Merge pull request #189453 from MicrosoftDocs/main

Merge Main to Live, 4 AM

Author: PMEds28

.openpublishing.redirection.azure-monitor.json

@@ -19,6 +19,11 @@
             "source_path_from_root": "/articles/azure-monitor/insights/service-bus-insights.md",
             "redirect_url": "/azure/service-bus-messaging/service-bus-insights",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/agents/data-collection-rule-overview.md",
+            "redirect_url": "/azure/azure-monitor/essentials/data-collection-rule-overview",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -39494,11 +39494,6 @@
       "redirect_url": "/azure/azure-monitor/agents/data-sources-windows-events",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/azure-monitor/platform/data-collection-rule-overview.md",
-      "redirect_url": "/azure/azure-monitor/agents/data-collection-rule-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path_from_root": "/articles/azure-monitor/platform/data-sources.md",
       "redirect_url": "/azure/azure-monitor/agents/data-sources",

articles/active-directory-b2c/customize-ui-with-html.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/14/2021
+ms.date: 02/23/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -55,13 +55,15 @@ Instead of creating your custom page content from scratch, you can customize Azu
 
 The following table lists the default page content provided by Azure AD B2C. Download the files and use them as a starting point for creating your own custom pages.
 
-| Default page | Description | Content definition ID<br/>(custom policy only) |
+| Page | Description | Templates |
 |:-----------------------|:--------|-------------|
-| [exception.html](https://login.microsoftonline.com/static/tenant/default/exception.cshtml) | **Error page**. This page is displayed when an exception or an error is encountered. | *api.error* |
-| [selfasserted.html](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) |  **Self-Asserted page**. Use this file as a custom page content for a social account sign-up page, a local account sign-up page, a local account sign-in page, password reset, and more. The form can contain various input controls, such as: a text input box, a password entry box, a radio button, single-select drop-down boxes, and multi-select check boxes. | *api.localaccountsignin*, *api.localaccountsignup*, *api.localaccountpasswordreset*, *api.selfasserted* |
-| [multifactor-1.0.0.html](https://login.microsoftonline.com/static/tenant/default/multifactor-1.0.0.cshtml) | **Multi-factor authentication page**. On this page, users can verify their phone numbers (by using text or voice) during sign-up or sign-in. | *api.phonefactor* |
-| [updateprofile.html](https://login.microsoftonline.com/static/tenant/default/updateProfile.cshtml) | **Profile update page**. This page contains a form that users can access to update their profile. This page is similar to the social account sign-up page, except for the password entry fields. | *api.selfasserted.profileupdate* |
-| [unified.html](https://login.microsoftonline.com/static/tenant/default/unified.cshtml) | **Unified sign-up or sign-in page**. This page handles the user sign-up and sign-in process. Users can use enterprise identity providers, social identity providers such as Facebook or Google+, or local accounts. | *api.signuporsignin* |
+| Unified sign-up or sign-in | This page handles the user sign-up and sign-in process. Users can use enterprise identity providers, social identity providers such as Facebook, Microsoft account, or local accounts. | [Classic](https://login.microsoftonline.com/static/tenant/default/unified.cshtml), [Ocean Blue](https://login.microsoftonline.com/static/tenant/templates/AzureBlue/unified.cshtml), and [Slate Gray](https://login.microsoftonline.com/static/tenant/templates/MSA/unified.cshtml). |
+| Sign-in (only)| The sign-in page is also known as the *Identity provider selection*. It handles the user sign-in with local account, or federated identity providers. Use this page to allow sign-in without the ability to sign-up. For example before user can edit their profile. | [Classic](https://login.microsoftonline.com/static/tenant/default/idpSelector.cshtml), [Ocean Blue](https://login.microsoftonline.com/static/tenant/templates/AzureBlue/idpSelector.cshtml), and [Slate Gray](https://login.microsoftonline.com/static/tenant/templates/MSA/idpSelector.cshtml).
+| Self-Asserted | Most interactions in Azure AD B2C where the user is expected to provide input are self-asserted. For example, a sign-up page, sign-in page, or password reset page. Use this template as a custom page content for a social account sign-up page, a local account sign-up page, a local account sign-in page, password reset, edit profile, block page and more. The self-asserted page can contain various input controls, such as: a text input box, a password entry box, a radio button, single-select drop-down boxes, and multi-select check boxes. | [Classic](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml), [Ocean Blue](https://login.microsoftonline.com/static/tenant/templates/AzureBlue/selfAsserted.cshtml), and [Slate Gray](https://login.microsoftonline.com/static/tenant/templates/MSA/selfAsserted.cshtml).  |
+|  Multi-factor authentication |  On this page, users can verify their phone numbers (by using text or voice) during sign-up or sign-in. | [Classic](https://login.microsoftonline.com/static/tenant/default/multifactor-1.0.0.cshtml), [Ocean Blue](https://login.microsoftonline.com/static/tenant/templates/AzureBlue/multifactor-1.0.0.cshtml), and [Slate Gray](https://login.microsoftonline.com/static/tenant/templates/MSA/multifactor-1.0.0.cshtml). |
+| Error | This page is displayed when an exception or an error is encountered. | [Classic](https://login.microsoftonline.com/static/tenant/default/exception.cshtml), [Ocean Blue](https://login.microsoftonline.com/static/tenant/templates/AzureBlue/exception.cshtml), and [Slate Gray](https://login.microsoftonline.com/static/tenant/templates/MSA/exception.cshtml). |
+
+
 
 ## Hosting the page content
 
@@ -89,7 +91,7 @@ When using your own HTML and CSS files to customize the UI, host your UI content
 
 You localize your HTML content by enabling [language customization](language-customization.md) in your Azure AD B2C tenant. Enabling this feature allows Azure AD B2C to set the HTML page language attribute and pass the OpenID Connect parameter `ui_locales` to your endpoint.
 
-#### Single-template approach
+### Single-template approach
 
 During page load, Azure AD B2C sets the HTML page language attribute with the current language. For example, `<html lang="en">`. To render different styles per the current language, use the CSS `:lang` selector along with your CSS definition.
 
@@ -223,6 +225,7 @@ To host your HTML content in Blob storage, perform the following steps:
 1. **Redundancy** can remain **Geo-redundant storage (GRS)**
 1. Select **Review + create** and wait a few seconds for Azure AD to run a validation. 
 1. Select **Create** to create the storage account. After the deployment is completed, the storage account page opens automatically or select **Go to resource**.
+
 #### 2.1 Create a container
 
 To create a public container in Blob storage, perform the following steps:
@@ -445,4 +448,4 @@ To use [company branding](customize-ui.md#configure-company-branding) assets in
 
 ## Next steps
 
-Learn how to enable [client-side JavaScript code](javascript-and-page-layout.md).
+Learn how to enable [client-side JavaScript code](javascript-and-page-layout.md).

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-all-reports.md

@@ -40,12 +40,14 @@ This article provides you with a list and description of the system reports avai
 
