Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: w-azure

articles/active-directory/saas-apps/oracle-access-manager-for-oracle-ebs-tutorial.md

@@ -0,0 +1,133 @@
+---
+title: Azure Active Directory SSO integration with Oracle Access Manager for Oracle E-Business Suite
+description: Learn how to configure single sign-on between Azure Active Directory and Oracle Access Manager for Oracle E-Business Suite.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: how-to
+ms.date: 02/07/2023
+ms.author: jeedes
+
+---
+
+# Azure Active Directory SSO integration with Oracle Access Manager for Oracle E-Business Suite
+
+In this article, you'll learn how to integrate Oracle Access Manager for Oracle E-Business Suite with Azure Active Directory (Azure AD). When you integrate Oracle Access Manager for Oracle E-Business Suite with Azure AD, you can:
+
+* Control in Azure AD who has access to Oracle Access Manager for Oracle E-Business Suite.
+* Enable your users to be automatically signed-in to Oracle Access Manager for Oracle E-Business Suite with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+You'll configure and test Azure AD single sign-on for Oracle Access Manager for Oracle E-Business Suite in a test environment. Oracle Access Manager for Oracle E-Business Suite supports only **SP** initiated single sign-on.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
+
+## Prerequisites
+
+To integrate Azure Active Directory with Oracle Access Manager for Oracle E-Business Suite, you need:
+
+* An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Oracle Access Manager for Oracle E-Business Suite single sign-on (SSO) enabled subscription.
+
+## Add application and assign a test user
+
+Before you begin the process of configuring single sign-on, you need to add the Oracle Access Manager for Oracle E-Business Suite application from the Azure AD gallery. You need a test user account to assign to the application and test the single sign-on configuration.
+
+### Add Oracle Access Manager for Oracle E-Business Suite from the Azure AD gallery
+
+Add Oracle Access Manager for Oracle E-Business Suite from the Azure AD application gallery to configure single sign-on with Oracle Access Manager for Oracle E-Business Suite. For more information on how to add application from the gallery, see the [Quickstart: Add application from the gallery](../manage-apps/add-application-portal.md).
+
+### Create and assign Azure AD test user
+
+Follow the guidelines in the [create and assign a user account](../manage-apps/add-application-portal-assign-users.md) article to create a test user account in the Azure portal called B.Simon.
+
+Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, and assign roles. The wizard also provides a link to the single sign-on configuration pane in the Azure portal. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides). 
+
+## Configure Azure AD SSO
+
+Complete the following steps to enable Azure AD single sign-on in the Azure portal.
+
+1. In the Azure portal, on the **Oracle Access Manager for Oracle E-Business Suite** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+   ![Screenshot shows how to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, perform the following steps:
+
+    a. In the **Identifier** textbox, type a URL using the following pattern: ` https://<SUBDOMAIN>.oraclecloud.com/`
+
+    b. In the **Reply URL** textbox, type a URL using the following pattern: `https://<SUBDOMAIN>.oraclecloud.com/v1/saml/<UNIQUEID>>`
+
+    c. In the **Sign on URL** textbox, type a URL using the following pattern:
+    ` https://<SUBDOMAIN>.oraclecloud.com/`
+
+1. Your Oracle Access Manager for Oracle E-Business Suite application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but Oracle Access Manager for Oracle E-Business Suite expects this to be mapped with the user's email address. For that you can use **user.mail** attribute from the list or use the appropriate attribute value based on your organization configuration.
+
+	![image](common/default-attributes.png)
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
+
+	![The Certificate download link](common/metadataxml.png)
+
+## Configure Oracle Access Manager for Oracle E-Business Suite SSO
+
+1. Sign to the Oracle Access Manager console as an Administrator.
+1. Click the **Federation** tab at the top of the console.
+1. In the **Federation** area of the **Launch Pad** tab, click **Service Provider Management**.
+1. On the Service Provider Administration tab, click **Create Identity Provider Partner**.
+1. In the **General** area, enter a name for the **Identity Provider partner** and select both **Enable Partner and Default Identity Provider Partner**. Go to the next step before saving.
+1. In the **Service Information** area:
+
+    a. Select **SAML2.0** as the protocol.
+
+    b. Select **Load from provider metadata**.
+
+    c. Click **Browse** (for Windows) or **Choose File** (for Mac) and select the **Federation Metadata XML** file that you downloaded from Azure portal.
+
+    d. Go to the next step before saving.
+
+1. In the **Mapping Options** area:
+
+    a. Select the **User Identity Store** option that will be used as the Oracle Access Manager LDAP identity store that is checked for E-Business Suite users. Typically, this is already configured as the Oracle Access Manager identity store.
+
+    b. Leave **User Search Base DN** blank. The search base is automatically picked from the identity store configuration.
+
+    c. Select **Map assertion Name ID to User ID Store attribute** and enter mail in the text box.
+
+1. Click **Save** to save the identity provider partner.
+1. After the partner is saved, come back to the **Advanced** area at the bottom of the tab. Ensure that the options are configured as follows:
+
+    a. **Enable global logout** is selected.
+
+    b. **HTTP POST SSO** Response Binding is selected.
+
+### Create Oracle Access Manager for Oracle E-Business Suite test user
+
+In this section, you create a user called Britta Simon at Oracle Access Manager for Oracle E-Business Suite. Work with [Oracle Access Manager for Oracle E-Business Suite support team](https://www.oracle.com/support/advanced-customer-support/products/cloud.html) to add the users in the Oracle Access Manager for Oracle E-Business Suite platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+* Click on **Test this application** in Azure portal. This will redirect to Oracle Access Manager for Oracle E-Business Suite Sign-on URL where you can initiate the login flow. 
+
+* Go to Oracle Access Manager for Oracle E-Business Suite Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you select the Oracle Access Manager for Oracle E-Business Suite tile in the My Apps, this will redirect to Oracle Access Manager for Oracle E-Business Suite Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Additional resources
+
+* [What is single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* [Plan a single sign-on deployment](../manage-apps/plan-sso-deployment.md).
+
+## Next steps
+
+Once you configure Oracle Access Manager for Oracle E-Business Suite you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

