Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into alerts-state

Author: AbbyMSFT

.openpublishing.redirection.active-directory.json

@@ -105,6 +105,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/gainsight-tutorial",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/planview-id-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/planview-admin-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/postman-provisioning-tutorialy.md",
       "redirect_url": "/azure/active-directory/saas-apps/postman-provisioning-tutorial",

articles/active-directory/app-provisioning/on-premises-migrate-microsoft-identity-manager.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/20/2022
+ms.date: 09/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -18,8 +18,6 @@ ms.collection: M365-identity-device-management
 
 You can import into the Azure Active Directory (Azure AD) ECMA Connector Host a configuration for a specific connector from a Forefront Identity Manager Synchronization Service or Microsoft Identity Manager Synchronization Service (MIM Sync) installation. The MIM Sync installation is only used for configuration, not for the ongoing synchronization from Azure AD.
 
->[!IMPORTANT]
->Currently, only the generic SQL and LDAP connectors are supported for use with the Azure AD ECMA Connector Host.
 
 ## Create a connector configuration in MIM Sync
 This section is included for illustrative purposes, if you wish to set up MIM Sync with a connector. If you already have MIM Sync with your ECMA connector configured, skip to the next section.

articles/active-directory/architecture/automate-provisioning-to-applications-solutions.md

@@ -91,15 +91,24 @@ In addition to the pre-integrated gallery applications, Azure AD supports provis
 
 [Learn more about provisioning to SCIM enabled applications](../app-provisioning/use-scim-to-provision-users-and-groups.md)
 
-### Automate provisioning to SQL and LDAP based applications
+### Automate provisioning to on-premises applications
 
- Many applications don't support the SCIM standard, and customers have historically used connectors developed for MIM to connect to them. The Azure AD provisioning service supports reusing connectors developed for MIM and provisioning users into applications that rely on an LDAP user store or a SQL database.
+Many applications don't support the SCIM standard, and customers have historically used connectors developed for MIM to connect to them. The Azure AD provisioning service supports reusing connectors built for MIM, without needing a MIM sync deployment. This opens up connectivity to a wide range of on-premises and SaaS applications.
+
+|Protocol |Connector|
+|-----|-----|
+| LDAP | [LDAP](../app-provisioning/on-premises-ldap-connector-configure.md)|
+| SQL  | [SQL](../app-provisioning/tutorial-ecma-sql-connector.md) |
+| REST | [Web Services](../app-provisioning/on-premises-web-services-connector.md)|
+| SOAP | [Web Services](../app-provisioning/on-premises-web-services-connector.md)|
+| Flat-file| [PowerShell](../app-provisioning/on-premises-powershell-connector.md) |
+| Custom | [Custom ECMA connectors](../app-provisioning/on-premises-custom-connector.md) |
 
 [Learn more about on-premises application provisioning](../app-provisioning/user-provisioning.md)
 
 ### Use integrations developed by partners
 
-Many applications may not yet support SCIM or rely on SQL / LDAP databases. Microsoft partners have developed SCIM gateways that allow you to synchronize users between Azure AD and various systems such as mainframes, HR systems, and legacy databases. In the image below, the SCIM Gateways are built and managed by partners.
+Microsoft partners have developed SCIM gateways that allow you to synchronize users between Azure AD and various systems such as mainframes, HR systems, and legacy databases. In the image below, the SCIM Gateways are built and managed by partners.
 
 ![Agent with SCIM gateway](media/automate-user-provisioning-to-applications-solutions/provisioning-agent-with-scim-gateway.png)
 

articles/active-directory/external-identities/customers/how-to-google-federation-customers.md

@@ -87,8 +87,10 @@ To configure Google federation by using PowerShell, follow these steps:
 At this point, the Google identity provider has been set up in your Azure AD, but it's not yet available in any of the sign-in pages. To add the Google identity provider to a user flow:
 
 1. In your customer tenant, browse to **Identity** > **External Identities** > **User flows**.
-1. Select the user flow where you want to add the Facebook identity provider.
-1. Under Settings, select **Identity providers**
+1. Select the user flow where you want to add the Google identity provider.
+
+1. Under Settings, select **Identity providers.**
+
 1. Under **Other Identity Providers**, select **Google**.
 
