Merge pull request #220720 from MicrosoftDocs/main

Publish to live, Wednesday 4 AM PST 12/07

Author: Maggiemouse1

.openpublishing.redirection.defender-for-cloud.json

@@ -764,6 +764,11 @@
             "source_path_from_root": "/articles/defender-for-cloud/plan-multicloud-security-other-resources.md",
             "redirect_url": "/azure/defender-for-cloud/multicloud",
             "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/defender-for-servers-introduction.md",
+            "redirect_url": "/azure/defender-for-cloud/plan-defender-for-servers",
+            "redirect_document_id": true
         }
       ]
 }

articles/active-directory/develop/msal-android-shared-devices.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 09/30/2021
+ms.date: 12/06/2022
 ms.author: henrymbugua
 ms.reviewer: brandwe
 ms.custom: aaddev, identitypla | Azuretformtop40
@@ -93,8 +93,14 @@ If your application is running in multiple-account mode, and an administrator pu
 
 These Microsoft applications support Azure AD's shared device mode:
 
-* [Microsoft Teams](/microsoftteams/platform/)
-* [Microsoft Managed Home Screen](/mem/intune/apps/app-configuration-managed-home-screen-app) app for Android Enterprise
+- [Microsoft Teams](/microsoftteams/platform/)
+- [Microsoft Managed Home Screen](/mem/intune/apps/app-configuration-managed-home-screen-app) app for Android Enterprise
+- [Microsoft Edge](/microsoft-edge) (in Public Preview)
+- [Yammer](/yammer) (in Public Preview)
+
+> [!IMPORTANT]
+> Public preview is provided without a service-level agreement and isn't recommended for production workloads. Some features might be unsupported or have constrained capabilities. For more information, see [Supplemental terms of use for Microsoft Azure previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
 ## Shared device sign-out and the overall app lifecycle
 
 When a user signs out, you'll need to take action to protect the privacy and data of the user. For example, if you're building a medical records app you'll want to make sure that when the user signs out previously displayed patient records are cleared. Your application must be prepared for data privacy and check every time it enters the foreground.

articles/active-directory/governance/access-reviews-application-preparation.md

@@ -25,7 +25,7 @@ ms.collection: M365-identity-device-management
 
 [Microsoft Entra Identity Governance](identity-governance-overview.md) allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources.
 
-Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use Microsoft Entra access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.  You can also use other features, including terms of use, conditional access and entitlement management, for governing access to applications, as described in [how to govern access to applications in your environment](identity-governance-applications-prepare.md).
+Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.  You can also use other features, including terms of use, conditional access and entitlement management, for governing access to applications, as described in [how to govern access to applications in your environment](identity-governance-applications-prepare.md).
 
 ## Prerequisites for reviewing access
 
@@ -40,7 +40,7 @@ Also, while not required for reviewing access to an application, we recommend al
 
 ## Determine how the application is integrated with Azure AD
 
-In order for Microsoft Entra access reviews to be used for an application, then the application must first be integrated with Azure AD. An application being integrated with Azure AD means one of two requirements must be met:
+In order for access reviews to be used for an application, then the application must first be integrated with Azure AD. An application being integrated with Azure AD means one of two requirements must be met:
 
 * The application relies upon Azure AD for federated SSO, and Azure AD controls authentication token issuance. If Azure AD is the only identity provider for the application, then only users who are assigned to one of the application's roles in Azure AD are able to sign into the application. Those users that are denied by a review lose their application role assignment and can no longer get a new token to sign in to the application.
 * The application relies upon user or group lists that are provided to the application by Azure AD. This fulfillment could be done through a provisioning protocol such as System for Cross-Domain Identity Management (SCIM) or by the application querying Azure AD via Microsoft Graph, or groups that are written to AD DS. Those users that are denied by a review lose their application role assignment or group membership, and when those changes are made available to the application, then the denied users will no longer have access.

articles/active-directory/governance/access-reviews-downloadable-review-history.md

@@ -16,7 +16,7 @@ ms.author: amsliu
 
 # Create and manage downloadable access review history report in Microsoft Entra access reviews
 
-With Microsoft Entra Access Reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.
+With access reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.
 
