Merge pull request #213662 from MicrosoftDocs/main

10/04 PM Publish

Author: huypub

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -648,7 +648,7 @@ Returns a substring of the source value. A substring is a string that contains o
 | --- | --- | --- | --- |
 | **source** |Required |String |Usually name of the attribute. |
 | **start** |Required |Integer |Index in the **source** string where substring should start. First character in the string will have index of 1, second character will have index 2, and so on. |
-| **length** |Required |Integer |Length of the substring. If length ends outside the **source** string, function will return substring from **start** index untill end of **source** string. |
+| **length** |Required |Integer |Length of the substring. If length ends outside the **source** string, function will return substring from **start** index until end of **source** string. |
 
 ---
 ### NormalizeDiacritics
@@ -797,7 +797,7 @@ Let's say you are sourcing the attributes *firstName* and *lastName* from SAP Su
 
 ### RandomString
 **Function:** 
-RandomString(Length, MinimumNumbers, MinimumSpecialCharacters , MinimumCapital, MinimumLowerCase, CharactersToAvoid)
+RandomString(Length, MinimumNumbers, MinimumSpecialCharacters, MinimumCapital, MinimumLowerCase, CharactersToAvoid)
 
 **Description:** 
 The RandomString function generates a random string based on the conditions specified. Characters allowed can be identified [here](/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements#reference).
@@ -921,7 +921,7 @@ Then in this case, you can use the following expression in your attribute mappin
 **Example 2:** Using **oldValue** and **template** to insert the source string into another *templatized* string. 
 
 The parameter **oldValue** is a misnomer in this scenario. It is actually the value that will get replaced.  
-Let's say you want to always generate login id in the format `<username>@contoso.com`. There is a source attribute called **UserID** and you want that value to be used for the `<username>` portion of the login id. 
+Let's say you want to always generate login ID in the format `<username>@contoso.com`. There is a source attribute called **UserID** and you want that value to be used for the `<username>` portion of the login ID. 
 Then in this case, you can use the following expression in your attribute mapping. 
 
 `Replace([UserID],"<username>", , , , , "<username>@contoso.com")`
@@ -966,7 +966,7 @@ Then in this case, you can use the following expression in your attribute mappin
 * **replacementValue:** "888"
 * **Expression output:** 888 Tremont Street
 
-Here is another example where the domain suffix from a UPN is replaced with an empty string to generate login id without domain suffix. 
+Here is another example where the domain suffix from a UPN is replaced with an empty string to generate login ID without domain suffix. 
 
 `Replace([userPrincipalName], , "(?<Suffix>@(.)*)", "Suffix", "", , )`
 
@@ -1110,6 +1110,10 @@ When **source** value matches a **key**, returns **value** for that **key**. If
 > Switch function performs a case-sensitive string comparison of the **source** and **key** values. If you'd like to perform a case-insensitive comparison, normalize the **source** string before comparison using a nested ToLower function and ensure that all **key** strings use lowercase. 
 > Example: `Switch(ToLower([statusFlag]), "0", "true", "1", "false", "0")`. In this example, the **source** attribute `statusFlag` may have values ("True" / "true" / "TRUE"). However, the Switch function will always convert it to lowercase string "true" before comparison with **key** parameters. 
 
+> [!CAUTION] 
+> For the **source** parameter, do not use the nested functions IsPresent, IsNull or IsNullOrEmpty. Instead use a literal empty string as one of the key values.   
+> Example: `Switch([statusFlag], "Default Value", "true", "1", "", "0")`. In this example, if the **source** attribute `statusFlag` is empty, the Switch function will return the value 0. 
+
 **Parameters:** 
 
 | Name | Required/ Repeating | Type | Notes |

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -103,8 +103,8 @@ If your organization uses [Azure AD Identity Protection](../identity-protection/
 Risk policies include:
 
 - [Require all users to register for Azure AD Multi-Factor Authentication](../identity-protection/howto-identity-protection-configure-mfa-policy.md)
-- [Require a password change for users that are high-risk](../identity-protection/howto-identity-protection-configure-risk-policies.md#user-risk-with-conditional-access)
-- [Require MFA for users with medium or high sign in risk](../identity-protection/howto-identity-protection-configure-risk-policies.md#sign-in-risk-with-conditional-access)
+- [Require a password change for users that are high-risk](../identity-protection/howto-identity-protection-configure-risk-policies.md#user-risk-policy-in-conditional-access)
+- [Require MFA for users with medium or high sign in risk](../identity-protection/howto-identity-protection-configure-risk-policies.md#sign-in-risk-policy-in-conditional-access)
 
 ### Convert users from per-user MFA to Conditional Access based MFA
 

articles/active-directory/cloud-infrastructure-entitlement-management/all-reports.md

@@ -4,7 +4,8 @@ description: View a list and description of all system reports available in Perm
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: overview
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -4,7 +4,8 @@ description: Frequently asked questions (FAQs) about Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: faq
 ms.date: 04/20/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-role-task.md

@@ -4,7 +4,8 @@ description: How to attach and detach permissions for groups, users, and service
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-attach-detach-permissions.md

@@ -4,7 +4,8 @@ description: How to attach and detach permissions for users, roles, and groups f
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-audit-trail-results.md

@@ -4,7 +4,8 @@ description: How to generate an on-demand report from a query in the **Audit** d
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-clone-role-policy.md

@@ -4,7 +4,8 @@ description: How to clone a role/policy in the Just Enough Permissions (JEP) Con
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-alert-trigger.md

@@ -4,7 +4,8 @@ description: How to create and view activity alerts and alert triggers in Permis
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-approve-privilege-request.md

@@ -4,7 +4,8 @@ description: How to create or approve a request for permissions in the Remediati
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
-ms.service: ciem
+ms.service: active-directory 
+ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
 ms.date: 02/23/2022