Skip to content

Commit 7c4dff8

Browse files
authored
Merge pull request #206943 from MicrosoftDocs/main
8/04 AM Publish
2 parents 7e5ffef + b327e8f commit 7c4dff8

File tree

622 files changed

+5046
-3151
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

622 files changed

+5046
-3151
lines changed

articles/active-directory-b2c/force-password-reset.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: how-to
12-
ms.date: 01/24/2022
12+
ms.date: 08/04/2022
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
zone_pivot_groups: b2c-policy-type
@@ -98,15 +98,18 @@ Get the example of the force password reset policy on [GitHub](https://github.co
9898

9999
## Force password reset on next login
100100

101-
To force reset the password on next login, update the account password profile using MS Graph [Update user](/graph/api/user-update) operation. The following example updates the password profile [forceChangePasswordNextSignIn](user-profile-attributes.md#password-profile-property) attribute to `true`, which forces the user to reset the password on next login.
101+
To force reset the password on next login, update the account password profile using MS Graph [Update user](/graph/api/user-update) operation. To do this, you need to assign your [Microsoft Graph application](microsoft-graph-get-started.md) the [User administrator](../active-directory/roles/permissions-reference.md#user-administrator) role. Follow the steps in [Grant user administrator role](microsoft-graph-get-started.md?tabs=app-reg-ga#optional-grant-user-administrator-role) to assign your Microsoft Graph application a User administrator role.
102+
103+
The following example updates the password profile [forceChangePasswordNextSignIn](user-profile-attributes.md#password-profile-property) attribute to `true`, which forces the user to reset the password on next login.
102104

103105
```http
104106
PATCH https://graph.microsoft.com/v1.0/users/<user-object-ID>
105107
Content-type: application/json
106108
107109
{
108-
"passwordProfile": {
109-
"forceChangePasswordNextSignIn": true
110+
"passwordProfile": {
111+
"forceChangePasswordNextSignIn": true
112+
}
110113
}
111114
```
112115

articles/active-directory/fundamentals/road-to-the-cloud-migrate.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -221,8 +221,7 @@ Use the following table to determine what Azure-based tools you use to replace t
221221

222222
More tools and notes:
223223

224-
* [Azure Arc](https://azure.microsoft.com/services/azure-arc/) enables above Azure features to non-Azure VMs. For example, Windows Server when used on-premises
225-
* or on AWS.
224+
* [Azure Arc](https://azure.microsoft.com/services/azure-arc/) enables above Azure features to non-Azure VMs. For example, Windows Server when used on-premises or on AWS.
226225

227226
* [Manage and secure your Azure VM environment](https://azure.microsoft.com/services/virtual-machines/secure-well-managed-iaas/).
228227

articles/active-directory/privileged-identity-management/pim-configure.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ The following screenshot shows an email message sent by PIM. The email informs P
9595

9696
### Assign
9797

98-
The assignment process starts by assign roles to members. To grant access to a resource, the administrator assigns roles to users, groups, service principals, or managed identities. The assignment includes the following data:
98+
The assignment process starts by assigning roles to members. To grant access to a resource, the administrator assigns roles to users, groups, service principals, or managed identities. The assignment includes the following data:
9999

100100
- The members or owners to assign the role.
101101
- The scope of the assignment. The scope limits the assigned role to a particular set of resources.

articles/active-directory/reports-monitoring/reference-azure-ad-sla-performance.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ For each month, we truncate the SLA attainment at three places after the decimal
5757
| February | 99.999% | 99.999% |
5858
| March | 99.568% | 99.999% |
5959
| April | 99.999% | 99.999% |
60-
| May | 99.999% | |
61-
| June | 99.999% | |
60+
| May | 99.999% | 99.999% |
61+
| June | 99.999% | 99.999% |
6262
| July | 99.999% | |
6363
| August | 99.999% | |
6464
| September | 99.999% | |

articles/active-directory/saas-apps/adpfederatedsso-tutorial.md

Lines changed: 24 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 09/30/2021
12+
ms.date: 08/03/2022
1313
ms.author: jeedes
1414
---
1515

