Skip to content

Commit 8a6e57b

Browse files
committed
Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into asc-melvyn-20200129
2 parents 66a2485 + b6f0e36 commit 8a6e57b

File tree

50 files changed

+425
-282
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+425
-282
lines changed

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,8 @@ There are three ways to check whether an application is in quarantine:
3434

3535
![Provisioning status bar showing quarantine status](./media/application-provisioning-quarantine-status/progress-bar-quarantined.png)
3636

37+
- In the Azure portal, navigate to **Azure Active Directory** > **Audit Logs** > filter on **Activity: Quarantine** and review the quarantine history. While the view in the progress bar as described above shows whether provisioning is currently in quarantine, the audit logs allow you to see the quarantine history for an application.
38+
3739
- Use the Microsoft Graph request [Get synchronizationJob](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-get?view=graph-rest-beta&tabs=http) to programmatically get the status of the provisioning job:
3840

3941
`GET https://graph.microsoft.com/beta/servicePrincipals/{id}/synchronization/jobs/{jobId}/`
@@ -68,4 +70,4 @@ After you've resolved the issue, restart the provisioning job. Certain changes t
6870

6971
- Use Microsoft Graph to [restart the provisioning job](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http). You'll have full control over what you restart. You can choose to clear escrows (to restart the escrow counter that accrues toward quarantine status), clear quarantine (to remove the application from quarantine), or clear watermarks. Use the following request:
7072

71-
`POST /servicePrincipals/{id}/synchronization/jobs/{jobId}/restart`
73+
`POST /servicePrincipals/{id}/synchronization/jobs/{jobId}/restart`

articles/active-directory/authentication/concept-authentication-passwordless.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ Allow your employee's phone to become a passwordless authentication method. You
5757

5858
![Sign in to Microsoft Edge with the Microsoft Authenticator app](./media/concept-authentication-passwordless/concept-web-sign-in-microsoft-authenticator-app.png)
5959

60-
The Authenticator App turns any iOS or Android phone into a strong, passwordless credential. Users can sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm.
60+
The Authenticator App turns any iOS or Android phone into a strong, passwordless credential. Users can sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm. Please refer to [Download and install the Microsoft Authenticator app](https://docs.microsoft.com/azure/active-directory/user-help/user-help-auth-app-download-install) for installation details.
6161

6262
Passwordless authentication using the Authenticator App follows the same basic pattern as Windows Hello for Business. It's a little more complicated as the user needs to be identified so that Azure AD can find the Microsoft Authenticator App version being used:
6363

articles/active-directory/develop/app-registration-portal-training-guide.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,15 @@ title: New Azure portal app registration experience
33
titleSuffix: Microsoft identity platform
44
description: An introduction to the new App registration experience in the Azure portal
55
services: active-directory
6-
author: archieag
6+
author: mmacy
77
manager: CelesteDG
88

99
ms.service: active-directory
1010
ms.subservice: develop
1111
ms.workload: identity
1212
ms.topic: conceptual
1313
ms.date: 11/8/2019
14-
ms.author: aragra
14+
ms.author: marsma
1515
ms.reviewer: lenalepa, alamaral
1616
ms.custom: aaddev
1717
---
@@ -29,7 +29,7 @@ There are many improvements in the new [App registrations](https://go.microsoft.
2929
check the signed in user in the Azure portal matches the user that
3030
was signed into the Application registration portal by comparing the
3131
email address from your profile.
32-
>
32+
>
3333
> In some cases, especially when you sign in using personal Microsoft
3434
accounts(e.g. Outlook, Live, Xbox, etc.) with an Azure AD email address, we found out that when you
3535
go to the Azure portal from the old experience, it signs you into a
@@ -129,7 +129,7 @@ desktop). [Learn more](quickstart-configure-app-access-web-apis.md#add-redirect-
129129

130130
Web APIs are configured in Expose an API page.
131131

132-
> [!NOTE]
132+
> [!NOTE]
133133
> Try out the new Authentication settings experience where you can
134134
configure settings for your application based on the platform or device
135135
that you want to target. [Learn more](quickstart-configure-app-access-web-apis.md#configure-platform-settings-for-your-application)
@@ -143,8 +143,8 @@ that you want to target. [Learn more](quickstart-configure-app-access-web-apis.m
143143
Microsoft APIs, APIs my organization uses, or My APIs. The search
144144
bar on APIs my organization uses tab searches through service
145145
principals in the tenant.
146-
147-
> [!NOTE]
146+
147+
> [!NOTE]
148148
> You won't see this tab if your application isn't
149149
associated with a tenant. For more info on how to request
150150
permissions using the new experience, see [this

articles/active-directory/develop/app-registrations-training-guide-for-app-registrations-legacy-users.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
title: New Azure portal app registration training guide
33
description: Introduces the new Azure portal App registration experience
44
services: active-directory
5-
author: archieag
5+
author: mmacy
66
manager: CelesteDG
77

