Merge pull request #188975 from MicrosoftDocs/main

2/17 AM Publish

Author: huypub

articles/active-directory/hybrid/how-to-connect-fed-group-claims.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: identity-protection
 ms.topic: how-to
-ms.date: 01/24/2022
+ms.date: 02/17/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Remediate risks and unblock users
 
-After completing your [investigation](howto-identity-protection-investigate-risk.md), you need to take action to remediate the risk or unblock users. Organizations can enable automated remediation using their [risk policies](howto-identity-protection-configure-risk-policies.md). Organizations should try to close all risk detections that they are presented in a time period your organization is comfortable with. Microsoft recommends closing events quickly, because time matters when working with risk.
+After completing your [investigation](howto-identity-protection-investigate-risk.md), you need to take action to remediate the risk or unblock users. Organizations can enable automated remediation using their [risk policies](howto-identity-protection-configure-risk-policies.md). Organizations should try to close all risk detections that they're presented in a time period your organization is comfortable with. Microsoft recommends closing events quickly, because time matters when working with risk.
 
 ## Remediation
 
@@ -36,7 +36,7 @@ Administrators have the following options to remediate:
 
 1. If the account is confirmed compromised:
    1. Select the event or user in the **Risky sign-ins** or **Risky users** reports and choose "Confirm compromised".
-   1. If a risk policy or a Conditional Access policy was not triggered at part of the risk detection, and the risk was not [self-remediated](#self-remediation-with-risk-policy), then:
+   1. If a risk policy or a Conditional Access policy wasn't triggered at part of the risk detection, and the risk wasn't [self-remediated](#self-remediation-with-risk-policy), then:
       1. [Request a password reset](#manual-password-reset).
       1. Block the user if you suspect the attacker can reset the password or do multi-factor authentication for the user.
       1. Revoke refresh tokens.
@@ -53,23 +53,23 @@ Some detections may not raise risk to the level where a user self-remediation wo
 
 ### Manual password reset
 
-If requiring a password reset using a user risk policy is not an option, administrators can close all risk detections for a user with a manual password reset.
+If requiring a password reset using a user risk policy isn't an option, administrators can close all risk detections for a user with a manual password reset.
 
 Administrators are given two options when resetting a password for their users:
 
 - **Generate a temporary password** - By generating a temporary password, you can immediately bring an identity back into a safe state. This method requires contacting the affected users because they need to know what the temporary password is. Because the password is temporary, the user is prompted to change the password to something new during the next sign-in.
 
-- **Require the user to reset password** - Requiring the users to reset passwords enables self-recovery without contacting help desk or an administrator. This method only applies to users that are registered for Azure AD MFA and SSPR. For users that have not been registered, this option is not available.
+- **Require the user to reset password** - Requiring the users to reset passwords enables self-recovery without contacting help desk or an administrator. This method only applies to users that are registered for Azure AD MFA and SSPR. For users that haven't been registered, this option isn't available.
 
 ### Dismiss user risk
 
-If a password reset is not an option for you, because for example the user has been deleted, you can choose to dismiss user risk detections.
+If a password reset isn't an option for you, you can choose to dismiss user risk detections.
 
-When you click **Dismiss user risk**, all events are closed and the affected user is no longer at risk. However, because this method does not have an impact on the existing password, it does not bring the related identity back into a safe state. 
+When you select **Dismiss user risk**, all events are closed and the affected user is no longer at risk. However, because this method doesn't have an impact on the existing password, it doesn't bring the related identity back into a safe state. 
 
 ### Close individual risk detections manually
 
-You can close individual risk detections manually. By closing risk detections manually, you can lower the user risk level. Typically, risk detections are closed manually in response to a related investigation. For example, when talking to a user reveals that an active risk detection is not required anymore. 
+You can close individual risk detections manually. By closing risk detections manually, you can lower the user risk level. Typically, risk detections are closed manually in response to a related investigation. For example, when talking to a user reveals that an active risk detection isn't required anymore. 
 
 When closing risk detections manually, you can choose to take any of the following actions to change the status of a risk detection:
 
@@ -78,6 +78,10 @@ When closing risk detections manually, you can choose to take any of the followi
 - Confirm sign-in safe
 - Confirm sign-in compromised
 
+#### Deleted users
+
+It isn't possible for administrators to dismiss risk for users who have been deleted from the directory. To remove deleted users, open a Microsoft support case.
+
 ## Unblocking users
 
 An administrator may choose to block a sign-in based on their risk policy or investigations. A block may occur based on either sign-in or user risk.

articles/active-directory/identity-protection/howto-identity-protection-remediate-unblock.md

@@ -58,7 +58,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 3. Add ProdPad from the Azure AD application gallery
 
-Add ProdPad from the Azure AD application gallery to start managing provisioning to ProdPad. If you have previously setup ProdPad for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
+Add ProdPad from the Azure AD application gallery to start managing provisioning to ProdPad. If you have previously setup [ProdPad for SSO](prodpad-tutorial.md), you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
 
 ## Step 4. Define who will be in scope for provisioning 
 
@@ -135,6 +135,10 @@ Once you've configured provisioning, use the following resources to monitor your
 * Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
 * Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
 * If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## Troubleshooting Tips
+Reach out to [ProdPad support team](mailto:[email protected]) in case of any issues.
+
 ## More resources
 
 * [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)

articles/active-directory/saas-apps/prodpad-provisioning-tutorial.md

@@ -45,7 +45,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 2. Configure Thrive LXP to support provisioning with Azure AD
 
-Reach out to your Thrive LXP contact to generate your **Tenant url** and **Secret Token**. These values will be entered in the Tenant URL and Secret Token field in the Provisioning tab of your Thrive LXP application in the Azure portal.
+Reach out to your [Thrive LXP Client support team](mailto:[email protected]) to generate your **Tenant url** and **Secret Token**. These values will be entered in the Tenant URL and Secret Token field in the Provisioning tab of your Thrive LXP application in the Azure portal.
 
 ## Step 3. Add Thrive LXP from the Azure AD application gallery
 

articles/active-directory/saas-apps/thrive-lxp-provisioning-tutorial.md

@@ -155,6 +155,8 @@ For information on how to read the Azure AD provisioning logs, see [Reporting on
 
 * When a custom role is assigned to a user or group, the Azure AD automatic user provisioning service also assigns the default role **Agent**. Only Agents can be assigned a custom role. For more information, see the [Zendesk API documentation](https://developer.zendesk.com/rest_api/docs/support/users#json-format-for-agent-or-admin-requests). 
 
+* Import of all roles will fail if any of the custom roles is either "agent" or "end-user". To avoid this, ensure that none of the roles being imported has the above display names. 
+
 ## Additional resources
 
 * [Manage user account provisioning for enterprise apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)

articles/active-directory/saas-apps/zendesk-provisioning-tutorial.md

@@ -3,7 +3,7 @@ title: App Service Environment networking
 description: App Service Environment networking details
 author: madsd
 ms.topic: overview
-ms.date: 11/15/2021
+ms.date: 02/17/2022
 ms.author: madsd
 ---
 
@@ -78,6 +78,20 @@ You can set route tables without restriction. You can tunnel all of the outbound
 
 You can put your web application firewall devices, such as Azure Application Gateway, in front of inbound traffic. Doing so exposes specific apps on that App Service Environment. If you want to customize the outbound address of your applications on an App Service Environment, you can add a NAT gateway to your subnet.
 
+## Private endpoint
+
+In order to enable Private Endpoints for apps hosted in your App Service Environment, you must first enable this feature at the App Service Environment level.
+
+You can activate it through the Azure portal: in the App Service Environment configuration pane turn **on** the setting `Allow new private endpoints`.
+Alternatively the following CLI can enable it:
+
+```azurecli-interactive
+az appservice ase update --name myasename --allow-new-private-endpoint-connections true
+```
+
+For more information about Private Endpoint and Web App, see [Azure Web App Private Endpoint][privateendpoint] 
+
+
 ## DNS
 
 The following sections describe the DNS considerations and configuration that apply inbound to and outbound from your App Service Environment.
@@ -116,4 +130,8 @@ While App Service Environment does deploy into your virtual network, there are a
 
 ## More resources
 
-- [Environment variables and app settings reference](../reference-app-settings.md)
+- [Environment variables and app settings reference](../reference-app-settings.md)
+
+<!--Links-->
+[privateendpoint]: ../networking/private-endpoint.md
+ 

articles/app-service/environment/networking.md

@@ -4,7 +4,7 @@ description: Connect privately to a Web App using Azure Private Endpoint
 author: ericgre
 ms.assetid: 2dceac28-1ba6-4904-a15d-9e91d5ee162c
 ms.topic: article
-ms.date: 12/07/2021
+ms.date: 02/17/2022
 ms.author: ericg
 ms.service: app-service
 ms.workload: web
@@ -118,6 +118,9 @@ You can activate the feature by the Azure portal in the ASE configuration pane,
 az appservice ase update --name myasename --allow-new-private-endpoint-connections true
 ```
 
+## Specific requirements
+
+If the Virtual Network is in a different subscription than the app, you must ensure that the subscription with the Virtual Network is registered for the Microsoft.Web resource provider. You can explicitly register the provider [by following this documentation][registerprovider], but it will also automatically be registered when creating the first web app in a subscription.
 
 ## Pricing
 
@@ -161,3 +164,4 @@ We are improving Private Link feature and Private Endpoint regularly, check [thi
 [howtoguide5]: https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/webapp-privateendpoint-vnet-injection
 [howtoguide6]: ../scripts/terraform-secure-backend-frontend.md
 [TiP]: ../deploy-staging-slots.md#route-traffic
+[registerprovider]: ../../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider

articles/app-service/networking/private-endpoint.md

@@ -119,7 +119,12 @@ https://{endpoint}/formrecognizer/documentModels:build?api-version=2022-01-30-pr
 * Train a custom model:
 
   > [!div class="nextstepaction"]
-  > [Form Recognizer quickstart](quickstarts/try-v3-form-recognizer-studio.md#custom-models)
+  > [How to train a model](how-to-guides/build-custom-model-v3.md)
+
+* Learn more about custom template models:
+
+  > [!div class="nextstepaction"]
+  > [Custom template models](concept-custom-template.md )
 
 * View the REST API:
 

articles/applied-ai-services/form-recognizer/concept-custom-neural.md

@@ -59,10 +59,10 @@ https://{endpoint}/formrecognizer/documentModels:build?api-version=2022-01-30-pr
 
 ## Next steps
 
-* Train a custom template model:
+* * Train a custom model:
 
   > [!div class="nextstepaction"]
-  > [Form Recognizer quickstart](quickstarts/try-sdk-rest-api.md)
+  > [How to train a model](how-to-guides/build-custom-model-v3.md)
 
 * Learn more about custom neural models:
 

articles/applied-ai-services/form-recognizer/concept-custom-template.md

@@ -19,11 +19,11 @@ To create a custom model, you label a dataset of documents with the values you w
 
 ## Custom model types
 
-Custom models can be one of two types, [**custom template**](concept-custom-template.md ) or [**custom neural**](concept-custom-neural.md) models. The labeling and training process for both models is identical, but the models differ as follows:
+Custom models can be one of two types, [**custom template**](concept-custom-template.md ) or custom form and [**custom neural**](concept-custom-neural.md)  or custom document models. The labeling and training process for both models is identical, but the models differ as follows:
 
 ### Custom template model
 
- The custom template model relies on a consistent visual template to extract the labeled data. The accuracy of your model is affected by variances in the visual structure of your documents. Questionnaires or application forms are examples of consistent visual templates.Your training set will consist of structured documents where the formatting and layout are static and constant from one document instance to the next. Custom template  models support key-value pairs, selection marks, tables, signature fields and regions and can be trained on documents in any of the [supported languages](language-support.md). For more information, *see* [custom template models](concept-custom-template.md ).
+ The custom template or custom form model relies on a consistent visual template to extract the labeled data. The accuracy of your model is affected by variances in the visual structure of your documents. Structured  forms such as questionnaires or applications are examples of consistent visual templates. Your training set will consist of structured documents where the formatting and layout are static and constant from one document instance to the next. Custom template  models support key-value pairs, selection marks, tables, signature fields and regions and can be trained on documents in any of the [supported languages](language-support.md). For more information, *see* [custom template models](concept-custom-template.md ).
 
 > [!TIP]
 >
@@ -33,7 +33,7 @@ Custom models can be one of two types, [**custom template**](concept-custom-temp
 
 ### Custom neural model
 
-The custom neural model is a deep learning model type relies on a base model trained on a large collection of labeled documents using key-value pairs. This model is then fine-tuned or adapted to your data when you train the model with a labeled dataset. Custom neural models support structured, semi-structured, and unstructured documents to extract fields. Custom neural models currently support English-language documents. When choosing between the two model types, start with a neural model if it meets your functional needs. See [neural models](concept-custom-neural.md) to learn more about custom document models.
+The custom neural (custom document) model is a deep learning model type that relies on a base model trained on a large collection of documents. This model is then fine-tuned or adapted to your data when you train the model with a labeled dataset. Custom neural models support structured, semi-structured, and unstructured documents to extract fields. Custom neural models currently support English-language documents. When choosing between the two model types, start with a neural model if it meets your functional needs. See [neural models](concept-custom-neural.md) to learn more about custom document models.
 
 ## Model features
 
@@ -51,7 +51,7 @@ The following tools are supported by Form Recognizer v3.0:
 
 | Feature | Resources |
 |----------|-------------|
-|Custom model| <ul><li>[Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)</li><li>[REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-1/operations/AnalyzeDocument)</li><li>[C# SDK](quickstarts/try-v3-csharp-sdk.md)</li><li>[Python SDK](quickstarts/try-v3-python-sdk.md)</li></ul>|
+|Custom model| <ul><li>[Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)</li><li>[REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)</li><li>[C# SDK](quickstarts/try-v3-csharp-sdk.md)</li><li>[Python SDK](quickstarts/try-v3-python-sdk.md)</li></ul>|
 
 ### Try Form Recognizer