Merge pull request #220151 from MicrosoftDocs/main

12/01 PM Publish

Author: huypub

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

articles/active-directory/fundamentals/whats-new-archive.md

@@ -8597,13 +8597,13 @@ For more information about how to use these reports, see [Azure Active Directory
 
 ---
 
-### Use "Report Reader" role (non-admin role) to view Azure AD Activity Reports
+### Use "Reports Reader" role (non-admin role) to view Azure AD Activity Reports
 
 **Type:** New feature
 **Service category:** Reporting
 **Product capability:** Monitoring & Reporting
 
-As part of customers feedback to enable non-admin roles to have access to Azure AD activity logs, we've enabled the ability for users who are in the "Report Reader" role to access Sign-ins and Audit activity within the Azure portal as well as using the Microsoft Graph API.
+As part of customers feedback to enable non-admin roles to have access to Azure AD activity logs, we've enabled the ability for users who are in the "Reports Reader" role to access Sign-ins and Audit activity within the Azure portal as well as using the Microsoft Graph API.
 
 For more information, how to use these reports, see [Azure Active Directory reporting](../reports-monitoring/overview-reports.md).
 

articles/active-directory/fundamentals/whats-new.md

@@ -163,12 +163,12 @@ Update the company branding functionality on the Azure AD/Microsoft 365 sign in
 
 
 **Type:** New feature   
-**Service category:** B2B        
-**Product capability:** B2B/B2C   
+**Service category:** Directory Management           
+**Product capability:** Directory      
 
-Administrative Units now support soft deletion. Admins can now list, view properties of, perform ad hoc hard delete, or restore deleted Administrative Units using Microsoft Graph. This functionality restores all configuration for the Administrative Unit when restored from soft delete including: memberships, admin roles, processing rules, and processing rules state.
+Administrative Units now support soft deletion. Admins can now list, view properties of, or restore deleted Administrative Units using the Microsoft Graph. This functionality restores all configuration for the Administrative Unit when restored from soft delete, including memberships, admin roles, processing rules, and processing rules state.
 
-This functionality greatly enhances recoverability and resilience when using Administrative Units. Now, when an Administrative Unit is accidentally deleted, it can be restored quickly to the same state it was at time of deletion. This removes uncertainty around how things were configured, and makes restoration quick and easy. For more information, see: [Soft deletions](../fundamentals/recover-from-deletions.md#soft-deletions).
+This functionality greatly enhances recoverability and resilience when using Administrative Units. Now, when an Administrative Unit is accidentally deleted it can be restored quickly to the same state it was at time of deletion-removing uncertainty around how things were configured and making restoration quick and easy. For more information, see: [List deletedItems (directory objects)](/graph/api/directory-deleteditems-list?view=graph-rest-1.0&tabs=http).
 
 
 ---

articles/active-directory/governance/entitlement-management-logs-and-reporting.md

@@ -60,7 +60,7 @@ To view events for an access package, you must have access to the underlying Azu
 - Global administrator  
 - Security administrator  
 - Security reader  
-- Report reader  
+- Reports reader  
 - Application administrator  
 
 Use the following procedure to view events: 

articles/active-directory/hybrid/how-to-connect-health-adfs-risky-ip-workbook.md

@@ -37,7 +37,7 @@ Additionally, it is possible for a single IP address to attempt multiple logins
 2.	A Log Analytics Workspace with the “ADFSSignInLogs” stream enabled.
 3.	Permissions to use the Azure AD Monitor Workbooks. To use Workbooks, you need:
 - An Azure Active Directory tenant with a premium (P1 or P2) license.
-- Access to a Log Analytics Workspace and the following roles in Azure AD (if accessing Log Analytics through Azure AD portal): Security administrator, Security reader, Report reader, Global administrator
+- Access to a Log Analytics Workspace and the following roles in Azure AD (if accessing Log Analytics through Azure AD portal): Security administrator, Security reader, Reports reader, Global administrator
 
 
 ## What is in the report?

articles/active-directory/manage-apps/migrate-adfs-application-activity.md

@@ -25,7 +25,7 @@ The AD FS application activity report in the Azure portal lets you quickly ident
 * **Prioritize applications for migration.** Get the number of unique users who have signed in to the application in the past 1, 7, or 30 days to help determine the criticality or risk of migrating the application.
 * **Run migration tests and fix issues.** The reporting service automatically runs tests to determine if an application is ready to migrate. The results are displayed in the AD FS application activity report as a migration status. If the AD FS configuration is not compatible with an Azure AD configuration, you get specific guidance on how to address the configuration in Azure AD.
 
-The AD FS application activity data is available to users who are assigned any of these admin roles: global administrator, report reader, security reader, application administrator, or cloud application administrator.
+The AD FS application activity data is available to users who are assigned any of these admin roles: global administrator, reports reader, security reader, application administrator, or cloud application administrator.
 
 ## Prerequisites
 
@@ -42,7 +42,7 @@ The AD FS application activity data is available to users who are assigned any o
 
 The AD FS application activity report is available in the Azure portal under Azure AD **Usage & insights** reporting. The AD FS application activity report analyzes each AD FS application to determine if it can be migrated as-is, or if additional review is needed.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with an admin role that has access to AD FS application activity data (global administrator, report reader, security reader, application administrator, or cloud application administrator).
+1. Sign in to the [Azure portal](https://portal.azure.com) with an admin role that has access to AD FS application activity data (global administrator, reports reader, security reader, application administrator, or cloud application administrator).
 
 2. Select **Azure Active Directory**, and then select **Enterprise applications**.
 

articles/active-directory/reports-monitoring/concept-audit-logs.md

@@ -68,7 +68,7 @@ With an application-centric view, you can get answers to questions such as:
 
 The audit activity report is available in all editions of Azure AD. To access the audit logs, you need to have one of the following roles: 
 
-- Report Reader
+- Reports Reader
 - Security Reader
 - Security Administrator
 - Global Reader

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

@@ -42,7 +42,7 @@ To view the provisioning logs, your tenant must have an Azure AD Premium license
 
 Application owners can view logs for their own applications. The following roles are required to view provisioning logs:
 
-- Report Reader
+- Reports Reader
 - Security Reader
 - Security Operator
 - Security Administrator

articles/active-directory/reports-monitoring/concept-usage-insights-report.md

@@ -29,7 +29,7 @@ Accessing the data from Usage and insights requires:
 
 * An Azure AD tenant
 * An Azure AD premium (P1/P2) license to view the sign-in data
-* A user in the Global Administrator, Security Administrator, Security Reader, or Report Reader roles.
+* A user in the Global Administrator, Security Administrator, Security Reader, or Reports Reader roles.
 
 To access Usage & insights:
 

articles/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics.md

@@ -33,7 +33,7 @@ To follow along, you need:
 * The following roles in Azure Active Directory (if you're accessing Log Analytics through Azure Active Directory portal)
     - Security Admin
     - Security Reader
-    - Report Reader
+    - Reports Reader
     - Global Admin
 
 ## Navigate to the Log Analytics workspace