88
ms.service: active-directory
99
ms.subservice: develop
1010
ms.workload: identity
1111
ms.topic: conceptual
1212
ms.date: 10/25/2019
13-
ms.author: aragra
13+
ms.author: marsma
1414
ms.reviewer: lenalepa, keyam
1515
ms.custom: aaddev
1616
---

articles/active-directory/develop/reference-aadsts-error-codes.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ Search on the numeric part of the returned error code. For example, if you rece
270270
| AADSTS1000000 | UserNotBoundError - The Bind API requires the Azure AD user to also authenticate with an external IDP, which hasn't happened yet. |
271271
| AADSTS1000002 | BindCompleteInterruptError - The bind completed successfully, but the user must be informed. |
272272
| AADSTS7000112 | UnauthorizedClientApplicationDisabled - The application is disabled. |
273+
| AADSTS7500529 | The value ‘SAMLId-Guid’ is not a valid SAML ID - Azure AD uses this attribute to populate the InResponseTo attribute of the returned response. ID must not begin with a number, so a common strategy is to prepend a string like "id" to the string representation of a GUID. For example, id6c1c178c166d486687be4aaf5e482730 is a valid ID. |
273274

274275
## Next steps
275276

articles/automation/shared-resources/variables.md

Lines changed: 39 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,9 @@ Automation variables are useful for the following scenarios:
2222

2323
- Managing a value used by runbooks or DSC configurations from the portal or from the PowerShell command line. An example is a set of common configuration items, such as a specific list of VM names, a specific resource group, an AD domain name, and more.
2424

25-
Since Automation variables are persisted, they are available even if the runbook or DSC configuration fails. This behavior allows one runbook or DSC configuration to set a value that is then used by another runbook, or by the same runbook or DSC configuration the next time it runs.
25+
Azure Automation persists variables and makes them available even if a runbook or DSC configuration fails. This behavior allows one runbook or DSC configuration to set a value that is then used by another runbook, or by the same runbook or DSC configuration the next time it runs.
2626

27-
When creating a variable, you can specify its encryption and storage by Azure Automation as a secure asset. Other secure assets include credentials, certificates, and connections. Azure Automation encrypts these assets and stores them using a unique key that is generated for each Automation account. The key is stored in a system-managed Key Vault. Before storing a secure asset, Azure Automation loads the key from the Key Vault and then uses it to encrypt the asset.
28-
29-
Azure Automation stores each encrypted variable securely. Its value can't be retrieved using the [Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) cmdlet that ships as part of the Azure PowerShell module. The only way to retrieve an encrypted value is by using the `Get-AutomationVariable` activity in a runbook or DSC configuration.
27+
Azure Automation stores each encrypted variable securely. When creating a variable, you can specify its encryption and storage by Azure Automation as a secure asset. Other secure assets include credentials, certificates, and connections. Azure Automation encrypts these assets and stores them using a unique key that is generated for each Automation account. The key is stored in a system-managed Key Vault. Before storing a secure asset, Azure Automation loads the key from the Key Vault and then uses it to encrypt the asset.
3028

3129
>[!NOTE]
3230
>This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [Introducing the new Azure PowerShell Az module](https://docs.microsoft.com/powershell/azure/new-azureps-module-az?view=azps-3.5.0). For Az module installation instructions on your Hybrid Runbook Worker, see [Install the Azure PowerShell Module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-3.5.0). For your Automation account, you can update your modules to the latest version using [How to update Azure PowerShell modules in Azure Automation](../automation-update-azure-modules.md).
@@ -41,26 +39,26 @@ When you create a variable with the Azure portal, you must specify a data type f
4139
* Boolean
4240
* Null
4341

