Merge pull request #196307 from MicrosoftDocs/main

4/27 AM Publish

Author: huypub

articles/active-directory/fundamentals/secure-external-access-resources.md

@@ -39,7 +39,7 @@ Both methods have significant drawbacks in themselves.
 | Area of concern | Local credentials | Federation |
 |:--------------|:-------------------|:----------------------|
 | Security | - Access continues after external user terminated<br> - Usertype is “member” by default which grants too much default access | - No user level visibility  <br> - Unknown partner security posture|
-| Expense | - Password + Multi-Factor Authentication management<br> - Onboarding process<br> - Identity cleanup<br> - Overhead of running a separate directory | - Small partners cannot afford the infrastructure<br> - Small partners do not have the expertise<br> - Small Partners might only have consumer emails (none IT) |
+| Expense | - Password + Multi-Factor Authentication management<br> - Onboarding process<br> - Identity cleanup<br> - Overhead of running a separate directory | - Small partners cannot afford the infrastructure<br> - Small partners do not have the expertise<br> - Small Partners might only have consumer emails (no IT) |
 | Complexity | - Partner users need to manage an additional set of credentials | - Complexity grows with each new partner<br> - Complexity grows on partners’ side as well |
 
 

articles/active-directory/roles/delegate-by-task.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: roles
 ms.topic: reference
-ms.date: 12/01/2021
+ms.date: 04/26/2022
 ms.author: rolyon
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -318,7 +318,7 @@ You can further restrict permissions by assigning roles at smaller scopes or by
 > | Create named locations | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
 > | Create policies | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
 > | Create terms of use | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
-> | Create VPN connectivity certificate | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
+> | Create VPN connectivity certificate | [Global Administrator](../roles/permissions-reference.md#global-administrator) |   |
 > | Delete classic policy | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
 > | Delete terms of use | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |
 > | Delete VPN connectivity certificate | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |

articles/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial.md

@@ -32,7 +32,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md).
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (e.g. Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
-* [An Atlassian Cloud tenant](https://www.atlassian.com/licensing/cloud)
+* [An Atlassian Cloud tenant](https://www.atlassian.com/licensing/cloud) with an Atlassian Access subscription.
 * A user account in Atlassian Cloud with Admin permissions.
 
 > [!NOTE]

articles/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer.md

@@ -7,7 +7,7 @@ author: barclayn
 manager: karenhoran
 ms.author: barclayn
 ms.topic: tutorial
-ms.date: 04/26/2022
+ms.date: 10/08/2021
 # Customer intent: As an enterprise, we want to enable customers to manage information about themselves by using verifiable credentials.
 
 ---
@@ -46,7 +46,7 @@ The following diagram illustrates the Azure AD Verifiable Credentials architectu
 
 ## Create a storage account
 
-Azure Blob Storage is an object storage solution for the cloud. Azure AD Verifiable Credentials use [Azure Blob Storage](../../storage/blobs/storage-blobs-introduction.md) to store the configuration files when the service is issuing verifiable credentials.
+Azure Blob Storage is an object storage solution for the cloud. Azure AD Verifiable Credentials uses [Azure Blob Storage](../../storage/blobs/storage-blobs-introduction.md) to store the configuration files when the service is issuing verifiable credentials.
 
 Create and configure Blob Storage by following these steps:
 
@@ -59,9 +59,36 @@ Create and configure Blob Storage by following these steps:
 
    ![Screenshot that shows how to create a container.](media/verifiable-credentials-configure-issuer/create-container.png)
 
