MicrosoftDocs
diff --git a/‎README.md
Lines changed: 5 additions & 11 deletions b/‎README.md
Lines changed: 5 additions & 11 deletions
diff --git a/‎articles/active-directory/conditional-access/service-dependencies.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/conditional-access/service-dependencies.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/develop/test-automate-integration-testing.md
Lines changed: 47 additions & 48 deletions b/‎articles/active-directory/develop/test-automate-integration-testing.md
Lines changed: 47 additions & 48 deletions
diff --git a/‎articles/active-directory/identity-protection/TOC.yml
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/identity-protection/TOC.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/identity-protection/howto-identity-protection-graph-api.md
Lines changed: 42 additions & 60 deletions b/‎articles/active-directory/identity-protection/howto-identity-protection-graph-api.md
Lines changed: 42 additions & 60 deletions
diff --git a/‎articles/azure-arc/servers/learn/quick-enable-hybrid-vm.md
Lines changed: 1 addition & 3 deletions b/‎articles/azure-arc/servers/learn/quick-enable-hybrid-vm.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎articles/azure-vmware/vmware-hcx-mon-guidance.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-vmware/vmware-hcx-mon-guidance.md
Lines changed: 1 addition & 1 deletion
@@ -10,19 +10,13 @@ Contributing to open source is more than just providing updates, it's also about
 
 You've decided to contribute, that's great! To contribute to the documentation, you need a few tools.
 
-Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for the [GitHub account setup](/contribute/get-started-setup-github) from our contributor guide.
+#### Github
 
-#### Download
+Contributing to the documentation requires a GitHub account. If you don't have an account, follow the instructions for [GitHub account setup](https://docs.microsoft.com/contribute/get-started-setup-github) from our contributor guide.
 
-Install the following tools:
+#### Tools
 
-* [Git](https://git-scm.com/download)
-* [Visual Studio Code](https://code.visualstudio.com/Download)
-* [Docs Authoring Pack](https://marketplace.visualstudio.com/items?itemName=docsmsft.docs-authoring-pack) extension for Visual Studio Code
-
-#### Install
-
-Follow the instructions provided in the [Install content authoring tools](/contribute/get-started-setup-tools) from our contributor guide.
+To install necessary tools, follow the instructions for [Install content authoring tools](https://docs.microsoft.com/contribute/get-started-setup-tools) from our contributor guide.
 
 ## License
 
@@ -31,4 +25,4 @@ Please refer to [LICENSE](LICENSE), [LICENSE-CODE](LICENSE-CODE) and [ThirdParty
 ## Code of Conduct
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
+For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
@@ -61,6 +61,7 @@ The below table lists some more service dependencies, where the client apps must
 |                     | Windows Azure Active Directory              | Early-bound |
 |                     | SharePoint                                  | Early-bound |
 |                     | Exchange                                    | Early-bound |
+| Power Automate      | Power Apps                                  | Early-bound |
 | Project             | Dynamics CRM                                | Early-bound |
 | Skype for Business  | Exchange                                    | Early-bound |
 | Visual Studio       | Microsoft Azure Management (portal and API) | Early-bound |
 
@@ -175,56 +175,56 @@ using System;
 
 public class ClientFixture : IAsyncLifetime
 {
-public HttpClient httpClient;
+    public HttpClient httpClient;
 
-public async Task InitializeAsync()
-{
-    var builder = new ConfigurationBuilder().AddJsonFile("<path-to-json-file>");
+    public async Task InitializeAsync()
+    {
+        var builder = new ConfigurationBuilder().AddJsonFile("<path-to-json-file>");
 
-    IConfigurationRoot Configuration = builder.Build();
+        IConfigurationRoot Configuration = builder.Build();
 
-            var PublicClientApplicationOptions = new PublicClientApplicationOptions();
-            Configuration.Bind("Authentication", PublicClientApplicationOptions);
-            var app = PublicClientApplicationBuilder.CreateWithApplicationOptions(PublicClientApplicationOptions)
-                .Build();
+        var PublicClientApplicationOptions = new PublicClientApplicationOptions();
+        Configuration.Bind("Authentication", PublicClientApplicationOptions);
+        var app = PublicClientApplicationBuilder.CreateWithApplicationOptions(PublicClientApplicationOptions)
+            .Build();
 
-            SecretClientOptions options = new SecretClientOptions()
-            {
-                Retry =
+        SecretClientOptions options = new SecretClientOptions()
+        {
+            Retry =
                 {
                     Delay= TimeSpan.FromSeconds(2),
                     MaxDelay = TimeSpan.FromSeconds(16),
                     MaxRetries = 5,
                     Mode = RetryMode.Exponential
                  }
-            };
+        };
 