articles/active-directory/saas-apps/toc.yml

@@ -1707,6 +1707,8 @@
         href: opsgenie-tutorial.md
       - name: Optimizely
         href: optimizely-tutorial.md
+      - name: Oracle Access Manager for Oracle E-Business Suite
+        href: oracle-access-manager-for-oracle-ebs-tutorial.md
       - name: Oracle Cloud Infrastructure Console
         href: oracle-cloud-tutorial.md
       - name: Oracle Fusion ERP

articles/azure-arc/kubernetes/conceptual-gitops-flux2.md

@@ -1,7 +1,7 @@
 ---
 title: "GitOps Flux v2 configurations with AKS and Azure Arc-enabled Kubernetes"
 description: "This article provides a conceptual overview of GitOps in Azure for use in Azure Arc-enabled Kubernetes and Azure Kubernetes Service (AKS) clusters."
-ms.date: 02/02/2023
+ms.date: 02/07/2023
 ms.topic: conceptual
 ---
 
@@ -29,7 +29,7 @@ GitOps is enabled in an Azure Arc-enabled Kubernetes or AKS cluster as a `Micros
 
 ### Version support
 
-The most recent version of the Flux v2 extension and the two previous versions (N-2) are supported. We generally recommend that you use the most recent version of the extension.
+The most recent version of the Flux v2 extension and the two previous versions (N-2) are supported. We generally recommend that you use the [most recent version](extensions-release.md#flux-gitops) of the extension.
 
 > [!NOTE]
 > Eventually Azure will stop supporting GitOps with Flux v1, so we recommend [migrating to Flux v2](#migrate-from-flux-v1) as soon as possible.
@@ -611,7 +611,18 @@ az k8s-extension update --configuration-settings multiTenancy.enforce=false -c C
 