+## Grant access to the container
+
+After you create your container, grant the signed-in user the correct role assignment so they can access the files in Blob Storage.
+
+1. From the list of containers, select **vc-container**.
+
+1. From the menu, select **Access Control (IAM)**.
+
+1. Select **+ Add,** and then select **Add role assignment**.
+
+     ![Screenshot that shows how to add a new role assignment to the blob container.](media/verifiable-credentials-configure-issuer/add-role-assignment.png)
+
+1. In **Add role assignment**:
+
+    1. For the **Role**, select **Storage Blob Data Reader**.
+
+    1. For the **Assign access to**, select **User, group, or service
+        principal**.
+
+    1. Then, search the account that you're using to perform these steps, and
+        select it.
+
+        ![Screenshot that shows how to set up the new role assignment.](media/verifiable-credentials-configure-issuer/add-role-assignment-container.png)
+
+>[!IMPORTANT]
+>By default, container creators get the owner role assigned. The owner role isn't enough on its own. Your account needs the storage blob data reader role. For more information, see [Use the Azure portal to assign an Azure role for access to blob and queue data](../../storage/blobs/assign-azure-role-data-access.md).
+
 ### Upload the configuration files
 
-Azure AD Verifiable Credentials service uses two JSON configuration files, the rules file and the display file. 
+Azure AD Verifiable Credentials uses two JSON configuration files, the rules file and the display file. 
 
 - The *rules* file describes important properties of verifiable credentials. In particular, it describes the claims that subjects (users) need to provide before a verifiable credential is issued for them. 
 - The *display* file controls the branding of the credential and styling of the claims.
@@ -148,7 +175,7 @@ In this step, you create the verified credential expert card by using Azure AD V
 
     1. For **Subscription**, select your Azure AD subscription where you created Blob Storage.
 
-    1. Under the **Display file**, select **Select display file**. In the Storage accounts section, select **vc-container**. Then select the **VerifiedCredentialExpertDisplay.json** file and select **Select**.
+    1. Under the **Display file**, select **Select display file**. In the Storage accounts section, select **vc-container**. Then select the **VerifiedCredentialExpertDisplay.json** file and click **Select**.
 
     1. Under the **Rules file**, **Select rules file**. In the Storage accounts section, select the **vc-container**. Then select the **VerifiedCredentialExpertRules.json** file, and choose **Select**.
 
@@ -281,7 +308,7 @@ Now you're ready to issue your first verified credential expert card by running
 
      ![Screenshot that shows how to respond to the warning message.](media/verifiable-credentials-configure-issuer/at-risk.png)
 
-1. At the risky website warning, select **Proceed anyways (unsafe)**. You're seeing this warning because your domain isn't linked to your decentralized identifier (DID). To verify your domain, follow the guidance in [Link your domain to your decentralized identifier (DID)](how-to-dnsbind.md). For this tutorial, you can skip the domain registration, and select **Proceed anyways (unsafe).**
+1. At the risky website warning, select **Proceed anyways (unsafe)**. You're seeing this warning because your domain isn't linked to your decentralized identifier (DID). To verify your domain, follow [Link your domain to your decentralized identifier (DID)](how-to-dnsbind.md). For this tutorial, you can skip the domain registration, and select **Proceed anyways (unsafe).**
 
      ![Screenshot that shows how to proceed with the risky warning.](media/verifiable-credentials-configure-issuer/proceed-anyway.png)
 

articles/active-directory/verifiable-credentials/verifiable-credentials-faq.md

@@ -28,7 +28,7 @@ This page contains commonly asked questions about Verifiable Credentials and Dec
 
 ### What is a DID? 
 
-Decentralized Identifers(DIDs) are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company). DIDs exist independently of any external organization or trusted intermediary. [The W3C Decentralized Identifier spec](https://www.w3.org/TR/did-core/) explains this in further detail.
+Decentralized Identifers(DIDs) are unique identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company). DIDs exist independently of any external organization or trusted intermediary. [The W3C Decentralized Identifier spec](https://www.w3.org/TR/did-core/) explains this in further detail.
 
