Merge pull request #236490 from MicrosoftDocs/main

5/01 PM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -1,5 +1,15 @@
 {
   "redirections": [
+    {
+      "source_path_from_root": "/articles/active-directory/develop/active-directory-jwt-claims-customization.md",
+      "redirect_url": "/azure/active-directory/develop/jwt-claims-customization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/active-directory-saml-claims-customization.md",
+      "redirect_url": "/azure/active-directory/develop/saml-claims-customization",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/develop/active-directory-claims-mapping.md",
       "redirect_url": "/azure/active-directory/develop/active-directory-saml-claims-customization",

articles/active-directory/app-provisioning/workday-integration-reference.md

@@ -21,7 +21,7 @@ Azure Active Directory (Azure AD) Application Proxy natively supports single sig
 
 * **No additional software or changes to your apps** - You can use your existing Application Proxy connectors and it doesn't require any additional software to be installed.  
 
-* **Wide list of attributes and transformations available** - All header values available are based on standard claims that are issued by Azure AD. All attributes and transformations available for [configuring claims for SAML or OIDC applications](../develop/active-directory-saml-claims-customization.md#attributes) are also available to be used as header values. 
+* **Wide list of attributes and transformations available** - All header values available are based on standard claims that are issued by Azure AD. All attributes and transformations available for [configuring claims for SAML or OIDC applications](../develop/saml-claims-customization.md#attributes) are also available to be used as header values. 
 
 ## Pre-requisites
 Before you get started with single sign-on for header-based authentication apps, make sure your environment is ready with the following settings and configurations:
@@ -72,8 +72,8 @@ Before you get started with single sign-on for header-based applications, you sh
 3. In Basic Configuration, **Azure Active Directory**, will be selected as the default. 
 4. Select the edit pencil, in Headers to configure headers to send to the application. 
 5. Select **Add new header**. Provide a **Name** for the header and select either **Attribute** or **Transformation** and select from the drop-down which header your application needs.  
-    - To learn more about the list of attribute available, see [Claims Customizations- Attributes](../develop/active-directory-saml-claims-customization.md#attributes). 
-    - To learn more about the list of transformation available, see [Claims Customizations- Claim Transformations](../develop/active-directory-saml-claims-customization.md#claim-transformations). 
+    - To learn more about the list of attribute available, see [Claims Customizations- Attributes](../develop/saml-claims-customization.md#attributes). 
+    - To learn more about the list of transformation available, see [Claims Customizations- Claim Transformations](../develop/saml-claims-customization.md#claim-transformations). 
     - You may also add a **Group Header**, to send all the groups a user is part of, or the groups assigned to the application as a header. To learn more about configuring groups as a value see: [Configure group claims for applications](../hybrid/how-to-connect-fed-group-claims.md#add-group-claims-to-tokens-for-saml-applications-using-sso-configuration). 
 6. Select Save. 
 

articles/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers.md

@@ -102,6 +102,17 @@ Multiple Conditional Access policies may prompt users for their GPS location bef
 
 Some IP addresses don't map to a specific country or region. To capture these IP locations, check the box **Include unknown countries/regions** when defining a geographic location. This option allows you to choose if these IP addresses should be included in the named location. Use this setting when the policy using the named location should apply to unknown locations.
 
+### Define locations
+
+1. Sign in to the **Azure portal** as a Conditional Access Administrator or Security Administrator.
+1. Browse to **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**.
+1. Choose **New location**.
+1. Give your location a name.
+1. Choose **IP ranges** if you know the specific externally accessible IPv4 address ranges that make up that location or **Countries/Regions**.
+   1. Provide the **IP ranges** or select the **Countries/Regions** for the location you're specifying.
+      * If you choose Countries/Regions, you can optionally choose to include unknown areas.
+1. Choose **Save**
+
 ## Location condition in policy
 
 When you configure the location condition, you can distinguish between:

articles/active-directory/conditional-access/location-condition.md

@@ -443,9 +443,9 @@
             - name: Configure role claim
               href: active-directory-enterprise-app-role-management.md
             - name: Customize JWT claims
-              href: active-directory-jwt-claims-customization.md
+              href: jwt-claims-customization.md
             - name: Customize SAML claims
-              href: active-directory-saml-claims-customization.md
+              href: saml-claims-customization.md
             - name: Set an access token lifetime policy
               href: configure-token-lifetimes.md
             - name: Directory extension attributes

articles/active-directory/develop/TOC.yml

@@ -164,4 +164,4 @@ To delete an existing role, perform the following steps:
 
 ## Next steps
 
-- For information about customizing claims, see [Customize claims issued in the SAML token for enterprise applications](active-directory-saml-claims-customization.md).
+- For information about customizing claims, see [Customize claims issued in the SAML token for enterprise applications](saml-claims-customization.md).

articles/active-directory/develop/active-directory-enterprise-app-role-management.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/04/2023
+ms.date: 05/01/2023
 ms.author: ryanwi
 ms.custom: identityplatformtop40, contperf-fy21q2, engagement-fy23
 ms.reviewer: ludwignick
@@ -29,6 +29,8 @@ To get started, download the latest [Microsoft Graph PowerShell SDK](/powershell
 In the following steps, you'll create a policy that requires users to authenticate less frequently in your web app. This policy sets the lifetime of the access/ID tokens for your web app.
 
 ```powershell
+Install-Module Microsoft.Graph
+
 Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration","Policy.Read.All","Application.ReadWrite.All"
 
 # Create a token lifetime policy