-            string keyVaultUri = Configuration.GetValue<string>("KeyVault:KeyVaultUri");
-            var client = new SecretClient(new Uri(keyVaultUri), new DefaultAzureCredential(), options);
+        string keyVaultUri = Configuration.GetValue<string>("KeyVault:KeyVaultUri");
+        var client = new SecretClient(new Uri(keyVaultUri), new DefaultAzureCredential(), options);
 
-            KeyVaultSecret userNameSecret = client.GetSecret("TestUserName");
-            KeyVaultSecret passwordSecret = client.GetSecret("TestPassword");
+        KeyVaultSecret userNameSecret = client.GetSecret("TestUserName");
+        KeyVaultSecret passwordSecret = client.GetSecret("TestPassword");
 
-            string password = passwordSecret.Value;
-            string username = userNameSecret.Value;
-            string[] scopes = Configuration.GetSection( "WebAPI:Scopes").Get<string[]>();
-            SecureString securePassword = new NetworkCredential("", password).SecurePassword;
+        string password = passwordSecret.Value;
+        string username = userNameSecret.Value;
+        string[] scopes = Configuration.GetSection("WebAPI:Scopes").Get<string[]>();
+        SecureString securePassword = new NetworkCredential("", password).SecurePassword;
 
-            AuthenticationResult result = null;
-            httpClient = new HttpClient();
+        AuthenticationResult result = null;
+        httpClient = new HttpClient();
 
-    try
-    {
-        result = await app.AcquireTokenByUsernamePassword(scopes, username, securePassword)
-            .ExecuteAsync();
-    }
-    catch (MsalException) { }
+        try
+        {
+            result = await app.AcquireTokenByUsernamePassword(scopes, username, securePassword)
+                .ExecuteAsync();
+        }
+        catch (MsalException) { }
 
-    string accessToken = result.AccessToken;
-    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
-}
+        string accessToken = result.AccessToken;
+        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
+    }
 
-public Task DisposeAsync() => Task.CompletedTask;
+    public Task DisposeAsync() => Task.CompletedTask;
 }
 ```
 
@@ -235,21 +235,20 @@ The following example is a test that calls Microsoft Graph.  Replace this test w
 ```csharp
 public class ApiTests : IClassFixture<ClientFixture>
 {
-ClientFixture clientFixture;
-
-public ApiTests(ClientFixture clientFixture)
-{
-    this.clientFixture = clientFixture;
-}
+    ClientFixture clientFixture;
 
+    public ApiTests(ClientFixture clientFixture)
+    {
+        this.clientFixture = clientFixture;
+    }
 
-[Fact]
-public async Task GetRequestTest()
-{
-    var testClient = clientFixture.httpClient;
-    HttpResponseMessage response = await testClient.GetAsync("https://graph.microsoft.com/v1.0/me");
-    var responseCode = response.StatusCode.ToString();
-    Assert.Equal("OK", responseCode);
-}
+    [Fact]
+    public async Task GetRequestTest()
+    {
+        var testClient = clientFixture.httpClient;
+        HttpResponseMessage response = await testClient.GetAsync("https://graph.microsoft.com/v1.0/me");
+        var responseCode = response.StatusCode.ToString();
+        Assert.Equal("OK", responseCode);
+    }
 }
-```
+```
@@ -40,7 +40,7 @@
       href: howto-identity-protection-remediate-unblock.md
     - name: Export risk data
       href: howto-export-risk-data.md
-    - name: Use the Microsoft Graph API
+    - name: Use the Microsoft Graph PowerShell 
       href: howto-identity-protection-graph-api.md
   - name: Provide feedback on risk detections
     href: howto-identity-protection-risk-feedback.md
 
@@ -15,83 +15,65 @@ ms.reviewer: sahandle
 
 ms.collection: M365-identity-device-management
 ---
-# Azure Active Directory Identity Protection and the Microsoft Graph PowerShell SDK
+# Azure Active Directory Identity Protection and the Microsoft Graph PowerShell 
 
-Microsoft Graph is the Microsoft unified API endpoint and the home of [Azure Active Directory Identity Protection](./overview-identity-protection.md) APIs. This article will show you how to use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started) to get risky user details using PowerShell. Organizations that want to query the Microsoft Graph APIs directly can use the article, [Tutorial: Identify and remediate risks using Microsoft Graph APIs](/graph/tutorial-riskdetection-api) to begin that journey.
+Microsoft Graph is the Microsoft unified API endpoint and the home of [Azure Active Directory Identity Protection](./overview-identity-protection.md) APIs. This article will show you how to use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started) to manage risky users using PowerShell. Organizations that want to query the Microsoft Graph APIs directly can use the article, [Tutorial: Identify and remediate risks using Microsoft Graph APIs](/graph/tutorial-riskdetection-api) to begin that journey.
 
