Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI-125299-add-new-encryption-recommendations

Author: AlizaBernstein

.openpublishing.redirection.active-directory.json

@@ -1715,6 +1715,21 @@
       "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-daemon-node-call-api-prepare-tenant",
       "redirect_document_id": false 
     },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-prepare-tenant.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-prepare-tenant",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-prepare-app.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-prepare-app",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-sign-out.md",
+      "redirect_url": "/azure/active-directory/external-identities/customers/tutorial-web-app-dotnet-sign-in-sign-out",
+      "redirect_document_id": false 
+    },
     {
       "source_path_from_root": "/articles/active-directory/external-identities/conditional-access.md",
       "redirect_url": "/azure/active-directory/external-identities/authentication-conditional-access",
@@ -5250,6 +5265,61 @@
       "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-use-workbooks",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/concept-log-monitoring-integration-options-considerations",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/tutorial-log-analytics-wizard.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/tutorial-configure-log-analytics-workspace",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-archive-logs-to-storage-account",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-monitoring.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-monitoring-health",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-reports.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-monitoring-health",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-stream-logs-to-event-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-azure-monitor-logs",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/overview-service-health-notifications.md",
+      "redirect_url": "/azure/service-health/service-health-portal-update",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/quickstart-configure-named-locations.md",
       "redirect_url": "/azure/active-directory/conditional-access/location-condition",
@@ -13561,6 +13631,11 @@
       "source_path_from_root": "/articles/active-directory/fundamentals/add-users-azure-active-directory.md",
       "redirect_url": "/azure/active-directory/fundamentals/add-users",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/privileged-identity-management/subscription-requirements.md",
+      "redirect_url": "/azure/active-directory/governance/licensing-fundamentals",
+      "redirect_document_id": false
     }
 
   ]

CODEOWNERS

@@ -4,11 +4,6 @@
 # Background: https://github.blog/2017-07-06-introducing-code-owners/
 # NOTE: The people you choose as code owners must have _write_ permissions for the repository. When the code owner is a team, that team must be _visible_ and it must have _write_ permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.
 
-# Azure Policy: Samples and Compliance Controls
-/articles/**/policy-reference.md @davidsmatlak
-/articles/**/security-controls-policy.md @davidsmatlak
-/includes/policy/ @davidsmatlak
-
 # Azure Monitor
 articles/azure-monitor/* @bwren
 articles/azure-monitor/agents @guywi-ms @bwren
@@ -56,10 +51,6 @@ articles/service-health @rboucher
 /articles/container-instances/ @macolso @mimckitt
 /articles/container-registry/ @dlepow @mimckitt
 
-# Governance
-/articles/governance/policy @davidsmatlak
-/articles/governance/resource-graph @davidsmatlak
-
 # Security
 /articles/security/fundamentals/feature-availability.md @msmbaldwin @terrylanfear
 

articles/active-directory-b2c/enable-authentication-spa-app.md

@@ -215,7 +215,7 @@ To specify your Azure AD B2C user flows, do the following:
 
 1. Replace `B2C_1_SUSI` with your sign-in Azure AD B2C Policy name.
 1. Replace `B2C_1_EditProfile` with your edit profile Azure AD B2C policy name.
-1. Replace all instances of `contoso` with your [Azure AD B2C tenant name](./ tenant-management-read-tenant-name.md#get-your-tenant-name).
+1. Replace all instances of `contoso` with your [Azure AD B2C tenant name](./tenant-management-read-tenant-name.md#get-your-tenant-name).
 
 ## Step 7: Use the MSAL to sign in the user
 

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -348,7 +348,7 @@ Selecting this option forces a resynchronization of all users while the provisio
 - The attribute `IsSoftDeleted` is often part of the default mappings for an application. `IsSoftdeleted` can be true in one of four scenarios: 1) The user is out of scope due to being unassigned from the application. 2) The user is out of scope due to not meeting a scoping filter. 3) The user has been soft deleted in Azure AD. 4) The property `AccountEnabled` is set to false on the user. It's not recommended to remove the `IsSoftDeleted` attribute from your attribute mappings.
 - The Azure AD provisioning service doesn't support provisioning null values.
 - They primary key, typically "ID", shouldn't be included as a target attribute in your attribute mappings. 
-- The role attribute typically needs to be mapped using an expression, rather than a direct mapping. For more information about role mapping, see [Provisioning a role to a SCIM app](#Provisioning a role to a SCIM app). 
+- The role attribute typically needs to be mapped using an expression, rather than a direct mapping. For more information about role mapping, see [Provisioning a role to a SCIM app](#provisioning-a-role-to-a-scim-app). 
 - While you can disable groups from your mappings, disabling users isn't supported. 
 