    <!-- ![Screenshot that shows how to add Google identity provider a user flow.](./media/sign-in-with-google/add-google-idp-to-user-flow.png)-->
@@ -99,3 +101,5 @@ At this point, the Google identity provider has been set up in your Azure AD, bu
 
 - [Add Facebook as an identity provider](how-to-facebook-federation-customers.md)
 - [Customize the branding for customer sign-in experiences](how-to-customize-branding-customers.md)
+
+

articles/active-directory/manage-apps/cloudflare-conditional-access-policies.md

@@ -26,7 +26,7 @@ Learn more: [What is Conditional Access?](../conditional-access/overview.md)
   * If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/)
 * An Azure AD tenant linked to the Azure AD subscription
   * See, [Quickstart: Create a new tenant in Azure AD](../fundamentals/create-new-tenant.md)
-* Global Administrator permissions
+* One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
 * Configured users in the Azure AD subscription  
 * A Cloudflare account
   * Go to dash.cloudflare.com to [Get started with Cloudflare](https://dash.cloudflare.com/sign-up?https%3A%2F%2Fone.dash.cloudflare.com%2F)
@@ -48,16 +48,15 @@ Go to developers.cloudflare.com to [set up Azure AD as an IdP](https://developer
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Select **Azure Active Directory**.
-3. Under **Manage**, select **App registrations**.
-4. Select the application you created.
-5. Go to **Branding & properties**.
-6. For **Home page URL**, enter the application hostname.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+2. Browse to **Identity** > **Applications** > **App registrations** > **All applications**
+3. Select the application you created.
+4. Go to **Branding & properties**.
+5. For **Home page URL**, enter the application hostname.
 
    ![Screenshot of options and entries for branding and properties.](./media/cloudflare-conditional-access-policies/branding-properties.png)
 
-7. Under **Manage**, select **Enterprise applications**.
+7. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
 8. Select your application.
 9. Select **Properties**.
 10. For **Visible to users**, select **Yes**. This action enables the app to appear in App Launcher and in [My Apps](https://myapplications.microsoft.com/).

articles/active-directory/manage-apps/datawiza-sso-oracle-peoplesoft.md

@@ -152,10 +152,10 @@ To provide more security for sign-ins, you can enforce Azure AD Multi-Factor Aut
 
 Learn more: [Tutorial: Secure user sign-in events with Azure AD MFA](../authentication/tutorial-enable-azure-mfa.md)
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator.
-2. Select **Azure Active Directory** > **Manage** > **Properties**.
-3. Under **Properties**, select **Manage security defaults**.
-4. Under **Enable Security defaults**, select **Yes**
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+2. Browse to **Identity** > **Overview** > **Properties** tab.
+3. Under **Security defaults**, select **Manage security defaults**.
+4. On the **Security defaults** pane, toggle the dropdown menu to select **Enabled**.
 5. Select **Save**.
 
 ## Enable SSO in the Oracle PeopleSoft console

articles/active-directory/manage-apps/f5-big-ip-kerberos-easy-button.md

@@ -23,7 +23,7 @@ Integrating a BIG-IP with Azure Active Directory (Azure AD) provides many benefi
 * Improved governance: See, [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/) and learn more about Azure AD pre-authentication. 
 * Enforce organizational policies. See [What is Conditional Access?](../conditional-access/overview.md).
 * Full SSO between Azure AD and BIG-IP published services
-* Manage identities and access from a single control plane, the [Azure portal](https://portal.azure.com)
+* Manage identities and access from a single control plane, the [Microsoft Entra admin center](https://entra.microsoft.com).
 
