Merge pull request #251102 from MicrosoftDocs/main

Publish to live, Tuesday 4 AM PST, 9/12

Author: ttorble

.openpublishing.redirection.active-directory.json

@@ -105,6 +105,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/gainsight-tutorial",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/planview-id-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/planview-admin-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/postman-provisioning-tutorialy.md",
       "redirect_url": "/azure/active-directory/saas-apps/postman-provisioning-tutorial",

.openpublishing.redirection.json

@@ -14855,47 +14855,47 @@
         {
             "source_path_from_root": "/articles/scheduler/scheduler-intro.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-advanced-complexity.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-concepts-terms.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-powershell-reference.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-plans-billing.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-limits-defaults-errors.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-high-availability-reliability.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/scheduler-outbound-authentication.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/scheduler/get-started-portal.md",
             "redirect_url": "/azure/scheduler/migrate-from-scheduler-to-logic-apps",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/search/semantic-ranking.md",
@@ -17100,7 +17100,7 @@
         {
             "source_path_from_root": "/articles/service-fabric/service-fabric-deploy-multiple-apps.md",
             "redirect_url": "/azure/service-fabric/service-fabric-deploy-existing-app",
-            "redirect_document_id": ""
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/service-fabric/service-fabric-automate-powershell.md",
@@ -23820,27 +23820,27 @@
         {
             "source_path_from_root": "/articles/aks/managed-cluster-snapshot.md",
             "redirect_url": "/azure/aks/intro-kubernetes",
-            "redirect_document_id": "false"
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-arc/servers/onboard-group-policy-service-principal-encryption.md",
             "redirect_url": "/azure/azure-arc/servers/onboard-group-policy-powershell",
-            "redirect_document_id": "false"
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-arc/servers/onboard-group-policy.md",
             "redirect_url": "/azure/azure-arc/servers/onboard-group-policy-powershell",
-            "redirect_document_id": "false"
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-arc/kubernetes/plan-at-scale-deployment.md",
             "redirect_url": "/azure/azure-arc/kubernetes/overview",
-            "redirect_document_id": "false"
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-arc/kubernetes/tutorial-workload-management.md",
             "redirect_url": "/azure/azure-arc/kubernetes/workload-management",
-            "redirect_document_id": "true"
+            "redirect_document_id": true
         },
         {
           "source_path": "articles/azure-cache-for-redis/redis-cache-insights-overview.md",
@@ -23850,7 +23850,7 @@
         {
             "source_path_from_root": "/articles/aks/uptime-sla.md",
             "redirect_url": "/azure/aks/free-standard-pricing-tiers",
-            "redirect_document_id": "false"
+            "redirect_document_id": false
         },
         {
           "source_path": "articles/dotnet-develop-multitenant-applications.md",

articles/active-directory/architecture/auth-sync-overview.md

@@ -42,7 +42,7 @@ The following table presents authentication Azure AD integration with legacy aut
 | [LDAP authentication](auth-ldap.md)| ![check mark](./media/authentication-patterns/check.png)| | |  |
 | [OAuth 2.0 authentication](auth-oauth2.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [OIDC authentication](auth-oidc.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
-| [Password based SSO authentication](auth-password-based-sso.md )| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
+| [Password based SSO authentication](auth-password-based-sso.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [RADIUS authentication]( auth-radius.md)| ![check mark](./media/authentication-patterns/check.png)| | ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [Remote Desktop Gateway services](auth-remote-desktop-gateway.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [Secure Shell (SSH)](auth-ssh.md) |  ![check mark](./media/authentication-patterns/check.png)| | ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |

articles/active-directory/external-identities/customers/samples-ciam-all.md

@@ -61,7 +61,7 @@ These samples and how-to guides demonstrate how to write a browserless applicati
 > [!div class="mx-tdCol2BreakAll"]
 > | Language/<br/>Platform | Code sample guide | Build and integrate guide  |
 > | ------- | -------- | ------------- | 
-> | JavaScript, Node | &#8226; [Sign in users](./sample-browserless-app-node-sign-in.md)   | &#8226; [Sign in users](how-to-browserless-app-node-sign-in-overview.md )   |
+> | JavaScript, Node | &#8226; [Sign in users](./sample-browserless-app-node-sign-in.md)   | &#8226; [Sign in users](how-to-browserless-app-node-sign-in-overview.md)   |
 > | .NET | &#8226; [Sign in users](./sample-browserless-app-dotnet-sign-in.md)  | &#8226; [Sign in users](./tutorial-browserless-app-dotnet-sign-in-prepare-tenant.md)   |
 