 ## Migrate from Flux v1
 
-If you've been using Flux v1 in Azure Arc-enabled Kubernetes or AKS clusters and want to migrate to using Flux v2 in the same clusters, you first need to delete the Flux v1 `sourceControlConfigurations` from the clusters.  The `microsoft.flux` cluster extension won't install if there are Flux v1 `sourceControlConfigurations` resources in the cluster.
+If you are still using Flux v1, we recommend migrating to Flux v2 as soon as possible.
+
+To migrate to using Flux v2 in the same clusters where you've been using Flux v1, you first need to delete all Flux v1 `sourceControlConfigurations` from the clusters. Because Flux v2 has a fundamentally different architecture, the `microsoft.flux` cluster extension won't install if there are Flux v1 `sourceControlConfigurations` resources in a cluster.
+
+Removing Flux v1 `sourceControlConfigurations` will not stop any applications that are running on the clusters. However, When you remove Flux v1 configurations and then deploy Flux v2 configurations:
+
+* If there are new changes in the application manifests stored in a Git repository, these will not be pulled during the migration, and the application version deployed on the cluster will be stale.
+* If there are unintended changes in the cluster state and it deviates from the desired state specified in source Git repository, the cluster will not be able to self-heal.
+
+We recommend testing your migration scenario in a development environment before migrating your production environment. The process of removing Flux v1 configurations and deploying Flux v2 configurations should not take more than 30 minutes. 
+
+### View and delete Flux v1 configurations
 
 Use these Azure CLI commands to find and then delete existing `sourceControlConfigurations` in a cluster:
 
@@ -620,10 +631,26 @@ az k8s-configuration list --cluster-name <Arc or AKS cluster name> --cluster-typ
 az k8s-configuration delete --name <configuration name> --cluster-name <Arc or AKS cluster name> --cluster-type <connectedClusters OR managedClusters> --resource-group <resource group name>
 ```
 
-You can also use the Azure portal to view and delete existing GitOps configurations in Azure Arc-enabled Kubernetes or AKS clusters.
+You can also view and delete existing GitOps configurations for a cluster in the Azure portal. To do so, navigate to the cluster where the configuration was created and select **GitOps** in the left pane. Select the configuration, then select **Delete**.
+
+### Deploy Flux v2 configurations
+
+Use the Azure portal or Azure CLI to [apply Flux v2 configurations](tutorial-use-gitops-flux2.md#apply-a-flux-configuration) to your clusters.
+
+### Flux v1 retirement information
+
+The open-source project of Flux v1 has been archived, and feature development has been stopped indefinitely. For more information, see the [fluxcd project](https://fluxcd.io/docs/migration/).
+
+Flux v2 was launched as the upgraded open-source project of Flux. It has a new architecture and supports more GitOps use cases. Microsoft launched a version of an extension using Flux v2 in May 2022. Since then, customers have been advised to move to Flux v2 within three years, as support for using Flux v1 is scheduled to end in May 2025.
 
-More information about migration from Flux v1 to Flux v2 is available in the fluxcd project: [Migrate from Flux v1 to v2](https://fluxcd.io/docs/migration/).
+Key new features introduced in the GitOps extension for Flux v2:
 
+* Flux v1 is a monolithic do-it-all operator. Flux v2 separates the functionalities into [specialized controllers](#controllers) (Source controller, Kustomize controller, Helm controller, and Notification controller).
+* Supports synchronization with multiple source repositories.
+* Supports [multi-tenancy](#multi-tenancy), like applying each source repository with its own set of permissions
+* Provides operational insights through health checks, events and alerts.
+* Supports Git branches, pinning on commits and tags, and following SemVer tag ranges.
+* Credentials configuration per GitRepository resource: SSH private key, HTTP/S username/password/token, and OpenPGP public keys.
 
 ## Next steps
 

articles/azure-arc/resource-bridge/deploy-cli.md

@@ -12,6 +12,7 @@ ms.topic: overview
 - [Connect VMware vCenter Server to Azure with Arc resource bridge](../vmware-vsphere/quick-start-connect-vcenter-to-arc-using-script.md)
 - [Connect System Center Virtual Machine Manager (SCVMM) to Azure with Arc resource bridge](../system-center-virtual-machine-manager/quickstart-connect-system-center-virtual-machine-manager-to-arc.md#download-the-onboarding-script)
 - [Azure Stack HCI VM Management through Arc resource bridge](/azure-stack/hci/manage/azure-arc-vm-management-prerequisites)
+- [AKS on HCI (AKS hybrid) - Arc resource bridge deployment](/azure/aks/hybrid/deploy-arc-resource-bridge-windows-server)
 
 This topic provides an overview of the [Azure CLI commands](/cli/azure/arcappliance) that are used to manage Arc resource bridge (preview) deployment, in the order in which they are typically used for deployment.
 

articles/azure-functions/durable/TOC.yml

@@ -107,12 +107,24 @@
     href: durable-functions-bindings.md
   - name: HTTP API
     href: durable-functions-http-api.md
-  - name: .NET API
+  - name: .NET in-process API
     href: /dotnet/api/microsoft.azure.webjobs.extensions.durabletask
+  - name: .NET isolated API
+    items:
+    - name: Durable Functions bindings for .NET isolated
+      href: /dotnet/api/microsoft.azure.functions.worker.extensions.durabletask
+    - name: Durable Task core SDK for .NET isolated
+      href: /dotnet/api/microsoft.durabletask
   - name: Node.js API
     href: /javascript/api/durable-functions/
   - name: Python API
     href: /python/api/azure-functions-durable/azure.durable_functions
+  - name: Java API
+    items:
+    - name: Durable Functions bindings for Java
+      href: /java/api/com.microsoft.durabletask.azurefunctions
+    - name: Durable Task core SDK for Java
+      href: /java/api/com.microsoft.durabletask
   - name: Azure storage provider
     href: durable-functions-azure-storage-provider.md
 - name: How-to guides

articles/azure-functions/functions-bindings-triggers-python.md

@@ -291,8 +291,8 @@ Durable Functions also provides preview support of the V2 programming model. To
 
 
 > [!NOTE]
-> Using [Extension Bundles](/azure-functions/functions-bindings-register#extension-bundles) is not currently supported when trying out the Python V2 programming model with Durable Functions, so you will need to manage your extensions manually.
-> To do this, remove the `extensionBundles` section of your `host.json` as described [here](/azure-functions/functions-bindings-register#extension-bundles) and run `func extensions install --package Microsoft.Azure.WebJobs.Extensions.DurableTask --version 2.9.1` on your terminal. This will install the Durable Functions extension for your app and will allow you to try out the new experience.
+> Using [Extension Bundles](./functions-bindings-register.md#extension-bundles) is not currently supported when trying out the Python V2 programming model with Durable Functions, so you will need to manage your extensions manually.
+> To do this, remove the `extensionBundles` section of your `host.json` as described [here](./functions-run-local.md#install-extensions) and run `func extensions install --package Microsoft.Azure.WebJobs.Extensions.DurableTask --version 2.9.1` on your terminal. This will install the Durable Functions extension for your app and will allow you to try out the new experience.
 
 The Durable Functions Triggers and Bindings may be accessed from an instance `DFApp`, a subclass of `FunctionApp` that additionally exports Durable Functions-specific decorators. 
 

articles/bastion/bastion-nsg.md

@@ -1,9 +1,7 @@
 ---
 title: Working with VMs and NSGs in Azure Bastion
 description: Learn about using network security groups with Azure Bastion.
-services: bastion
 author: cherylmc
-
 ms.service: bastion
 ms.topic: conceptual
 ms.date: 06/21/2021

articles/bastion/bastion-vm-full-screen.md

@@ -2,9 +2,7 @@
 title: 'View virtual machine session full screen in browser'
 titleSuffix: Azure Bastion
 description: Learn how to change the virtual machine view to full screen and back in your browser for an RDP or SSH connection in Azure Bastion.
-services: bastion
 author: cherylmc
-
 ms.service: bastion
 ms.topic: how-to
 ms.date: 10/21/2022

articles/bastion/connect-ip-address.md

@@ -3,7 +3,6 @@ title: 'Connect to a VM - specified private IP address: Azure portal'
 titleSuffix: Azure Bastion
 description: Learn how to connect to your virtual machines using a specified private IP address via Azure Bastion.
 author: cherylmc
-
 ms.service: bastion
 ms.topic: how-to
 ms.date: 04/26/2022

articles/bastion/connect-native-client-windows.md

@@ -2,7 +2,6 @@
 title: 'Connect to a VM using a native client and Azure Bastion'
 titleSuffix: Azure Bastion
 description: Learn how to connect to a VM from a Windows computer by using Bastion and a native client.
-services: bastion
 author: cherylmc
 ms.service: bastion
 ms.topic: how-to