Merge pull request #192867 from MicrosoftDocs/main

3/24 PM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -340,6 +340,11 @@
       "redirect_url": "/articles/active-directory/saas-apps/miro-tutorial",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/mimecast-admin-console-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/mimecast-personal-portal-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/active-directory-saas-fax.plus-tutorial.md",
       "redirect_url": "/articles/active-directory/saas-apps/fax-plus-tutorial",

.openpublishing.redirection.json

@@ -28318,6 +28318,11 @@
       "redirect_url": "/azure/frontdoor/standard-premium/how-to-enable-private-link-web-app",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/frontdoor/front-door-tutorial-geo-filtering.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/application-gateway/application-gateway-webapplicationfirewall-overview.md",
       "redirect_url": "/azure/web-application-firewall/ag/ag-overview",
@@ -43785,7 +43790,12 @@
     },
     {
       "source_path_from_root": "/articles/aks/open-service-mesh-open-source-observability.md",
-      "redirect_url": "/azure/aks/open-service-mesh-azure-monitor",
+      "redirect_url": "/azure/aks/open-service-mesh-integrations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/aks/open-service-mesh-azure-monitor.md",
+      "redirect_url": "/azure/aks/open-service-mesh-integrations",
       "redirect_document_id": false
     },
     {

articles/active-directory/app-proxy/application-proxy-release-version-history.md

@@ -7,7 +7,7 @@ manager: karenhoran
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
-ms.date: 04/27/2021
+ms.date: 03/24/2022
 ms.subservice: app-proxy
 ms.author: kenwith
 ms.reviewer: ashishj
@@ -26,6 +26,22 @@ Here is a list of related resources:
 | Understand Azure AD Application Proxy connectors | Find out more about [connector management](application-proxy-connectors.md) and how connectors [auto-upgrade](application-proxy-connectors.md#automatic-updates). |
 | Azure AD Application Proxy Connector Download    | [Download the latest connector](https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download). |
 
+## 1.5.2846.0
+
+### Release status
+
+March 22, 2022: Released for download. This version is only available for install via the download page.
+
+### New features and improvements
+
+- Increased the number of HTTP headers supported on HTTP requests from 41 to 60.
+- Improved error handling of SSL failures between the connector and Azure services.
+- Updated the default connection limit to 200 for connector traffic when going through outbound proxy. To learn more about outbound proxy, see [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md#use-the-outbound-proxy-server).
+- Deprecated the use of ADAL and implemented MSAL as part of the connector installation flow.
+
+### Fixed issues
+- Return original error code and response instead of a 400 Bad Request code for failing websocket connect attempts.
+
 ## 1.5.1975.0
 
 ### Release status

articles/active-directory/authentication/fido2-compatibility.md

@@ -27,7 +27,8 @@ This table shows support for authenticating Azure Active Directory (Azure AD) an
 |:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
 | | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE |
 | **Windows**  | ![Chrome supports USB on Windows for AAD accounts.][y] | ![Chrome supports NFC on Windows for AAD accounts.][y] | ![Chrome supports BLE on Windows for AAD accounts.][y] | ![Edge supports USB on Windows for AAD accounts.][y] | ![Edge supports NFC on Windows for AAD accounts.][y] | ![Edge supports BLE on Windows for AAD accounts.][y] | ![Firefox supports USB on Windows for AAD accounts.][y] | ![Firefox supports NFC on Windows for AAD accounts.][y] | ![Firefox supports BLE on Windows for AAD accounts.][y] |
-| **macOS**  | ![Chrome supports USB on macOS for AAD accounts.][y] | ![Chrome does not support NFC on macOS for AAD accounts.][n] | ![Chrome does not support BLE on macOS for AAD accounts.][n] | ![Edge supports USB on macOS for AAD accounts.][y] | ![Edge does not support NFC on macOS for AAD accounts.][n] | ![Edge does not support BLE on macOS for AAD accounts.][n] | ![Firefox does not support USB on macOS for AAD accounts.][n] | ![Firefox does not support NFC on macOS for AAD accounts.][n] | ![Firefox does not support BLE on macOS for AAD accounts.][n] |
+| **MacOS**  | ![Chrome supports USB on MacOS for AAD accounts.][y] | ![Chrome does not support NFC on MacOS for AAD accounts.][n] | ![Chrome does not support BLE on MacOS for AAD accounts.][n] | ![Edge supports USB on MacOS for AAD accounts.][y] | ![Edge does not support NFC on MacOS for AAD accounts.][n] | ![Edge does not support BLE on MacOS for AAD accounts.][n] | ![Firefox supports USB on MacOS for AAD accounts.][y] | ![Firefox does not support NFC on MacOS for AAD accounts.][n] | ![Firefox does not support BLE on MacOS for AAD accounts.][n] |
+| **ChromeOS**  | ![Chrome supports USB on ChromeOS for AAD accounts.][y] | ![Chrome supports NFC on ChromeOS for AAD accounts.][n] | ![Chrome supports BLE on ChromeOS for AAD accounts.][n] | ![Edge supports USB on ChromeOS for AAD accounts.][n] | ![Edge supports NFC on ChromeOS for AAD accounts.][n] | ![Edge supports BLE on ChromeOS for AAD accounts.][n] | ![Firefox supports USB on ChromeOS for AAD accounts.][n] | ![Firefox supports NFC on ChromeOS for AAD accounts.][n] | ![Firefox supports BLE on ChromeOS for AAD accounts.][n] |
 | **Linux**  | ![Chrome supports USB on Linux for AAD accounts.][y] | ![Chrome does not support NFC on Linux for AAD accounts.][n] | ![Chrome does not support BLE on Linux for AAD accounts.][n] | ![Edge does not support USB on Linux for AAD accounts.][n] | ![Edge does not support NFC on Linux for AAD accounts.][n] | ![Edge does not support BLE on Linux for AAD accounts.][n] | ![Firefox does not support USB on Linux for AAD accounts.][n] | ![Firefox does not support NFC on Linux for AAD accounts.][n] | ![Firefox does not support BLE on Linux for AAD accounts.][n] |
 
 
@@ -41,7 +42,6 @@ The following operating system and browser combinations are not supported, but f
 | iOS | Safari, Brave |
 | macOS | Safari |
 | Android | Chrome |
-| ChromeOS | Chrome |
 
 ## Minimum browser version
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md

@@ -463,6 +463,14 @@ Solution 2: Perform these actions:
 
 Virtual machine scale set VM connections may fail if the virtual machine scale set instances are running an old model. Upgrading virtual machine scale set instances to the latest model may resolve issues, especially if an upgrade hasn’t been done since the Azure AD Login extension was installed. Upgrading an instance applies a standard virtual machine scale set configuration to the individual instance.
 
+### AllowGroups / DenyGroups statements in sshd_config cause first login to fail for Azure AD users
+
+Cause 1: If sshd_config contains either AllowGroups or DenyGroups statements, the very first login fails for Azure AD users. If the statement was added after a user already has a successful login, they can log in.
+
+Solution 1: Remove AllowGroups and DenyGroups statements from sshd_config.
+
+Solution 2: Move AllowGroups and DenyGroups to a "match user" section in sshd_config. Make sure the match template excludes Azure AD users.
+
 ## Next steps
 
 [What is a device identity?](overview.md)

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

@@ -115,18 +115,18 @@ If you selected a multi-stage approval, you'll need to add an approver for each
 
 1. Set the Require approver justification toggle to **Yes** or **No**.
 
-    You also have the option to add an additional stage for a three-stage approval process. For example, you might want an employee’s manager to be the first stage approver for an access package. But, one of the resources in the access package contains confidential information. In this case, you could designate the resource owner as a second approver and a security reviewer as the third approver (Preview). 
+    You also have the option to add an additional stage for a three-stage approval process. For example, you might want an employee’s manager to be the first stage approver for an access package. But, one of the resources in the access package contains confidential information. In this case, you could designate the resource owner as a second approver and a security reviewer as the third approver. That allows a security team to have oversight into the process and the ability to, for example, reject a request based on risk criteria not known to the resource owner.
 
-1. Add the **Third Approver (Preview)**: 
+1. Add the **Third Approver**:
 
     If the users are in your directory, add a specific user as the third approver by clicking **Add approvers** under Choose specific approvers.
 
