Merge pull request #225988 from MicrosoftDocs/main

2/01 PM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -3867,6 +3867,21 @@
             "redirect_url": "/azure/azure-monitor/alerts/alerts-metric-create-templates",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-metric-create-templates.md",
+            "redirect_url": "/azure/azure-monitor/alerts/alerts-create-new-alert-rule",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/action-groups-create-resource-manager-template.md",
+            "redirect_url": "/azure/azure-monitor/alerts/action-groups",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-log-create-templates.md",
+            "redirect_url": "/azure/azure-monitor/alerts/alerts-create-new-alert-rule",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/platform/alerts-metric-logs.md",
             "redirect_url": "/azure/azure-monitor/alerts/alerts-metric-logs",

articles/active-directory/app-provisioning/known-issues.md

@@ -41,6 +41,8 @@ This article discusses known issues to be aware of when you work with app provis
 
 An external user from the source (home) tenant can't be provisioned into another tenant. Internal guest users from the source tenant can't be provisioned into another tenant. Only internal member users from the source tenant can be provisioned into the target tenant. For more information, see [Properties of an Azure Active Directory B2B collaboration user](../external-identities/user-properties.md).
 
+In addition, users that are enabled for SMS sign-in cannot be synchronized through cross-tenant synchronization.
+
 ### Provisioning manager attributes
 
 Provisioning manager attributes isn't supported.

articles/active-directory/authentication/howto-sspr-customization.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 02/01/2023
 
 ms.author: justinha
 author: justinha
@@ -58,7 +58,7 @@ If your organization doesn't want to notify administrators about password reset
 
 ## Customize the sign-in page and access panel
 
-You can customize the sign-in page, such as to add a logo that appears along with the image that fits your company branding. For more information on how to configure company branding, see [Add company branding to your sign-in page in Azure AD](../fundamentals/customize-branding.md).
+You can customize the sign-in page, such as to add a logo that appears along with the image that fits your company branding. For more information on how to configure company branding, see [Add company branding to your sign-in page in Azure AD](../fundamentals/how-to-customize-branding.md).
 
 The graphics you choose are shown in the following circumstances:
 

articles/active-directory/fundamentals/8-secure-access-sensitivity-labels.md

@@ -87,6 +87,8 @@ items:
     items:
     - name: What's new in Azure Active Directory
       href: whats-new.md
+    - name: What's deprecated in Azure Active Directory?
+      href: whats-deprecated-azure-ad.md
     - name: What's new in sovereign clouds?
       href: whats-new-sovereign-clouds.md  
     - name: Archive for What's new? in Azure AD

articles/active-directory/fundamentals/toc.yml

@@ -0,0 +1,69 @@
+---
+title: What's deprecated in Azure Active Directory?
+description: Learn about features being deprecated in Azure Active Directory
+author: jricketts
+manager: martinco
+ms.service: active-directory
+ms.subservice: fundamentals
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 01/27/2023
+ms.author: jricketts
+ms.reviewer: ramical
+ms.custom: it-pro
+
+---
+
+# What's deprecated in Azure Active Directory?
+
+The lifecycle of functionality, features, and services are governed by policy, support timelines, data, also leadership and engineering team decisions. Lifecycle information allows customers to predictably plan long-term deployment aspects, transition from outdated to new technology, and help improve business outcomes. Use the definitions below to understand the following table with change information about Azure Active Directory (Azure AD) features, services, and functionality. 
+
+Get notified about when to revisit this page for updates by copying and pasting this URL: `https://learn.microsoft.com/api/search/rss?search=%22What's+deprecated+in+Azure+Active+Directory%22&locale=en-us` into your ![RSS feed reader icon](./media/whats-new/feed-icon-16x16.png) feed reader.
+
+## Upcoming changes
+
+Use the following table to learn about changes including deprecations, retirements, breaking changes and rebranding. Also find key dates and recommendations.
+
+   > [!NOTE]
+   > Dates and times are United States Pacific Standard Time, and are subject to change. 
+
+|Functionality, feature, or service|Change|New tenant change date |Current tenant change date|
+|---|---|---|---|
+|[Azure AD Graph API](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-september-2022-train/ba-p/2967454)|Deprecation|Jun 30, 2022|Jun 30, 2022|
+|Microsoft Authenticator app [Number matching](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/defend-your-users-from-mfa-fatigue-attacks/ba-p/2365677)|Feature change|Feb 27, 2023|Feb 27, 2023|
+|Azure AD DS [virtual network deployments](../../active-directory-domain-services/migrate-from-classic-vnet.md)|Retirement|Mar 1, 2023|Mar 1, 2023|
+|[License management API, PowerShell](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/migrate-your-apps-to-access-the-license-managements-apis-from/ba-p/2464366)|Retirement|Nov 1, 2022|Mar 31, 2023|
+|[Azure AD Authentication Library (ADAL)](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-september-2022-train/ba-p/2967454)|Retirement|Jun 2023|Jun 2023|
+|[Azure AD PowerShell](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-september-2022-train/ba-p/2967454)|Retirement|Jun 30, 2023|Jun 30, 2023|
+|[Azure AD MFA Server](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-september-2022-train/ba-p/2967454)|Retirement|Sep 30, 2024|Sep 30, 2024|
+
+
+   > [!IMPORTANT]
+   > Later versions of functionality, features, and services might not meet current security requirements. Microsoft may be unable to provide security updates for older products. 
+
+See the following two sections for definitions of categories, change state, etc.
+
+## Deprecation, retirement, breaking change, feature change, and rebranding
+
+Use the definitions in this section help clarify the state, availability, and support of features, services, and functionality. 
+
+|Category|Definition|Communication schedule|
+|---|---|---|
+|Deprecation|The state of a feature, functionality, or service no longer in active development. A deprecated feature might be retired and removed from future releases.|2 times per year: March and September|
+|Retirement|Signals retirement in a specified period. Customers can’t adopt the service or feature, and engineering investments are reduced. Later, the feature reaches end-of-life and is unavailable to any customer.|2 times per year: March and September|
+|Breaking change|A change that might break the customer or partner experience if action isn’t taken, or a change made, for continued operation.|4 times per year: March, June, September, and December|
+|Feature change|Change to an IDNA feature that requires no customer action, but is noticeable to them. Typically, these changes are in the user interface/user experperience (UI/UX).|4 times per year: March, June, September, and December|
+|Rebranding|A new name, term, symbol, design, concept or combination thereof for an established brand to develop a differentiated experience.|As scheduled or announced|
+
+### Terminology
+
+* **End-of-life** - engineering investments have ended, and the feature is unavailable to any customer
+* **Current tenant change date** - the change date goes into effect for tenants created before the new tenant change date
+* **New tenant change date** - the change date goes into effect for tenants created after the change date
+
+## Next steps
+[What's new in Azure Active Directory?](../../active-directory/fundamentals/whats-new.md)
+
+## Resources
+* [Microsoft Entra Change Announcement blog](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-november-2022-train/ba-p/2967452)
+* Devices: [End-of-life management and recycling](https://www.microsoft.com/legal/compliance/recycling)

articles/active-directory/fundamentals/whats-deprecated-azure-ad.md

@@ -55,6 +55,18 @@ Workaround for managed identities in a subscription that has been moved to anoth
 
 For more information, see [Transfer an Azure subscription to a different Azure AD directory](../../role-based-access-control/transfer-subscription.md).
 