@@ -60,7 +60,7 @@ To configure and test Azure AD SSO with ADP, perform the following steps:
6060
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
6161
1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
6262
1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
63-
2. **[Configure ADP SSO](#configure-adp-sso)** - to configure the Single Sign-On settings on application side.
63+
2. **[Configure ADP SSO](#configure-adp-sso)** - to configure the single sign-on settings on application side.
6464
1. **[Create ADP test user](#create-adp-test-user)** - to have a counterpart of B.Simon in ADP that is linked to the Azure AD representation of user.
6565
3. **[Test SSO](#test-sso)** - to verify whether the configuration works.
6666

@@ -125,10 +125,29 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
125125

126126
## Configure ADP SSO
127127

128-
To configure single sign-on on **ADP** side, you need to upload the downloaded **Metadata XML** on the [ADP website](https://adpfedsso.adp.com/public/login/index.fcc).
128+
1. To automate the configuration within ADP, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
129129

130-
> [!NOTE]
131-
> This process may take a few days.
130+
![My apps extension](common/install-myappssecure-extension.png)
131+
132+
1. After adding extension to the browser, click on **Set up ADP** will direct you to the ADP application. From there, provide the admin credentials to sign in to ADP. The browser extension will automatically configure the application for you and automate steps 3-7.
133+
134+
![Setup configuration](common/setup-sso.png)
135+
136+
1. If you want to set up ADP manually, open a new web browser window and sign in to your ADP company site as an administrator and perform the following steps:
137+
138+
1. Click **Federation Setup** and go to **Identity Provider** then, select the **Microsoft Azure**.
139+
140+
![Screenshot for identity provider.](./media/adpfederatedsso-tutorial/microsoft-azure.png)
141+
142+
1. In the **Services Selection**, select all applicable service(s) for connection, and then click **Next**.
143+
144+
![Screenshot for services selection.](./media/adpfederatedsso-tutorial/services.png)
145+
146+
1. In the **Configure** section, click on the **Next**.
147+
148+
1. In the **Upload Metadata**, click **Browse** to upload the metadata XML file which you have downloaded from the Azure portal and click **UPLOAD**.
149+
150+
![Screenshot for uploading metadata.](./media/adpfederatedsso-tutorial/metadata.png)
132151

133152
### Configure your ADP service(s) for federated access
134153

articles/active-directory/saas-apps/google-apps-tutorial.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 12/27/2021
12+
ms.date: 08/04/2022
1313
ms.author: jeedes
1414
---
1515

@@ -53,7 +53,11 @@ To test the steps in this tutorial, you should follow these recommendations:
5353

5454
4. **Q: Can I enable single sign-on for only a subset of my Google Cloud / G Suite Connector by Microsoft users?**
5555

56-
A: No, turning on single sign-on immediately requires all your Google Cloud / G Suite Connector by Microsoft users to authenticate with their Azure AD credentials. Because Google Cloud / G Suite Connector by Microsoft doesn't support having multiple identity providers, the identity provider for your Google Cloud / G Suite Connector by Microsoft environment can either be Azure AD or Google -- but not both at the same time.
56+
A: Yes, the SSO profiles can be selected per User, Organizational Unit or Group in the Google Workspace.
57+
58+
![Screenshot for SSO profile assignment.](./media/google-apps-tutorial/profile-assignment.png)
59+
60+
Select the SSO profile as "none" for the Google Workspace group. This prevents members of this (Google Workspace group) from being redirected to Azure AD for logon.
5761

5862
5. **Q: If a user is signed in through Windows, are they automatically authenticate to Google Cloud / G Suite Connector by Microsoft without getting prompted for a password?**
5963

18.7 KB
Loading
45 KB
Loading
18 KB
Loading
96 KB
Loading

0 commit comments

Comments
 (0)