-    If the users aren't in your directory, select **Internal sponsor** or **External sponsor** as the third approver. After selecting the approver, add the fallback approvers.
+    If the users aren't in your directory, you also have the option to select **Internal sponsor** or **External sponsor** as the third approver. After selecting the approver, add the fallback approvers.
 
     > [!NOTE]
     > <ul>Like the second stage, if the users are in your directory and **Manager as approver** is selected in either the first or second stage of approval, you will only see an option to select specific approvers for the third stage of approval.</ul><ul>If you want to designate the manager as a third approver, you can adjust your selections in the previous approval stages to ensure that **Manager as approver** isn’t selected. Then, you should see **Manager as approver** as an option in the dropdown.</ul><ul>If the users aren’t in your directory and you have not selected **Internal sponsor** or **External sponsor** as approvers in previous stages, you will see them as options for **Third Approver**. Otherwise, you will only be able to select **Choose specific approvers**.</ul>
 
-1. Specify the number of days the third approver (Preview) has to approve the request in the box under **Decision must be made in how many days?**.
+1. Specify the number of days the third approver has to approve the request in the box under **Decision must be made in how many days?**.
 
 1. Set the Require approver justification toggle to **Yes** or **No**.
 

articles/active-directory/saas-apps/amazon-web-service-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/08/2022
+ms.date: 03/24/2022
 ms.author: jeedes
 ---
 
@@ -67,7 +67,9 @@ We recommend this approach for the following reasons:
 To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* An AWS single sign-on (SSO) enabled subscription.
+* An AWS IAM IdP enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
 
 > [!Note]
 > Roles should not be manually edited in Azure AD when doing role imports.

articles/active-directory/saas-apps/clarizen-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with Clarizen One | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Clarizen One'
 description: Learn how to configure single sign-on between Azure Active Directory and Clarizen One.
 services: active-directory
 author: jeevansd
@@ -9,10 +9,10 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 04/08/2021
+ms.date: 03/24/2022
 ms.author: jeedes
 ---
-# Tutorial: Azure Active Directory integration with Clarizen One
+# Tutorial: Azure AD SSO integration with Clarizen One
 
 In this tutorial, you'll learn how to integrate Clarizen One with Azure Active Directory (Azure AD). When you integrate Clarizen One with Azure AD, you can:
 
@@ -26,6 +26,8 @@ To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * Clarizen One single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
 
 ## Scenario description
 
@@ -71,13 +73,16 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-4. On the **Set up Single Sign-On with SAML** page, perform the following steps:
+4. On the **Basic SAML Configuration** section, perform the following steps:
 
     a. In the **Identifier** text box, type the value:
     `Clarizen`
 
-    b. In the **Reply URL** text box, type the URL:
-    `https://.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx`
+    b. In the **Reply URL** text box, type a URL using the following pattern:
+    `https://<SUBDOMAIN>.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx`
+
+    > [!NOTE]
+	> This value is not real. Update this value with the actual Reply URL. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 4. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
 
@@ -178,4 +183,4 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 ## Next steps
 
-Once you configure Clarizen One you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Clarizen One you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

articles/active-directory/saas-apps/iauditor-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with iAuditor | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with iAuditor'
 description: Learn how to configure single sign-on between Azure Active Directory and iAuditor.
 services: active-directory
 author: jeevansd
@@ -9,12 +9,12 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/01/2021
+ms.date: 03/24/2022
 ms.author: jeedes
 
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with iAuditor
+# Tutorial: Azure AD SSO integration with iAuditor
 
 In this tutorial, you'll learn how to integrate iAuditor with Azure Active Directory (Azure AD). When you integrate iAuditor with Azure AD, you can:
 
@@ -28,6 +28,8 @@ To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * iAuditor single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
 
 ## Scenario description
 
@@ -75,7 +77,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     `urn:auth0:safetyculture:<CustomerName>`
 
     b. In the **Reply URL** text box, type a URL using the following pattern:
-    `https://safetyculture.au.auth0.com/login/callback?connection=<CustomerName>`
+    `https://auth.safetyculture.com/login/callback?connection=<CustomerName>`
 
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
@@ -134,7 +136,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure iAuditor SSO
 
-To configure single sign-on on **iAuditor** side, you need to send the **Certificate (PEM)** to [iAuditor support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **iAuditor** side, you need to send the **Certificate (PEM)** and sign in URL to [iAuditor support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create iAuditor test user