MicrosoftDocs
diff --git a/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 28 additions & 7 deletions b/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 28 additions & 7 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory/develop/msal-logging-dotnet.md
Lines changed: 90 additions & 24 deletions b/‎articles/active-directory/develop/msal-logging-dotnet.md
Lines changed: 90 additions & 24 deletions
diff --git a/‎articles/active-directory/develop/scenario-spa-acquire-token.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/develop/scenario-spa-acquire-token.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/manage-apps/whats-new-docs.md
Lines changed: 12 additions & 20 deletions b/‎articles/active-directory/manage-apps/whats-new-docs.md
Lines changed: 12 additions & 20 deletions
diff --git a/‎articles/active-directory/reports-monitoring/reference-audit-activities.md
Lines changed: 12 additions & 17 deletions b/‎articles/active-directory/reports-monitoring/reference-audit-activities.md
Lines changed: 12 additions & 17 deletions
@@ -278,12 +278,27 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-service-manager-script.md",
-            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections.md",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections-cherwell.md",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections-provance.md",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/alerts/itsmc-connections-scsm.md" ,
-            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
             "redirect_document_id": false
         },
         {
@@ -2908,13 +2923,13 @@
         },
         {
             "source_path_from_root": "/articles/log-analytics/log-analytics-itsmc-connections.md",
-            "redirect_url": "/azure/azure-monitor/platform/itsmc-connections",
+            "redirect_url": "/azure/azure-monitor/platform/itsmc-overview",
             "redirect_document_id": true
         },
         {
             "source_path_from_root": "/articles/log-analytics/log-analytics-itsmc-overview.md",
             "redirect_url": "/azure/azure-monitor/platform/itsmc-overview",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/log-analytics/log-analytics-itsmc-service-manager-script.md",
@@ -3571,6 +3586,12 @@
             "redirect_url": "/azure/service-health/alerts-activity-log-service-notifications",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/logs/azure-data-explorer-monitor-proxy.md",
+            "redirect_url": "/azure/data-explorer/query-monitor-data",
+            "redirect_document_id": false
+        },
+
         {
             "source_path_from_root": "/articles/azure-monitor/platform/service-notifications.md",
             "redirect_url": "/azure/service-health/service-notifications",
@@ -5108,17 +5129,17 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/platform/itsmc-connections-cherwell.md",
-            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections-cherwell",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/platform/itsmc-connections-provance.md",
-            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections-provance",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/platform/itsmc-connections-scsm.md",
-            "redirect_url": "/azure/azure-monitor/alerts/itsmc-connections-scsm",
+            "redirect_url": "/azure/azure-monitor/alerts/itsmc-overview",
             "redirect_document_id": false
         },
         {
 
@@ -768,6 +768,11 @@
             "redirect_url": "/azure/frontdoor/create-front-door-cli",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/frontdoor/standard-premium/how-to-create-origin.md",
+            "redirect_url": "/azure/frontdoor/how-to-configure-origin",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/aks/aks-resource-health.md",
             "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
 
@@ -23,38 +23,104 @@ ms.custom: aaddev
 
 In MSAL, logging is set at application creation using the `.WithLogging` builder modifier. This method takes optional parameters:
 
+- `IIdentityLogger` is the logging implementation used by MSAL.NET to produce logs for debugging or health check purposes. Logs are only sent if logging is enabled.
 - `Level` enables you to decide which level of logging you want. Setting it to Errors will only get errors
-- `PiiLoggingEnabled` enables you to log personal and organizational data (PII) if set to true. By default, this is set to false, so that your application doesn't log personal data.
+- `PiiLoggingEnabled` enables you to log personal and organizational data (PII) if set to true. By default, this parameter is set to false, so that your application doesn't log personal data.
 - `LogCallback` is set to a delegate that does the logging. If `PiiLoggingEnabled` is true, this method will receive messages that can have PII, in which case the `containsPii` flag will be set to true.
 - `DefaultLoggingEnabled` enables the default logging for the platform. By default it's false. If you set it to true it uses Event Tracing in Desktop/UWP applications, NSLog on iOS and logcat on Android.