 ## Next steps

articles/active-directory/app-proxy/application-proxy-add-on-premises-application.md

@@ -49,7 +49,15 @@ To use Application Proxy, you need a Windows server running Windows Server 2012
 For high availability in your production environment, we recommend having more than one Windows server. For this tutorial, one Windows server is sufficient.
 
 > [!IMPORTANT]
-> If you are installing the connector on Windows Server 2019, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019. Note that this is a machine-wide registry key.
+> **.NET Framework**
+>
+> You must have .NET version 4.7.1 or higher to install, or upgrade, Application Proxy version 1.5.3437.0 or later. Windows Server 2012 R2 and Windows Server 2016 may not have this by default.
+>
+> See [How to: Determine which .NET Framework versions are installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed) for more information.
+> 
+> **HTTP 2.0**
+>
+>  If you are installing the connector on Windows Server 2019, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019. Note that this is a machine-wide registry key.
 >
 > ```
 > Windows Registry Editor Version 5.00

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -51,7 +51,7 @@ This article provides you with the information you need to configure wildcard ap
 
 ## Pre-requisites
 Before you get started with Application Proxy Complex application scenario apps, make sure your environment is ready with the following settings and configurations:
-- You need to enable Application Proxy and install a connector that has line of site to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
+- You need to enable Application Proxy and install a connector that has line of sight to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
 
 
 ## Configure application segment(s) for complex application. 

articles/active-directory/architecture/deployment-plans.md

@@ -2,7 +2,7 @@
 title: Azure Active Directory deployment plans
 description: Guidance on Azure Active Directory deployment, such as authentication, devices, hybrid scenarios, governance, and more.
 services: active-directory
-author: gargisinha
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: fundamentals

articles/active-directory/architecture/resilience-in-hybrid.md

@@ -24,15 +24,15 @@ Hybrid authentication allows users to access cloud-based resources with their id
 
 Microsoft offers three mechanisms for hybrid authentication. The options are listed in order of resilience. We recommend that you implement password hash synchronization, if possible.
 
-* [Password hash synchronization](../hybrid/whatis-phs.md) (PHS) uses Azure AD Connect to sync the identity and a hash-of-the-hash of the password to Azure AD. It enables users to sign in to cloud-based resources with their password mastered on premises. PHS has on premises dependencies only for synchronization, not for authentication.
-* [Pass-through Authentication](../hybrid/how-to-connect-pta.md) (PTA) redirects users to Azure AD for sign-in. Then, the username and password are validated against Active Directory on premises through an agent that is deployed in the corporate network. PTA has an on premises footprint of its Azure AD PTA agents that reside on servers on premises.
-* [Federation](../hybrid/whatis-fed.md) customers deploy a federation service such as Active Directory Federation Services (ADFS). Then Azure AD validates the SAML assertion produced by the federation service. Federation has the highest dependency on on-premises infrastructure and, therefore, more failure points. 
+* [Password hash synchronization](../hybrid/connect/whatis-phs.md) (PHS) uses Azure AD Connect to sync the identity and a hash-of-the-hash of the password to Azure AD. It enables users to sign in to cloud-based resources with their password mastered on premises. PHS has on premises dependencies only for synchronization, not for authentication.
+* [Pass-through Authentication](../hybrid/connect/how-to-connect-pta.md) (PTA) redirects users to Azure AD for sign-in. Then, the username and password are validated against Active Directory on premises through an agent that is deployed in the corporate network. PTA has an on premises footprint of its Azure AD PTA agents that reside on servers on premises.
+* [Federation](../hybrid/connect/whatis-fed.md) customers deploy a federation service such as Active Directory Federation Services (ADFS). Then Azure AD validates the SAML assertion produced by the federation service. Federation has the highest dependency on on-premises infrastructure and, therefore, more failure points. 
 
-You may be using one or more of these methods in your organization. For more information, see [Choose the right authentication method for your Azure AD hybrid identity solution](../hybrid/choose-ad-authn.md). This article contains a decision tree that can help you decide on your methodology.
+You may be using one or more of these methods in your organization. For more information, see [Choose the right authentication method for your Azure AD hybrid identity solution](../hybrid/connect/choose-ad-authn.md). This article contains a decision tree that can help you decide on your methodology.
 
