Merge pull request #214410 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.defender-for-cloud.json

@@ -729,6 +729,11 @@
             "source_path_from_root": "/articles/defender-for-cloud/release-notes.md#auto-deployment-of-azure-monitor-agent-preview",
             "redirect_url": "/azure/defender-for-cloud/release-notes#azure-monitor-agent-integration-now-in-preview",
             "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/defender-for-containers-cicd.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-devops-introduction",
+            "redirect_document_id": true
         }
 
       ]

articles/active-directory-b2c/partner-gallery.md

@@ -102,13 +102,13 @@ Microsoft partners with the following ISVs for Web Application Firewall (WAF).
 |  ![Screenshot of Azure WAF logo](./media/partner-gallery/azure-web-application-firewall-logo.png) | [Azure WAF](./partner-azure-web-application-firewall.md) provides centralized protection of your web applications from common exploits and vulnerabilities.  |
 ![Screenshot of Cloudflare logo](./media/partner-gallery/cloudflare-logo.png) | [Cloudflare](./partner-cloudflare.md) is a WAF provider that helps organizations protect against malicious attacks that aim to exploit vulnerabilities such as SQLi, and XSS. |
 
-## Identity verification tools 
+## Developer tools 
 
 Microsoft partners with the following ISVs for tools that can help with implementation of your authentication solution.
 
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
-| ![Screenshot of a grit ief editor logo.](./media/partner-gallery/grit-logo.png) | [Grit Visual Identity Experience Framework Editor](./partner-grit-editor.md) is a tool that saves time during authentication deployment. It supports multiple languages without the need to write code. It also has a no code debugger for user journeys.|
+| ![Screenshot of a grit ief editor logo.](./media/partner-gallery/grit-logo.png) | [Grit Visual Identity Experience Framework Editor](./partner-grit-editor.md) provides a low code/no code experience for developers to create sophisticated authentication user journeys. The tool comes with integrated debugger and templates for the most used scenarios.|
 
 ## Additional information
 

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

@@ -112,7 +112,7 @@ The following device attributes can be used with the filter for devices conditio
 | --- | --- | --- | --- |
 | deviceId | Equals, NotEquals, In, NotIn | A valid deviceId that is a GUID | (device.deviceid -eq "498c4de7-1aee-4ded-8d5d-000000000000") |
 | displayName | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | Any string | (device.displayName -contains "ABC") |
-| deviceOwnership | Equals, NotEquals | Supported values are "Personal" for bring your own devices and "Company" for corprate owned devices  | (device.deviceOwnership -eq "Company") |
+| deviceOwnership | Equals, NotEquals | Supported values are "Personal" for bring your own devices and "Company" for corporate owned devices  | (device.deviceOwnership -eq "Company") |
 | isCompliant | Equals, NotEquals | Supported values are "True" for compliant devices and "False" for non compliant devices  | (device.isCompliant -eq "True") |
 | manufacturer | Equals, NotEquals, StartsWith, NotStartsWith, EndsWith, NotEndsWith, Contains, NotContains, In, NotIn | Any string | (device.manufacturer -startsWith "Microsoft") |
 | mdmAppId | Equals, NotEquals, In, NotIn | A valid MDM application ID | (device.mdmAppId -in ["0000000a-0000-0000-c000-000000000000"] |

articles/active-directory/external-identities/add-users-administrator.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 08/31/2022
+ms.date: 10/12/2022
 
 ms.author: mimart
 author: msmimart
@@ -50,10 +50,11 @@ To add B2B collaboration users to the directory, follow these steps:
    > Group email addresses aren’t supported; enter the email address for an individual. Also, some email providers allow users to add a plus symbol (+) and additional text to their email addresses to help with things like inbox filtering. However, Azure AD doesn’t currently support plus symbols in email addresses. To avoid delivery issues, omit the plus symbol and any characters following it up to the @ symbol.
 6. Select **Invite** to automatically send the invitation to the guest user. 
 
-After you send the invitation, the user account is automatically added to the directory as a guest.
+After you send the invitation, the user account is automatically added to the directory as a guest. 
 
  ![Screenshot showing the user list including the new Guest user.](media/add-users-administrator//guest-user-type.png)
 
+The user is added to your directory with a user principal name (UPN) in the format *emailaddress*#EXT#\@*domain*, for example, *john_contoso.com#EXT#\@fabrikam.onmicrosoft.com*, where fabrikam.onmicrosoft.com is the organization from which you sent the invitations. ([Learn more about B2B collaboration user properties](user-properties.md).)
 ## Add guest users to a group
 If you need to manually add B2B collaboration users to a group, follow these steps:
 

articles/active-directory/external-identities/add-users-information-worker.md

@@ -18,30 +18,31 @@ ms.collection: M365-identity-device-management
 
 # How users in your organization can invite guest users to an app
 
-After a guest user has been added to the directory in Azure AD, an application owner can send the guest user a direct link to the app they want to share. Azure AD admins can also set up self-service management for gallery or SAML-based apps in their Azure AD tenant. This way, application owners can manage their own guest users, even if the guest users haven’t been added to the directory yet. When an app is configured for self-service, the application owner uses their Access Panel to invite a guest user to an app or add a guest user to a group that has access to the app. Self-service app management for gallery and SAML-based apps requires some initial setup by an admin. The following is a summary of the setup steps (for more detailed instructions, see [Prerequisites](#prerequisites) later on this page):
+After a guest user has been added to the directory in Azure AD, an application owner can send the guest user a direct link to the app they want to share. Azure AD admins can also set up self-service management for gallery or SAML-based apps in their Azure AD tenant. This way, application owners can manage their own guest users, even if the guest users haven’t been added to the directory yet. When an app is configured for self-service, the application owner uses their Access Panel to invite a guest user to an app or add a guest user to a group that has access to the app. Self-service app management for gallery and SAML-based apps requires some initial setup by an admin. Follow the summary of the setup steps (for more detailed instructions, see [Prerequisites](#prerequisites) later on this page):
 