 | Report name                | Type of the report                | File format              | Description               | Availability                | Collated report?                 |
 |----------------------------|-----------------------------------|--------------------------|---------------------------| ----------------------------|----------------------------------|
-| Access Key Entitlement and Usage Report                | Summary </p>Detailed                | CSV                 | This report displays: </p> - Access key age, last rotation date, and last usage date availability in the summary report. Use this report to decide when to rotate access keys. </p> - Granted task and Permissions creep index (PCI) score. This report provides supporting information when you want to take the action on the keys.                | AWS</p>Azure                 | Yes      |
+| Access Key Entitlements and Usage Report                | Summary </p>Detailed                | CSV                 | This report displays: </p> - Access key age, last rotation date, and last usage date availability in the summary report. Use this report to decide when to rotate access keys. </p> - Granted task and Permissions creep index (PCI) score. This report provides supporting information when you want to take the action on the keys.                | AWS</p>Azure</p>GCP                 | Yes      |
 | All Permissions for Identity                 | Detailed                 | CSV                | This report lists all the assigned permissions for the selected identities.                | Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)            | N/A      |
 | Group Entitlements and Usage       | Summary                | CSV                | This report tracks all group level entitlements and the permission assignment, PCI. The number of members is also listed as part of this report.                 | AWS, Azure, or GCP                 | Yes      |
 | Identity Permissions                 | Summary                | CSV                 | This report tracks any, or specific, task usage per **User**, **Group**, **Role**, or **App**.                 | AWS, Azure, or GCP                 | No      |
-| Identity Privilege Activity Report                | Summary                | PDF                | This report helps monitor the **Identity Privilege** related activity across the authorized systems. It captures any Identity permission change. </p>This report has the following main sections: **User Summary**, **Group Summary**, **Role Summary & Delete Task Summary**. </p>The **User Summary** lists the current granted permissions along with high-risk permissions and resources accessed in 1-day, 7-day, or 30-days durations. There are subsections for newly added or deleted users, users with PCI change, high-risk active/inactive users. </p>The **Group Summary** lists the administrator level groups with the current granted permissions along with high-risk permissions and resources accessed in 1-day, 7-day, or 30-day durations. There are subsections for newly added or deleted groups, groups with PCI change, High-risk active/inactive groups. </p>The **Role Summary** and the **Group Summary** list similar details. </p>The **Delete Task** summary section lists the number of times the **Delete Task** has been executed in the given period.                | AWS, Azure, or GCP                 | No      |
+| NIST 800-53                 | Detailed </p>Summary </p>Dashboard                | CSV </p>PDF                | **Dashboard**: This report helps track the overall progress of the NIST 800-53 benchmark. It lists the percentage passing, overall pass or fail of test control along with the breakup of L1/L2 per Auth system. </p>**Summary**: For each authorized system, this report lists the test control pass or fail per authorized system and the number of resources evaluated for each test control. </p>**Detailed**: This report helps auditors and administrators to track the resource level pass or fail per test control.                | AWS, Azure, or GCP                | Yes      |
+| PCI DSS                | Detailed </p>Summary </p>Dashboard                 | CSV                 | **Dashboard**: This report helps track the overall progress of the PCI-DSS benchmark. It lists the percentage passing, overall pass or fail of test control along with the breakup of L1/L2 per Auth system. </p>**Summary**: For each authorized system, this report lists the test control pass or fail per authorized system and the number of resources evaluated for each test control. </p>**Detailed**: This report helps auditors and administrators to track the resource level pass or fail per test control.                | AWS, Azure, or GCP                | Yes      |
 | PCI History                 | Summary                 | CSV                 | This report helps track **Monthly PCI History** for each authorized system. It can be used to plot the trend of the PCI.                 | AWS, Azure, or GCP                 | Yes      |
+| Permissions Analytics Report (PAR) | Summary | PDF | This report helps monitor the **Identity Privilege** related activity across the authorized systems. It captures any Identity permission change. </p>This report has the following main sections: **User Summary**, **Group Summary**, **Role Summary & Delete Task Summary**. </p>The **User Summary** lists the current granted permissions along with high-risk permissions and resources accessed in 1-day, 7-day, or 30-days durations. There are subsections for newly added or deleted users, users with PCI change, high-risk active/inactive users. </p>The **Group Summary** lists the administrator level groups with the current granted permissions along with high-risk permissions and resources accessed in 1-day, 7-day, or 30-day durations. There are subsections for newly added or deleted groups, groups with PCI change, High-risk active/inactive groups. </p>The **Role Summary** and the **Group Summary** list similar details. </p>The **Delete Task** summary section lists the number of times the **Delete Task** has been executed in the given period. | AWS, Azure, or GCP | No |
 | Permissions Analytics Report (PAR)  |     Detailed                 | CSV                 | This report lists the different key findings in the selected authorized systems. The key findings include **Super identities**, **Inactive identities**, **Over-provisioned active identities**, **Storage bucket hygiene**, **Access key age (AWS)**, and so on. </p>This report helps administrators to visualize the findings across the organization and make decisions.                	| AWS, Azure, or GCP                | Yes      |
 | Role/Policy Details                 | Summary                 | CSV                | This report captures **Assigned/Unassigned** and **Custom/system policy with used/unused condition** for specific or all AWS accounts. </p>Similar data can be captured for Azure and GCP for assigned and unassigned roles.                | AWS, Azure, or GCP                 | No      |
 | User Entitlements and Usage     | Detailed <p>Summary                 | CSV                 | This report provides a summary and details of **User entitlements and usage**. </p>**Data displayed on Usage Analytics** screen is downloaded as part of the **Summary** report. </p>**Detailed permissions usage per User** is listed in the Detailed report.                 | AWS, Azure, or GCP                | Yes      |

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-howto-create-alert-trigger.md

@@ -20,17 +20,17 @@ ms.author: v-ydequadros
 
 This article describes how you can create and view activity alerts and alert triggers in CloudKnox Permissions Management (CloudKnox).
 