 ## Who can access and request review history
 

articles/active-directory/governance/access-reviews-overview.md

@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 ms.custom: contperf-fy21q1
 ---
 
-# What are Microsoft Entra access reviews?
+# What are access reviews?
 
 Microsoft Entra access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
 
@@ -51,15 +51,15 @@ Azure AD enables you to collaborate with users from inside your organization and
 
 ## Where do you create reviews?
 
-Depending on what you want to review, you will create your access review in Microsoft Entra access reviews, Azure AD enterprise apps (in preview), Microsoft Entra PIM, or Microsoft Entra entitlement management.
+Depending on what you want to review, you will create your access review in access reviews, Azure AD enterprise apps (in preview), PIM, or entitlement management.
 
 | Access rights of users | Reviewers can be | Review created in | Reviewer experience |
 | --- | --- | --- | --- |
-| Security group members</br>Office group members | Specified reviewers</br>Group owners</br>Self-review | Microsoft Entra access reviews</br>Azure AD groups | Access panel |
-| Assigned to a connected app | Specified reviewers</br>Self-review | Microsoft Entra access reviews</br>Azure AD enterprise apps (in preview) | Access panel |
-| Azure AD role | Specified reviewers</br>Self-review | [Microsoft Entra PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
-| Azure resource role | Specified reviewers</br>Self-review | [Microsoft Entra PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
-| Access package assignments | Specified reviewers</br>Group members</br>Self-review | Microsoft Entra entitlement management | Access panel |
+| Security group members</br>Office group members | Specified reviewers</br>Group owners</br>Self-review | access reviews</br>Azure AD groups | Access panel |
+| Assigned to a connected app | Specified reviewers</br>Self-review | access reviews</br>Azure AD enterprise apps (in preview) | Access panel |
+| Azure AD role | Specified reviewers</br>Self-review | [PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
+| Azure resource role | Specified reviewers</br>Self-review | [PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
+| Access package assignments | Specified reviewers</br>Group members</br>Self-review | entitlement management | Access panel |
 
 ## License requirements
 

articles/active-directory/governance/complete-access-review.md

@@ -17,7 +17,7 @@ ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
 ---
 
-# Complete an access review of groups and applications in Microsoft Entra access reviews
+# Complete an access review of groups and applications in access reviews
 
 As an administrator, you [create an access review of groups or applications](create-access-review.md) and reviewers [perform the access review](perform-access-review.md). This article describes how to see the results of the access review and apply them.
 

articles/active-directory/governance/conditional-access-exclusion.md

@@ -17,7 +17,7 @@ ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
 ---
 
-# Use Microsoft Entra access reviews to manage users excluded from Conditional Access policies
+# Use access reviews to manage users excluded from Conditional Access policies
 
 In an ideal world, all users follow the access policies to secure access to your organization's resources. However, sometimes there are business cases that require you to make exceptions. This article goes over some examples of situations where exclusions may be necessary. You, as the IT administrator, can manage this task, avoid oversight of policy exceptions, and provide auditors with proof that these exceptions are reviewed regularly using Azure Active Directory (Azure AD) access reviews.
 
@@ -142,7 +142,7 @@ that is excluded from the policy. Here is a recommended access review where memb
     ![Create an access review pane for example 2](./media/conditional-access-exclusion/create-access-review-2.png)
 
 >[!IMPORTANT] 
->If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta   endpoint that allows you to create and manage them programmatically. To get started, see the [Microsoft Entra access reviews API reference](/graph/api/resources/accessreviewsv2-overview) and [Example of retrieving Microsoft Entra access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
+>If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta   endpoint that allows you to create and manage them programmatically. To get started, see the [access reviews API reference](/graph/api/resources/accessreviewsv2-overview) and [Example of retrieving access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
 
 ## Access review results and audit logs
 
@@ -160,7 +160,7 @@ Now that you have everything in place, group, Conditional Access policy, and acc
 
     ![Access reviews audit logs listing actions](./media/conditional-access-exclusion/access-reviews-audit-logs.png)
 
-As an IT administrator, you know that managing exclusion groups to your policies is sometimes inevitable. However, maintaining these groups, reviewing them on a regular basis by the business owner or the users themselves, and auditing these changes can be made easier with Microsoft Entra access reviews.
+As an IT administrator, you know that managing exclusion groups to your policies is sometimes inevitable. However, maintaining these groups, reviewing them on a regular basis by the business owner or the users themselves, and auditing these changes can be made easier with access reviews.
 
