Merge pull request #198255 from MicrosoftDocs/main

5/13 PM Publish

Author: huypub

articles/active-directory/develop/TOC.yml

@@ -233,23 +233,7 @@
         - name: Remove an app registration
           href: ./howto-remove-app.md
         - name: Restore or remove a deleted app registration
-          href: ./howto-restore-app.md
-- name: Multi-service tutorials
-  items: 
-    - name: Secure web app accesses storage and Microsoft Graph
-      items:
-        - name: Overview
-          href: multi-service-web-app-overview.md        
-        - name: Set up App Service authentication
-          href: multi-service-web-app-authentication-app-service.md
-        - name: Access storage as the app
-          href: multi-service-web-app-access-storage.md
-        - name: Access Microsoft Graph as the user
-          href: multi-service-web-app-access-microsoft-graph-as-user.md
-        - name: Access Microsoft Graph as the app
-          href: multi-service-web-app-access-microsoft-graph-as-app.md
-        - name: Clean up resources
-          href: multi-service-web-app-clean-up-resources.md        
+          href: ./howto-restore-app.md            
 - name: Single-page app (SPA)
   items:
     - name: SPA authentication documentation
@@ -340,6 +324,20 @@
           href: tutorial-blazor-server.md
         - name: Node.js
           href: tutorial-v2-nodejs-webapp-msal.md
+        - name: Secure web app accesses storage and Microsoft Graph
+          items:
+            - name: Overview
+              href: multi-service-web-app-overview.md        
+            - name: Set up App Service authentication
+              href: multi-service-web-app-authentication-app-service.md
+            - name: Access storage as the app
+              href: multi-service-web-app-access-storage.md
+            - name: Access Microsoft Graph as the user
+              href: multi-service-web-app-access-microsoft-graph-as-user.md
+            - name: Access Microsoft Graph as the app
+              href: multi-service-web-app-access-microsoft-graph-as-app.md
+            - name: Clean up resources
+              href: multi-service-web-app-clean-up-resources.md
     - name: Samples
       displayName: code samples, example code, code snippets
       href: sample-v2-code.md#web-applications
@@ -372,7 +370,7 @@
             - name: Call a web API
               href: scenario-web-app-call-api-call-api.md
             - name: Move to production
-              href: scenario-web-app-call-api-production.md
+              href: scenario-web-app-call-api-production.md         
 - name: Web API
   items:
     - name: Web API authentication documentation

articles/active-directory/develop/index-web-app.yml

@@ -42,14 +42,20 @@ landingContent:
             url: tutorial-blazor-webassembly.md
           - text: Node.js with Express
             url: tutorial-v2-nodejs-webapp-msal.md
-  - title: "Scenarios in depth"
+  - title: "Web apps in depth"
     linkLists:
       - linkListType: how-to-guide
         links:
           - text: Web app that signs in users
             url: scenario-web-app-sign-user-overview.md
           - text: Web app that calls a web API
             url: scenario-web-app-call-api-overview.md
+  - title: "Scenarios in depth"
+    linkLists:
+      - linkListType: tutorial
+        links:
+          - text: Secure web app accesses storage and Microsoft Graph
+            url: multi-service-web-app-overview.md          
 ## ROW  ################################################### ROW 2 ##
   # - title: $CARD_TITLE
   #   linkLists:

articles/active-directory/fundamentals/whats-new.md

@@ -31,25 +31,22 @@ Azure AD receives improvements on an ongoing basis. To stay up to date with the
 
 This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Active Directory](whats-new-archive.md).
 
-
 ## April 2022
 
-### General Availability- Microsoft Defender for Cloud for Endpoint Signal in Identity Protection
-
+### General Availability - Microsoft Defender for Endpoint Signal in Identity Protection
 
 **Type:** New feature  
 **Service category:** Identity Protection  
 **Product capability:** Identity Security & Protection  
 
 
-Identity Protection now integrates a signal from Microsoft Defender for Cloud for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection | Microsoft Docs](../identity-protection/concept-identity-protection-risks.md).
+Identity Protection now integrates a signal from Microsoft Defender for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection | Microsoft Docs](../identity-protection/concept-identity-protection-risks.md).
 
