strength requires Windows Hello for Business, they get prompted to sign in with Windows Hello for Business.
235+
- **Windows Hello for Business** – If the user signed in with Windows Hello for Business as their primary authentication method, it can be used to satisfy an authentication strength requirement that includes Windows Hello for Business. However, if the user signed in with another method like password as their primary authenticating method, and the authentication strength requires Windows Hello for Business, they aren't prompted to sign in with Windows Hello for Business. The user needs to restart the session, choose **Sign-in options**, and select a method required by the authentication strength.
236236

237237

238238
## Known isssues

articles/active-directory/authentication/howto-mfa-userdevicesettings.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -92,9 +92,7 @@ If you're assigned the *Authentication Administrator* role, you can require user
9292
1. Browse to **Identity** > **Users** > **All users**.
9393
1. Choose the user you wish to perform an action on and select **Authentication methods**. At the top of the window, then choose one of the following options for the user:
9494
- **Reset Password** resets the user's password and assigns a temporary password that must be changed on the next sign-in.
95-
- **Require Re-register MFA** makes it so that when the user signs in next time, they're requested to set up a new MFA authentication method.
96-
> [!NOTE]
97-
> The user's currently registered authentication methods aren't deleted when an admin requires re-registration for MFA. After a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.
95+
- **Require Re-register MFA** deactivates the user's hardware OATH tokens and deletes the following authentication methods from this user: phone numbers, Microsoft Authenticator apps and software OATH tokens. If needed, the user is requested to set up a new MFA authentication method the next time they sign in.
9896
- **Revoke MFA Sessions** clears the user's remembered MFA sessions and requires them to perform MFA the next time it's required by the policy on the device.
9997

10098
:::image type="content" source="media/howto-mfa-userdevicesettings/manage-authentication-methods-in-azure.png" alt-text="Manage authentication methods from the Microsoft Entra admin center":::
@@ -119,3 +117,4 @@ To delete a user's app passwords, complete the following steps:
119117
This article showed you how to configure individual user settings. To configure overall Microsoft Entra multifactor authentication service settings, see [Configure Microsoft Entra multifactor authentication settings](howto-mfa-mfasettings.md).
120118

121119
If your users need help, see the [User guide for Microsoft Entra multifactor authentication](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc).
120+

articles/active-directory/authentication/troubleshoot-authentication-strengths.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,12 @@ services: multi-factor-authentication
66
ms.service: active-directory
77
ms.subservice: authentication
88
ms.topic: conceptual
9-
ms.date: 06/02/2023
9+
ms.date: 09/27/2023
1010

1111
ms.author: justinha
1212
author: justinha
1313
manager: amycolannino
14-
ms.reviewer: michmcla, inbarckms
14+
ms.reviewer: inbarckms
1515

1616
ms.collection: M365-identity-device-management
1717
---
@@ -38,7 +38,7 @@ To verify if a method can be used:
3838
1. As needed, check if the tenant is enabled for any method required for the authentication strength. Click **Security** > **Multifactor Authentication** > **Additional cloud-based multifactor authentication settings**.
3939
1. Check which authentication methods are registered for the user in the Authentication methods policy. Click **Users and groups** > _username_ > **Authentication methods**.
4040

41-
If the user is registered for an enabled method that meets the authentication strength, they might need to use another method that isn't available after primary authentication, such as Windows Hello for Business or certificate-based authentication. For more information, see [How each authentication method works](concept-authentication-methods.md#how-each-authentication-method-works). The user needs to restart the session, choose **Sign-in options** , and select a method required by the authentication strength.
41+
If the user is registered for an enabled method that meets the authentication strength, they might need to use another method that isn't available after primary authentication, such as Windows Hello for Business. For more information, see [How each authentication method works](concept-authentication-methods.md#how-each-authentication-method-works). The user needs to restart the session, choose **Sign-in options** , and select a method required by the authentication strength.
4242

4343
:::image type="content" border="true" source="./media/troubleshoot-authentication-strengths/choose-another-method.png" alt-text="Screenshot of how to choose another sign-in method.":::
4444

articles/active-directory/governance/entitlement-management-access-package-assignments.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,28 @@ $policy = $accesspackage.AssignmentPolicies[0]
200200
$req = New-MgBetaEntitlementManagementAccessPackageAssignmentRequest -AccessPackageId $accesspackage.Id -AssignmentPolicyId $policy.Id -TargetEmail "[email protected]"
201201
```
202202

203+
## Configure access assignment as part of a lifecycle workflow
204+
205+
In the Microsoft Entra Lifecycle Workflows feature, you can add a [Request user access package assignment](lifecycle-workflow-tasks.md#request-user-access-package-assignment) task to an onboarding workflow. The task can specify an access package which users should have. When the workflow runs for a user, then an access package assignment request will be created automatically.
206+
207+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a global administrator.
208+
209+
1. Browse to **Identity governance** > **Lifecycle workflows** > **Workflows**.
210+
211+
1. Select an employee onboarding or move workflow.
212+
213+
1. Select **Tasks** and select **Add task**.
214+
215+
1. Select **Request user access package assignment** and select **Add**.
216+
217+
1. Select the newly added task.
218+
219+
1. Select **Select Access package**, and choose the access package that new or moving users should be assigned to.
220+
221+
1. Select **Select Policy**, and choose the access package assignment policy in that access package.
222+
223+
1. Select **Save**.
224+
203225
## Remove an assignment
204226

205227
You can remove an assignment that a user or an administrator had previously requested.
@@ -245,6 +267,26 @@ if ($assignment -ne $null) {
245267
}
246268
```
247269

270+
## Configure assignment removal as part of a lifecycle workflow
271+
272+
In the Microsoft Entra Lifecycle Workflows feature, you can add a [Remove access package assignment for user](lifecycle-workflow-tasks.md#remove-access-package-assignment-for-user) task to an offboarding workflow. That task can specify an access package the user might be assigned to. When the workflow runs for a user, then their access package assignment will be removed automatically.
273+
274+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a global administrator.
275+
276+
1. Browse to **Identity governance** > **Lifecycle workflows** > **Workflows**.
277+
278+
1. Select an employee offboarding workflow.
279+
280+
1. Select **Tasks** and select **Add task**.
281+
282+
1. Select **Remove access package assignment for user** and select **Add**.
283+
284+
1. Select the newly added task.
285+
286+
1. Select **Select Access packages**, and choose one or more access packages that users being offboarded should be removed from.
287+
288+
1. Select **Save**.
289+
248290
## Next steps
249291

250292
- [Change request and settings for an access package](entitlement-management-access-package-request-policy.md)

articles/active-directory/governance/entitlement-management-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ You can have policies for users to request access. In these kinds of policies, a
9494
- The approval process and the users that can approve or deny access
9595
- The duration of a user's access assignment, once approved, before the assignment expires
9696

97-
You can also have policies for users to be assigned access, either by an administrator or [automatically](entitlement-management-access-package-auto-assignment-policy.md).
97+
You can also have policies for users to be assigned access, either [by an administrator](entitlement-management-access-package-assignments.md#directly-assign-a-user), [automatically based on rules](entitlement-management-access-package-auto-assignment-policy.md), or through lifecycle workflows.
9898

9999
The following diagram shows an example of the different elements in entitlement management. It shows one catalog with two example access packages.
100100

articles/active-directory/governance/entitlement-management-scenarios.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,20 @@ There are several ways that you can configure entitlement management for your or
4747

4848
## Govern access for users in your organization
4949

50-
### Administrator: Assign employees access automatically (preview)
50+
### Administrator: Assign employees access automatically
5151

5252
1. [Create a new access package](entitlement-management-access-package-create.md#start-the-creation-process)
5353
1. [Add groups, Teams, applications, or SharePoint sites to access package](entitlement-management-access-package-create.md#select-resource-roles)
5454
1. [Add an automatic assignment policy](entitlement-management-access-package-auto-assignment-policy.md)
5555