 ### Why do we need a DID?
 
@@ -161,13 +161,6 @@ For the Request API the new scope for your application or Postman is now:
 
 ```3db474b9-6a0c-96ac-1fceb342124f/.default```
 
-#### **5. Clean up configuration**
-
-**Suggested after May 6, 2022**. Once you have confirmed that the Azure AD verifiable credentials service is working normally, you can issue, verify, etc after May 6, 2022 you can proceed to clean up your tenant so that the Azure AD Verifiable Credentials service has only the new service principals.
-
-1. Run the following PowerShell command to connect to your Azure AD tenant. Replace ```<your tenant ID>``` with your Azure AD tenant ID.
-1. Run the following commands in the same PowerShell session. The AppId ```603b8c59-ba28-40ff-83d1-408eee9a93e5``` and ```bbb94529-53a3-4be5-a069-7eaf2712b826``` refer to the previous Verifiable Credentials service principals.
-
 ### How do I reset the Azure AD Verifiable credentials service?
 
 Resetting requires that you opt out and opt back into the Azure Active Directory Verifiable Credentials service, your existing verifiable credentials configurations will reset and your tenant will obtain a new DID to use during issuance and presentation.

articles/active-directory/verifiable-credentials/whats-new.md

@@ -6,7 +6,7 @@ manager: karenhoran
 ms.service: active-directory
 ms.subservice: verifiable-credentials
 ms.topic: reference
-ms.date: 04/26/2022
+ms.date: 04/27/2022
 ms.custom: references_regions
 ms.author: barclayn
 
@@ -20,10 +20,10 @@ This article lists the latest features, improvements, and changes in the Azure A
 
 ## April
 
-From April 25th, 2022 the Verifiable Credentials service is available to more Azure tenants. This important update requires any tenant created prior to April 25, 2022 to make a 15 minutes reconfiguration of the service to ensure ongoing operation. Verifiable Credentials service Administrators must perform the [following steps](verifiable-credentials-faq.md?#updating-the-vc-service-configuration) to avoid service disruptions.
+Verifiable Credentials service Administrators must perform a small configuration change before **May 4, 2022** following [these steps](verifiable-credentials-faq.md?#updating-the-vc-service-configuration) to avoid service disruptions. On May 4, 2022 we'll roll out updates on our service that will result in errors on issuance and presentation on those tenants that haven't applied the changes.
 
 >[!IMPORTANT]
-> When the configuration on your tenant has not been updated, there will be errors on issuance and presentation flows of verifiable credentials from/to your tenant. [Service configuration instructions](verifiable-credentials-faq.md?#updating-the-vc-service-configuration).
+> When the configuration on your tenant has not been updated, . [Service configuration instructions](verifiable-credentials-faq.md?#updating-the-vc-service-configuration).
 
 ## March 2022
 - Azure AD Verifiable Credentials customers can now change the [domain linked](how-to-dnsbind.md) to their DID easily from the Azure portal.

articles/app-service/configure-ssl-bindings.md

@@ -4,7 +4,7 @@ description: Secure HTTPS access to your custom domain by creating a TLS/SSL bin
 tags: buy-ssl-certificates
 
 ms.topic: tutorial
-ms.date: 05/13/2021
+ms.date: 04/27/2022
 ms.reviewer: yutlin
 ms.custom: seodec18
 ---
@@ -154,7 +154,7 @@ Language specific configuration guides, such as the [Linux Node.js configuration
 
 ### Azure CLI
 
-[!code-azurecli[main](../../cli_scripts/app-service/configure-ssl-certificate/configure-ssl-certificate.sh?highlight=3-5 "Bind a custom TLS/SSL certificate to a web app")] 
+[Bind a custom TLS/SSL certificate to a web app](scripts/cli-configure-ssl-certificate.md)
 
 ### PowerShell
 

articles/app-service/configure-ssl-certificate.md

@@ -4,7 +4,7 @@ description: Create a free certificate, import an App Service certificate, impor
 tags: buy-ssl-certificates
 
 ms.topic: tutorial
-ms.date: 05/13/2021
+ms.date: 04/27/2022
 ms.reviewer: yutlin
 ms.custom: seodec18
 ---
@@ -466,7 +466,7 @@ Now you can delete the App Service certificate. From the left navigation, select
 
