Merge pull request #186811 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -12,19 +12,26 @@ ms.topic: how-to
 ms.date: 10/23/2021
 ms.author: ergreenl
 ms.reviewer: davidmu
+ms.custom: contperf-fy22q2, contperf-fy22q3
 
 #customer intent: As an admin, I want to manage user assignment for an app in Azure Active Directory using Powershell
 ---
 
 # Assign users and groups to an application
 
-This article shows you how to assign users and groups to an enterprise application in Azure Active Directory (Azure AD) using PowerShell. When you assign a user to an application, the application appears in the user's My Apps portal for easy access. If the application exposes roles, you can also assign a specific role to the user.
+This article shows you how to assign users and groups to an enterprise application in Azure Active Directory (Azure AD) using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps](https://myapps.microsoft.com/) portal for easy access. If the application exposes roles, you can also assign a specific role to the user.
+
+When you assign a group to an application, only users in the group will have access. The assignment does not cascade to nested groups.
+
+Group-based assignment requires Azure Active Directory Premium P1 or P2 edition. Group-based assignment is supported for Security groups only. Nested group memberships and Microsoft 365 groups are not currently supported. For more licensing requirements for the features discussed in this article, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory). 
+
+For greater control, certain types of enterprise applications can be configured to require user assignment. See [Manage access to an application](what-is-access-management.md#requiring-user-assignment-for-an-app) for more information on requiring user assignment for an app.
 
 ## Prerequisites
 
 To assign users to an app using PowerShell, you need:
 
-- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- An Azure account with an active subscription. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
 - If you have not yet installed the AzureAD module (use the command `Install-Module -Name AzureAD`). If you're prompted to install a NuGet module or the new Azure Active Directory V2 PowerShell module, type Y and press ENTER.
 - Azure Active Directory Premium P1 or P2 for group-based assignment. For more licensing requirements for the features discussed in this article, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory).

articles/active-directory/manage-apps/f5-big-ip-forms-advanced.md

@@ -15,11 +15,11 @@ ms.collection: M365-identity-device-management
 
 In this article, you'll learn how to configure F5's BIG-IP Access Policy Manager (APM) and Azure Active Directory (Azure AD) for secure hybrid access to form-based applications.
 
-Configuring BIG-IP published applications with Azure AD provides many benefits, including:
+Enabling BIG-IP published services for Azure Active Directory (Azure AD) SSO provides many benefits, including:
 
-- Improved Zero Trust governance through Azure AD pre-authentication and authorization
+- Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 - Full single sign-on (SSO) between Azure AD and BIG-IP published services
-- Identities and access are managed from a single control plane, the Azure portal
+- Identities and access are managed from a single control plane, the [Azure portal](https://azure.microsoft.com/features/azure-portal/)
 
 To learn about all the benefits, see [Integrate F5 BIG-IP with Azure Active Directory](f5-aad-integration.md) and [What is application access and single sign-on with Azure AD?](../active-directory-appssoaccess-whatis.md).
 

articles/active-directory/manage-apps/f5-big-ip-header-advanced.md

@@ -19,12 +19,12 @@ In this article, you’ll learn to implement Secure Hybrid Access (SHA) with sin
 
 Configuring BIG-IP published applications with Azure AD provides many benefits, including:
 
-- Improved Zero trust governance through Azure AD pre-authentication and authorization
+- Improved Zero trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 
 - Full Single sign-on (SSO) between Azure AD and BIG-IP published
   services.
 
