Merge pull request #230843 from MicrosoftDocs/release-workload-identities

Release workload identities--scheduled release ASAP

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -160,6 +160,46 @@
       "redirect_url": "/azure/active-directory/develop/workload-identity-federation-create-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identities-overview.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identities-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identities-faqs.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identities-faqs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation-create-trust.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-create-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-create-trust-user-assigned-managed-identity",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-create-trust-gcp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation-block-using-azure-policy.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-block-using-azure-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/workload-identity-federation-considerations.md",
+      "redirect_url": "/azure/active-directory/workload-identities/workload-identity-federation-considerations",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/develop/active-directory-v2-limitations.md",
       "redirect_url": "/azure/active-directory/develop/v2-overview",

articles/active-directory/conditional-access/concept-continuous-access-evaluation-workload.md

@@ -4,7 +4,7 @@ description: Respond to changes to applications with continuous access evaluatio
 
 services: active-directory
 ms.service: active-directory
-ms.subservice: conditional-access
+ms.subservice: workload-identities
 ms.topic: conceptual
 ms.date: 07/22/2022
 

articles/active-directory/conditional-access/workload-identity.md

@@ -4,7 +4,7 @@ description: Protecting workload identities with Conditional Access policies
 
 services: active-directory
 ms.service: active-directory
-ms.subservice: conditional-access
+ms.subservice: workload-identities
 ms.topic: how-to
 ms.date: 01/05/2023
 
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 Conditional Access policies have historically applied only to users when they access apps and services like SharePoint online or the Azure portal. We're now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability Conditional Access for workload identities. 
 
-A [workload identity](../develop/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
+A [workload identity](../workload-identities/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
 
 - Can’t perform multifactor authentication.
 - Often have no formal lifecycle process.

articles/active-directory/develop/TOC.yml

@@ -62,9 +62,7 @@
         - name: Application model
           href: application-model.md
         - name: Workload identities
-          href: workload-identities-overview.md
-        - name: Workload identities FAQs
-          href: workload-identities-faqs.md
+          href: ../workload-identities/workload-identities-overview.md
         - name: Applications and service principals
           href: app-objects-and-service-principals.md
         - name: How and why apps are added to Azure AD
@@ -162,16 +160,6 @@
               href: howto-handle-samesite-cookie-changes-chrome-browser.md
     - name: Connect
       items:
-        - name: Workload identity federation
-          href: workload-identity-federation.md
-        - name: Configure an app to trust an external identity provider
-          href: workload-identity-federation-create-trust.md
-        - name: Configure a managed identity to trust an external identity provider
-          href: workload-identity-federation-create-trust-user-assigned-managed-identity.md
-        - name: Access identity platform-protected resources from GCP
-          href: workload-identity-federation-create-trust-gcp.md
-        - name: Block creation of federated credentials
-          href: workload-identity-federation-block-using-azure-policy.md
         - name: Exchange AD FS SAML for Microsoft Graph access token
           displayName: exchange, swap, SAML token, OAuth token
           href: v2-saml-bearer-assertion.md
@@ -804,9 +792,7 @@
             - name: Signing key rollover
               href: active-directory-signing-key-rollover.md
             - name: UserInfo endpoint (OIDC)
-              href: userinfo.md
-            - name: Federated identity credentials considerations and limitations
-              href: workload-identity-federation-considerations.md
+              href: userinfo.md            
         - name: SAML 2.0
           items:
             - name: How Azure AD uses the SAML protocol

articles/active-directory/develop/workload-identities-overview.md

@@ -4,7 +4,7 @@ description: Workload identity risk in Azure Active Directory Identity Protectio
 
 services: active-directory
 ms.service: active-directory
-ms.subservice: identity-protection
+ms.subservice: workload-identities
 ms.topic: conceptual
 ms.date: 11/10/2022
 
@@ -16,7 +16,7 @@ ms.reviewer: etbasser
 ms.collection: M365-identity-device-management
 ---
 
-# Securing workload identities with Identity Protection
+# Securing workload identities
 
 Azure AD Identity Protection has historically protected users in detecting, investigating, and remediating identity-based risks. We're now extending these capabilities to workload identities to protect applications and service principals.
 

