Merge pull request #254727 from MicrosoftDocs/main

10/12 Publish 11:00 AM India Standard Time

Author: Saisang

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -112,9 +112,10 @@ The following providers offer FIDO2 security keys of different form factors that
 | Provider | Biometric | USB | NFC | BLE | FIPS Certified |
 |:-|:-:|:-:|:-:|:-:|:-:|
 | [AuthenTrend](https://authentrend.com/about-us/#pg-35-3) | ![y] | ![y]| ![y]| ![y]| ![n] |
-| [ACS](https://www.acs.com.hk/) | ![n] | ![y]| ![n]| ![n]| ![n] |
+| [ACS](https://www.acs.com.hk/) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [ATOS](https://atos.net/en/solutions/cyber-security/iot-and-ot-security/smart-card-solution-cardos-for-iot) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [Ciright](https://www.cyberonecard.com/) | ![n] | ![n]| ![y]| ![n]| ![n] |
+| [Composecure](https://www.composecure.com/arculus) | ![n] | ![n]| ![y]| ![n]| ![n] |
 | [Crayonic](https://www.crayonic.com/keyvault) | ![y] | ![n]| ![y]| ![y]| ![n] |
 | [Cryptnox](https://cryptnox.com/) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [Ensurity](https://www.ensurity.com/contact) | ![y] | ![y]| ![n]| ![n]| ![n] |

articles/active-directory/authentication/concept-fido2-hardware-vendor.md

@@ -33,9 +33,10 @@ The following table lists partners who are Microsoft-compatible FIDO2 security k
 | Provider | Biometric | USB | NFC | BLE | FIPS Certified |
 |:-|:-:|:-:|:-:|:-:|:-:|
 | [AuthenTrend](https://authentrend.com/about-us/#pg-35-3) | ![y] | ![y]| ![y]| ![y]| ![n] |
-| [ACS](https://www.acs.com.hk/) | ![n] | ![y]| ![n]| ![n]| ![n] |
+| [ACS](https://www.acs.com.hk/) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [ATOS](https://atos.net/en/solutions/cyber-security/iot-and-ot-security/smart-card-solution-cardos-for-iot) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [Ciright](https://www.cyberonecard.com/) | ![n] | ![n]| ![y]| ![n]| ![n] |
+| [Composecure](https://www.composecure.com/arculus) | ![n] | ![n]| ![y]| ![n]| ![n] |
 | [Crayonic](https://www.crayonic.com/keyvault) | ![y] | ![n]| ![y]| ![y]| ![n] |
 | [Cryptnox](https://cryptnox.com/) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [Ensurity](https://www.ensurity.com/contact) | ![y] | ![y]| ![n]| ![n]| ![n] |

articles/active-directory/roles/groups-create-eligible.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: roles
 ms.topic: how-to
-ms.date: 04/10/2023
+ms.date: 10/12/2023
 ms.author: rolyon
 ms.reviewer: vincesm
 ms.custom: it-pro, has-azure-ad-ps-ref
@@ -70,17 +70,26 @@ For more information, see [Prerequisites to use PowerShell or Graph Explorer](pr
 
 Use the [New-MgGroup](/powershell/module/microsoft.graph.groups/new-mggroup?branch=main) command to create a role-assignable group.
 
+This example shows how to create a Security role-assignable group.
+
+```powershell
+Connect-MgGraph -Scopes "Group.ReadWrite.All"
+$group = New-MgGroup -DisplayName "Contoso_Helpdesk_Administrators" -Description "Helpdesk Administrator role assigned to group" -MailEnabled:$false -SecurityEnabled -MailNickName "contosohelpdeskadministrators" -IsAssignableToRole:$true
+```
+
+This example shows how to create a Microsoft 365 role-assignable group.
+
 ```powershell
 Connect-MgGraph -Scopes "Group.ReadWrite.All"
-$group = New-MgGroup -DisplayName "Contoso_Helpdesk_Administrators" -Description "This group has Helpdesk Administrator built-in role assigned to it in Azure AD." -MailEnabled:$false -SecurityEnabled -MailNickName "contosohelpdeskadministrators" -IsAssignableToRole:$true
+$group = New-MgGroup -DisplayName "Contoso_Helpdesk_Administrators" -Description "Helpdesk Administrator role assigned to group" -MailEnabled:$true -SecurityEnabled -MailNickName "contosohelpdeskadministrators" -IsAssignableToRole:$true -GroupTypes "Unified"
 ```
 
 # [Azure AD PowerShell](#tab/aad-powershell)
 
 Use the [New-AzureADMSGroup](/powershell/module/azuread/new-azureadmsgroup?branch=main) command to create a role-assignable group.
 
 ```powershell
-$group = New-AzureADMSGroup -DisplayName "Contoso_Helpdesk_Administrators" -Description "This group is assigned to Helpdesk Administrator built-in role in Azure AD." -MailEnabled $false -SecurityEnabled $true -MailNickName "contosohelpdeskadministrators" -IsAssignableToRole $true
+$group = New-AzureADMSGroup -DisplayName "Contoso_Helpdesk_Administrators" -Description "Helpdesk Administrator role assigned to group" -MailEnabled $false -SecurityEnabled $true -MailNickName "contosohelpdeskadministrators" -IsAssignableToRole $true
 ```
 
 For this type of group, `isPublic` will always be false and `isSecurityEnabled` will always be true.
@@ -125,18 +134,34 @@ Add-AzureADGroupMember -ObjectId $roleAssignablegroup.Id -RefObjectId $member.Ob
 
 Use the [Create group](/graph/api/group-post-groups?branch=main) API to create a role-assignable group.
 
+This example shows how to create a Security role-assignable group.
+
+```http
+POST https://graph.microsoft.com/v1.0/groups
+{
+    "description": "Helpdesk Administrator role assigned to group",
+    "displayName": "Contoso_Helpdesk_Administrators",
+    "isAssignableToRole": true,
+    "mailEnabled": false,
+    "mailNickname": "contosohelpdeskadministrators",
+    "securityEnabled": true
+}
+```
+
+This example shows how to create a Microsoft 365 role-assignable group.
+
 ```http
 POST https://graph.microsoft.com/v1.0/groups
 {
-  "description": "This group is assigned to Helpdesk Administrator built-in role of Azure AD.",
+  "description": "Helpdesk Administrator role assigned to group",
   "displayName": "Contoso_Helpdesk_Administrators",
   "groupTypes": [
     "Unified"
   ],
   "isAssignableToRole": true,
   "mailEnabled": true,
-  "securityEnabled": true,
   "mailNickname": "contosohelpdeskadministrators",
+  "securityEnabled": true,
   "visibility" : "Private"
 }
 ```

articles/active-directory/roles/media/groups-create-eligible/eligible-switch.png

@@ -72,6 +72,8 @@
         href: partner-gallery.md
       - name: Au10tix
         href: howto-verifiable-credentials-partner-au10tix.md
+      - name: IDEMIA
+        href: idemia.md
       - name: LexisNexis
         href: howto-verifiable-credentials-partner-lexisnexis.md
       - name: Vu

articles/active-directory/roles/media/groups-create-eligible/group-create-message.png

@@ -0,0 +1,71 @@
+---
+title: Configure Verified ID by IDEMIA as your identity verification partner 
+description: This article shows you the steps you need to follow to configure IDEMIA as your identity verification partner
+services: active-directory
+author: barclayn
+manager: amycolannino
+ms.service: decentralized-identity
+ms.subservice: verifiable-credentials
+ms.topic: how-to
+ms.date: 10/11/2023
+ms.author: barclayn
+# Customer intent: As a developer, I'm looking for information about the open standards that are supported by Microsoft Entra Verified ID.
+---
+
+# Configure Verified ID by IDEMIA as your identity verification partner
+
+In this article, we cover the steps needed to integrate Microsoft Entra Verified ID (Verified ID) with [IDEMIA](https://www.idemia.com/).
+
+## Prerequisites
+
+Before you can continue with the steps below you need to meet the following requirements: 
+
+- A tenant configured with Verified ID.
+   - If you don't have an existing tenant, you can create an Azure account for free. 
+- You need to have completed the onboarding process with IDEMIA. 
+   - Register on the IDEMIA Experience Portal where you can create your own Microsoft verifiable credential application with a few steps low code integration. 
+
+>[!IMPORTANT]
+>Before you can proceed, you must have already received a URL from IDEMIA. If you have not yet received it, follow up with IDEMIA before you try the steps documented below.
+
+
+## Scenario description
+
+Microsoft Azure AD verifiable credentials users can have their identity verified using IDEMIA's identity document capture and verification.
+The Identity proofing process is completed using biometric and document capture via the users' smartphones. Once a user submits their data, biometric and document data is extracted and verified against one another, or against an authoritative data source such as a national identity database or a trusted system of record. Counter-fraud and high-risk profile verification could also be performed for additional assurance. 
+
+The result is a trusted user identity that gives service providers the assurance they need to proceed with customer onboarding. 
+
+
+After verification, users are issued a reusable identity credential, which expedites the onboarding process for employees, partners, and customers​.
+
+
+## Configure IDEMIA as your identity verification proofing solution
+
+To configure IDEMIA as your identity verification proofing solution, follow these steps:
+
+1. Go to Quickstart in the Azure portal and select **Verified ID**.
+2. Choose select issuer.
+3. Look for IDEMIA in the search/select issuers drop down.
+4. Select VerifiedCredentialExpert as the credential type.
+5. Select **Add** and then select review.
+6. Download the request body and cop/paste the POST API request URL
+
+## Developer steps
+
+As a developer you now have the request URL and body from your tenant admin, follow these steps to update your application or website:
+
+1. Add the request URL and body to your application or website to request Verified IDs from your users.
+    >[!IMPORTANT]
+    >If you are using one of the sample apps, you'll need to replace the contents of the presentation_request_config.json with the request body obtained in Part 1. The sample code overwrites the trustedIssuers values with IssuerAuthority value from ```appsettings.json```. Copy the trustedIssuers value from the payload to IssuerAuthority in ```appsettings.json``` file.
+2. Replace the **URL** and **api key** values with your own values.
+3. [Grant permissions](verifiable-credentials-configure-tenant.md#grant-permissions-to-get-access-tokens) to your app so it can obtain an access token for the Verified ID service request service principal.
+
+## Test the user flow
+
+User flow is specific to your application or website. However, if you are using one of the sample apps follow the steps outlined as part of the sample app's documentation.
+
+## Next steps
+
+- [Verifiable credentials admin API](admin-api.md)
+- [Request Service REST API issuance specification](issuance-request-api.md)

articles/active-directory/verifiable-credentials/TOC.yml

@@ -681,6 +681,14 @@
           href: ../mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
         - name: Azure API Management
           href: ../api-management/api-management-kubernetes.md
+        - name: Deploy Kubernetes applications
+          items:
+            - name: Deploy Kubernetes applications from Azure Marketplace
+              href: deploy-marketplace.md
+            - name: Deploy Kubernetes applications with ARM template
+              href: deploy-application-template.md
+            - name: Deploy Kubernetes applications with Azure CLI
+              href: deploy-application-az-cli.md
         - name: Dapr
           items:
             - name: Create the Dapr extension

articles/active-directory/verifiable-credentials/idemia.md

@@ -114,7 +114,7 @@ You can load the Azure Maps spatial IO module using one of the two options:
     </head>
 
     <body onload="GetMap()">
-        <div id="myMap"></div>
+        <div id="myMap" style="position:relative;width:100%;min-width:290px;height:600px;"></div>
     </body>
 
     </html>
@@ -144,10 +144,13 @@ You can load the Azure Maps spatial IO module using one of the two options:
     map.layers.add(layer);
     ```
 
-1. Your HTML code should now look like the following code. This sample demonstrates how to read an XML file from a URL. Then, load and display the file's feature data on the map.
+1. Your HTML code should now look like the following code. This sample demonstrates how to display an XML file's feature data on a map.
+
+    > [!NOTE]
+    > This example uses [Route66Attractions.xml].
 
     ```html
-    <!DOCTYPE html>
+    <!DOCTYPE html>
     <html>
     <head>
         <title>Spatial IO Module Example</title>
@@ -194,7 +197,7 @@ You can load the Azure Maps spatial IO module using one of the two options:
                     map.layers.add(layer);
 
                     //Read an XML file from a URL or pass in a raw XML string.
-                    atlas.io.read('superCoolKmlFile.xml').then(r => {
+                    atlas.io.read('Route66Attractions.xml').then(r => {
                         if (r) {
                             //Add the feature data to the data source.
                             datasource.add(r);
@@ -220,7 +223,7 @@ You can load the Azure Maps spatial IO module using one of the two options:
 
 1. Remember to replace `<Your Azure Maps Key>` with your subscription key. You should see results similar to the following image in your HTML file:
 
-    :::image type="content" source="./media/how-to-use-spatial-io-module/spatial-data-example.png" alt-text="Screenshot of an indoor map demonstrating Spatial Data.":::
+    :::image type="content" source="./media/how-to-use-spatial-io-module/spatial-data-example.png" lightbox="./media/how-to-use-spatial-io-module/spatial-data-example.png" alt-text="Screenshot showing the Spatial Data sample in a map.":::
 
 ## Next steps
 
@@ -261,6 +264,7 @@ Refer to the Azure Maps Spatial IO documentation:
 [How to use the Azure Maps map control npm package]: how-to-use-npm-package.md
 [Leverage core operations]: spatial-io-core-operations.md
 [Read and write spatial data]: spatial-io-read-write-spatial-data.md
+[Route66Attractions.xml]: https://samples.azuremaps.com/data/Gpx/Route66Attractions.xml
 [Spatial IO module]: https://www.npmjs.com/package/azure-maps-spatial-io
 [subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account
 [Supported data format details]: spatial-io-supported-data-format-details.md