 
@@ -149,7 +149,7 @@ These samples and how-to guides demonstrate how to write a daemon application th
 > [!div class="mx-tdCol2BreakAll"]
 > | App type | Code sample guide | Build and integrate guide  |
 > | ------- | -------- | ------------- |
-> | Browserless | &#8226; [Sign in users](./sample-browserless-app-node-sign-in.md)   | &#8226; [Sign in users](how-to-browserless-app-node-sign-in-overview.md )   |
+> | Browserless | &#8226; [Sign in users](./sample-browserless-app-node-sign-in.md)   | &#8226; [Sign in users](how-to-browserless-app-node-sign-in-overview.md)   |
 > | Daemon | &#8226; [Call an API](./sample-daemon-node-call-api.md) |  &#8226; [Call an API](./tutorial-daemon-node-call-api-prepare-tenant.md)  |
 
 

articles/active-directory/external-identities/tenant-restrictions-v2.md

@@ -46,7 +46,7 @@ While [tenant restrictions v1](../manage-apps/tenant-restrictions.md) provide au
 
 In your organization's [cross-tenant access settings](cross-tenant-access-overview.md), you can configure a tenant restrictions v2 policy. After you create the policy, there are three ways to apply the policy in your organization.
 
-- **Universal tenant restrictions v2**. This option provides both authentication plane and data plane protection without a corporate proxy. [Universal tenant restrictions](https://learn.microsoft.com/azure/global-secure-access/how-to-universal-tenant-restrictions) use Global Secure Access (preview) to tag all traffic no matter the operating system, browser, or device form factor. It allows support for both client and remote network connectivity.
+- **Universal tenant restrictions v2**. This option provides both authentication plane and data plane protection without a corporate proxy. [Universal tenant restrictions](/azure/global-secure-access/how-to-universal-tenant-restrictions) use Global Secure Access (preview) to tag all traffic no matter the operating system, browser, or device form factor. It allows support for both client and remote network connectivity.
 - **Authentication plane tenant restrictions v2**. You can deploy a corporate proxy in your organization and [configure the proxy to set tenant restrictions v2 signals](#option-2-set-up-tenant-restrictions-v2-on-your-corporate-proxy) on all traffic to Microsoft Entra and Microsoft Accounts (MSA).
 - **Windows tenant restrictions v2**. For your corporate-owned Windows devices, you can enforce both authentication plane and data plane protection by enforcing tenant restrictions directly on devices. Tenant restrictions are enforced upon resource access, providing data path coverage and protection against token infiltration. A corporate proxy isn't required for policy enforcement. Devices can be Azure AD managed or domain-joined devices that are managed via Group Policy.
 
@@ -341,7 +341,7 @@ There are three options for enforcing tenant restrictions v2 for clients:
 
 ### Option 1: Universal tenant restrictions v2 as part of Microsoft Entra Global Secure Access (preview)
 
-Universal tenant restrictions v2 as part of [Microsoft Entra Global Secure Access](https://learn.microsoft.com/azure/global-secure-access/overview-what-is-global-secure-access) is recommended because it provides authentication and data plane protection for all devices and platforms. This option provides more protection against sophisticated attempts to bypasses authentication. For example, attackers might try to allow anonymous access to a malicious tenant’s apps, such as anonymous meeting join in Teams. Or, attackers might attempt to import to your organizational device an access token lifted from a device in the malicious tenant. Universal tenant restrictions v2 prevents these attacks by sending tenant restrictions v2 signals on the authentication plane (Microsoft Entra and Microsoft Account) and data plane (Microsoft cloud applications).
+Universal tenant restrictions v2 as part of [Microsoft Entra Global Secure Access](/azure/global-secure-access/overview-what-is-global-secure-access) is recommended because it provides authentication and data plane protection for all devices and platforms. This option provides more protection against sophisticated attempts to bypasses authentication. For example, attackers might try to allow anonymous access to a malicious tenant’s apps, such as anonymous meeting join in Teams. Or, attackers might attempt to import to your organizational device an access token lifted from a device in the malicious tenant. Universal tenant restrictions v2 prevents these attacks by sending tenant restrictions v2 signals on the authentication plane (Microsoft Entra and Microsoft Account) and data plane (Microsoft cloud applications).
 
 ### Option 2: Set up tenant restrictions v2 on your corporate proxy
 

articles/active-directory/governance/entitlement-management-access-package-request-policy.md

@@ -48,8 +48,7 @@ In addition to policies for users to request access, you can also have policies
 | I want some users to request access and other users to be assigned access by an administrator | Two |
 | I want some users in my organization to receive access automatically, other users in my organization to be able to request, and other users to be assigned access by an administrator | Three |
 
-For information about the priority logic that is used when multiple policies apply, see [Multiple policies](entitlement-management-troubleshoot.md#multiple-policies
-).
+For information about the priority logic that is used when multiple policies apply, see [Multiple policies](entitlement-management-troubleshoot.md#multiple-policies).
 
 ## Open an existing access package and add a new policy with different request settings
 
@@ -131,7 +130,7 @@ Follow these steps if you want to allow users not in your directory to request t
     | --- | --- |
     | **Specific connected organizations** | Choose this option if you want to select from a list of organizations that your administrator previously added. All users from the selected organizations can request this access package. |
     | **All configured connected organizations** | Choose this option if all users from all your configured connected organizations can request this access package. Only users from configured connected organizations can request access packages, so if a user is not from an Azure AD tenant, domain or identity provider associated with an existing connected organization, they will not be able to request. |
-    | **All users (All connected organizations + any new external users)** | Choose this option if any user on the internet should be able to request this access package.  If they don’t belong to a connected organization in your directory, a connected organization will automatically be created for them when they request the package. The automatically created connected organization will be in a **proposed** state. For more information about the proposed state, see [State property of connected organizations](entitlement-management-organization.md#state-property-of-connected-organizations). |
+    | **All users (All connected organizations + any new external users)** | Choose this option if any user on the internet should be able to request this access package.  If they don't belong to a connected organization in your directory, a connected organization will automatically be created for them when they request the package. The automatically created connected organization will be in a **proposed** state. For more information about the proposed state, see [State property of connected organizations](entitlement-management-organization.md#state-property-of-connected-organizations). |
 
 
 1. If you selected **Specific connected organizations**, click **Add directories** to select from a list of connected organizations that your administrator previously added.
@@ -234,36 +233,36 @@ Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All"
 $apid = "cdd5f06b-752a-4c9f-97a6-82f4eda6c76d"
 
 $params = @{
-	displayName = "New Policy"
-	description = "policy for assignment"
-	allowedTargetScope = "notSpecified"
-	specificAllowedTargets = @(
-	)
-	expiration = @{
-		endDateTime = $null
-		duration = $null
-		type = "noExpiration"
-	}
-	requestorSettings = @{
-		enableTargetsToSelfAddAccess = $false
-		enableTargetsToSelfUpdateAccess = $false
-		enableTargetsToSelfRemoveAccess = $false
-		allowCustomAssignmentSchedule = $true
-		enableOnBehalfRequestorsToAddAccess = $false
-		enableOnBehalfRequestorsToUpdateAccess = $false
-		enableOnBehalfRequestorsToRemoveAccess = $false
-		onBehalfRequestors = @(
-		)
-	}
-	requestApprovalSettings = @{
-		isApprovalRequiredForAdd = $false
-		isApprovalRequiredForUpdate = $false
-		stages = @(
-		)
-	}
-	accessPackage = @{
-		id = $apid
-	}
+    displayName = "New Policy"
+    description = "policy for assignment"
+    allowedTargetScope = "notSpecified"
+    specificAllowedTargets = @(
+    )
+    expiration = @{
+        endDateTime = $null
+        duration = $null
+        type = "noExpiration"
+    }
+    requestorSettings = @{
+        enableTargetsToSelfAddAccess = $false
+        enableTargetsToSelfUpdateAccess = $false
+        enableTargetsToSelfRemoveAccess = $false
+        allowCustomAssignmentSchedule = $true
+        enableOnBehalfRequestorsToAddAccess = $false
+        enableOnBehalfRequestorsToUpdateAccess = $false
+        enableOnBehalfRequestorsToRemoveAccess = $false
+        onBehalfRequestors = @(
+        )
+    }
+    requestApprovalSettings = @{
+        isApprovalRequiredForAdd = $false
+        isApprovalRequiredForUpdate = $false
+        stages = @(
+        )
+    }
+    accessPackage = @{
+        id = $apid
+    }
 }
 
 New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params

articles/active-directory/governance/entitlement-management-logs-and-reporting.md

@@ -123,8 +123,7 @@ Make sure you, the user or service principal that will authenticate to Azure AD,
 
 To set the role assignment and create a query, do the following steps:
 
-1. In the Azure portal, locate the [Log Analytics workspace](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces
-).
+1. In the Azure portal, locate the [Log Analytics workspace](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces).
 
 1. Select **Access Control (IAM)**.
 

articles/active-directory/governance/identity-governance-organizational-roles.md

@@ -80,7 +80,7 @@ You can [extend the Azure AD schema](../app-provisioning/user-provisioning-sync-
 
 ### Create catalogs for delegation
 
-If the ongoing maintenance of roles is delegated, then you can delegate the administration of access packages by [creating a catalog](entitlement-management-catalog-create.md ) for each part of the organization you'll be delegating to.
+If the ongoing maintenance of roles is delegated, then you can delegate the administration of access packages by [creating a catalog](entitlement-management-catalog-create.md) for each part of the organization you'll be delegating to.
 
 If you have multiple catalogs to create, you can use a PowerShell script to [create each catalog](entitlement-management-catalog-create.md#create-a-catalog-with-powershell).