Merge pull request #211197 from MicrosoftDocs/main

9/14 PM Publish

Author: huypub

.openpublishing.redirection.defender-for-cloud.json

@@ -710,6 +710,11 @@
             "redirect_url": "/azure/defender-for-cloud/defender-for-containers-usage",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/file-integrity-monitoring-usage.md",
+            "redirect_url": "/azure/defender-for-cloud/file-integrity-monitoring-enable-log-analytics",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/release-notes.md#auto-deployment-of-azure-monitor-agent-preview",
             "redirect_url": "/azure/defender-for-cloud/release-notes#azure-monitor-agent-integration-now-in-preview",

articles/active-directory/governance/TOC.yml

@@ -233,12 +233,14 @@
 - name: Reference
   expanded: true
   items:
+  - name: Identity Governance - PowerShell
+    href: /powershell/module/microsoft.graph.identity.governance/?view=graph-powershell-beta
   - name: Access reviews - Microsoft Graph API
     href: /graph/api/resources/accessreviewsv2-overview
   - name: Entitlement management - Microsoft Graph API
     href: /graph/api/resources/entitlementmanagement-overview
   - name: Lifecycle Workflows - Microsoft Graph API
-    href: /graph/api/resources/identitygovernance-lifecycleworkflows-overview?view=graph-rest-beta
+    href: /graph/api/resources/identitygovernance-lifecycleworkflows-overview
   - name: Lifecycle Workflows - FAQs (Preview)
     href: workflows-faqs.md  
   - name: Developer API reference Lifecycle Workflows- Azure Active Directory

articles/active-directory/hybrid/howto-troubleshoot-upn-changes.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: hybrid
 ms.topic: how-to
-ms.date: 03/13/2020
+ms.date: 09/13/2022
 
 ms.author: gasinh
 author: gargi-sinha
@@ -165,6 +165,17 @@ The user will need to [re-enroll](/windows/security/identity-protection/hello-fo
 Windows 7 and 8.1 devices are not affected by this issue after UPN changes.
 
 
+## Mobile Application Management (MAM) app protection policies known issues and workarounds
+
+**Known Issues**
+
+Your organization may use [MAM app protection policies](https://docs.microsoft.com/mem/intune/apps/app-protection-policy) to protect corporate data in apps on end users' devices.
+MAM app protection policies are currently not resiliant to UPN changes. UPN changes can break the connection between existing MAM enrollments and active users in MAM integrated applications, resulting in undefined behavior. This could leave data in an unprotected state.
+
+**Work Around**
+
+IT admins should [issue a selective wipe](https://docs.microsoft.com/mem/intune/apps/apps-selective-wipe) to impacted users following UPN changes. This will force impacted end users to reauthenticate and reenroll with their new UPNs.
+
 ## Microsoft Authenticator known issues and workarounds
 
 Your organization might require the use of the [Microsoft Authenticator app](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) to sign in and access organizational applications and data. Although a username might appear in the app, the account isn't set up to function as a verification method until the user completes the registration process.

articles/active-directory/identity-protection/howto-identity-protection-graph-api.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: identity-protection
 ms.topic: how-to
-ms.date: 08/23/2022
+ms.date: 09/13/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -21,24 +21,30 @@ Microsoft Graph is the Microsoft unified API endpoint and the home of [Azure Act
 
 To successfully complete this tutorial, make sure you have the required prerequisites:
 
-- Microsoft Graph PowerShell SDK is installed. Follow the [installation guide](/powershell/microsoftgraph/installation?view=graph-powershell-1.0) for more info on how to do this.
+- Microsoft Graph PowerShell SDK is installed. For more information, see the article [Install the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true).
 - Identity Protection is available in the beta version of Microsoft Graph PowerShell. Run the following command to set your profile to beta.
+
    ```powershell
    # Connect to Graph beta Endpoint
    Select-MgProfile -Name 'beta'
    ```
+
 - Microsoft Graph PowerShell using a global administrator role and the appropriate permissions. The IdentityRiskEvent.Read.All, IdentityRiskyUser.ReadWrite.All Or IdentityRiskyUser.ReadWrite.All delegated permissions are required. To set the permissions to IdentityRiskEvent.Read.All and IdentityRiskyUser.ReadWrite.All, run:
+
    ```powershell
    Connect-MgGraph -Scopes "IdentityRiskEvent.Read.All","IdentityRiskyUser.ReadWrite.All"
    ```
 
-Or, if you use app-only authentication, you may follow this [guide](/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=azure-portal). To register an application with the required application permissions, prepare a certificate and run:
+If you use app-only authentication, see the article [Use app-only authentication with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=azure-portal&preserve-view=true). To register an application with the required application permissions, prepare a certificate and run:
+
 ```powershell
 Connect-MgGraph -ClientID YOUR_APP_ID -TenantId YOUR_TENANT_ID -CertificateName YOUR_CERT_SUBJECT ## Or -CertificateThumbprint instead of -CertificateName
 ```
 
 ## List risky detections using PowerShell
+
 You can retrieve the risk detections by the properties of a risk detection in Identity Protection.
+
 ```powershell
 # List all anonymizedIPAddress risk detections
 Get-MgRiskDetection -Filter "RiskType eq 'anonymizedIPAddress'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
@@ -47,8 +53,11 @@ Get-MgRiskDetection -Filter "RiskType eq 'anonymizedIPAddress'" | Format-Table U
 Get-MgRiskDetection -Filter "UserDisplayName eq 'User01' and Risklevel eq 'high'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
 
 ```
+
 ## List risky users using PowerShell
+
 You can retrieve the risky users and their risky histories in Identity Protection. 
+
 ```powershell
 # List all high risk users
 Get-MgRiskyUser -Filter "RiskLevel eq 'high'" | Format-Table UserDisplayName, RiskDetail, RiskLevel, RiskLastUpdatedDateTime
@@ -57,20 +66,27 @@ Get-MgRiskyUser -Filter "RiskLevel eq 'high'" | Format-Table UserDisplayName, Ri
 Get-MgRiskyUserHistory -RiskyUserId 375844b0-2026-4265-b9f1-ee1708491e05| Format-Table RiskDetail, RiskLastUpdatedDateTime, @{N="RiskDetection";E={($_). Activity.RiskEventTypes}}, RiskState, UserDisplayName
 
 ```
-## Confirm users compromised using Powershell
+
+## Confirm users compromised using PowerShell
+
 You can confirm users compromised and flag them as high risky users in Identity Protection.
+
 ```powershell
 # Confirm Compromised on two users
 Confirm-MgRiskyUserCompromised -UserIds "577e09c1-5f26-4870-81ab-6d18194cbb51","bf8ba085-af24-418a-b5b2-3fc71f969bf3"
 ```
-## Dimiss risky users using Powershell
+
+## Dismiss risky users using PowerShell
+
 You can bulk dismiss risky users in Identity Protection.
+
 ```powershell
 # Get a list of high risky users which are more than 90 days old
 $riskyUsers= Get-MgRiskyUser -Filter "RiskLevel eq 'high'" | where RiskLastUpdatedDateTime -LT (Get-Date).AddDays(-90)
 # bulk dimmiss the risky users
 Invoke-MgDismissRiskyUser -UserIds $riskyUsers.Id
 ```
+
 ## Next steps
 
 - [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started)

articles/active-directory/reports-monitoring/how-to-view-applied-conditional-access-policies.md

@@ -0,0 +1,145 @@
+---
+
+title: How to view applied conditional access policies in the Azure AD sign-in logs | Microsoft Docs
+description: Learn how to view applied conditional access policies in the Azure AD sign-in logs
+services: active-directory
+documentationcenter: ''
+author: MarkusVi
+manager: amycolannino
+editor: ''
+
+ms.service: active-directory
+ms.topic: how-to
+ms.workload: identity
+ms.subservice: report-monitor
+ms.date: 09/14/2022
+ms.author: markvi
+ms.reviewer: besiler 
+
+ms.collection: M365-identity-device-management
+---
+
+# How to: View applied conditional access policies in the Azure AD sign-in logs
+
+With conditional access policies, you can control, how your users get access to the resources of your Azure tenant. As a tenant admin, you need to be able to determine what impact your conditional access policies have on sign-ins to your tenant, so that you can take action if necessary. The sign-in logs in Azure AD provide you with the information you need to assess the impact of your policies.
+
+  
+This article explains how you can get access to the information about applied conditional access policies. 
+
+
+## What you should know
+
+As an Azure AD administrator, you can use the sign-in logs to:
+
+- Troubleshoot sign in problems
+- Check on feature performance
+- Evaluate security of a tenant
+
+Some scenarios require you to get an understanding for how your conditional access policies were applied to a sign-in event. Common examples include:
+
+- **Helpdesk administrators** who need to look at applied conditional access policies to understand if a policy is the root cause of a ticket opened by a user. 
+
+- **Tenant administrators** who need to verify that conditional access policies have the intended impact on the users of a tenant.
+
+
+You can access the sign-in logs using the Azure portal, MS Graph, and PowerShell.  
+
+
+
+## Required administrator roles 
+
+
+To see applied conditional access policies in the sign-in logs, administrators must have permissions to:  
+
+- View sign-in logs 
+- View conditional access policies
+
+The least privileged built-in role that grants both permissions is the **Security Reader**. As a best practice, your global administrator should add the **Security Reader** role to the related administrator accounts. 
+
+
+The following built in roles grant permissions to read conditional access policies:
+
+- Global Administrator 
+
+- Global Reader 
+
+- Security Administrator 
+
+- Security Reader 
+
+- Conditional Access Administrator 
+
+
+The following built in roles grant permission to view sign-in logs: 
+
+- Global Administrator 
+
+- Security Administrator 
+
+- Security Reader 
+
+- Global Reader 
+
+- Reports Reader 
+
+
+## Permissions for client apps 
+
+If you use a client app to pull sign-in logs from Graph, your app needs permissions to receive the **appliedConditionalAccessPolicy** resource from Graph. As a best practice, assign **Policy.Read.ConditionalAccess** because it's the least privileged permission. Any of the following permissions is sufficient for a client app to access applied CA policies in sign-in logs through Graph: 
+
+- Policy.Read.ConditionalAccess 
+
+- Policy.ReadWrite.ConditionalAccess 
+
+- Policy.Read.All 
+
+ 
+
+## Permissions for PowerShell 
+
+Like any other client app, the Microsoft Graph PowerShell module needs client permissions to access applied conditional access policies in the sign-in logs. To successfully pull applied conditional access in the sign-in logs, you must consent to the necessary permissions with your administrator account for MS Graph PowerShell. As a best practice, consent to:
+
+- Policy.Read.ConditionalAccess
+- AuditLog.Read.All 
+- Directory.Read.All 
+
+These permissions are the least privileged permissions with the necessary access. 
+
+To consent to the necessary permissions, use: 
+
+` Connect-MgGraph -Scopes Policy.Read.ConditionalAccess, AuditLog.Read.All, Directory.Read.All `
+
+To view the sign-in logs, use: 
+
+`Get-MgAuditLogSignIn `
+
+The output of this cmdlet contains a **AppliedConditionalAccessPolicies** property that shows all the conditional access policies applied to the sign-in. 
+
+For more information about this cmdlet, see [Get-MgAuditLogSignIn](https://docs.microsoft.com/powershell/module/microsoft.graph.reports/get-mgauditlogsignin?view=graph-powershell-1.0).
+
+The AzureAD Graph PowerShell module doesn't support viewing applied conditional access policies; only the Microsoft Graph PowerShell module returns applied conditional access policies.  
+
+## Confirming access 
+
+In the **Conditional Access** tab, you see a list of conditional access policies applied to that sign-in event.  
+
+
+To confirm that you have admin access to view applied conditional access policies in the sign-ins logs, do: 
+
+1. Navigate to the Azure portal. 
+
+2. In the top-right corner, select your directory, and then select **Azure Active Directory** in the left navigation pane. 
+
+3. In the **Monitoring** section, select **Sign-in logs**. 
+
+4. Click an item in the sign-in row table to bring up the Activity Details: Sign-ins context pane.  
+
+5. Click on the Conditional Access tab in the context pane. If your screen is small, you may need to click the ellipsis […] to see all context pane tabs.  
+
+
+
+
+## Next steps
+
+* [Sign-ins error codes reference](./concept-sign-ins.md)
+* [Sign-ins report overview](concept-sign-ins.md)

articles/active-directory/reports-monitoring/toc.yml

@@ -63,18 +63,20 @@
     items:
     - name: Access activity logs
       href: howto-access-activity-logs.md
+    - name: Configure prerequisites for Reporting API
+      href: howto-configure-prerequisites-for-reporting-api.md
     - name: Download logs
       href: howto-download-logs.md
-    - name: Manage inactive user accounts in Azure AD
-      href: howto-manage-inactive-user-accounts.md
     - name: Find activity reports
       href: howto-find-activity-reports.md
+    - name: Manage inactive user accounts in Azure AD
+      href: howto-manage-inactive-user-accounts.md
     - name: Troubleshoot sign-in errors for a user
       href: howto-troubleshoot-sign-in-errors.md
-    - name: Configure prerequisites for Reporting API
-      href: howto-configure-prerequisites-for-reporting-api.md
-    - name: How to use Azure AD workbooks
+    - name: Use Azure AD workbooks
       href: howto-use-azure-monitor-workbooks.md
+    - name: View applied conditional access policies
+      href: how-to-view-applied-conditional-access-policies.md
 
   - name: Monitoring
     items:
@@ -125,6 +127,7 @@
     href: reports-faq.yml
   - name: Sign-in log schema
     href: reference-azure-monitor-sign-ins-log-schema.md
+
 - name: Workbooks
   items:
     - name: Authentication prompts analysis
@@ -139,6 +142,7 @@
       href: workbook-risk-analysis.md
     - name: Sensitive Operations Report 
       href: workbook-sensitive-operations-report.md
+
 - name: Recommendations
   items:
     - name: Convert to conditional access MFA