-- Manage identities and access from a single control plane, The [Azure portal](https://azure.microsoft.com/features/azure-portal)
+- Manage identities and access from a single control plane, the [Azure portal](https://azure.microsoft.com/features/azure-portal)
 
 To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD integration](./f5-aad-integration.md) and [what is application access and single sign-on with Azure AD](/azure/active-directory/active-directory-appssoaccess-whatis).
 

articles/active-directory/manage-apps/f5-big-ip-headers-easy-button.md

@@ -19,11 +19,11 @@ In this article, you’ll learn to implement Secure Hybrid Access (SHA) with sin
 
 Enabling BIG-IP published services for Azure Active Directory (Azure AD) SSO provides many benefits, including:
 
-  * Improved Zero Trust governance through Azure AD pre-authentication and authorization
+  * Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 
   * Full SSO between Azure AD and BIG-IP published services
 
-  * Manage Identities and access from a single control plane, [the Azure portal](https://portal.azure.com/)
+  * Manage Identities and access from a single control plane, the [Azure portal](https://portal.azure.com/)
 
 To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD integration](./f5-aad-integration.md) and [what is application access and single sign-on with Azure AD](/azure/active-directory/active-directory-appssoaccess-whatis).
 
@@ -298,15 +298,11 @@ Our backend application sits on HTTP port 80 but obviously switch to 443 if your
 Enabling SSO allows users to access BIG-IP published services without having to enter credentials. The **Easy Button wizard** supports Kerberos, OAuth Bearer, and HTTP authorization headers for SSO, the latter of which we’ll enable to configure the following.
 
 * **Header Operation:** Insert
-
 * **Header Name:** upn
-
 * **Header Value:** %{session.saml.last.identity}
 
 * **Header Operation:** Insert
-
 * **Header Name:** employeeid
-
 * **Header Value:** %{session.saml.last.attr.name.employeeid}
 
 ![Screenshot for SSO and HTTP headers](./media/f5-big-ip-easy-button-header/sso-http-headers.png)

articles/active-directory/manage-apps/f5-big-ip-kerberos-advanced.md

@@ -19,11 +19,9 @@ In this tutorial, you'll learn to implement Secure Hybrid Access (SHA) with sing
 
 Integrating a BIG-IP with Azure Active Directory (Azure AD) provides many benefits, including:
 
-* Improved Zero Trust governance through Azure AD pre-authentication and authorization.
-
+* Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 * Full SSO between Azure AD and BIG-IP published services.
-
-* Management of identities and access from a single control plane, the [Azure portal](https://portal.azure.com/).
+* Management of identities and access from a single control plane, the [Azure portal](https://azure.microsoft.com/features/azure-portal/)
 
 To learn about all of the benefits, see [Integrate F5 BIG-IP with Azure Active Directory](./f5-aad-integration.md) and [What is single sign-on in Azure Active Directory?](/azure/active-directory/active-directory-appssoaccess-whatis).
 

articles/active-directory/manage-apps/f5-big-ip-kerberos-easy-button.md

@@ -19,11 +19,11 @@ In this article, you'll learn to implement Secure Hybrid Access (SHA) with singl
 
 Integrating a BIG-IP with Azure Active Directory (Azure AD) provides many benefits, including:
 
-* Improved Zero Trust governance through Azure AD pre-authentication and authorization
+* Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 
 * Full SSO between Azure AD and BIG-IP published services
 
-* Manage identities and access from a single control plane, [The Azure portal](https://portal.azure.com/)
+* Manage identities and access from a single control plane, the [Azure portal](https://portal.azure.com/)
 
 To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD integration](./f5-aad-integration.md) and [what is application access and single sign-on with Azure AD](/azure/active-directory/active-directory-appssoaccess-whatis).
 

articles/active-directory/manage-apps/f5-big-ip-ldap-header-easybutton.md

@@ -19,7 +19,7 @@ In this article, you'll learn to implement Secure Hybrid Access (SHA) with singl
 
 Enabling BIG-IP published services for Azure Active Directory (Azure AD) SSO provides many benefits, including:
 
-* Improved Zero Trust governance through Azure AD pre-authentication and authorization
+* Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 
 * Full SSO between Azure AD and BIG-IP published services
 

articles/active-directory/manage-apps/what-is-single-sign-on.md

@@ -12,7 +12,7 @@ ms.topic: overview
 ms.date: 11/18/2021
 ms.author: davidmu
 ms.reviewer: ergreenl
-ms.custom: contperf-fy21q1, contperf-fy22q2
+ms.custom: contperf-fy21q1, contperf-fy22q2, contperf-fy22q3
 # Customer intent: As an IT admin, I need to learn about single sign-on and my applications in Azure Active Directory.
 ---
 
@@ -52,7 +52,7 @@ Choosing an SSO method depends on how the application is configured for authenti
     - You're testing other aspects of the application
     - An on-premises application doesn't require users to authenticate, but you want them to. With SSO disabled, the user needs to authenticate.
 
-    If you configured the application for SP-initiated SAML-based SSO and you change the SSO mode to disabled, it won't stop users from signing in to the application outside the MyApps portal. To achieve this, you need to [disable the ability for users to sign in](disable-user-sign-in-portal.md).
+    If you configured the application for SP-initiated SAML-based SSO and you change the SSO mode to disabled, it won't stop users from signing in to the application outside the MyApps portal. To achieve this, you need to disable the ability for users to sign in.
 
 ## Plan SSO deployment
 

articles/app-service/app-service-web-tutorial-dotnet-sqldatabase.md

@@ -4,7 +4,7 @@ description: Learn how to deploy a C# ASP.NET app to Azure and to Azure SQL Data
 ms.assetid: 03c584f1-a93c-4e3d-ac1b-c82b50c75d3e
 ms.devlang: csharp
 ms.topic: tutorial
-ms.date: 11/08/2021
+ms.date: 01/27/2022
 ms.custom: "devx-track-csharp, mvc, devcenter, vs-azure, seodec18"
 ---
 
@@ -23,15 +23,14 @@ In this tutorial, you learn how to:
 > * Deploy the app to Azure
 > * Update the data model and redeploy the app
 > * Stream logs from Azure to your terminal
-> * Manage the app in the Azure portal
 
 [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
 
 ## Prerequisites
 
 To complete this tutorial:
 
-Install <a href="https://www.visualstudio.com/downloads/" target="_blank">Visual Studio 2022</a> with the **ASP.NET and web development** workload.
+Install <a href="https://www.visualstudio.com/downloads/" target="_blank">Visual Studio 2022</a> with the **ASP.NET and web development** and **Azure development** workloads.
 
 If you've installed Visual Studio already, add the workloads in Visual Studio by clicking **Tools** > **Get Tools and Features**.
 
@@ -172,7 +171,7 @@ Before creating a database, you need a [logical SQL server](../azure-sql/databas
 
 #### Deploy your ASP.NET app
 
-1. In the **Publish** tab scroll back up to the top and click **Publish**. Once your ASP.NET app is deployed to Azure. Your default browser is launched with the URL to the deployed app.
+1. In the **Publish** tab, scroll back up to the top and click **Publish**. Once your ASP.NET app is deployed to Azure. Your default browser is launched with the URL to the deployed app.
 
 1. Add a few to-do items.
 
@@ -182,7 +181,7 @@ Before creating a database, you need a [logical SQL server](../azure-sql/databas
 
 ## Access the database locally
 
-Visual Studio lets you explore and manage your new database in Azure easily in the **SQL Server Object Explorer**. The new database already opened its firewall to the App Service app that you created, but to access it from your local computer (such as from Visual Studio), you must open a firewall for your local machine's public IP address. If your internet service provider changes your public IP address, you need to reconfigure the firewall to access the Azure database again.
+Visual Studio lets you explore and manage your new database in Azure easily in the **SQL Server Object Explorer**. The new database already opened its firewall to the App Service app that you created. But to access it from your local computer (such as from Visual Studio), you must open a firewall for your local machine's public IP address. If your internet service provider changes your public IP address, you need to reconfigure the firewall to access the Azure database again.
 
 #### Create a database connection
 
@@ -350,11 +349,9 @@ Each action starts with a `Trace.WriteLine()` method. This code is added to show
 
 #### Enable log streaming
 
-1. From the **View** menu, select **Cloud Explorer**.
+1. In the publish page, scroll down to the  **Hosting** section.
 
-1. In **Cloud Explorer**, expand the Azure subscription that has your app and  expand **App Service**.
-
-1. Right-click your Azure app and select **View Streaming Logs**.
+1. At the right-hand corner, click **...** > **View Streaming Logs**.
 
     ![Enable log streaming](./media/app-service-web-tutorial-dotnet-sqldatabase/stream-logs.png)
 
@@ -366,16 +363,14 @@ Each action starts with a `Trace.WriteLine()` method. This code is added to show
 
 #### Change trace levels
 
-1. To change the trace levels to output other trace messages, go back to **Cloud Explorer**.
+1. To change the trace levels to output other trace messages, go back to the publish page.
 
-1. Right-click your app again and select **Open in Portal**.
+1. In the  **Hosting** section, click **...** > **Open in Azure portal**.
 
 1. In the portal management page for your app, from the left menu, select **App Service logs**.
 
 1. Under **Application Logging (File System)**, select **Verbose** in **Level**. Click **Save**.
 
-    ![Change trace level to Verbose](./media/app-service-web-tutorial-dotnet-sqldatabase/trace-level-verbose.png)
-
     > [!TIP]
     > You can experiment with different trace levels to see what types of messages are displayed for each level. For example, the **Information** level includes all logs created by `Trace.TraceInformation()`, `Trace.TraceWarning()`, and `Trace.TraceError()`, but not logs created by `Trace.WriteLine()`.
 
@@ -394,22 +389,6 @@ To stop the log-streaming service, click the **Stop monitoring** button in the *
 
 ![Stop log streaming](./media/app-service-web-tutorial-dotnet-sqldatabase/stop-streaming.png)
 
-## Manage your Azure app
-
-Go to the [Azure portal](https://portal.azure.com) to manage the web app. Search for and select **App Services**.
-
-![Search for Azure App Services](./media/app-service-web-tutorial-dotnet-sqldatabase/azure-portal-navigate-app-services.png)
-
-Select the name of your Azure app.
-
-![Portal navigation to Azure app](./media/app-service-web-tutorial-dotnet-sqldatabase/access-portal.png)
-
-You have landed in your app's page.
-
-By default, the portal shows the **Overview** page. This page gives you a view of how your app is doing. Here, you can also perform basic management tasks like browse, stop, start, restart, and delete. The tabs on the left side of the page show the different configuration pages you can open.
-
-![App Service page in Azure portal](./media/app-service-web-tutorial-dotnet-sqldatabase/web-app-blade.png)
-
 [!INCLUDE [Clean up section](../../includes/clean-up-section-portal-web-app.md)]
 
 ## Next steps
@@ -423,12 +402,11 @@ In this tutorial, you learned how to:
 > * Deploy the app to Azure
 > * Update the data model and redeploy the app
 > * Stream logs from Azure to your terminal
-> * Manage the app in the Azure portal
 
 Advance to the next tutorial to learn how to easily improve the security of your connection Azure SQL Database.
 
 > [!div class="nextstepaction"]
-> [Access SQL Database securely using managed identities for Azure resources](tutorial-connect-msi-sql-database.md)
+> [Tutorial: Connect to SQL Database from App Service without secrets using a managed identity](tutorial-connect-msi-sql-database.md)
 
 More resources:
 

articles/app-service/environment/overview.md

@@ -62,7 +62,7 @@ The multi-tenant version of Azure App Service contains numerous features to enab
 
 ## Feature differences
 
-Compared to earlier versions of the App Service Environment, there are some differences with App Service Environment v3. With App Service Environment v3:
+Compared to earlier versions of the App Service Environment, there are some differences with App Service Environment v3:
 
 - There are no networking dependencies in the customer virtual network. You can secure all inbound and outbound as desired. Outbound traffic can be routed also as desired. 
 - You can deploy it enabled for zone redundancy. Zone redundancy can only be set during creation and only in regions where all App Service Environment v3 dependencies are zone redundant.