articles/active-directory/identity-protection/concept-workload-identity-risk.md

@@ -0,0 +1,43 @@
+- name: Microsoft Entra Workload Identities documentation
+  href: index.yml
+- name: Overview
+  expanded: true
+  items:
+  - name: What are workload identities?
+    href: workload-identities-overview.md
+  - name: Workload identities FAQs
+    href: workload-identities-faqs.md
+- name: Concepts
+  items:
+      - name: Applications and service principals
+        href: ../develop/app-objects-and-service-principals.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json     
+      - name: Managed identities
+        href: ../managed-identities-azure-resources/overview.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+      - name: Workload identity federation
+        href: workload-identity-federation.md
+      - name: Securing workload identities
+        href: ../identity-protection/concept-workload-identity-risk.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+      - name: Conditional Access for workload identities
+        href: ../conditional-access/workload-identity.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+      - name: Conditional access evaluation for workload identities
+        href: ../conditional-access/concept-continuous-access-evaluation-workload.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+- name: How-to guides
+  items:
+  - name: Connect workloads without managing secrets
+    items:
+      - name: Configure an app to trust an external identity provider
+        href: workload-identity-federation-create-trust.md
+      - name: Configure a managed identity to trust an external identity provider
+        href: workload-identity-federation-create-trust-user-assigned-managed-identity.md
+      - name: Access identity platform-protected resources from GCP
+        href: workload-identity-federation-create-trust-gcp.md
+      - name: Block creation of federated credentials
+        href: workload-identity-federation-block-using-azure-policy.md
+  - name: Create an access review
+    href: ../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  - name: Manage custom security attributes for an app
+    href: ../manage-apps/custom-security-attributes-apps.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  - name: Reference
+    items:
+    - name: Federated identity credentials considerations and limitations
+      href: workload-identity-federation-considerations.md

articles/active-directory/workload-identities/TOC.yml

@@ -0,0 +1,25 @@
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:
+  - name: Active Directory
+    tocHref: /azure/active-directory/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/develop/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/managed-identities-azure-resources/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/identity-protection/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/conditional-access/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/privileged-identity-management/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /azure/active-directory/manage-apps/
+    topicHref: /azure/active-directory/index

articles/active-directory/workload-identities/breadcrumb/toc.yml

@@ -0,0 +1,82 @@
+### YamlMime:Landing
+
+title: Microsoft Entra Workload Identities documentation
+summary: Microsoft Entra Workload Identities helps you manage and secure identities for digital workloads, such as apps and services.
+
+metadata: 
+  author: rwike77
+  description: "Learn how to manage and help secure identities for digital workloads, such as apps and services."
+  manager: celested
+  ms.author: ryanwi
+  ms.date: 03/02/2023
+  ms.service: active-directory
+  ms.subservice: workload-identities
+  ms.topic: landing-page
+  services: active-directory
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent: 
+  # Card
+  - title: About workload identities
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What are workload identities?
+            url: workload-identities-overview.md
+          - text: Frequently asked questions about license plans
+            url: workload-identities-faqs.md
+  # Card
+  - title: Secure risky workload identities
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Secure workload identities
+            url: ../identity-protection/concept-workload-identity-risk.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  # Card
+  - title: Connect workloads without managing secrets
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is workload identity federation?
+            url: workload-identity-federation.md
+      - linkListType: video
+        links:
+          - text: Learn why you would use workload identity federation
+            url: https://www.microsoft.com/en-us/videoplayer/embed/RWXamJ
+      - linkListType: how-to-guide
+        links:
+          - text: Configure an app to trust an external identity provider
+            url: workload-identity-federation-create-trust.md
+          - text: Configure a managed identity to trust an external identity provider
+            url: workload-identity-federation-create-trust-user-assigned-managed-identity.md
+  # Card
+  - title: Apply Conditional Access policies to service principals
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Conditional Access for workload identities
+            url: ../conditional-access/workload-identity.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  # Card
+  - title: Enable real-time enforcement of Conditional Access location and risk policies
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Continuous access evaluation for workload identities
+            url: ../conditional-access/concept-continuous-access-evaluation-workload.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  # Card
+  - title: Contain threats and reduce risk to workload identities
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Identity Protection
+            url: ../identity-protection/concept-workload-identity-risk.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  # Card
+  - title: Review service principals and applications privileged directory roles
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Access reviews for service principals
+            url: ../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json)
+
+