 ### Azure CLI
 
-[!code-azurecli[main](../../cli_scripts/app-service/configure-ssl-certificate/configure-ssl-certificate.sh?highlight=3-5 "Bind a custom TLS/SSL certificate to a web app")] 
+[Bind a custom TLS/SSL certificate to a web app](scripts/cli-configure-ssl-certificate.md)
 
 ### PowerShell
 

articles/azure-arc/servers/plan-at-scale-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Plan and deploy Azure Arc-enabled servers
 description: Learn how to enable a large number of machines to Azure Arc-enabled servers to simplify configuration of essential security, management, and monitoring capabilities in Azure.
-ms.date: 03/14/2022
+ms.date: 04/27/2022
 ms.topic: how-to
 ---
 
@@ -64,7 +64,7 @@ In this phase, system engineers or administrators enable the core features in th
 | Design and deploy [Azure Monitor Logs](../../azure-monitor/logs/data-platform-logs.md) | Evaluate [design and deployment considerations](../../azure-monitor/logs/design-logs-deployment.md) to determine if your organization should use an existing or implement another Log Analytics workspace to store collected log data from hybrid servers and machines.<sup>1</sup> | One day |
 | [Develop an Azure Policy](../../governance/policy/overview.md) governance plan | Determine how you will implement governance of hybrid servers and machines at the subscription or resource group scope with Azure Policy. | One day |
 | Configure [Role based access control](../../role-based-access-control/overview.md) (RBAC) | Develop an access plan to control who has access to manage Azure Arc-enabled servers and ability to view their data from other Azure services and solutions. | One day |
-| Identify machines with Log Analytics agent already installed | Run the following log query in [Log Analytics](../../azure-monitor/logs/log-analytics-overview.md) to support conversion of existing Log Analytics agent deployments to extension-managed agent:<br> Heartbeat <br> &#124; where TimeGenerated > ago(30d) <br> &#124; where ResourceType == "machines" and (ComputerEnvironment == "Non-Azure") <br> &#124; summarize by Computer, ResourceProvider, ResourceType, ComputerEnvironment | One hour |
+| Identify machines with Log Analytics agent already installed | Run the following log query in [Log Analytics](../../azure-monitor/logs/log-analytics-overview.md) to support conversion of existing Log Analytics agent deployments to extension-managed agent:<br> Heartbeat <br> &#124; summarize arg_max(TimeGenerated, OSType, ResourceId, ComputerEnvironment) by Computer <br> &#124; where ComputerEnvironment == "Non-Azure" and isempty(ResourceId) <br> &#124; project Computer, OSType | One hour |
 
 <sup>1</sup> When evaluating your Log Analytics workspace design, consider integration with Azure Automation in support of its Update Management and Change Tracking and Inventory feature, as well as Microsoft Defender for Cloud and Microsoft Sentinel. If your organization already has an Automation account and enabled its management features linked with a Log Analytics workspace, evaluate whether you can centralize and streamline management operations, as well as minimize cost, by using those existing resources versus creating a duplicate account, workspace, etc.
 

articles/azure-maps/quick-demo-map-app.md

@@ -62,7 +62,7 @@ Once your Azure Maps account is successfully created, retrieve the primary key t
 
 ## Download and update the Azure Maps demo
 
-1. Go to [interactiveSearch.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/interactiveSearch.html). Copy the contents of the file.
+1. Go to [interactiveSearch.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/Samples/Tutorials/Interactive%20Search/Interactive%20Search%20Quickstart.html). Copy the contents of the file.
 2. Save the contents of this file locally as **AzureMapDemo.html**. Open it in a text editor.
 3. Add the **Primary Key** value you got in the preceding section
     1. Comment out all of the code in the `authOptions` function, this code is used for Azure Active Directory authentication.