Skip to content

Commit 8fa2a89

Browse files
ttorblettorble
authored
Merge pull request #236368 from MicrosoftDocs/main
Publish to live, Sunday 4 AM PST, 4/30
2 parents d3f59f8 + 5297d38 commit 8fa2a89

File tree

55 files changed

+1071
-316
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

55 files changed

+1071
-316
lines changed

.openpublishing.redirection.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22567,6 +22567,11 @@
2256722567
"source_path_from_root": "/articles/healthcare-apis/dicom/dicom-cast-access-request.md",
2256822568
"redirect_url": "/azure/healthcare-apis/dicom/dicom-cast-overview",
2256922569
"redirect_document_id": false
22570+
},
22571+
{
22572+
"source_path_from_root": "/articles/sentinel/data-connectors/azure-information-protection.md",
22573+
"redirect_url": "/azure/sentinel/data-connectors-reference",
22574+
"redirect_document_id": false
2257022575
}
2257122576
]
2257222577
}

CODEOWNERS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,10 @@ articles/service-health @rboucher
6666
/articles/security-center/ @memildin
6767
/includes/*security-controls*.md @memildin
6868

69+
# Defender for Cloud
70+
71+
/articles/defender-for-cloud @dcurwin @ElazarK
72+
6973
# DDOS Protection
7074
/articles/ddos-protection @aletheatoh @anupamvi
7175

articles/active-directory/authentication/concept-authentication-passwordless.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ The following providers offer FIDO2 security keys of different form factors that
132132
| Nymi | ![y] | ![n]| ![y]| ![n]| ![n] | https://www.nymi.com/nymi-band |
133133
| Octatco | ![y] | ![y]| ![n]| ![n]| ![n] | https://octatco.com/ |
134134
| OneSpan Inc. | ![n] | ![y]| ![n]| ![y]| ![n] | https://www.onespan.com/products/fido |
135-
| Swissbit | ![n] | ![y]| ![y]| ![n]| ![n] | https://www.swissbit.com/en/products/ishield-fido2/ |
135+
| Swissbit | ![n] | ![y]| ![y]| ![n]| ![n] | https://www.swissbit.com/en/products/security-products/swissbit-tse/ |
136136
| Thales Group | ![n] | ![y]| ![y]| ![n]| ![y] | https://cpl.thalesgroup.com/access-management/authenticators/fido-devices |
137137
| Thetis | ![y] | ![y]| ![y]| ![y]| ![n] | https://thetis.io/collections/fido2 |
138138
| Token2 Switzerland | ![y] | ![y]| ![y]| ![n]| ![n] | https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key |

articles/active-directory/governance/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020
items:
2121
- name: Govern access to applications
2222
items:
23+
- name: Connected applications
24+
href: apps.md
2325
- name: Automate identity governance tasks - PowerShell
2426
href: identity-governance-automation.md
2527
- name: Governing an application's existing users - PowerShell

articles/active-directory/governance/apps.md

Lines changed: 345 additions & 0 deletions
Large diffs are not rendered by default.

articles/active-directory/roles/permissions-reference.md

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.workload: identity
1010
ms.subservice: roles
1111
ms.topic: reference
12-
ms.date: 02/21/2023
12+
ms.date: 04/28/2023
1313
ms.author: rolyon
1414
ms.reviewer: abhijeetsinha
1515
ms.custom: generated, it-pro, fasttrack-edit
@@ -562,6 +562,7 @@ Users in this role can enable, disable, and delete devices in Azure AD and read
562562
> | microsoft.directory/devices/delete | Delete devices from Azure AD |
563563
> | microsoft.directory/devices/disable | Disable devices in Azure AD |
564564
> | microsoft.directory/devices/enable | Enable devices in Azure AD |
565+
> | microsoft.directory/deviceLocalCredentials/password/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, including the password |
565566
> | microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
566567
> | microsoft.directory/deviceManagementPolicies/basic/update | Update basic properties on device management application policies |
567568
> | microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
@@ -724,6 +725,7 @@ Users in this role can read basic directory information. This role should be use
724725
> | microsoft.directory/users/photo/read | Read photo of users |
725726
> | microsoft.directory/users/registeredDevices/read | Read registered devices of users |
726727
> | microsoft.directory/users/scopedRoleMemberOf/read | Read user's membership of an Azure AD role, that is scoped to an administrative unit |
728+
> | microsoft.directory/users/sponsors/read | Read sponsors of users |
727729
728730
## Directory Synchronization Accounts
729731