+## Error during managed identity assignment operations
+In rare cases, you may see error messages indicating errors related to assignment of managed identities with Azure resources. Some of the example error messages are as follows: 
+- Azure resource ‘azure-resource-id' does not have access to identity 'managed-identity-id'.  
+- No managed service identities are associated with resource ‘azure-resource-id'
+- Managed service identities referenced with URL 'https://control-....virtualMachineScaleSets/<vmss_name>/credentials/v2/systemassigned' are not valid. Ensure all assigned identities associated with the resource are valid.
+
+**Workaround**
+In these rare cases the best next steps are
+
+1. For identities no longer needed to be assigned to the resource, remove them from the resource.
+2. For User Assigned Managed Identity, reassign the identity to the Azure resource. 
+3. For System Assigned Managed Identity, disable the identity and enable it again. 
 
 ## Next steps
 

articles/active-directory/managed-identities-azure-resources/known-issues.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: multi-tenant-organizations
 ms.topic: how-to
-ms.date: 01/31/2023
+ms.date: 02/01/2023
 ms.author: rolyon
 ms.custom: it-pro
 
@@ -21,7 +21,7 @@ ms.custom: it-pro
 > Cross-tenant synchronization is currently in PREVIEW.
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-This article describes the keys steps to configure cross-tenant synchronization using Microsoft Graph API. When configured, Azure AD automatically provisions and de-provisions B2B users in your target tenant. For detailed steps using the Azure portal, see [Configure cross-tenant synchronization](cross-tenant-synchronization-configure.md).
+This article describes the key steps to configure cross-tenant synchronization using Microsoft Graph API. When configured, Azure AD automatically provisions and de-provisions B2B users in your target tenant. For detailed steps using the Azure portal, see [Configure cross-tenant synchronization](cross-tenant-synchronization-configure.md).
 
 :::image type="content" source="./media/common/configure-diagram.png" alt-text="Diagram that shows cross-tenant synchronization between source tenant and target tenant." lightbox="./media/common/configure-diagram.png":::
 
@@ -158,7 +158,7 @@ These steps describe how to use Microsoft Graph Explorer (recommended), but you
     Content-Type: application/json
     
     {
-      "tenantId": "376a1f89-b02f-4a85-8252-2974d1984d14",
+      "tenantId": "376a1f89-b02f-4a85-8252-2974d1984d14"
     }
     ```
     

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure-graph.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: multi-tenant-organizations
 ms.topic: how-to
-ms.date: 01/23/2023
+ms.date: 02/01/2023
 ms.author: rolyon
 ms.custom: it-pro
 
@@ -82,7 +82,7 @@ By the end of this article, you'll be able to:
 
 In this step, you automatically redeem invitations so users from the source tenant don't have to accept the consent prompt. This setting must be checked in both the source tenant (outbound) and target tenant (inbound). For more information, see [Automatic redemption setting](cross-tenant-synchronization-overview.md#automatic-redemption-setting).
 
-1. Select  the **Trust settings** tab.
+1. In the target tenant, on the same **Inbound access settings** page, select the **Trust settings** tab.
 
 1. Check the **Suppress consent prompts for users from the other tenant when they access apps and resources in my tenant** check box.
 
@@ -96,7 +96,7 @@ In this step, you automatically redeem invitations so users from the source tena
 
 In this step, you automatically redeem invitations in the source tenant.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator of the target tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator of the source tenant.
 
 1. Select **Azure Active Directory** > **External Identities**.
 
@@ -122,7 +122,7 @@ In this step, you automatically redeem invitations in the source tenant.
 
 ![Icon for the source tenant.](./media/common/icon-tenant-source.png)<br/>**Source tenant**
 
-1. Select **Azure Active Directory** > **Cross-tenant synchronization (Preview)**.
+1. In the source tenant, select **Azure Active Directory** > **Cross-tenant synchronization (Preview)**.
 
     :::image type="content" source="./media/cross-tenant-synchronization-configure/azure-ad-overview.png" alt-text="Screenshot that shows the Azure Active Directory Overview page." lightbox="./media/cross-tenant-synchronization-configure/azure-ad-overview.png":::
 
@@ -140,7 +140,7 @@ In this step, you automatically redeem invitations in the source tenant.
 