  - Enable self-service group management for your tenant
  - Create a group to assign to the app and make the user an owner
  - Configure the app for self-service and assign the group to the app
 
 > [!NOTE]
 > * This article describes how to set up self-service management for gallery and SAML-based apps that you’ve added to your Azure AD tenant. You can also [set up self-service Microsoft 365 groups](../enterprise-users/groups-self-service-management.md) so your users can manage access to their own Microsoft 365 groups. For more ways users can share Office files and apps with guest users, see [Guest access in Microsoft 365 groups](https://support.office.com/article/guest-access-in-office-365-groups-bfc7a840-868f-4fd6-a390-f347bf51aff6) and [Share SharePoint files or folders](https://support.office.com/article/share-sharepoint-files-or-folders-1fe37332-0f9a-4719-970e-d2578da4941c).
-> * Users are only able to invite guests if they have the **Guest inviter** role.
+> * Users are only able to invite guests if they have the [**Guest inviter**](../roles/permissions-reference.md#guest-inviter
+) role.
 ## Invite a guest user to an app from the Access Panel
 
 After an app is configured for self-service, application owners can use their own Access Panel to invite a guest user to the app they want to share. The guest user doesn't necessarily need to be added to Azure AD in advance. 
 
 1. Open your Access Panel by going to `https://myapps.microsoft.com`.
 2. Point to the app, select the ellipses (**...**), and then select **Manage app**.
- 
-   ![Screenshot showing the Manage app sub-menu for the Salesforce app](media/add-users-iw/access-panel-manage-app.png)
- 
-3. At the top of the users list, select **+** on the right-hand side.
 
+:::image type="content" source="media/add-users-iw/access-panel-manage-app.png" alt-text="Screenshot showing the Manage app sub-menu for the Salesforce app.":::
+
+3. At the top of the users list, select **+** on the right-hand side.
 
 4. In the **Add members** search box, type the email address for the guest user. Optionally, include a welcome message.
 
-   ![Screenshot showing the Add members window for adding a guest](media/add-users-iw/access-panel-invitation.png)
+:::image type="content" source="media/add-users-iw/access-panel-invitation.png" alt-text="Screenshot showing the Add members window for adding a guest.":::
+
 
 5. Select **Add** to send an invitation to the guest user. After you send the invitation, the user account is automatically added to the directory as a guest.
 
@@ -52,19 +53,19 @@ After an app is configured for self-service, application owners can invite guest
 2. Open your Access Panel by going to `https://myapps.microsoft.com`.
 3. Select the **Groups** app.
 
-   ![Screenshot showing the Groups app in the Access Panel](media/add-users-iw/access-panel-groups.png)
+:::image type="content" source="media/add-users-iw/access-panel-groups.png" alt-text="Screenshot showing the Groups app in the Access Panel.":::
 
 4. Under **Groups I own**, select the group that has access to the app you want to share.
 
-   ![Screenshot showing where to select a group under the Groups I own](media/add-users-iw/access-panel-groups-i-own.png)
+:::image type="content" source="media/add-users-iw/access-panel-groups-i-own.png" alt-text="Screenshot showing where to select a group under the Groups I own.":::
 
 5. At the top of the group members list, select **+**.
 
-   ![Screenshot showing the plus symbol for adding members to the group](media/add-users-iw/access-panel-groups-add-member.png)
+:::image type="content" source="media/add-users-iw/access-panel-groups-add-member.png" alt-text="Screenshot showing the plus symbol for adding members to the group.":::
 
 6. In the **Add members** search box, type the email address for the guest user. Optionally, include a welcome message.
 
-   ![Screenshot showing the Add members window for adding a guest](media/add-users-iw/access-panel-invitation.png)
+:::image type="content" source="media/add-users-iw/access-panel-invitation.png" alt-text="Screenshot showing the Add members window for adding a guest.":::
 
 7. Select **Add** to automatically send the invitation to the guest user. After you send the invitation, the user account is automatically added to the directory as a guest.
 

articles/active-directory/external-identities/b2b-direct-connect-overview.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 06/30/2022
+ms.date: 10/12/2022
 
 ms.author: mimart
 author: msmimart
@@ -97,6 +97,10 @@ For example, say Contoso (the resource tenant) trusts MFA claims from Fabrikam.
 
 For information about Conditional Access and Teams, see [Overview of security and compliance](/microsoftteams/security-compliance-overview) in the Microsoft Teams documentation.
 
+## Trust settings for device compliance
+
+In your cross-tenant access settings, you can use **Trust settings** to trust claims from an external user's home tenant about whether the user's device meets their device compliance policies or is hybrid Azure AD joined. When device trust settings are enabled, Azure AD checks a user's authentication session for a device claim. If the session contains a device claim indicating that the policies have already been met in the user's home tenant, the external user is granted seamless sign-on to your shared resource. You can enable device trust settings for all Azure AD organizations or individual organizations. ([Learn more](authentication-conditional-access.md#device-compliance-and-hybrid-azure-ad-joined-device-policies))
+
 ## B2B direct connect user experience
 
 Currently, B2B direct connect enables the Teams Connect shared channels feature. B2B direct connect users can access an external organization's Teams shared channel without having to switch tenants or sign in with a different account. The B2B direct connect user’s access is determined by the shared channel’s policies.