 
 ---
 
 ### General availability - Entitlement management 3 stages of approval
 
-
 **Type:** Changed feature  
 **Service category:** Other  
 **Product capability:** Entitlement Management  
@@ -63,7 +60,6 @@ This update extends the Azure AD entitlement management access package policy to
 
 ### General Availability - Improvements to Azure AD Smart Lockout
 
-
 **Type:** Changed feature  
 **Service category:** Identity Protection  
 **Product capability:** User Management  
@@ -75,7 +71,6 @@ With a recent improvement, Smart Lockout now synchronizes the lockout state acro
 
 ---
 
-
 ### Public Preview - Enabling customization capabilities for the Self-Service Password Reset (SSPR) hyperlinks, footer hyperlinks and browser icons in Company Branding.
 
 **Type:** New feature  
@@ -88,7 +83,6 @@ Updating the Company Branding functionality on the Azure AD/Microsoft 365 sign-i
 
 ### Public Preview - Integration of Microsoft 365 App Certification details into AAD UX and Consent Experiences
 
-
 **Type:** New feature  
 **Service category:** User Access Management  
 **Product capability:** AuthZ/Access Delegation  
@@ -110,12 +104,10 @@ Updating the Company Branding functionality on the Azure AD/Microsoft 365 sign-i
 
 ### Public preview - Use Azure AD access reviews to review access of B2B direct connect users in Teams shared channels
 
-
 **Type:** New feature  
 **Service category:** Access Reviews  
 **Product capability:** Identity Governance
 
-
 Use Azure AD access reviews to review access of B2B direct connect users in Teams shared channels. For more information, see: [Include B2B direct connect users and teams accessing Teams Shared Channels in access reviews (preview)](../governance/create-access-review.md#include-b2b-direct-connect-users-and-teams-accessing-teams-shared-channels-in-access-reviews-preview).
 
 ---
@@ -127,24 +119,19 @@ Use Azure AD access reviews to review access of B2B direct connect users in Team
 **Product capability:** Identity Security & Protection  
 **Clouds impacted:** Public (Microsoft 365, GCC)
 
-
 We're announcing the public preview of following MS Graph APIs and PowerShell cmdlets for configuring federated settings when federated with Azure AD:
 
-
 |Action  |MS Graph API  |PowerShell cmdlet  |
 |---------|---------|---------|
-|Get federation settings for a federated domain        | [Get internalDomainFederation](https://docs.microsoft.com/graph/api/internaldomainfederation-get?view=graph-rest-beta)           | [Get-MgDomainFederationConfiguration](https://docs.microsoft.com/powershell/module/microsoft.graph.identity.directorymanagement/get-mgdomainfederationconfiguration?view=graph-powershell-beta)        |
-|Create federation settings for a federated domain     | [Create internalDomainFederation](https://docs.microsoft.com/graph/api/domain-post-federationconfiguration?view=graph-rest-beta)        | [New-MgDomainFederationConfiguration](https://docs.microsoft.com/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-beta)        |
-|Remove federation settings for a federated domain     | [Delete internalDomainFederation](https://docs.microsoft.com/graph/api/internaldomainfederation-delete?view=graph-rest-beta)        | [Remove-MgDomainFederationConfiguration](https://docs.microsoft.com/powershell/module/microsoft.graph.identity.directorymanagement/remove-mgdomainfederationconfiguration?view=graph-powershell-beta)     |
-|Update federation settings for a federated domain     | [Update internalDomainFederation](https://docs.microsoft.com/graph/api/internaldomainfederation-update?view=graph-rest-beta)        | [Update-MgDomainFederationConfiguration](https://docs.microsoft.com/powershell/module/microsoft.graph.identity.directorymanagement/update-mgdomainfederationconfiguration?view=graph-powershell-beta)     |
-
-
+|Get federation settings for a federated domain        | [Get internalDomainFederation](/graph/api/internaldomainfederation-get?view=graph-rest-beta&preserve-view=true)           | [Get-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/get-mgdomainfederationconfiguration?view=graph-powershell-beta&preserve-view=true)        |
+|Create federation settings for a federated domain     | [Create internalDomainFederation](/graph/api/domain-post-federationconfiguration?view=graph-rest-beta&preserve-view=true)        | [New-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-beta&preserve-view=true)        |
+|Remove federation settings for a federated domain     | [Delete internalDomainFederation](/graph/api/internaldomainfederation-delete?view=graph-rest-beta&preserve-view=true)        | [Remove-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/remove-mgdomainfederationconfiguration?view=graph-powershell-beta&preserve-view=true)     |
+|Update federation settings for a federated domain     | [Update internalDomainFederation](/graph/api/internaldomainfederation-update?view=graph-rest-beta&preserve-view=true)        | [Update-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/update-mgdomainfederationconfiguration?view=graph-powershell-beta&preserve-view=true)     |
 