-## Create an activity trigger
-
-1. In the CloudKnox home page, select **Activity triggers** (the bell icon).
-1. In the **Activity** tab, select **Create alert trigger**.
-1. In **Alert name**, enter a name for your activity trigger.
-1. In **Authorization system type**, select your authorization system: Amazon Web Services (**AWS**), Microsoft **Azure**, or Google Cloud Platform (**GCP**).
-1. In **Authorization system**, select **Is** or **In**, and then select one or more accounts and folders from the **List** and **Folders** options.
-1. From the **Select a type** dropdown, select: **Access key ID**, **Identity tag key**, **Identity tag key value**, **Resource name**, **Resource tag key** or **Resource tag key value**.
+## Create an activity alert trigger
+
+1. In the CloudKnox home page, select **Activity Triggers** (the bell icon).
+1. In the **Activity** tab, select **Create Activity Trigger**.
+1. In the **Alert Name** box, enter a name for your alert.
+1. In **Authorization System Type**, select your authorization system: Amazon Web Services (**AWS**), Microsoft **Azure**, or Google Cloud Platform (**GCP**).
+1. In **Authorization System**, select **Is** or **In**, and then select one or more accounts and folders.
+1. From the **Select a Type** dropdown, select: **Access Key ID**, **Identity Tag Key**, **Identity Tag Key Value**, **Resource Name**, **Resource Tag Key**,  **Resource Tag Key Value**, **Role Name**, **Role Session Name**, **State**, **Task Name**, or **Username**.
 1. From the **Operator** dropdown, select an option:
 
-    - **Is**/**Is Not**: Select in the value field to view a list of all available usernames. You can either select or enter the required username.
+    - **Is**/**Is Not**: Select in the value field to view a list of all available values. You can either select or enter the required value.
     - **Contains**/**Not Contains**: Enter any text that the query parameter should or shouldn't contain, for example *CloudKnox*.
     - **In**/**Not In**: Select in the value field to view list of all available values. Select the required multiple values.
 
@@ -42,17 +42,17 @@ This article describes how you can create and view activity alerts and alert tri
 
     A message displays to confirm your activity trigger has been created.
 
-    The **Triggers** table in the **Alert triggers** subtab displays your alert.
+    The **Triggers** table in the **Alert Triggers** subtab displays your alert trigger.
 
 ## View an activity alert
 
-1. In the CloudKnox home page, select **Activity triggers** (the bell icon).
+1. In the CloudKnox home page, select **Activity Triggers** (the bell icon).
 1. In the **Activity** tab, select the **Alerts** subtab.
-1. From the **Alert name** dropdown, select an alert.
+1. From the **Alert Name** dropdown, select an alert.
 1. From the **Date** dropdown, select **Last 24 Hours**, **Last 2 Days**, **Last Week**, or **Custom Range**.
 
     If you select **Custom range**, select date and time settings, and then select **Apply**.
-1. To run the alert, select **Apply**.
+1. To view the alert, select **Apply**
 
     The **Alerts** table displays information about your alert.
 
@@ -110,4 +110,4 @@ This article describes how you can create and view activity alerts and alert tri
 - For an overview on activity triggers, see [View information about activity triggers](cloudknox-ui-triggers.md).
 - For information on rule-based anomalies and anomaly triggers, see [Create and view rule-based anomalies and anomaly triggers](cloudknox-product-rule-based-anomalies.md).
 - For information on finding outliers in identity's behavior, see [Create and view statistical anomalies and anomaly triggers](cloudknox-product-statistical-anomalies.md).
-- For information on permission analytics triggers, see [Create and view permission analytics triggers](cloudknox-product-permission-analytics.md).
+- For information on permission analytics triggers, see [Create and view permission analytics triggers](cloudknox-product-permission-analytics.md).

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-howto-create-group-based-permissions.md

@@ -20,6 +20,8 @@ ms.author: v-ydequadros
 
 This article describes how you can create  and manage group-based permissions in CloudKnox Permissions Management (CloudKnox) with the User management dashboard.
 
+[!NOTE] The CloudKnox Administrator for all authorization systems will be able to create the new group based permissions.
+
 ## Select administrative permissions settings for a group
 
 1. To display the **User Management** dashboard, select **User** (your initials) in the upper right of the screen, and then select **User Management**.