Merge branch 'main' into WI-143029-release-ga-malware-scan

Author: AlizaBernstein

articles/active-directory/manage-apps/application-properties.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 09/06/2022
+ms.date: 08/29/2023
 ms.author: jomondi
 ms.reviewer: ergreenl
 ms.custom: enterprise-apps
@@ -20,71 +20,74 @@ ms.custom: enterprise-apps
 
 This article describes the properties that you can configure for an enterprise application in your Azure Active Directory (Azure AD) tenant. To configure the properties, see [Configure enterprise application properties](add-application-portal-configure.md).
 
-## Enabled for users to sign in? 
+## Enabled for users to sign in?
 
-If this option is set to **Yes**, then assigned users are able to sign in to the application from the My Apps portal, the User access URL, or by navigating to the application URL directly. If assignment is required, then only users who are assigned to the application are able to sign-in. If assignment is required, applications must be assigned to be granted a token.
+If this option is set to **Yes**, then assigned users are able to sign in to the application from the My Apps portal, the User access URL, or by navigating to the application URL directly. If assignment is required, then only users who are assigned to the application are able to sign-in. If assignment is required, applications must be assigned to get a token.
 
 If this option is set to **No**, then no users are able to sign in to the application, even if they're assigned to it. Tokens aren't issued for the application.  
 
-## Name 
+## Name
 
-This property is the name of the application that users see on the My Apps portal. Administrators see the name when they manage access to the application. Other tenants see the name when integrating the application into their directory. 
+This property is the name of the application that users see on the My Apps portal. Administrators see the name when they manage access to the application. Other tenants see the name when integrating the application into their directory.
 
-It's recommended that you choose a name that users can understand. This is important because this name is visible in the various portals, such as My Apps and O365 Launcher. 
+It's recommended that you choose a name that users can understand. This is important because this name is visible in the various portals, such as My Apps and Microsoft 365 Launcher.
 
-## Homepage URL 
+## Homepage URL
 
-If the application is custom-developed, the homepage URL is the URL that a user can use to sign in to the application. For example, it's the URL that is launched when the application is selected in the My Apps portal. If this application is from the Azure AD Gallery, this URL is where you can go to learn more about the application or its vendor. 
+If the application is custom-developed, the homepage URL is the URL that a user can use to sign in to the application. For example, it's the URL that is launched when the application is selected in the My Apps portal. If this application is from the Azure AD Gallery, this URL is where you can go to learn more about the application or its vendor.
 
-The homepage URL can't be edited within enterprise applications. The homepage URL must be edited on the application object. 
+The homepage URL can't be edited within enterprise applications. The homepage URL must be edited on the application object.
 
-## Logo 
+## Logo
 
 This is the application logo that users see on the My Apps portal and the Office 365 application launcher. Administrators also see the logo in the Azure AD gallery.
 
 Custom logos must be exactly 215x215 pixels in size and be in the PNG format. You should use a solid color background with no transparency in your application logo. The logo file size can't be over 100 KB.
 
-## Application ID 
+## Application ID
 
 This property is the unique identifier for the application in your directory. You can use this application ID if you ever need help from Microsoft Support. You can also use the identifier to perform operations using the Microsoft Graph APIs or the Microsoft Graph PowerShell SDK.
 
-## Object ID 
+## Object ID
 
-This is the unique identifier of the service principal object associated with the application. This identifier can be useful when performing management operations against this application using PowerShell or other programmatic interfaces. This identifier is different than the identifier for the application object. 
+This is the unique identifier of the service principal object associated with the application. This identifier can be useful when performing management operations against this application using PowerShell or other programmatic interfaces. This identifier is different than the identifier for the application object.
 
-The identifier is used to update information for the local instance of the application, such as assigning users and groups to the application. The identifier can also be used to update the properties of the enterprise application or to configure single-sign on. 
+The identifier is used to update information for the local instance of the application, such as assigning users and groups to the application. The identifier can also be used to update the properties of the enterprise application or to configure single-sign on.
 
-## Assignment required 
+## Assignment required
 
-This option doesn't affect whether or not an application appears on the My Apps portal. To show the application there, assign an appropriate user or group to the application. This option has no effect on users' access to the application when it's configured for any of the other single sign-on modes. 
+This setting controls who or what in the directory can obtain an access token for the application. You can use this setting to further lock down access to the application and let only specified users and applications obtain access tokens.
+
+This option determines whether or not an application appears on the My Apps portal. To show the application there, assign an appropriate user or group to the application. This option has no effect on users' access to the application when it's configured for any of the other single sign-on modes.
+
+If this option is set to **Yes**, then users and other applications or services must first be assigned this application before being able to access it.
+
+If this option is set to **No**, then all users are able to sign in, and other applications and services are able to obtain an access token to the application. This option also allows any external users that may have been invited into your organization to sign in.
+
+This option only applies to the following types of applications and services:
 
-If this option is set to **Yes**, then users and other applications or services must first be assigned this application before being able to access it. 
- 
-If this option is set to **No**, then all users are able to sign in, and other applications and services are able to obtain an access token to the application. 
- 
-This option only applies to the following types of applications and services: 
 - Applications using SAML
 - OpenID Connect
 - OAuth 2.0
 - WS-Federation for user sign
-- Application Proxy applications with Azure AD pre-authentication enabled
-- Applications or services for which other applications or service are requesting access tokens 
+- Application Proxy applications with Azure AD preauthentication enabled
+- Applications or services for which other applications or service are requesting access tokens
 
-## Visible to users 
+## Visible to users
 
-Makes the application visible in My Apps and the O365 Launcher 
+Makes the application visible in My Apps and the Microsoft 365 Launcher
 
-If this option is set to **Yes**, then assigned users see the application on the My Apps portal and O365 app launcher. 
+If this option is set to **Yes**, then assigned users see the application on the My Apps portal and Microsoft 365 app launcher.
 
-If this option is set to **No**, then no users see this application on their My Apps portal and O365 launcher. 
+If this option is set to **No**, then no users see this application on their My Apps portal and Microsoft 365 launcher.
 
 Make sure that a homepage URL is included or else the application can't be launched from the My Apps portal.
 
-Regardless of whether assignment is required or not, only assigned users are able to see this application in the My Apps portal. If you want certain users to see the application in the My Apps portal, but everyone to be able to access it, assign the users in the **Users and Groups** tab, and set assignment required to **No**. 
+Regardless of whether assignment is required or not, only assigned users are able to see this application in the My Apps portal. If you want certain users to see the application in the My Apps portal, but everyone to be able to access it, assign the users in the **Users and Groups** tab, and set assignment required to **No**.
 
-## Notes 
+## Notes
 
-You can use this field to add any information that is relevant for the management of the application. The field is a free text field with a maximum size of 1024 characters. 
+You can use this field to add any information that is relevant for the management of the application. The field is a free text field with a maximum size of 1024 characters.
 
 ## Next steps
 

articles/azure-web-pubsub/socketio-overview.md

@@ -1,6 +1,6 @@
 ---
-title: Overview of Web PubSub for Socket.IO
-description: Get an overview of Azure Web PubSub support for the open-source Socket.IO library.
+title: Overview Socket.IO on Azure
+description: Get an overview of Azure's support for the open-source Socket.IO library.
 keywords: Socket.IO, Socket.IO on Azure, multi-node Socket.IO, scaling Socket.IO
 author: kevinguo-ed
 ms.author: kevinguo
@@ -9,27 +9,25 @@ ms.service: azure-web-pubsub
 ms.topic: how-to
 ---
 
-# Overview of Web PubSub for Socket.IO
+# Overview Socket.IO on Azure
 
 > [!NOTE]
-> Web PubSub for Socket.IO feature is in public preview. We welcome any feedback and suggestions. Please reach out to the service team at [email protected].
+> The support of Socket.IO on Azure is in public preview. We welcome any feedback and suggestions. Please reach out to the service team at [email protected].
 
-Web PubSub for Socket.IO is a fully managed cloud offering for [Socket.IO](https://socket.io/). Socket.IO is a widely popular open-source library for real-time messaging between clients and a server. Web PubSub for Socket.IO is a feature of the Azure Web PubSub service.
+Socket.IO is a widely popular open-source library for real-time messaging between clients and a server. Managing stateful and persistent connections between clients and a server is often a source of frustration for Socket.IO users. The problem is more acute when multiple Socket.IO instances are spread across servers. 
 
-Managing stateful and persistent connections between clients and a server is often a source of frustration for Socket.IO users. The problem is more acute when multiple Socket.IO instances are spread across servers.
-
-Web PubSub for Socket.IO removes the burden of deploying, hosting, and coordinating Socket.IO instances for developers. Development teams can then focus on building real-time experiences by using familiar APIs from the Socket.IO library.
+Azure provides a fully managed cloud solution for [Socket.IO](https://socket.io/). This support removes the burden of deploying, hosting, and coordinating Socket.IO instances for developers. Development teams can then focus on building real-time experiences by using familiar APIs from the Socket.IO library.
 
 ## Simplified architecture
-Web PubSub for Socket.IO removes the need for an "adapter" server component when scaling out a Socket.IO app, allowing the development team to reap the benefits for a simplified architecture.
+This feature removes the need for an "adapter" server component when scaling out a Socket.IO app, allowing the development team to reap the benefits of a simplified architecture.
 
 :::image type="content" source="./media/socketio-service-internal/typical-architecture-managed-socketio.jpg" alt-text="Screenshot of a typical architecture of a fully managed Socket.IO app.":::
 
 ## Benefits over hosting a Socket.IO app yourself
 
-The following table shows the benefits of using the fully managed Azure service.
+The following table shows the benefits of using the fully managed solution from Azure.
 
-| Item | Hosting a Socket.IO app yourself | Using Web PubSub for Socket.IO|
+| Item | Hosting a Socket.IO app yourself | Using Socket.IO on Azure|
 |------------|------------|------------|
 | Deployment | Customer managed | Azure managed |
 | Hosting | Customer needs to provision enough server resources to serve and maintain persistent connections | Azure managed |
@@ -44,7 +42,7 @@ A common approach to meeting the concurrency and latency challenge is to [scale
 
 :::image type="content" source="./media/socketio-overview/typical-architecture-self-hosted-socketio-app.jpg" alt-text="Diagram of a typical architecture of a self-hosted Socket.IO app.":::
 
-With Web PubSub for Socket.IO, you're freed from handling scaling issues and implementing code logic related to using an adapter.
+With Socket.IO on Azure, you're freed from handling scaling issues and implementing code logic related to using an adapter.
 
 ## Same programming model
 

articles/defender-for-cloud/concept-agentless-containers.md

@@ -28,29 +28,7 @@ All of these capabilities are available as part of the [Defender CSPM](concept-c
 
 ## Agentless discovery and visibility within Kubernetes components
 
-Agentless discovery for Kubernetes provides API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup.
-
-### How does agentless discovery for Kubernetes work?
-
-The discovery process is based on snapshots taken at intervals:
-
-:::image type="content" source="media/concept-agentless-containers/diagram-permissions-architecture.png" alt-text="Diagram of the permissions architecture." lightbox="media/concept-agentless-containers/diagram-permissions-architecture.png":::
-
-When you enable the agentless discovery for Kubernetes extension, the following process occurs:
-
-- **Create**: Defender for Cloud creates an identity in customer environments called CloudPosture/securityOperator/DefenderCSPMSecurityOperator.
-- **Assign**: Defender for Cloud assigns a built-in role called **Kubernetes Agentless Operator** to that identity on subscription scope. The role contains the following permissions:
-
-  - AKS read (Microsoft.ContainerService/managedClusters/read)
-  - AKS Trusted Access with the following permissions:
-  - Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/write
-  - Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read
-  - Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/delete
-
-   Learn more about [AKS Trusted Access](/azure/aks/trusted-access-feature).
-
-- **Discover**: Using the system assigned identity, Defender for Cloud performs a discovery of the AKS clusters in your environment using API calls to the API server of AKS.
-- **Bind**: Upon discovery of an AKS cluster, Defender for Cloud performs an AKS bind operation between the created identity and the Kubernetes role “Microsoft.Security/pricings/microsoft-defender-operator”. The role is visible via API and gives Defender for Cloud data plane read permission inside the cluster.
+Agentless discovery for Kubernetes provides API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. For more information, see [Agentless discovery for Kubernetes](defender-for-containers-introduction.md#agentless-discovery-for-kubernetes).
 
 ### What's the refresh interval?