@@ -821,6 +823,7 @@ Users in this role can read and update basic information of users, groups, and s
821823
> | microsoft.directory/users/basic/update | Update basic properties on users |
822824
> | microsoft.directory/users/manager/update | Update manager for users |
823825
> | microsoft.directory/users/photo/update | Update photo of users |
826+
> | microsoft.directory/users/sponsors/update | Update sponsors of users |
824827
> | microsoft.directory/users/userPrincipalName/update | Update User Principal Name of users |
825828
826829
## Domain Name Administrator
@@ -971,6 +974,7 @@ Users with this role have access to all administrative features in Azure Active
971974
> | microsoft.directory/namedLocations/delete | Delete custom rules that define network locations |
972975
> | microsoft.directory/namedLocations/standard/read | Read basic properties of custom rules that define network locations |
973976
> | microsoft.directory/namedLocations/basic/update | Update basic properties of custom rules that define network locations |
977+
> | microsoft.directory/deviceLocalCredentials/password/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, including the password |
974978
> | microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
975979
> | microsoft.directory/deviceManagementPolicies/basic/update | Update basic properties on device management application policies |
976980
> | microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
@@ -1135,6 +1139,7 @@ Users with this role **cannot** do the following:
11351139
> | microsoft.directory/connectorGroups/allProperties/read | Read all properties of application proxy connector groups |
11361140
> | microsoft.directory/contacts/allProperties/read | Read all properties for contacts |
11371141
> | microsoft.directory/customAuthenticationExtensions/allProperties/read | Read custom authentication extensions |
1142+
> | microsoft.directory/deviceLocalCredentials/standard/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, except the password |
11381143
> | microsoft.directory/devices/allProperties/read | Read all properties of devices |
11391144
> | microsoft.directory/directoryRoles/allProperties/read | Read all properties of directory roles |
11401145
> | microsoft.directory/directoryRoleTemplates/allProperties/read | Read all properties of directory role templates |
@@ -1246,6 +1251,7 @@ Users in this role can manage Azure Active Directory B2B guest user invitations
12461251
> | microsoft.directory/users/photo/read | Read photo of users |
12471252
> | microsoft.directory/users/registeredDevices/read | Read registered devices of users |
12481253
> | microsoft.directory/users/scopedRoleMemberOf/read | Read user's membership of an Azure AD role, that is scoped to an administrative unit |
1254+
> | microsoft.directory/users/sponsors/read | Read sponsors of users |
12491255
12501256
## Helpdesk Administrator
12511257

@@ -1272,6 +1278,7 @@ This role was previously named Password Administrator in the [Azure portal](../.
12721278
> | Actions | Description |
12731279
> | --- | --- |
12741280
> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker metadata and key on devices |
1281+
> | microsoft.directory/deviceLocalCredentials/standard/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, except the password |
12751282
> | microsoft.directory/users/invalidateAllRefreshTokens | Force sign-out by invalidating user refresh tokens |
12761283
> | microsoft.directory/users/password/update | Reset passwords for all users |
12771284
> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health |
@@ -1331,6 +1338,7 @@ Users in this role can create, manage and deploy provisioning configuration setu
13311338
> | microsoft.directory/servicePrincipals/tag/update | Update the tag property for service principals |
13321339
> | microsoft.directory/servicePrincipals/synchronization/standard/read | Read provisioning settings associated with your service principal |
13331340
> | microsoft.directory/signInReports/allProperties/read | Read all properties on sign-in reports, including privileged properties |
1341+
> | microsoft.directory/users/authorizationInfo/update | Update the multivalued Certificate user IDs property of users |
13341342
> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health |
13351343
> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets |
13361344
> | microsoft.office365.messageCenter/messages/read | Read messages in Message Center in the Microsoft 365 admin center, excluding security messages |
@@ -1430,6 +1438,7 @@ This role can create and manage all security groups. However, Intune Administrat
14301438
> | microsoft.directory/devices/extensionAttributeSet3/update | Update the extensionAttribute11 to extensionAttribute15 properties on devices |
14311439
> | microsoft.directory/devices/registeredOwners/update | Update registered owners of devices |
14321440
> | microsoft.directory/devices/registeredUsers/update | Update registered users of devices |
1441+
> | microsoft.directory/deviceLocalCredentials/password/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, including the password |
14331442
> | microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
14341443
> | microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
14351444
> | microsoft.directory/groups/hiddenMembers/read | Read hidden members of Security groups and Microsoft 365 groups, including role-assignable groups |
@@ -1895,6 +1904,7 @@ Users with this role **cannot** do the following:
18951904
> | microsoft.directory/users/invalidateAllRefreshTokens | Force sign-out by invalidating user refresh tokens |
18961905
> | microsoft.directory/users/restore | Restore deleted users |
18971906
> | microsoft.directory/users/basic/update | Update basic properties on users |
1907+
> | microsoft.directory/users/authorizationInfo/update | Update the multivalued Certificate user IDs property of users |
18981908
> | microsoft.directory/users/manager/update | Update manager for users |
18991909
> | microsoft.directory/users/password/update | Reset passwords for all users |
19001910
> | microsoft.directory/users/userPrincipalName/update | Update User Principal Name of users |
@@ -2017,6 +2027,7 @@ Azure Advanced Threat Protection | Monitor and respond to suspicious security ac
20172027
> | microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update | Update Azure AD B2B direct connect settings of cross-tenant access policy for partners |
20182028
> | microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update | Update cross-cloud Teams meeting settings of cross-tenant access policy for partners |
20192029
> | microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update | Update tenant restrictions of cross-tenant access policy for partners |
2030+
> | microsoft.directory/deviceLocalCredentials/standard/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, except the password |
20202031
> | microsoft.directory/domains/federation/update | Update federation property of domains |
20212032
> | microsoft.directory/domains/federationConfiguration/standard/read | Read standard properties of federation configuration for domains |
20222033
> | microsoft.directory/domains/federationConfiguration/basic/update | Update basic federation configuration for domains |
@@ -2112,6 +2123,7 @@ In | Can do
21122123
> | microsoft.directory/auditLogs/allProperties/read | Read all properties on audit logs, including privileged properties |
21132124
> | microsoft.directory/authorizationPolicy/standard/read | Read standard properties of authorization policy |
21142125
> | microsoft.directory/bitlockerKeys/key/read | Read bitlocker metadata and key on devices |
2126+
> | microsoft.directory/deviceLocalCredentials/standard/read | Read all properties of the backed up local administrator account credentials for Azure AD joined devices, except the password |
21152127
> | microsoft.directory/domains/federationConfiguration/standard/read | Read standard properties of federation configuration for domains |
21162128
> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Azure AD entitlement management |
21172129
> | microsoft.directory/identityProtection/allProperties/read | Read all resources in Azure AD Identity Protection |
@@ -2392,6 +2404,8 @@ Users with this role **cannot** do the following:
23922404
> | microsoft.directory/users/manager/update | Update manager for users |
23932405
> | microsoft.directory/users/password/update | Reset passwords for all users |
23942406
> | microsoft.directory/users/photo/update | Update photo of users |
2407+
> | microsoft.directory/users/sponsors/update | Update sponsors of users |
2408+
> | microsoft.directory/users/usageLocation/update | Update usage location of users |
23952409
> | microsoft.directory/users/userPrincipalName/update | Update User Principal Name of users |
23962410
> | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health |
23972411
> | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets |
@@ -2422,7 +2436,7 @@ Assign the Viva Goals Administrator role to users who need to do the following t
24222436
- Manage and configure all aspects of the Microsoft Viva Goals application
24232437
- Configure Microsoft Viva Goals admin settings
24242438
- Read Azure AD tenant information
2425-
- Monitor Microsoft 365 service health
2439+
- Monitor Microsoft 365 service health
24262440
- Create and manage Microsoft 365 service requests
24272441

24282442
For more information, see [Roles and permissions in Viva Goals](/viva/goals/roles-permissions-in-viva-goals) and [Introduction to Microsoft Viva Goals](/viva/goals/intro-to-ms-viva-goals).

0 commit comments

Comments
 (0)