 ## Next steps
 

articles/active-directory/governance/deploy-access-reviews.md

@@ -442,5 +442,5 @@ For more advanced queries and analysis of access reviews, and to track changes a
 
 Learn about the following related technologies:
 
-* [What is Microsoft Entra entitlement management?](entitlement-management-overview.md)
-* [What is Microsoft Entra Privileged Identity Management?](../privileged-identity-management/pim-configure.md)
+* [What is Microsoft entitlement management?](entitlement-management-overview.md)
+* [What is Microsoft Privileged Identity Management?](../privileged-identity-management/pim-configure.md)

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

@@ -1,6 +1,6 @@
 ---
-title: Change approval settings for an access package in Microsoft Entra entitlement management - Azure Active Directory
-description: Learn how to change approval and requestor information settings for an access package in Azure Active Directory entitlement management.
+title: Change approval settings for an access package in entitlement management - Microsoft Entra
+description: Learn how to change approval and requestor information settings for an access package in entitlement management.
 services: active-directory
 documentationCenter: ''
 author: owinfreyATL
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 #Customer intent: As an administrator, I want detailed information about how I can edit an access package so that requestors have the resources they need to perform their job.
 
 ---
-# Change approval and requestor information settings for an access package in Microsoft Entra entitlement management
+# Change approval and requestor information settings for an access package in entitlement management
 
 As an access package manager, you can change the approval and requestor information settings for an access package at any time by editing an existing policy or adding a new policy for requesting access.
 

articles/active-directory/governance/entitlement-management-access-package-assignments.md

@@ -1,6 +1,6 @@
 ---
-title: View, add, and remove assignments for an access package in Microsoft Entra entitlement management - Azure Active Directory
-description: Learn how to view, add, and remove assignments for an access package in Azure Active Directory entitlement management.
+title: View, add, and remove assignments for an access package in entitlement management - Microsoft Entra
+description: Learn how to view, add, and remove assignments for an access package in entitlement management.
 services: active-directory
 documentationCenter: ''
 author: owinfreyATL
@@ -20,13 +20,13 @@ ms.collection: M365-identity-device-management
 #Customer intent: As an administrator, I want detailed information about how I can edit an access package so that requestors have the resources they need to perform their job.
 
 ---
-# View, add, and remove assignments for an access package in Microsoft Entra entitlement management
+# View, add, and remove assignments for an access package in entitlement management
 
-In Microsoft Entra entitlement management, you can see who has been assigned to access packages, their policy, and status. If an access package has an appropriate policy, you can also directly assign user to an access package. This article describes how to view, add, and remove assignments for access packages.
+In entitlement management, you can see who has been assigned to access packages, their policy, and status. If an access package has an appropriate policy, you can also directly assign user to an access package. This article describes how to view, add, and remove assignments for access packages.
 
 ## Prerequisites
 
-To use Microsoft Entra entitlement management and assign users to access packages, you must have one of the following licenses:
+To use entitlement management and assign users to access packages, you must have one of the following licenses:
 
 
 - Azure AD Premium P2
@@ -111,7 +111,8 @@ In some cases, you might want to directly assign specific users to an access pac
 > When assigning users to an access package, administrators will need to verify that the users are eligible for that access package based on the existing policy requirements. Otherwise, the users won't successfully be assigned to the access package. If the access package contains a policy that requires user requests to be approved, users can't be directly assigned to the package without necessary approval(s) from the designated approver(s).
 
 ## Directly assign any user (Preview)
-Microsoft Entra Entitlement Management also allows you to directly assign external users to an access package to make collaborating with partners easier. To do this, the access package must have a policy that allows users not yet in your directory to request access.
+
+Entitlement management also allows you to directly assign external users to an access package to make collaborating with partners easier. To do this, the access package must have a policy that allows users not yet in your directory to request access.
 
 **Prerequisite role:** Global administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager