MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/billing.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/billing.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/mural-identity-provisioning-tutorial.md
Lines changed: 36 additions & 22 deletions b/‎articles/active-directory/saas-apps/mural-identity-provisioning-tutorial.md
Lines changed: 36 additions & 22 deletions
diff --git a/‎articles/active-directory/saas-apps/shopify-plus-provisioning-tutorial.md
Lines changed: 10 additions & 6 deletions b/‎articles/active-directory/saas-apps/shopify-plus-provisioning-tutorial.md
Lines changed: 10 additions & 6 deletions
diff --git a/‎articles/aks/start-stop-cluster.md
Lines changed: 3 additions & 0 deletions b/‎articles/aks/start-stop-cluster.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/azure-monitor/logs/basic-logs-configure.md
Lines changed: 2 additions & 1 deletion b/‎articles/azure-monitor/logs/basic-logs-configure.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/backup/azure-backup-architecture-for-sap-hana-backup.md
Lines changed: 5 additions & 5 deletions b/‎articles/backup/azure-backup-architecture-for-sap-hana-backup.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/backup/index.yml
Lines changed: 3 additions & 3 deletions b/‎articles/backup/index.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/backup/media/sap-hana-database-with-hana-system-replication-backup/select-virtual-machines-for-protection.png
-12 KB b/‎articles/backup/media/sap-hana-database-with-hana-system-replication-backup/select-virtual-machines-for-protection.png
-12 KB
diff --git a/‎articles/backup/media/sap-hana-db-manage/confirm-logical-registration-status.png
38.4 KB b/‎articles/backup/media/sap-hana-db-manage/confirm-logical-registration-status.png
38.4 KB
diff --git a/‎articles/backup/media/sap-hana-db-manage/confirm-physical-registration-status-of-node.png
68.5 KB b/‎articles/backup/media/sap-hana-db-manage/confirm-physical-registration-status-of-node.png
68.5 KB
@@ -22,7 +22,7 @@ In this article, learn about MAU and Go Local billing, linking Azure AD B2C tena
 
 ## MAU overview
 
-A monthly active user (MAU) is a unique user that performs an authentication within a given month. A user that authenticates multiple times within a given month is counted as one MAU. Customers aren't charged for a MAU’s subsequent authentications during the month, nor for inactive users. Authentications may include:
+A monthly active user (MAU) is a unique user that performs an authentication within a given month. A user that authenticates at least once within a given month is counted as one MAU. Customers aren't charged for a MAU’s subsequent authentications during the month, nor for inactive users. Authentications may include:
 
 - Active, interactive sign in by the user. For example, [sign-up or sign in](add-sign-up-and-sign-in-policy.md), [self-service password reset](add-password-reset-policy.md), or any type of [user flow](user-flow-overview.md) or [custom policy](custom-policy-overview.md).
 - Passive, non-interactive sign in such as [single sign-on (SSO)](session-behavior.md), or any type of token acquisition. For example, authorization code flow, token refresh, or [resource owner password credentials flow](add-ropc-policy.md).
 
@@ -22,7 +22,10 @@ This tutorial describes the steps you need to perform in both MURAL Identity and
 ## Capabilities Supported
 > [!div class="checklist"]
 > * Create users in MURAL Identity
+> * Remove users in MURAL Identity when they do not require access anymore.
 > * Keep user attributes synchronized between Azure AD and MURAL Identity
+> * Provision groups and group memberships in MURAL Identity.
+> * [Single sign-on](mural-identity-tutorial.md) to MURAL Identity (recommended).
 
 ## Prerequisites
 
@@ -35,8 +38,8 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
-2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
-3. Determine what data to [map between Azure AD and MURAL Identity](../app-provisioning/customize-application-attributes.md). 
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1.  Determine what data to [map between Azure AD and MURAL Identity](../app-provisioning/customize-application-attributes.md). 
 
 ## Step 2. Configure MURAL Identity to support provisioning with Azure AD
 
@@ -65,42 +68,50 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Enterprise applications blade](common/enterprise-applications.png)
 
-2. In the applications list, select **MURAL Identity**.
+1. In the applications list, select **MURAL Identity**.
 