-If using older MSOnline cmdlets ([Get-MsolDomainFederationSettings](https://docs.microsoft.com/powershell/module/msonline/get-msoldomainfederationsettings?view=azureadps-1.0) and [Set-MsolDomainFederationSettings](https://docs.microsoft.com/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0)), we highly recommend transitioning to the latest MS Graph APIs and PowerShell cmdlets. 
 
+If using older MSOnline cmdlets ([Get-MsolDomainFederationSettings](/powershell/module/msonline/get-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true) and [Set-MsolDomainFederationSettings](/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true)), we highly recommend transitioning to the latest MS Graph APIs and PowerShell cmdlets. 
 
-For more information, see [internalDomainFederation resource type - Microsoft Graph beta | Microsoft Docs](https://docs.microsoft.com/graph/api/resources/internaldomainfederation?view=graph-rest-beta).
-
+For more information, see [internalDomainFederation resource type - Microsoft Graph beta | Microsoft Docs](/graph/api/resources/internaldomainfederation?view=graph-rest-beta&preserve-view=true).
 
 ---
 
@@ -166,9 +153,9 @@ Added functionality to session controls allowing admins to reauthenticate a user
 **Product capability:** Identity Security & Protection  
 **Clouds impacted:** Public (Microsoft 365, GCC)
 
-We're delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD. When enabled for a federated domain in your Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD Multi-Factor Authentication by imitating that a multi factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, [federatedIdpMfaBehavior](https://docs.microsoft.com/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values). 
+We're delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD. When enabled for a federated domain in your Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD Multi-Factor Authentication by imitating that a multi factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true). 
 
-We highly recommend enabling this new protection when using Azure AD Multi-Factor Authentication as your multi factor authentication for your federated users. To learn more about the protection and how to enable it, visit [Enable protection to prevent by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#enable-protection-to-prevent-by-passing-of-cloud-azure-ad-multi-factor-authentication-when-federated-with-azure-ad).
+We highly recommend enabling this new protection when using Azure AD Multi-Factor Authentication as your multi factor authentication for your federated users. To learn more about the protection and how to enable it, visit [Enable protection to prevent by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#enable-protection-to-prevent-by-passing-of-cloud-azure-ad-multi-factor-authentication-when-federated-with-azure-ad).
 
 ---
 
@@ -183,7 +170,6 @@ In April 2022 we added the following 24 new applications in our App gallery with
 
 You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial.
 
-
 For listing your application in the Azure AD app gallery, please read the details here https://aka.ms/AzureADAppRequest
 
 ---
@@ -197,11 +183,9 @@ For listing your application in the Azure AD app gallery, please read the detail
 
 From April 15, 2022, Microsoft began storing Azure AD’s Customer Data for new tenants with a Japan billing address within the Japanese data centers.  For more information, see: [Customer data storage for Japan customers in Azure Active Directory](active-directory-data-storage-japan.md).
 
-
 ---
 
 
-
 ### Public Preview - New provisioning connectors in the Azure AD Application Gallery - April 2022
 
 **Type:** New feature  
@@ -217,7 +201,6 @@ You can now automate creating, updating, and deleting user accounts for these ne
 
 For more information about how to better secure your organization by using automated user account provisioning, see: [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md)
 
-
 ---
 
 ## March 2022
@@ -262,7 +245,6 @@ For more information about how to better secure your organization by using autom
 ---
 
 
-
 ### Public preview - Azure AD Recommendations
 
 **Type:** New feature  
@@ -320,7 +302,6 @@ You can also find the documentation of all the applications from here https://ak
 
 For listing your application in the Azure AD app gallery, please read the details here https://aka.ms/AzureADAppRequest
 
-
 ---
 
 
@@ -342,14 +323,12 @@ For listing your application in the Azure AD app gallery, please read the detail
 ---
 
 
-
 ## February 2022
 
 
 ---
 
 
-
 ### General Availability - France digital accessibility requirement
 
 **Type:** Plan for change  
@@ -363,7 +342,6 @@ This change provides users who are signing into Azure Active Directory on iOS, A
 ---
 
 
-
 ### General Availability - Downloadable access review history report
 
 **Type:** New feature  
@@ -376,11 +354,9 @@ With Azure Active Directory (Azure AD) Access Reviews, you can create a download
 
 ---
 
-
 ---
 
 
-
 ### Public Preview of Identity Protection for Workload Identities
 
 **Type:** New feature  
@@ -394,7 +370,6 @@ Azure AD Identity Protection is extending its core capabilities of detecting, in
 ---
 
 
-
 ### Public Preview - Cross-tenant access settings for B2B collaboration
 
 **Type:** New feature  
@@ -409,7 +384,6 @@ Cross-tenant access settings enable you to control how users in your organizatio
 ---
 
 
-
 ### Public preview - Create Azure AD access reviews with multiple stages of reviewers
 
 **Type:** New feature  
@@ -438,7 +412,6 @@ You can also find the documentation of all the applications from here: [https://
 
 For listing your application in the Azure AD app gallery, please read the details here: [https://aka.ms/AzureADAppRequest](../manage-apps/v2-howto-app-gallery-listing.md)
 
-
 
 
 ---
@@ -493,7 +466,6 @@ We have improved the Privileged Identity management (PIM) time to role activatio
 
 
 
-
 ## January 2022
 
 ### Public preview - Custom security attributes
@@ -662,7 +634,7 @@ We’re no longer publishing sign-in logs with the following error codes because
 
 |Error code | Failure reason|
 | --- | --- |
-|50058|	Session information isn’t sufficient for single-sign-on.|
+|50058| Session information isn’t sufficient for single-sign-on.|
 |16000| Either multiple user identities are available for the current request or selected account isn’t supported for the scenario.|
 |500581| Rendering JavaScript. Fetching sessions for single-sign-on on V2 with prompt=none requires JavaScript to verify if any MSA accounts are signed in.|
 |81012| The user trying to sign in to Azure AD is different from the user signed into the device.|
@@ -865,3 +837,5 @@ Updated "switch organizations" user interface in My Account. This visually impro
 
 ---
 
+
+

articles/active-directory/manage-apps/migrate-okta-sync-provisioning-to-azure-active-directory.md

@@ -79,11 +79,11 @@ The example will grab *all* on-premises Azure AD users and export a list of thei
 1. Run these commands in PowerShell on a domain controller on-premises:
 
    ```PowerShell
-   Get-ADUser -Filter * -Properties objectGUID | Select-Object
+   Get-ADUser -Filter * -Properties objectGUID | Select -Object
    UserPrincipalName, Name, objectGUID, @{Name = 'ImmutableID';
    Expression = {
-   [system.convert\]::ToBase64String(([GUID\]\$_.objectGUID).ToByteArray())
-   } } | export-csv C:\\Temp\\OnPremIDs.csv
+   [system.convert]::ToBase64String((GUID).tobytearray())
+   } } | export-csv C:\Temp\OnPremIDs.csv
    ```
 
    ![Screenshot that shows domain controller on-premises commands.](./media/migrate-okta-sync-provisioning-to-azure-active-directory-connect-based-synchronization/domain-controller.png)