-## Connect to Microsoft Graph
+To successfully complete this tutorial, make sure you have the required prerequisites:
 
-There are four steps to accessing Identity Protection data through Microsoft Graph:
-
-1. [Create a certificate](#create-a-certificate)
-1. [Create a new app registration](#create-a-new-app-registration)
-1. [Configure API permissions](#configure-api-permissions)
-1. [Configure a valid credential](#configure-a-valid-credential)
-
-### Create a certificate
-
-In a production environment you would use a certificate from your production Certificate Authority, but in this sample we'll use a self-signed certificate. Create and export the certificate using the following PowerShell commands.
+- Microsoft Graph PowerShell SDK is installed. Follow the [installation guide](/powershell/microsoftgraph/installation?view=graph-powershell-1.0) for more info on how to do this.
+- Identity Protection is available in the beta version of Microsoft Graph PowerShell. Run the following command to set your profile to beta.
+   ```powershell
+   # Connect to Graph beta Endpoint
+   Select-MgProfile -Name 'beta'
+   ```
+- Microsoft Graph PowerShell using a global administrator role and the appropriate permissions. The IdentityRiskEvent.Read.All, IdentityRiskyUser.ReadWrite.All Or IdentityRiskyUser.ReadWrite.All delegated permissions are required. To set the permissions to IdentityRiskEvent.Read.All and IdentityRiskyUser.ReadWrite.All, run:
+   ```powershell
+   Connect-MgGraph -Scopes "IdentityRiskEvent.Read.All","IdentityRiskyUser.ReadWrite.All"
+   ```
 
+Or, if you use app-only authentication, you may follow this [guide](/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=azure-portal). To register an application with the required application permissions, prepare a certificate and run:
 ```powershell
-$cert = New-SelfSignedCertificate -Subject "CN=MSGraph_ReportingAPI" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
-Export-Certificate -Cert $cert -FilePath "C:\Reporting\MSGraph_ReportingAPI.cer"
+Connect-MgGraph -ClientID YOUR_APP_ID -TenantId YOUR_TENANT_ID -CertificateName YOUR_CERT_SUBJECT ## Or -CertificateThumbprint instead of -CertificateName
 ```
 
-### Create a new app registration
-
-1. In the Azure portal, browse to **Azure Active Directory** > **App registrations**.
-1. Select **New registration**.
-1. On the **Create** page, perform the following steps:
-   1. In the **Name** textbox, type a name for your application (for example: Azure AD Risk Detection API).
-   1. Under **Supported account types**, select the type of accounts that will use the APIs.
-   1. Select **Register**.
-1. Take note of the **Application (client) ID** and **Directory (tenant) ID** as you'll need these items later.
-
-### Configure API permissions
-
-In this example, we configure application permissions allowing this sample to be used unattended. If granting permissions to a user who will be logged on, choose delegated permissions instead. More information about different permission types can be found in the article, [Permissions and consent in the Microsoft identity platform](../develop/v2-permissions-and-consent.md#permission-types).
-
-1. From the **Application** you created, select **API permissions**.
-1. On the **Configured permissions** page, in the toolbar on the top, click **Add a permission**.
-1. On the **Add API access** page, click **Select an API**.
-1. On the **Select an API** page, select **Microsoft Graph**, and then click **Select**.
-1. On the **Request API permissions** page: 
-   1. Select **Application permissions**.
-   1. Select the checkboxes next to `IdentityRiskEvent.Read.All` and `IdentityRiskyUser.Read.All`.
-   1. Select **Add permissions**.
-1. Select **Grant admin consent for domain** 
-
-### Configure a valid credential
+## List risky detections using PowerShell
+You can retrieve the risk detections by the properties of a risk detection in Identity Protection.
+```powershell
+# List all anonymizedIPAddress risk detections
+Get-MgRiskDetection -Filter "RiskType eq 'anonymizedIPAddress'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
 
-1. From the **Application** you created, select **Certificates & secrets**.
-1. Under **certificates**, select **Upload certificate**.
-   1. Select the previously exported certificate from the window that opens.
-   1. Select **Add**.
-1. Take note of the **Thumbprint** of the certificate as you'll need this information in the next step.
+# List all high risk detections for the user 'User01'
+Get-MgRiskDetection -Filter "UserDisplayName eq 'User01' and Risklevel eq 'high'" | Format-Table UserDisplayName, RiskType, RiskLevel, DetectedDateTime
 