 
-```csharp
-class Program
+### IIdentityLogger Interface
+```CSharp
+namespace Microsoft.IdentityModel.Abstractions
 {
-  private static void Log(LogLevel level, string message, bool containsPii)
-  {
-     if (containsPii)
-     {
-        Console.ForegroundColor = ConsoleColor.Red;
-     }
-     Console.WriteLine($"{level} {message}");
-     Console.ResetColor();
-  }
-
-  static void Main(string[] args)
-  {
-    var scopes = new string[] { "User.Read" };
-
-    var application = PublicClientApplicationBuilder.Create("<clientID>")
-                      .WithLogging(Log, LogLevel.Info, true)
-                      .Build();
-
-    AuthenticationResult result = application.AcquireTokenInteractive(scopes)
-                                             .ExecuteAsync().Result;
-  }
+    public interface IIdentityLogger
+    {
+        //
+        // Summary:
+        //     Checks to see if logging is enabled at given eventLogLevel.
+        //
+        // Parameters:
+        //   eventLogLevel:
+        //     Log level of a message.
+        bool IsEnabled(EventLogLevel eventLogLevel);
+
+        //
+        // Summary:
+        //     Writes a log entry.
+        //
+        // Parameters:
+        //   entry:
+        //     Defines a structured message to be logged at the provided Microsoft.IdentityModel.Abstractions.LogEntry.EventLogLevel.
+        void Log(LogEntry entry);
+    }
 }
 ```
 
+> [!NOTE]
+> Partner libraries (`Microsoft.Identity.Web`, `Microsoft.IdentityModel`) provide implementations of this interface already for various environments (in particular ASP.NET Core)
+
+### IIdentityLogger Implementation
+
+The following code snippets are examples of such an implementation. If you use the .NET core configuration, environment variable driven logs levels can be provided for free, in addition to the configuration file based log levels.
+
+#### Log level from configuration file
+
+It's highly recommended to configure your code to use a configuration file in your environment to set the log level as it will enable your code to change the MSAL logging level without needing to rebuild or restart the application. This is critical for diagnostic purposes, enabling us to quickly gather the required logs from the application that is currently deployed and in production. Verbose logging can be costly so it's best to use the *Information* level by default and enable verbose logging when an issue is encountered. [See JSON configuration provider](https://docs.microsoft.com/aspnet/core/fundamentals/configuration#json-configuration-provider) for an example on how to load data from a configuration file without restarting the application.
+
+#### Log Level as Environment Variable
+
+Another option we recommended is to configure your code to use an environment variable on the machine to set the log level as it will enable your code to change the MSAL logging level without needing to rebuild the application. This is critical for diagnostic purposes, enabling us to quickly gather the required logs from the application that is currently deployed and in production.
+
+See [EventLogLevel](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Abstractions/EventLogLevel.cs) for details on the available log levels.
+
+Example: 
+
+```CSharp
+    class MyIdentityLogger : IIdentityLogger
+    {
+        public EventLogLevel MinLogLevel { get; }
+
+        public TestIdentityLogger()
+        {
+            //Try to pull the log level from an environment variable
+            var msalEnvLogLevel = Environment.GetEnvironmentVariable("MSAL_LOG_LEVEL");
+
+            if (Enum.TryParse(msalEnvLogLevel, out EventLogLevel msalLogLevel))
+            {
+                MinLogLevel = msalLogLevel;
+            }
+            else
+            {
+                //Recommended default log level
+                MinLogLevel = EventLogLevel.Informational;
+            }
+        }
+
+        public bool IsEnabled(EventLogLevel eventLogLevel)
+        {
+            return eventLogLevel <= MinLogLevel;
+        }
+
+        public void Log(LogEntry entry)
+        {
+            //Log Message here:
+            Console.WriteLine(entry.message);
+        }
+    }
+```
+
+Using `MyIdentityLogger`:
+```CSharp
+    MyIdentityLogger myLogger = new MyIdentityLogger(logLevel);
+
+    var app = ConfidentialClientApplicationBuilder
+        .Create(TestConstants.ClientId)
+        .WithClientSecret("secret")
+        .WithExperimentalFeatures() //Currently an experimental feature, will be removed soon
+        .WithLogging(myLogger, piiLogging)
+        .Build();
+```
+
 > [!TIP]
  > See the [MSAL.NET wiki](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki) for samples of MSAL.NET logging and more.
 
 
@@ -17,7 +17,7 @@ ms.custom: aaddev
 
 # Single-page application: Acquire a token to call an API
 
-The pattern for acquiring tokens for APIs with [MSAL.js](https://github.com/AzureAD/microsoft-authentication-library-for-js) is to first attempt a silent token request by using the `acquireTokenSilent` method. When this method is called, the library first checks the cache in browser storage to see if a valid token exists and returns it. When no valid token is in the cache, it attempts to use its refresh token to get the token. If the refresh token's 24-hour lifetime has expired, MSAL.js will open a hidden iframe to silently request a new authorization code, which it will exchange for a new, valid refresh token. For more information about single sign-on (SSO) session and token lifetime values in Azure Active Directory (Azure AD), see [Token lifetimes](active-directory-configurable-token-lifetimes.md).
+The pattern for acquiring tokens for APIs with [MSAL.js](https://github.com/AzureAD/microsoft-authentication-library-for-js) is to first attempt a silent token request by using the `acquireTokenSilent` method. When this method is called, the library first checks the cache in browser storage to see if a non-expired access token exists and returns it. If no access token is found for the given parameters, it will throw an `InteractionRequiredAuthError`, which should be handled with an interactive token request method (`acquireTokenPopup` or `acquireTokenRedirect`). If an access token is found but it's expired, it attempts to use its refresh token to get a fresh access token. If the refresh token's 24-hour lifetime has also expired, MSAL.js will open a hidden iframe to silently request a new authorization code by leveraging the existing active session with Azure AD (if any), which will then be exchanged for a fresh set of tokens (access _and_ refresh tokens). For more information about single sign-on (SSO) session and token lifetime values in Azure AD, see [Token lifetimes](active-directory-configurable-token-lifetimes.md). For more information on MSAL.js cache lookup policy, see: [Acquiring an Access Token](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/acquire-token.md#acquiring-an-access-token).
 
 The silent token requests to Azure AD might fail for reasons like a password change or updated conditional access policies. More often, failures are due to the refresh token's 24-hour lifetime expiring and [the browser blocking third party cookies](reference-third-party-cookies-spas.md), which prevents the use of hidden iframes to continue authenticating the user. In these cases, you should invoke one of the interactive methods (which may prompt the user) to acquire tokens:
 
 
@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application management"
 description: "New and updated documentation for the Azure Active Directory application management."
-ms.date: 10/03/2022
+ms.date: 11/01/2022
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: reference
@@ -15,6 +15,17 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory (Azure AD) application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure AD](../fundamentals/whats-new.md).
 
+## October 2022
+
+### Updated articles
+
+- [Configure how users consent to applications](configure-user-consent.md)
+- [Tutorial: Configure F5 BIG-IP Access Policy Manager for Kerberos authentication](f5-big-ip-kerberos-advanced.md)
+- [Tutorial: Configure F5 BIG-IP Easy Button for Kerberos single sign-on](f5-big-ip-kerberos-easy-button.md)
+- [Tutorial: Configure F5 BIG-IP Easy Button for header-based and LDAP single sign-on](f5-big-ip-ldap-header-easybutton.md)
+- [Tutorial: Migrate your applications from Okta to Azure Active Directory](migrate-applications-from-okta-to-azure-active-directory.md)
+- [Tutorial: Configure Secure Hybrid Access with Azure Active Directory and Silverfort](silverfort-azure-ad-integration.md)
+
 ## September 2022
 
 ### New articles
@@ -32,22 +43,3 @@ Welcome to what's new in Azure Active Directory (Azure AD) application managemen
 ### Updated articles
 
 - [Hide an enterprise application](hide-application-from-user-portal.md)
-
-## July 2022
-
-### New articles
-
-- [Create an enterprise application from a multi-tenant application in Azure Active Directory](create-service-principal-cross-tenant.md)
-- [Deletion and recovery of applications FAQ](delete-recover-faq.yml)
-- [Recover deleted applications in Azure Active Directory FAQs](recover-deleted-apps-faq.md)
-- [Restore an enterprise application in Azure AD](restore-application.md)
-- [SAML Request Signature Verification (Preview)](howto-enforce-signed-saml-authentication.md)
-- [Tutorial: Configure Cloudflare with Azure Active Directory for secure hybrid access](cloudflare-azure-ad-integration.md)
-- [Tutorial: Configure Datawiza to enable Azure Active Directory Multi-Factor Authentication and single sign-on to Oracle JD Edwards](datawiza-azure-ad-sso-oracle-jde.md)
-
-### Updated articles
-
-- [Delete an enterprise application](delete-application-portal.md)
-- [Configure Azure Active Directory SAML token encryption](howto-saml-token-encryption.md)
-- [Review permissions granted to applications](manage-application-permissions.md)
-- [Tutorial: Configure Secure Hybrid Access with Azure Active Directory and Datawiza](datawiza-with-azure-ad.md)
@@ -3,19 +3,14 @@
 title: Azure Active Directory (Azure AD) audit activity reference | Microsoft Docs
 description: Get an overview of the audit activities that can be logged in your audit logs in Azure Active Directory (Azure AD).
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: a1f93126-77d1-4345-ab7d-561066041161
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/28/2022
+ms.author: sarahlipsey
 ms.reviewer: dhanyahk
 
 ms.collection: M365-identity-device-management
@@ -31,10 +26,10 @@ The reporting architecture in Azure AD consists of the following components:
     - [Audit logs](concept-audit-logs.md) - Provides traceability through logs for all changes done by various features within Azure AD. 
 
 - **Security reports** 
-    - [Risky sign-ins](../identity-protection/overview-identity-protection.md) - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account. 
+    - [Risky sign-ins](../identity-protection/overview-identity-protection.md) - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who isn't the legitimate owner of a user account. 
     - [Users flagged for risk](../identity-protection/overview-identity-protection.md) - A risky user is an indicator for a user account that might have been compromised. 
 
-This articles lists the audit activities that can be logged in your audit logs.
+This article lists the audit activities that can be logged in your audit logs.
 
 ## Access reviews
 
@@ -54,7 +49,7 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Access Reviews|Remove reviewer from access review|
 |Access Reviews|Request Stop Review|
 |Access Reviews|Request apply review result|
-|Access Reviews|Review Rbac Role membership|
+|Access Reviews|Review RBAC Role membership|
 |Access Reviews|Review app assignment|
 |Access Reviews|Review group membership|
 |Access Reviews|Review request approval request|
@@ -135,7 +130,7 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Authentication|Create IdentityProvider|
 |Authentication|Create V1 application|
 |Authentication|Create V2 application|
-|Authentication|Create a custom domains in the tenant|
+|Authentication|Create a custom domain in the tenant|
 |Authorization|Create a new AdminUserJourney|
 |Authorization|Create localized resource json|
 |Authorization|Create new Custom IDP|
@@ -226,7 +221,7 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Authorization|Update policy|
 |Authorization|Update user attribute|
 |Authorization|Upload a CPIM encrypted key|
-|Authorization|User Authorization: API is disabled for tenant featureset|
+|Authorization|User Authorization: API is disabled for tenant feature set|
 |Authorization|User Authorization: User granted access as 'Tenant Admin'|
 |Authorization|User Authorization: User was granted 'Authenticated Users' access rights|
 |Authorization|Verify if B2C feature is enabled|
@@ -237,12 +232,12 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Authorization|Onboard to Azure AD Access Reviews|
 |Authorization|Unlink program control|
 |Authorization|Update program|
-|Authorization|Disable Desktop Sso|
-|Authorization|Disable Desktop Sso for a specific domain|
+|Authorization|Disable Desktop SSO|
+|Authorization|Disable Desktop SSO for a specific domain|
 |Authorization|Disable application proxy|
 |Authorization|Disable passthrough authentication|
-|Authorization|Enable Desktop Sso|
-|Directory Management|Enable Desktop Sso for a specific domain|
+|Authorization|Enable Desktop SSO|
+|Directory Management|Enable Desktop SSO for a specific domain|
 |Directory Management|Enable application proxy|
 |Directory Management|Enable passthrough authentication|
 |Directory Management|Create a custom domains in the tenant|