 To learn more about benefits, see the article on [F5 BIG-IP and Azure AD integration](./f5-integration.md).
 
@@ -71,7 +71,7 @@ Prior BIG-IP experience isn't necessary, but you need:
     * F5 BIG-IP APM add-on license on a BIG-IP F5 BIG-IP® Local Traffic Manager™ (LTM)
     * 90-day BIG-IP [Free Trial](https://www.f5.com/trial/big-ip-trial.php) license
 * User identities [synchronized](../hybrid/connect/how-to-connect-sync-whatis.md) from an on-premises directory to Azure AD, or created in Azure AD and flowed back to your on-premises directory
-* An account with Azure AD Application Admin [permissions](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#application-administrator)
+* One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
 * An [SSL Web certificate](./f5-bigip-deployment-guide.md) for publishing services over HTTPS, or use the default BIG-IP certificates while testing
 * A Kerberos application, or go to active-directory-wp.com to learn to configure [SSO with IIS on Windows](https://active-directory-wp.com/docs/Networking/Single_Sign_On/SSO_with_IIS_on_Windows.html).
 
@@ -88,13 +88,12 @@ This tutorial covers the latest Guided Configuration 16.1 with an Easy Button te
 
 Before a client or service can access Microsoft Graph, it must be trusted by the [Microsoft identity platform.](../develop/quickstart-register-app.md). This action creates a tenant app registration to authorize Easy Button access to Graph. Through these permissions, the BIG-IP pushes the configurations to establish a trust between a SAML SP instance for published application, and Azure AD as the SAML IdP.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using an account with Application Admin permissions.
-2. From the left navigation pane, select the **Azure Active Directory** service.
-3. Under Manage, select **App registrations > New registration**.
-4. Enter a display name for your application. For example, F5 BIG-IP Easy Button.
-5. Specify who can use the application > **Accounts in this organizational directory only**.
-6. Select **Register**.
-7. Navigate to **API permissions** and authorize the following Microsoft Graph **Application permissions**:
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+2. Browse to **Identity** > **Applications** > **App registrations > New registration**.
+3. Enter a display name for your application. For example, F5 BIG-IP Easy Button.
+4. Specify who can use the application > **Accounts in this organizational directory only**.
+5. Select **Register**.
+6. Navigate to **API permissions** and authorize the following Microsoft Graph **Application permissions**:
 
    * Application.Read.All
    * Application.ReadWrite.All

articles/active-directory/manage-apps/f5-big-ip-oracle-peoplesoft-easy-button.md

@@ -24,7 +24,7 @@ Integrate BIG-IP with Azure AD for many benefits:
   * See, [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)  
   * See, [What is Conditional Access?](../conditional-access/overview.md)
 * Single sign-on (SSO) between Azure AD and BIG-IP published services
-* Manage identities and access from the [Azure portal](https://portal.azure.com)
+* Manage identities and access from the [Microsoft Entra admin center](https://entra.microsoft.com)
 
 Learn more: 
 
@@ -75,8 +75,7 @@ For this scenario, SHA supports SP- and IdP-initiated flows. The following diagr
     * 90-day BIG-IP full feature [trial license](https://www.f5.com/trial/big-ip-trial.php)
 * User identities synchronized from an on-premises directory to Azure AD, or created in Azure AD and flowed back to the on-premises directory
   * See, [Azure AD Connect sync: Understand and customize synchronization](../hybrid/connect/how-to-connect-sync-whatis.md)
-* An account with Azure AD Application Admin permissions
-  * See, [Azure AD built-in roles](../roles/permissions-reference.md)
+* One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
 * An SSL Web certificate to publish services over HTTPS, or use default BIG-IP certs for testing
   * See, [Deploy F5 BIG-IP Virtual Edition VM in Azure](./f5-bigip-deployment-guide.md)
 * A PeopleSoft environment
@@ -100,14 +99,13 @@ Learn more: [Quickstart: Register an application with the Microsoft identity pla
 
 The following instructions help you create a tenant app registration to authorize Easy Button access to Graph. With these permissions, the BIG-IP pushes the configurations to establish a trust between a SAML SP instance for published application, and Azure AD as the SAML IdP.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with Application Administrative permissions.
-2. From the left navigation pane, select the **Azure Active Directory** service.
-3. Under **Manage**, select **App registrations > New registration**.
-4. Enter an application **Name**.
-5. For **Accounts in this organizational directory only**, specify who uses the application.
-6. Select **Register**. 
-7. Navigate to **API permissions**.
-8. Authorize the following Microsoft Graph **Application permissions**:
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+2. Browse to **Identity** > **Applications** > **App registrations > New registration**.
+3. Enter an application **Name**.
+4. For **Accounts in this organizational directory only**, specify who uses the application.
+5. Select **Register**. 
+6. Navigate to **API permissions**.
+7. Authorize the following Microsoft Graph **Application permissions**:
 
    * Application.ReadWrite.All
    * Application.ReadWrite.OwnedBy

articles/active-directory/manage-apps/f5-passwordless-vpn.md

@@ -24,7 +24,7 @@ Enabling a BIG-IP SSL-VPN for Azure AD single sign-on (SSO) provides many benefi
 - Improved Zero trust governance through Azure AD pre-authentication and Conditional Access.
   - [What is Conditional Access?](../conditional-access/overview.md)
 - [Passwordless authentication](https://www.microsoft.com/security/business/identity/passwordless) to the VPN service
-- Manage identities and access from a single control plane, the [Azure portal](https://azure.microsoft.com/features/azure-portal/)
+- Manage identities and access from a single control plane, the [Microsoft Entra admin center](https://entra.microsoft.com)
 
 To learn about more benefits, see 
 
@@ -50,31 +50,28 @@ Prior experience or knowledge of F5 BIG-IP isn't necessary, however, you'll need
 - An Azure AD subscription
   -  If you don't have one, you can get an [Azure free account](https://azure.microsoft.com/trial/get-started-active-directory/) or above
 - User identities [synchronized from their on-premises directory](../hybrid/connect/how-to-connect-sync-whatis.md) to Azure AD.
-- An account with Azure AD application admin [permissions](../roles/permissions-reference.md#application-administrator)
+- One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
 - BIG-IP infrastructure with client traffic routing to and from the BIG-IP 
   - Or [deploy a BIG-IP Virtual Edition into Azure](f5-bigip-deployment-guide.md)
 - A record for the BIG-IP published VPN service in public DNS
   - Or a test client localhost file while testing
 - The BIG-IP provisioned with the needed SSL certificates for publishing services over HTTPS
 
 To improve the tutorial experience, you can learn industry-standard terminology on the F5 BIG-IP [Glossary](https://www.f5.com/services/resources/glossary).
-
->[!NOTE]
->Some instructions might vary slightly from the Azure portal. 
+ 
 
 ## Add F5 BIG-IP from the Azure AD gallery
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
 Set up a SAML federation trust between the BIG-IP to allow the Azure AD BIG-IP to hand off the pre-authentication and [Conditional Access](../conditional-access/overview.md) to Azure AD, before it grants access to the published VPN service.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with application admin rights.
-2. From the left navigation pane, select the **Azure Active Directory service**.
-3. Go to **Enterprise Applications** and from the top ribbon select **New application**.
-4. In the gallery, search for F5 and select **F5 BIG-IP APM Azure AD integration**.
-5. Enter a name for the application.
-6. Select **Add** then **Create**. 
-7. The name, as an icon, appears in the Azure portal and Office 365 portal. 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+2. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**, then select **New application**.
+3. In the gallery, search for F5 and select **F5 BIG-IP APM Azure AD integration**.
+4. Enter a name for the application.
+5. Select **Add** then **Create**. 
+6. The name, as an icon, appears in the Microsoft Entra admin center and Office 365 portal. 
 
 ## Configure Azure AD SSO