 	![The MURAL Identity link in the Applications list](common/all-applications.png)
 
-3. Select the **Provisioning** tab.
+1. Select the **Provisioning** tab.
 
 	![Provisioning tab](common/provisioning.png)
 
-4. Set the **Provisioning Mode** to **Automatic**.
+1. Set the **Provisioning Mode** to **Automatic**.
 
 	![Provisioning](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, input your MURAL Identity Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to MURAL Identity. If the connection fails, ensure your MURAL Identity account has Admin permissions and try again.
+1. Under the **Admin Credentials** section, input your MURAL Identity Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to MURAL Identity. If the connection fails, ensure your MURAL Identity account has Admin permissions and try again.
 
  	![Token](common/provisioning-testconnection-tenanturltoken.png)
 
-6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
 
 	![Notification Email](common/provisioning-notification-email.png)
 
-7. Select **Save**.
+1. Select **Save**.
 
-8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to MURAL Identity**.
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to MURAL Identity**.
 
-9. Review the user attributes that are synchronized from Azure AD to MURAL Identity in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in MURAL Identity for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the MURAL Identity API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+1. Review the user attributes that are synchronized from Azure AD to MURAL Identity in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in MURAL Identity for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the MURAL Identity API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
-   |Attribute|Type|Supported for filtering|
-   |---|---|---|
-   |userName|String|&check;
-   |active|Boolean|
-    |emails[type eq "work"].value|String|
-    |name.givenName|String|
-    |name.familyName|String|
-    |externalId|String|
+   |Attribute|Type|Supported for filtering|Required by MURAL Identity
+   |---|---|---|---
+   |userName|String|&check;|&check;
+   |emails[type eq "work"].value|String||&check;
+   |active|Boolean||
+   |name.givenName|String||
+   |name.familyName|String||
+   |externalId|String||
 
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to MURAL Identity**.
 
+1. Review the group attributes that are synchronized from Azure AD to MURAL Identity in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in MURAL Identity for update operations. Select the **Save** button to commit any changes.
+
+   |Attribute|Type|Supported for filtering|Required by MURAL Identity|
+   |---|---|---|---|
+   |displayName|String|&check;|&check;
+   |members|Reference||
+   |externalId|String||
 10. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
 11. To enable the Azure AD provisioning service for MURAL Identity, change the **Provisioning Status** to **On** in the **Settings** section.
@@ -120,15 +131,18 @@ This operation starts the initial synchronization cycle of all users and groups
 ## Step 6. Monitor your deployment
 Once you've configured provisioning, use the following resources to monitor your deployment:
 
-1. Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
-2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
-3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
 
 ## Troubleshooting Tips
 * When provisioning a user keep in mind that at MURAL we do not support numbers in the name fields (i.e. givenName or familyName).
 * When filtering on **userName** in the GET endpoint make sure that the email address is all lowercase otherwise you will get an empty result. This is because we convert email addresses to lowercase while provisioning accounts.
 * When de-provisioning an end-user (setting the active attribute to false), user will be soft-deleted and lose access to all their workspaces. When that same de-provisioned end-user is later activated again (setting the active attribute to true), user will not have access to the workspaces user previously belonged to. The end-user will see an error message "You’ve been deactivated from this workspace",  with an option to request reactivation which the workspace admin must approve.
-* If you have any other issues, please reach out to [MURAL Identity support team](mailto:[email protected])
+* If you have any other issues, please reach out to [MURAL Identity support team](mailto:[email protected]).
+
+## Change log
+06/22/2023 - Added support for **Group Provisioning**.
 
 ## More resources
 
 
@@ -101,12 +101,13 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 9. Review the user attributes that are synchronized from Azure AD to Shopify Plus in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Shopify Plus for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Shopify Plus API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
-   |Attribute|Type|Supported for Filtering|
-   |---|---|---|
-   |userName|String|&check;|
+   |Attribute|Type|Supported for Filtering|Required by Shopify Plus
+   |---|---|---|---
+   |userName|String|&check;|&check;
+   |roles|String||
    |active|Boolean|
-   |name.givenName|String|
-   |name.familyName|String|
+   |name.givenName|String||&check;
+   |name.familyName|String||&check;
 
 
 10. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -130,7 +131,10 @@ Once you've configured provisioning, use the following resources to monitor your
 
 1. Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
 2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
-3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## Change log
+06/22/2023 - Added support for **roles**.
 
 ## Additional resources
 
 
@@ -12,6 +12,9 @@ You may not need to continuously run your Azure Kubernetes Service (AKS) workloa
 
 To better optimize your costs during these periods, you can turn off, or stop, your cluster. This action stops your control plane and agent nodes, allowing you to save on all the compute costs, while maintaining all objects except standalone pods. The cluster state is stored for when you start it again, allowing you to pick up where you left off.
 
+> [!NOTE]
+> AKS start operations will restore all objects from ETCD with the exception of standalone pods with the same names and ages. meaning that a pod's age will continue to be calculated from its original creation time. This count will keep increasing over time, regardless of whether the cluster is in a stopped state.
+
 ## Before you begin
 
 This article assumes you have an existing AKS cluster. If you need an AKS cluster, you can create one using [Azure CLI][aks-quickstart-cli], [Azure PowerShell][aks-quickstart-powershell], or the [Azure portal][aks-quickstart-portal].
 
@@ -50,12 +50,13 @@ Configure a table for Basic logs if:
     | API Management | [ApiManagementGatewayLogs](/azure/azure-monitor/reference/tables/ApiManagementGatewayLogs)<br>[ApiManagementWebSocketConnectionLogs](/azure/azure-monitor/reference/tables/ApiManagementWebSocketConnectionLogs) |
     | Application Insights | [AppTraces](/azure/azure-monitor/reference/tables/apptraces) |
     | Chaos Experiments | [ChaosStudioExperimentEventLogs](/azure/azure-monitor/reference/tables/ChaosStudioExperimentEventLogs) |
+    | Cloud HSM | [CHSMManagementAuditLogs](/azure/azure-monitor/reference/tables/CHSMManagementAuditLogs) |
     | Container Apps | [ContainerAppConsoleLogs](/azure/azure-monitor/reference/tables/containerappconsoleLogs) |
     | Container Insights | [ContainerLogV2](/azure/azure-monitor/reference/tables/containerlogv2) |
     | Container Apps Environments | [AppEnvSpringAppConsoleLogs](/azure/azure-monitor/reference/tables/AppEnvSpringAppConsoleLogs) |
     | Communication Services | [ACSCallAutomationIncomingOperations](/azure/azure-monitor/reference/tables/ACSCallAutomationIncomingOperations)<br>[ACSCallAutomationMediaSummary](/azure/azure-monitor/reference/tables/ACSCallAutomationMediaSummary)<br>[ACSCallRecordingIncomingOperations](/azure/azure-monitor/reference/tables/ACSCallRecordingIncomingOperations)<br>[ACSCallRecordingSummary](/azure/azure-monitor/reference/tables/ACSCallRecordingSummary)<br>[ACSRoomsIncomingOperations](/azure/azure-monitor/reference/tables/acsroomsincomingoperations) |
     | Confidential Ledgers | [CCFApplicationLogs](/azure/azure-monitor/reference/tables/CCFApplicationLogs) |
-    | Custom tables | All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md) |
+    | Custom log tables | All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md) |
     | Data Manager for Energy | [OEPDataplaneLogs](/azure/azure-monitor/reference/tables/OEPDataplaneLogs) |
     | Dedicated SQL Pool | [SynapseSqlPoolSqlRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolsqlrequests)<br>[SynapseSqlPoolRequestSteps](/azure/azure-monitor/reference/tables/synapsesqlpoolrequeststeps)<br>[SynapseSqlPoolExecRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolexecrequests)<br>[SynapseSqlPoolDmsWorkers](/azure/azure-monitor/reference/tables/synapsesqlpooldmsworkers)<br>[SynapseSqlPoolWaits](/azure/azure-monitor/reference/tables/synapsesqlpoolwaits) |
     | Dev Center | [DevCenterDiagnosticLogs](/azure/azure-monitor/reference/tables/DevCenterDiagnosticLogs) |
 