 ## Password hash synchronization
 
-The simplest and most resilient hybrid authentication option for Azure AD is [Password Hash Synchronization](../hybrid/whatis-phs.md). It doesn't have any on premises identity infrastructure dependency when processing authentication requests. After identities with password hashes are synchronized to Azure AD, users can authenticate to cloud resources with no dependency on the on premises identity components. 
+The simplest and most resilient hybrid authentication option for Azure AD is [Password Hash Synchronization](../hybrid/connect/whatis-phs.md). It doesn't have any on premises identity infrastructure dependency when processing authentication requests. After identities with password hashes are synchronized to Azure AD, users can authenticate to cloud resources with no dependency on the on premises identity components. 
 
 ![Architecture diagram of PHS](./media/resilience-in-hybrid/admin-resilience-password-hash-sync.png)
 
@@ -42,8 +42,8 @@ If you choose this authentication option, you won't experience disruption when o
 
 To implement PHS, see the following resources:
 
-* [Implement password hash synchronization with Azure AD Connect](../hybrid/how-to-connect-password-hash-synchronization.md)
-* [Enable password hash synchronization](../hybrid/how-to-connect-password-hash-synchronization.md)
+* [Implement password hash synchronization with Azure AD Connect](../hybrid/connect/how-to-connect-password-hash-synchronization.md)
+* [Enable password hash synchronization](../hybrid/connect/how-to-connect-password-hash-synchronization.md)
 
 If your requirements are such that you can't use PHS, use Pass-through Authentication.
 
@@ -57,11 +57,11 @@ Pass-through Authentication has a dependency on authentication agents that resid
 
 To implement Pass-through Authentication, see the following resources.
 
-* [How Pass-through Authentication works](../hybrid/how-to-connect-pta-how-it-works.md)
-* [Pass-through Authentication security deep dive](../hybrid/how-to-connect-pta-security-deep-dive.md)
-* [Install Azure AD Pass-through Authentication](../hybrid/how-to-connect-pta-quick-start.md)
+* [How Pass-through Authentication works](../hybrid/connect/how-to-connect-pta-how-it-works.md)
+* [Pass-through Authentication security deep dive](../hybrid/connect/how-to-connect-pta-security-deep-dive.md)
+* [Install Azure AD Pass-through Authentication](../hybrid/connect/how-to-connect-pta-quick-start.md)
 
-* If you're using PTA, define a [highly available topology](../hybrid/how-to-connect-pta-quick-start.md).
+* If you're using PTA, define a [highly available topology](../hybrid/connect/how-to-connect-pta-quick-start.md).
 
  ## Federation
 
@@ -78,12 +78,12 @@ The following diagram shows a topology of an enterprise AD FS deployment that in
 
 If you're implementing a federated authentication strategy or want to make it more resilient, see the following resources.
 
-* [What is federated authentication](../hybrid/whatis-fed.md)
-* [How federation works](../hybrid/how-to-connect-fed-whatis.md)
-* [Azure AD federation compatibility list](../hybrid/how-to-connect-fed-compatibility.md)
+* [What is federated authentication](../hybrid/connect/whatis-fed.md)
+* [How federation works](../hybrid/connect/how-to-connect-fed-whatis.md)
+* [Azure AD federation compatibility list](../hybrid/connect/how-to-connect-fed-compatibility.md)
 * Follow the [AD FS capacity planning documentation](/windows-server/identity/ad-fs/design/planning-for-ad-fs-server-capacity)
 * [Deploying AD FS in Azure IaaS](/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs)
-* [Enable PHS](../hybrid/tutorial-phs-backup.md) along with your federation
+* [Enable PHS](../hybrid/connect/tutorial-phs-backup.md) along with your federation
 
 ## Next steps
 
@@ -93,7 +93,7 @@ If you're implementing a federated authentication strategy or want to make it mo
 * [Build resilience with device states](resilience-with-device-states.md)
 * [Build resilience by using Continuous Access Evaluation (CAE)](resilience-with-continuous-access-evaluation.md)
 * [Build resilience in external user authentication](resilience-b2b-authentication.md)
-* [Build resilience in application access with Application Proxy](resilience-on premises-access.md)
+* [Build resilience in application access with Application Proxy](./resilience-on-premises-access.md)
 
 ### Resilience resources for developers