44-
The variable isn't restricted to the designated data type. You must set the variable using Windows PowerShell if you want to specify a value of a different type. If you indicate **Not defined**, the value of the variable is set to Null, and you must set the value with the [Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0) cmdlet or the `Set-AutomationVariable` activity.
42+
The variable isn't restricted to the designated data type. You must set the variable using Windows PowerShell if you want to specify a value of a different type. If you indicate `Not defined`, the value of the variable is set to Null, and you must set the value with the [Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0) cmdlet or the `Set-AutomationVariable` activity.
4543

4644
You can't use the portal to create or change the value for a complex variable type. However, you can provide a value of any type using Windows PowerShell. Complex types are retrieved as a [PSCustomObject](/dotnet/api/system.management.automation.pscustomobject).
4745

48-
You can store multiple values to a single variable by creating an array or hashtable and saving it to a variable.
46+
You can store multiple values to a single variable by creating an array or hashtable and saving it to the variable.
4947

5048
## PowerShell cmdlets that create and manage variable assets
5149

5250
For the Az module, the cmdlets in the following table are used to create and manage Automation variable assets with Windows PowerShell. They ship as part of the [Az.Automation module](/powershell/azure/overview), which is available for use in Automation runbooks and DSC configurations.
5351

5452
| Cmdlet | Description |
5553
|:---|:---|
56-
|[Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) | Retrieves the value of an existing variable.|
54+
|[Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) | Retrieves the value of an existing variable. You can't use this cmdlet to retrieve the value of an encrypted variable. The only way to do this is by using the `Get-AutomationVariable` activity in a runbook or DSC configuration. |
5755
|[New-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/new-azautomationvariable?view=azps-3.5.0) | Creates a new variable and sets its value.|
5856
|[Remove-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/remove-azautomationvariable?view=azps-3.5.0)| Removes an existing variable.|
59-
|[Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0)| Sets the value for an existing variable.|
57+
|[Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0)| Sets the value for an existing variable. |
6058

61-
## Activities to access variables
59+
## Activities to access variables in runbooks and DSC configurations
6260

63-
The activities in the following table are used to access variables in runbooks and DSC configurations. The difference between `Get-AzAutomationVariable` and `Get-AutomationVariable` is explained for encrypted variables at the start of this article.
61+
The activities in the following table are used to access variables in runbooks and DSC configurations. The cmdlets for these activities come with the global module `Orchestrator.AssetManagement.Cmdlets`.
6462

6563
| Activity | Description |
6664
|:---|:---|
@@ -70,30 +68,47 @@ The activities in the following table are used to access variables in runbooks a
7068
> [!NOTE]
7169
> Avoid using variables in the `Name` parameter of `Get-AutomationVariable` in a runbook or DSC configuration. Use of this parameter can complicate the discovery of dependencies between runbooks or DSC configurations and Automation variables at design time.
7270
73-
The functions in the following table are used to access and retrieve variables in a Python2 runbook.
71+
Note that `Get-AutomationVariable` does not work in PowerShell, but only in a runbook or DSC configuration. For example, to see the value of an encrypted variable, you might create a runbook to get the variable and then write it to the output stream:
72+
73+
```powershell
74+
$testEncryptVar = Get-AutomationVariable -Name TestVariable
75+
Write-output "The encrypted variable value is: $testEncryptVar"
76+
```
77+
78+
## Functions to access variables in Python 2 runbooks
7479

75-
|Python2 Functions|Description|
80+
The functions in the following table are used to access variables in a Python 2 runbook.
81+
82+
|Python 2 Functions|Description|
7683
|:---|:---|
7784
|`automationassets.get_automation_variable`|Retrieves the value of an existing variable. |
7885
|`automationassets.set_automation_variable`|Sets the value for an existing variable. |
7986

8087
> [!NOTE]
8188
> You must import the `automationassets` module at the top of your Python runbook to access the asset functions.
8289
83-
## Creating a new Automation variable
90+
## Working with Automation variables
91+
92+
>[!NOTE]
93+
>If you want to remove the encryption for a variable, you must delete the variable and recreate it as unencrypted.
8494
8595
### Create a new variable using the Azure portal
8696

8797
1. From your Automation account, click the **Assets** tile, then the **Assets** blade, and select **Variables**.
8898
2. On the **Variables** tile, select **Add a variable**.
8999
3. Complete the options on the **New Variable** blade and then click **Create** to save the new variable.
90100

