Merge pull request #203263 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.active-directory.json

@@ -2417,7 +2417,7 @@
     },
     {
       "source_path_from_root": "/articles/active-directory/develop/active-directory-graph-api.md",
-      "redirect_url": "https://docs.microsoft.com/graph/migrate-azure-ad-graph-planning-checklist",
+      "redirect_url": "/graph/migrate-azure-ad-graph-planning-checklist",
       "redirect_document_id": false
     },
     {
@@ -10800,6 +10800,5 @@
       "redirect_url": "/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on",
       "redirect_document_id": false
     }
-
   ]
 }

.openpublishing.redirection.azure-monitor.json

@@ -138,7 +138,7 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/app/troubleshoot-portal-connectivity.md",
-            "redirect_url": "https://docs.microsoft.com/troubleshoot/azure/azure-monitor/app-insights/troubleshoot-portal-connectivity",
+            "redirect_url": "/troubleshoot/azure/azure-monitor/app-insights/troubleshoot-portal-connectivity",
             "redirect_document_id": false
         },
         {
@@ -168,7 +168,7 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/app/auto-instrumentation-troubleshoot.md",
-            "redirect_url": "https://docs.microsoft.com/troubleshoot/azure/azure-monitor/app-insights/auto-instrumentation-troubleshoot",
+            "redirect_url": "/troubleshoot/azure/azure-monitor/app-insights/auto-instrumentation-troubleshoot",
             "redirect_document_id": false
         },
         {
@@ -313,4 +313,3 @@
         }
     ]
 }
-

.openpublishing.redirection.json

@@ -30032,42 +30032,42 @@
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/support.md",
-      "redirect_url": "http://docs.microsoft.com/azure/cognitive-services/cognitive-services-support-options?context=/azure/cognitive-services/speech-service/context/context",
+      "redirect_url": "/azure/cognitive-services/cognitive-services-support-options?context=/azure/cognitive-services/speech-service/context/context",
       "redirect_document_id": true
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/faq-text-to-speech.md",
-      "redirect_url": "http://docs.microsoft.com/azure/cognitive-services/speech-service/get-started-text-to-speech",
+      "redirect_url": "/azure/cognitive-services/speech-service/get-started-text-to-speech",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/speech-studio-test-model.md",
-      "redirect_url": "http://docs.microsoft.com/azure/cognitive-services/speech-service/speech-studio-overview",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-studio-overview",
       "redirect_document_id": true
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/whats-new.md",
-      "redirect_url": "http://docs.microsoft.com/azure/cognitive-services/speech-service/overview",
+      "redirect_url": "/azure/cognitive-services/speech-service/overview",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-gating-overview.md",
-      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/transparency-note-custom-neural-voice",
+      "redirect_url": "/legal/cognitive-services/speech-service/custom-neural-voice/transparency-note-custom-neural-voice",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-guidelines-responsible-deployment-synthetic.md",
-      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-guidelines-responsible-deployment-synthetic",
+      "redirect_url": "/legal/cognitive-services/speech-service/custom-neural-voice/concepts-guidelines-responsible-deployment-synthetic",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-disclosure-guidelines.md",
-      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-guidelines",
+      "redirect_url": "/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-guidelines",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-disclosure-patterns.md",
-      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-patterns",
+      "redirect_url": "/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-patterns",
       "redirect_document_id": false
     },
     {

articles/active-directory/develop/quickstart-v2-python-webapp.md

@@ -2,15 +2,15 @@
 title: "Quickstart: Add sign-in with Microsoft to a Python web app"
 description: In this quickstart, learn how a Python web app can sign in users, get an access token from the Microsoft identity platform, and call the Microsoft Graph API.
 services: active-directory
-author: CelesteDG
+author: henrymbuguakiarie
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: portal
 ms.workload: identity
 ms.date: 11/22/2021
 ROBOTS: NOINDEX
-ms.author: celested
+ms.author: henrymbugua
 ms.custom: aaddev, devx-track-python, "scenarios:getting-started", "languages:Python", mode-api
 ---
 
@@ -33,7 +33,7 @@ ms.custom: aaddev, devx-track-python, "scenarios:getting-started", "languages:Py
 > 
 > - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 > - [Python 2.7+](https://www.python.org/downloads/release/python-2713) or [Python 3+](https://www.python.org/downloads/release/python-364/)
-> - [Flask](http://flask.pocoo.org/), [Flask-Session](https://pypi.org/project/Flask-Session/), [requests](https://requests.kennethreitz.org/en/master/)
+> - [Flask](http://flask.pocoo.org/), [Flask-Session](https://pypi.org/project/Flask-Session/), [requests](https://github.com/psf/requests/graphs/contributors)
 > - [MSAL Python](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 > 
 > #### Step 1: Configure your application in Azure portal

articles/active-directory/fundamentals/active-directory-deployment-plans.md

@@ -62,6 +62,7 @@ From any of the plan pages, use your browser's Print to PDF capability to create
 | [Privileged Identity Management](../privileged-identity-management/pim-deployment-plan.md)| Azure AD Privileged Identity Management (PIM) helps you manage privileged administrative roles across Azure AD, Azure resources, and other Microsoft Online Services. PIM provides solutions like just-in-time access, request approval workflows, and fully integrated access reviews so you can identify, uncover, and prevent malicious activities of privileged roles in real time. |
 | [Reporting and Monitoring](../reports-monitoring/plan-monitoring-and-reporting.md)| The design of your Azure AD reporting and monitoring solution depends on your legal, security, and operational requirements as well as your existing environment and processes. This article presents the various design options and guides you to the right deployment strategy. |
 | [Access Reviews](../governance/deploy-access-reviews.md) | Access Reviews are an important part of your governance strategy, enabling you to know and manage who has access, and to what they have access. This article helps you plan and deploy access reviews to achieve your desired security and collaboration postures. |
+| [Identity governance for applications](../governance/identity-governance-applications-prepare.md) | As part of your organization's controls to meet your compliance and risk management objectives for managing access for critical applications, you can use Azure AD features to set up and enforce appropriate access.|
 
 ## Include the right stakeholders
 

articles/active-directory/governance/TOC.yml

@@ -58,6 +58,16 @@
 - name: How-to guides
   expanded: true
   items:
+  - name: Govern access to applications
+    items:
+    - name: Prepare
+      href: identity-governance-applications-prepare.md
+    - name: Define
+      href: identity-governance-applications-define.md
+    - name: Integrate
+      href: identity-governance-applications-integrate.md
+    - name: Deploy
+      href: identity-governance-applications-deploy.md
   - name: Entitlement management
     items:
     - name: Common scenarios

articles/active-directory/governance/access-reviews-application-preparation.md

@@ -25,7 +25,7 @@ ms.collection: M365-identity-device-management
 
 [Azure Active Directory (Azure AD) Identity Governance](identity-governance-overview.md) allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources.
 
-Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use Azure AD access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.
+Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use Azure AD access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.  You can also use other features, including terms of use, conditional access and entitlement management, for governing access to applications, as described in [how to govern access to applications in your environment](identity-governance-applications-prepare.md).
 
 ## Prerequisites for reviewing access
 
@@ -146,4 +146,5 @@ Once the reviews have started, you can monitor their progress, and update the ap
 ## Next steps
 
 * [Plan an Azure Active Directory access reviews deployment](deploy-access-reviews.md)
-* [Create an access review of a group or application](create-access-review.md)
+* [Create an access review of a group or application](create-access-review.md)
+* [Govern access to applications](identity-governance-applications-prepare.md)

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

@@ -44,9 +44,9 @@ For a demonstration of how to add a multi-stage approval to a request policy, wa
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4d1Jw]
 
 
-## Change approval settings of an existing access package
+## Change approval settings of an existing access package assignment policy
 
-Follow these steps to specify the approval settings for requests for the access package:
+Follow these steps to specify the approval settings for requests for the access package through a policy:
 
 **Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
 

articles/active-directory/governance/entitlement-management-access-package-lifecycle-policy.md

@@ -17,14 +17,14 @@ ms.reviewer:
 ms.collection: M365-identity-device-management
 
 
-#Customer intent: As an administrator, I want detailed information about how I can edit an access package to include requestor infromation to screen requestors and get requestors the resources they need to perform their job.
+#Customer intent: As an administrator, I want detailed information about how I can edit an access package to include requestor information to screen requestors and get requestors the resources they need to perform their job.
 
 ---
 # Change lifecycle settings for an access package in Azure AD entitlement management
 
 As an access package manager, you can change the lifecycle settings for assignments in an access package at any time by editing an existing policy. If you change the expiration date for assignments on a policy, the expiration date for requests that are already in a pending approval or approved state will not change.
 
-This article describes how to change the lifecycle settings for an existing access package.
+This article describes how to change the lifecycle settings for an existing access package assignment policy.
 
 ## Open requestor information
 To ensure users have the right access to an access package, custom questions can be configured to ask users requesting access to certain access packages. Configuration options include: localization, required/optional, and text/multiple choice answer formats. Requestors  will see the questions when they request the package and approvers see the answers to the questions to help them make their decision. Use the following steps to configure questions in an access package:

articles/active-directory/governance/entitlement-management-access-package-request-policy.md

@@ -22,13 +22,13 @@ ms.collection: M365-identity-device-management
 ---
 # Change request settings for an access package in Azure AD entitlement management
 
-As an access package manager, you can change the users who can request an access package at any time by editing the policy or adding a new policy. This article describes how to change the request settings for an existing access package.
+As an access package manager, you can change the users who can request an access package at any time by editing a policy for access package assignment requests, or adding a new policy to the access package. This article describes how to change the request settings for an existing access package assignment policy.
 
 ## Choose between one or multiple policies
 
 The way you specify who can request an access package is with a policy. Before creating a new policy or editing an existing policy in an access package, you need to determine how many policies the access package needs. 
 
-When you create an access package, you specify the request, approval and lifecycle settings, which are stored on the first policy of the access package. Most access packages will have a single policy, but a single access package can have multiple policies. You would create multiple policies for an access package if you want to allow different sets of users to be granted assignments with different request and approval settings.
+When you create an access package, you can specify the request, approval and lifecycle settings, which are stored on the first policy of the access package. Most access packages will have a single policy for users to request access, but a single access package can have multiple policies. You would create multiple policies for an access package if you want to allow different sets of users to be granted assignments with different request and approval settings.
 
 For example, a single policy cannot be used to assign internal and external users to the same access package. However, you can create two policies in the same access package, one for internal users and one for external users. If there are multiple policies that apply to a user, they will be prompted at the time of their request to select the policy they would like to be assigned to. The following diagram shows an access package with two policies.
 
@@ -40,14 +40,15 @@ For example, a single policy cannot be used to assign internal and external user
 | --- | --- |
 | I want all users in my directory to have the same request and approval settings for an access package | One |
 | I want all users in certain connected organizations to be able to request an access package | One |
-| I want to allow users in my directory and also users outside my directory to request an access package | Multiple |
-| I want to specify different approval settings for some users | Multiple |
-| I want some users access package assignments to expire while other users can extend their access | Multiple |
+| I want to allow users in my directory and also users outside my directory to request an access package | Two |
+| I want to specify different approval settings for some users | One for each group of users |
+| I want some users access package assignments to expire while other users can extend their access | One for each group of users |
+| I want users to request access and other users to be assigned access by an administrator | Two |
 
 For information about the priority logic that is used when multiple policies apply, see [Multiple policies](entitlement-management-troubleshoot.md#multiple-policies
 ).
 
-## Open an existing access package and add a new policy of request settings
+## Open an existing access package and add a new policy with different request settings
 
 If you have a set of users that should have different request and approval settings, you'll likely need to create a new policy. Follow these steps to start adding a new policy to an existing access package:
 
@@ -160,9 +161,9 @@ Follow these steps if you want to bypass access requests and allow administrator
 > When assigning users to an access package, administrators will need to verify that the users are eligible for that access package based on the existing policy requirements. Otherwise, the users won't successfully be assigned to the access package. If the access package contains a policy that requires user requests to be approved, users can't be directly assigned to the package without necessary approval(s) from the designated approver(s).
 
 
-## Open and edit an existing policy of request settings
+## Open and edit an existing policy's request settings
 
-To change the request and approval settings for an access package, you need to open the corresponding policy. Follow these steps to open and edit the request settings for an access package:
+To change the request and approval settings for an access package, you need to open the corresponding policy with those settings. Follow these steps to open and edit the request settings for an access package assignment policy:
 
 **Prerequisite role:** Global administrator, User administrator, Catalog owner, or Access package manager