@@ -2,7 +2,7 @@
 title: Azure Backup Architecture for SAP HANA Backup
 description: Learn about Azure Backup architecture for SAP HANA backup.
 ms.topic: conceptual
-ms.date: 09/07/2022
+ms.date: 06/20/2023
 ms.service: backup
 ms.custom: ignite-2022
 author: jyothisuri
@@ -65,7 +65,7 @@ See the [high-level architecture of Azure Backup for SAP HANA databases](./sap-h
 
 ### Backup flow
 
-This section provides you an understanding about the backup process of an HANA database running on an Azure VM.
+This section provides you with an understanding about the backup process of an HANA database running on an Azure VM.
 
 1. The scheduled backups are managed by crontab entries created on the HANA VM, while the on-demand backups are directly triggered by the Azure Backup service.
 
@@ -100,7 +100,7 @@ In the following sections you'll learn about different SAP HANA setups and their
 
 :::image type="content" source="./media/azure-backup-architecture-for-sap-hana-backup/azure-network-with-udr-and-nva-or-azure-firewall-and-private-endpoint-or-service-endpoint.png" alt-text="Diagram showing the SAP HANA setup if Azure network with UDR + NVA / Azure Firewall + Private Endpoint or Service Endpoint.":::
 
-### Backup architecture for database with HANA System Replication (preview)
+### Backup architecture for database with HANA System Replication
 
 The backup service resides in both the physical nodes of the HSR setup. Once you confirm that these nodes are in a replication group (using the [pre-registration script](sap-hana-database-with-hana-system-replication-backup.md#run-the-preregistration-script)), Azure Backup groups the nodes logically, and creates a single backup item during protection configuration. 
 
@@ -119,7 +119,7 @@ In the following sections, you'll learn about the backup flow for new/existing m
 
 ##### New machines
 
-This section provides you an understanding about the backup process of an HANA database with HANA System replication enabled running on a new Azure VM.
+This section provides you with an understanding about the backup process of an HANA database with HANA System replication enabled running on a new Azure VM.
 
 1. Create a custom user and `hdbuserstore` key on all the nodes. 
 1. Run the pre-registration script on both the nodes with the custom user as the backup user to implement an ID, which indicates that both the nodes belong to a unique/common group. 
@@ -128,7 +128,7 @@ This section provides you an understanding about the backup process of an HANA d
 
 ##### Existing machines
 
-This section provides you an understanding about the backup process of an HANA database with HANA System replication enabled running on an existing Azure VM.
+This section provides you with an understanding about the backup process of an HANA database with HANA System replication enabled running on an existing Azure VM.
 
 1. Stop protection and retain data for both the nodes. 
 1. Run the pre-registration script on both the nodes with the custom user as the backup user to mention an ID, which indicates that both the nodes belong to a unique/common group.
 
@@ -61,8 +61,6 @@ landingContent:
     linkLists:
       - linkListType: whats-new
         links:
-          - text: Selective disk backup and restore for Azure VMs
-            url: selective-disk-backup-restore.md
           - text: Soft Delete for Azure Backup
             url: backup-azure-security-feature-cloud.md
           - text: Enhanced soft delete for Azure Backup (preview)
@@ -81,6 +79,8 @@ landingContent:
             url: blob-backup-overview.md
           - text: Selective Disk backup with Enhanced policy for Azure VM (preview)
             url: selective-disk-backup-restore.md
+          - text: SAP HANA System Replication backup
+            url: sap-hana-database-about.md#back-up-a-hana-system-with-replication-enabled
   # Card
   - title: Back up Azure VMs
     linkLists:
@@ -129,7 +129,7 @@ landingContent:
         links:
           - text: Back up SAP HANA databases on Azure VMs
             url: backup-azure-sap-hana-database.md
-          - text: Back up SAP HSR databases on Azure VMs (preview)
+          - text: Back up SAP HSR databases on Azure VMs
             url: sap-hana-database-with-hana-system-replication-backup.md
           - text: Back up SAP HANA databases' instance snapshots on Azure VMs (preview)
             url: sap-hana-database-instances-backup.md