 ![Icon for the source tenant.](./media/common/icon-tenant-source.png)<br/>**Source tenant**
 
-1. In the configuration list, select your configuration. 
+1. In the source tenant, in the configuration list, select your configuration. 
 
     :::image type="content" source="./media/cross-tenant-synchronization-configure/configuration-select.png" alt-text="Screenshot that shows the Cross-tenant synchronization Configurations page and a new configuration." lightbox="./media/cross-tenant-synchronization-configure/configuration-select.png":::
 
@@ -177,7 +177,7 @@ The Azure AD provisioning service allows you to define who will be provisioned i
 
 Start small. Test with a small set of users before rolling out to everyone. When the scope for provisioning is set to assigned users and groups, you can control it by assigning one or two users to the configuration. You can further refine who is in scope for provisioning by creating attribute-based scoping filters, described in the [next step](#step-8-optional-define-who-is-in-scope-for-provisioning-with-scoping-filters).
 
-1. Select **Provisioning** and expand the **Settings** section.
+1. In the source tenant, select **Provisioning** and expand the **Settings** section.
 
     :::image type="content" source="./media/cross-tenant-synchronization-configure/provisioning-settings-edit.png" alt-text="Screenshot of the Provisioning page that shows the Settings section with the Scope and Provisioning Status options." lightbox="./media/cross-tenant-synchronization-configure/provisioning-settings-edit.png":::
 
@@ -214,7 +214,7 @@ Start small. Test with a small set of users before rolling out to everyone. When
 
 Regardless of the value you selected for **Scope** in the previous step, you can further limit which users are synchronized by creating attribute-based scoping filters.
 
-1. Select **Provisioning** and expand the **Mappings** section.
+1. In the source tenant, select **Provisioning** and expand the **Mappings** section.
 
 1. Select **Provision Azure Active Directory Users**.
 
@@ -244,7 +244,7 @@ Regardless of the value you selected for **Scope** in the previous step, you can
 
 Attribute mappings allow you to define how data should flow between the source tenant and target tenant. For information on how to customize the default attribute mappings, see [Tutorial - Customize user provisioning attribute-mappings for SaaS applications in Azure Active Directory](../app-provisioning/customize-application-attributes.md).
 
-1. Select **Provisioning** and expand the **Mappings** section.
+1. In the source tenant, select **Provisioning** and expand the **Mappings** section.
 
 1. Select **Provision Azure Active Directory Users**.
 
@@ -296,7 +296,7 @@ Attribute mappings allow you to define how data should flow between the source t
 
 ![Icon for the source tenant.](./media/common/icon-tenant-source.png)<br/>**Source tenant**
 
-1. Select **Provisioning** and expand the **Settings** section.
+1. In the source tenant, select **Provisioning** and expand the **Settings** section.
 
     :::image type="content" source="./media/cross-tenant-synchronization-configure/provisioning-settings-edit.png" alt-text="Screenshot of the Provisioning page that shows the Settings section with the Scope and Provisioning Status options." lightbox="./media/cross-tenant-synchronization-configure/provisioning-settings-edit.png":::
 

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure.md

@@ -59,9 +59,9 @@ Who receives these emails for Azure AD roles depends on your role, the event, an
 
 | User | Role activation is pending approval | Role activation request is completed | PIM is enabled |
 | --- | --- | --- | --- |
-| Privileged Role Administrator</br>(Activated/Eligible) | Yes</br>(only if no explicit approvers are specified) | Yes* | Yes |
-| Security Administrator</br>(Activated/Eligible) | No | Yes* | Yes |
-| Global Administrator</br>(Activated/Eligible) | No | Yes* | Yes |
+| Privileged Role Administrator</br>(Activated) | Yes</br>(only if no explicit approvers are specified) | Yes* | Yes |
+| Security Administrator</br>(Activated) | No | Yes* | Yes |
+| Global Administrator</br>(Activated) | No | Yes* | Yes |
 
 \* If the [**Notifications** setting](pim-how-to-change-default-settings.md) is set to **Enable**.