91-
>[!NOTE]
92-
>If you want to remove the encryption for a variable, you must delete the variable and recreate it as unencrypted.
101+
> [!NOTE]
102+
> Once you have saved an encrypted variable, it can't be viewed in the portal. It can only be updated.
103+
104+
### Create and use a variable in Windows PowerShell
93105

94-
### Create a new variable with Windows PowerShell
106+
A PowerShell script uses the `New-AzAutomationVariable` cmdlet, or its AzureRM module equivalent, to create a new variable and set its initial value. If the variable is encrypted, the call should use the `Encrypted` parameter.
95107

96-
The script uses the `New-AzAutomationVariable` cmdlet to create a new variable and set its initial value. It can then retrieve the value using `Get-AzAutomationVariable`. If the value is a simple type, then that same type is retrieved. If it's a complex type, then a `PSCustomObject` type is retrieved.
108+
The script retrieves the value of the variable using [Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0). If the value is a simple type, the cmdlet retrieves that same type. If it's a complex type, a `PSCustomObject` type is retrieved.
109+
110+
>[!NOTE]
111+
>A PowerShell script can't retrieve an encrypted value. The only way to do this is to use a `Get-AutomationVariable` activity in a runbook or DSC configuration.
97112
98113
The following example shows how to create a variable of type String and then return its value.
99114

@@ -105,7 +120,7 @@ $string = (Get-AzAutomationVariable -ResourceGroupName "ResourceGroup01" `
105120
–AutomationAccountName "MyAutomationAccount" –Name 'MyStringVariable').Value
106121
```
107122

108-
The following example shows how to create a variable with a complex type and then retrieves its properties. In this case, a virtual machine object from [Get-AzVM](https://docs.microsoft.com/powershell/module/Az.Compute/Get-AzVM?view=azps-3.5.0) is used.
123+
The following example shows how to create a variable with a complex type and then retrieve its properties. In this case, a virtual machine object from [Get-AzVM](https://docs.microsoft.com/powershell/module/Az.Compute/Get-AzVM?view=azps-3.5.0) is used.
109124

110125
```powershell
111126
$vm = Get-AzVM -ResourceGroupName "ResourceGroup01" –Name "VM01"
@@ -117,13 +132,12 @@ $vmName = $vmValue.Name
117132
$vmIpAddress = $vmValue.IpAddress
118133
```
119134

120-
## Using a variable in a runbook or DSC configuration
135+
### Create and use a variable in a runbook or DSC configuration
121136

122-
Use the `Set-AutomationVariable` activity to set the value of an Automation variable in a PowerShell runbook or DSC configuration, and the `Get-AutomationVariable` to retrieve it. You shouldn't use the `Set-AzAutomationVariable` and `Get-AzAutomationVariable` cmdlets or their AzureRM module equivalents in a runbook or DSC configuration, since they are less efficient than the workflow activities.
137+
The only way to create a new variable from within a runbook or DSC configuration is to use the `New-AzAutomationVariable` cmdlet, or its AzureRM module equivalent. The script uses this cmdlet to set the initial value of the variable. The script can then retrieve the value using `Get-AzAutomationVariable`. If the value is a simple type, that same type is retrieved. If it's a complex type, then a `PSCustomObject` type is retrieved.
123138

124-
Note that you can't retrieve the value of a secure variable with `Get-AzAutomationVariable` or its AzureRM module equivalent.
125-
126-
The only way to create a new variable from within a runbook or DSC configuration is to use the `New-AzAutomationVariable` cmdlet.
139+
>[!NOTE]
140+
>The only way to retrieve an encrypted value is by using the `Get-AutomationVariable` activity in the runbook or DSC configuration.
127141
128142
### Textual runbook samples
129143

@@ -144,9 +158,9 @@ for ($i = 1; $i -le $NumberOfIterations; $i++) {
144158
Set-AzAutomationVariable -ResourceGroupName "ResourceGroup01" –AutomationAccountName "MyAutomationAccount" –Name NumberOfRunnings –Value ($NumberOfRunnings += 1)
145159
```
146160

147-
#### Set and retrieve a variable in a Python2 runbook
161+
#### Set and retrieve a variable in a Python 2 runbook
148162

149-
The following sample shows how to use a variable, set a variable, and handle an exception for a nonexistent variable in a Python2 runbook.
163+
The following sample shows how to use a variable, set a variable, and handle an exception for a nonexistent variable in a Python 2 runbook.
150164

151165
```python
152166
import automationassets

0 commit comments

Comments
 (0)