56+
### Administrator: Assign employees access from lifecycle workflows
57+
58+
1. [Create a new access package](entitlement-management-access-package-create.md#start-the-creation-process)
59+
1. [Add groups, Teams, applications, or SharePoint sites to access package](entitlement-management-access-package-create.md#select-resource-roles)
60+
1. [Add a direct assignment policy](entitlement-management-access-package-request-policy.md#none-administrator-direct-assignments-only)
61+
1. Add a task to [Request user access package assignment](lifecycle-workflow-tasks.md#request-user-access-package-assignment) to a workflow when a user joins
62+
1. Add a task to [Remove access package assignment for user](lifecycle-workflow-tasks.md#remove-access-package-assignment-for-user) to a workflow when a user leaves
63+
5664
### Access package manager: Allow employees in your organization to request access to resources
5765

5866
1. [Create a new access package](entitlement-management-access-package-create.md#start-the-creation-process)
@@ -111,7 +119,7 @@ There are several ways that you can configure entitlement management for your or
111119

112120
## Day-to-day management
113121

114-
### Administrator: View the connected organziations that are proposed and configured
122+
### Administrator: View the connected organizations that are proposed and configured
115123

116124
1. [View the list of connected organizations](entitlement-management-organization.md)
117125

articles/application-gateway/overview.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,14 @@ author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: overview
88
ms.custom: mvc
9-
ms.date: 11/15/2022
9+
ms.date: 09/27/2023
1010
ms.author: greglin
1111
#Customer intent: As an IT administrator, I want to learn about Azure Application Gateways and what I can use them for.
1212
---
1313

1414
# What is Azure Application Gateway?
1515

16-
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
16+
Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
1717

1818
Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. For example, you can route traffic based on the incoming URL. So if `/images` is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If `/video` is in the URL, that traffic is routed to another pool that's optimized for videos.
1919

articles/azure-arc/servers/license-extended-security-updates.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: License provisioning guidelines for Extended Security Updates for Windows Server 2012
33
description: Learn about license provisioning guidelines for Extended Security Updates for Windows Server 2012 through Azure Arc.
4-
ms.date: 09/14/2023
4+
ms.date: 09/27/2023
55
ms.topic: conceptual
66
---
77

@@ -37,6 +37,15 @@ An additional scenario (scenario 1, below) is a candidate for VM/Virtual core li
3737
> In all cases, you are required to attest to their conformance with SA or SPLA. There is no exception for these requirements. Software Assurance or an equivalent Server Subscription is required for you to purchase Extended Security Updates on-premises and in hosted environments. You will be able to purchase Extended Security Updates from Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), a Server & Cloud Enrollment (SCE), and Enrollment for Education Solutions (EES). On Azure, you do not need Software Assurance to get free Extended Security Updates, but Software Assurance or Server Subscription is required to take advantage of the Azure Hybrid Benefit.
3838
>
3939
40+
## Cost savings with migration and modernization of workloads
41+
42+
As you migrate and modernize your Windows Server 2012 and Windows 2012 R2 infrastructure through the end of 2023, you can utilize the flexibility of monthly billing with Windows Server 2012 ESUs enabled by Azure Arc for cost savings benefits.
43+
44+
As servers no longer require ESUs because they've been migrated to Azure, Azure VMware Solution (AVS), or Azure Stack HCI (where they’re eligible for free ESUs), or updated to Windows Server 2016 or higher, you can modify the number of cores associated with a license or delete/deactivate licenses. You can also link the license to a new scope of additional servers. See [Programmatically deploy and manage Azure Arc Extended Security Updates licenses](api-extended-security-updates.md) to learn more.
45+
46+
> [!NOTE]
47+
> This process is not automatic; billing is tied to the activated licenses and you are responsible for modifying your provisioned licensing to take advantage of cost savings.
48+
>
4049
## Scenario based examples: Compliant and Cost Effective Licensing
4150

4251
### Scenario 1: Eight modern 32-core hosts (not Windows Server 2012). While each of these hosts are running four 8-core VMs, only one VM on each host is running Windows Server 2012 R2

0 commit comments

Comments
 (0)