+```
 ## List risky users using PowerShell
-
-To enable the ability to query Microsoft Graph, we need to install the `Microsoft.Graph` module in our PowerShell window, using the `Install-Module Microsoft.Graph` command.
-
-Modify the following variables to include the information generated in the previous steps, then run them as a whole to get risky user details using PowerShell.
-
+You can retrieve the risky users and their risky histories in Identity Protection. 
 ```powershell
-$ClientID       = "<your client ID here>"        # Application (client) ID gathered when creating the app registration
-$tenantdomain   = "<your tenant domain here>"    # Directory (tenant) ID gathered when creating the app registration
-$Thumbprint     = "<your client secret here>"    # Certificate thumbprint gathered when configuring your credential
+# List all high risk users
+Get-MgRiskyUser -Filter "RiskLevel eq 'high'" | Format-Table UserDisplayName, RiskDetail, RiskLevel, RiskLastUpdatedDateTime
 
-Select-MgProfile -Name "beta"
-  
-Connect-MgGraph -ClientId $ClientID -TenantId $tenantdomain -CertificateThumbprint $Thumbprint
+#  List history of a specific user with detailed risk detection
+Get-MgRiskyUserHistory -RiskyUserId 375844b0-2026-4265-b9f1-ee1708491e05| Format-Table RiskDetail, RiskLastUpdatedDateTime, @{N="RiskDetection";E={($_). Activity.RiskEventTypes}}, RiskState, UserDisplayName
 
-Get-MgRiskyUser -All
 ```
-
+## Confirm users compromised using Powershell
+You can confirm users compromised and flag them as high risky users in Identity Protection.
+```powershell
+# Confirm Compromised on two users
+Confirm-MgRiskyUserCompromised -UserIds "577e09c1-5f26-4870-81ab-6d18194cbb51","bf8ba085-af24-418a-b5b2-3fc71f969bf3"
+```
+## Dimiss risky users using Powershell
+You can bulk dismiss risky users in Identity Protection.
+```powershell
+# Get a list of high risky users which are more than 90 days old
+$riskyUsers= Get-MgRiskyUser -Filter "RiskLevel eq 'high'" | where RiskLastUpdatedDateTime -LT (Get-Date).AddDays(-90)
+# bulk dimmiss the risky users
+Invoke-MgDismissRiskyUser -UserIds $riskyUsers.Id
+```
 ## Next steps
 
 - [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started)
 - [Tutorial: Identify and remediate risks using Microsoft Graph APIs](/graph/tutorial-riskdetection-api)
 - [Overview of Microsoft Graph](https://developer.microsoft.com/graph/docs)
-- [Get access without a user](/graph/auth-v2-service)
-- [Azure AD Identity Protection Service Root](/graph/api/resources/identityprotectionroot)
 - [Azure Active Directory Identity Protection](./overview-identity-protection.md)
@@ -16,7 +16,7 @@ In this quickstart, you'll deploy and configure the Azure Connected Machine agen
 
 * An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 * Deploying the Connected Machine agent on a machine requires that you have administrator permissions to install and configure the agent. On Linux this is done by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
-* The Microsoft.HybridCompute, Microsoft.GuestConfiguration, and Microsoft.HybridConnectivity resource providers must be registered on your subscription. You can [register these resource providers ahead of time](../prerequisites.md#azure-resource-providers), or while completing the steps in this quickstart.
+* The Microsoft.HybridCompute, Microsoft.GuestConfiguration, and Microsoft.HybridConnectivity resource providers must be registered on your subscription. Please [register these resource providers ahead of time](../prerequisites.md#azure-resource-providers).
 * Before you get started, be sure to review the [agent prerequisites](../prerequisites.md) and verify the following:
   * Your target machine is running a supported [operating system](../prerequisites.md#supported-operating-systems).
   * Your account has the [required Azure built-in roles](../prerequisites.md#required-permissions).
@@ -52,8 +52,6 @@ Use the Azure portal to create a script that automates the agent download and in
 
 1. On the **Tags** page, review the default **Physical location tags** suggested and enter a value, or specify one or more **Custom tags** to support your standards. Then select **Next**.
 
-1. On the **Download and run script** page, select the **Register** button to register the required resource providers in your subscription, if you haven't already done so.
-
 1. In the **Download or copy the following script** section, review the script. If you want to make any changes, use the **Previous** button to go back and update your selections. Otherwise, select **Download** to save the script file.
 
 ## Install the agent using the script
 
@@ -23,7 +23,7 @@ ms.date: 04/11/2022
 
 [HCX Mobility Optimized Networking (MON)](https://docs.vmware.com/en/VMware-HCX/4.2/hcx-user-guide/GUID-0E254D74-60A9-479C-825D-F373C41F40BC.html) is an optional feature to enable when using [HCX Network Extensions (NE)](configure-hcx-network-extension.md). MON provides optimal traffic routing under certain scenarios to prevent network tromboning between the on-premises and cloud-based resources on extended networks. 
 
-As MON is an enterprise capability of the NE feature, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support). VMware HCX Enterprise Edition will be available for customers to add and run with their Azure VMware Solution environment free of charge until 10/1/2022.
+As MON is an enterprise capability of the NE feature, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support). 
 
 Throughout the migration cycle, MON optimizes application mobility for: