Merge pull request #187995 from MicrosoftDocs/main

2/08 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -34091,7 +34091,22 @@
     },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-gating-overview.md",
-      "redirect_url": "http://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/transparency-note-custom-neural-voice",
+      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/transparency-note-custom-neural-voice",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-guidelines-responsible-deployment-synthetic.md",
+      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-guidelines-responsible-deployment-synthetic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-disclosure-guidelines.md",
+      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-guidelines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/concepts-disclosure-patterns.md",
+      "redirect_url": "https://docs.microsoft.com/legal/cognitive-services/speech-service/custom-neural-voice/concepts-disclosure-patterns",
       "redirect_document_id": false
     },
     {

articles/active-directory/authentication/concept-authentication-operator-assistance.md

@@ -25,7 +25,7 @@ For example, let's say a customer in U.S has an office phone number 425-555-1234
 
 If the setting is **Off**, the system will automatically dial extensions as part of the phone number. Your admin can still specify individual users who should be enabled for operator assistance by prefixing the extension with ‘@’. For example, 425-555-1234x@5678 would indicate that operator assistance should be used, even though the setting is **Off**.
 
-You can check the status of this feature in your own tenant by navigating to the [Azure AD portal](https://ms.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade), then in the left pane, click **Security** > **MFA** > **Phone call settings**. Check **Operator required to transfer extensions** to see if the setting is **On** or **Off**. 
+You can check the status of this feature in your own tenant by navigating to the [Azure AD portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade), then in the left pane, click **Security** > **MFA** > **Phone call settings**. Check **Operator required to transfer extensions** to see if the setting is **On** or **Off**. 
 
 ![Screenshot of operator assistance settings](./media/concept-authentication-operator-assistance/settings.png)
 

articles/active-directory/conditional-access/TOC.yml

@@ -110,6 +110,8 @@
       href: policy-migration-mfa.md
 - name: Reference
   items:
+  - name: Office 365 application
+    href: reference-office-365-application-contents.md
   - name: Beta Graph APIs
     items: 
     - name: conditionalAccessPolicy API

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/03/2022
+ms.date: 02/08/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -82,22 +82,33 @@ Administrators can exclude specific apps from policy if they wish, including the
 
 The following key applications are included in the Office 365 client app:
 
-   - Microsoft Forms
-   - Microsoft Stream
-   - Microsoft To-Do
-   - Microsoft Teams
-   - Exchange Online
-   - SharePoint Online
-   - Microsoft 365 Search Service
-   - Yammer
-   - Office Delve
-   - Office Online
-   - Office.com
-   - OneDrive
-   - Power Automate
-   - Power Apps
-   - Skype for Business Online
-   - Sway
+- Exchange Online
+- Microsoft 365 Search Service
+- Microsoft Forms
+- Microsoft Planner (ProjectWorkManagement)
+- Microsoft Stream
+- Microsoft Teams
+- Microsoft To-Do
+- Microsoft Flow
+- Microsoft Office 365 Portal
+- Microsoft Office client application
+- Microsoft Stream 
+- Microsoft To-Do WebApp
+- Microsoft Whiteboard Services
+- Office Delve
+- Office Online
+- Office.com
+- OneDrive
+- Power Apps
+- Power Automate
+- Security & Compliance Center
+- SharePoint Online
+- Skype for Business Online
+- Skype and Teams Tenant Admin API
+- Sway
+- Yammer
+
+A complete list of all services included can be found in the article [Apps included in Conditional Access Office 365 app suite](reference-office-365-application-contents.md).
 
 ### Microsoft Azure Management
 
@@ -137,7 +148,7 @@ Administrators can add any Azure AD registered application to Conditional Access
 > [!NOTE]
 > Since Conditional Access policy sets the requirements for accessing a service you are not able to apply it to a client (public/native) application. In other words, the policy is not set directly on a client (public/native) application, but is applied when a client calls a service. For example, a policy set on SharePoint service applies to the clients calling SharePoint. A policy set on Exchange applies to the attempt to access the email using Outlook client. That is why client (public/native) applications are not available for selection in the Cloud Apps picker and Conditional Access option is not available in the application settings for the client (public/native) application registered in your tenant. 
 
-Some applications do not appear in the picker at all. The only way to include these applications in a Conditional Access policy is to include **All apps**. 
+Some applications don't appear in the picker at all. The only way to include these applications in a Conditional Access policy is to include **All apps**. 
 
 ## User actions
 
@@ -169,9 +180,9 @@ Authentication contexts are managed in the Azure portal under **Azure Active Dir
 Create new authentication context definitions by selecting **New authentication context** in the Azure portal. Configure the following attributes:
 
 - **Display name** is the name that is used to identify the authentication context in Azure AD and across applications that consume authentication contexts. We recommend names that can be used across resources, like "trusted devices", to reduce the number of authentication contexts needed. Having a reduced set limits the number of redirects and provides a better end to end-user experience.
-- **Description** provides more information about the policies it is used by Azure AD administrators and those applying authentication contexts to resources.
+- **Description** provides more information about the policies it's used by Azure AD administrators and those applying authentication contexts to resources.
 - **Publish to apps** checkbox when checked, advertises the authentication context to apps and makes them available to be assigned. If not checked the authentication context will be unavailable to downstream resources. 
-- **ID** is read-only and used in tokens and apps for request-specific authentication context definitions. It is listed here for troubleshooting and development use cases. 
+- **ID** is read-only and used in tokens and apps for request-specific authentication context definitions. It's listed here for troubleshooting and development use cases. 
 
 #### Add to Conditional Access policy
 

articles/active-directory/conditional-access/reference-office-365-application-contents.md

@@ -0,0 +1,99 @@
+---
+title: Office 365 App in Conditional Access reference - Azure Active Directory
+description: What are all of the services included in the Office 365 app in Azure AD Conditional Access
+
+services: active-directory
+ms.service: active-directory
+ms.subservice: conditional-access
+ms.topic: reference
+ms.date: 02/08/2022
+
+ms.author: joflore
+author: MicrosoftGuyJFlo
+manager: karenhoran
+ms.reviewer: calebb
+
+ms.collection: M365-identity-device-management
+---
+# Apps included in Conditional Access Office 365 app suite
+
+The following list is provided as a reference and includes a detailed list of services and applications that are included in the Conditional Access [Office 365](concept-conditional-access-cloud-apps.md#office-365) app.
+
+- Augmentation Loop
+- Call Recorder
+- Connectors
+- Device Management Service
+- EnrichmentSvc
+- IC3 Gateway
+- Media Analysis and Transformation Service
+- Message Recall app
+- Messaging Async Media
+- MessagingAsyncMediaProd
+- Microsoft 365 Reporting Service
+- Microsoft Discovery Service
+- Microsoft Exchange Online Protection
+- Microsoft Flow
+- Microsoft Flow GCC
+- Microsoft Forms
+- Microsoft Forms Web
+- Microsoft Forms Web in Azure Government
+- Microsoft Legacy To-Do WebApp
+- Microsoft Office 365 Portal
+- Microsoft Office client application
+- Microsoft People Cards Service
+- Microsoft SharePoint Online - SharePoint Home
+- Microsoft Stream Portal
+- Microsoft Stream Service
+- Microsoft Teams
+- Microsoft Teams - T4L Web Client
+- Microsoft Teams - Teams And Channels Service
+- Microsoft Teams Chat Aggregator
+- Microsoft Teams Graph Service
+- Microsoft Teams Retail Service
+- Microsoft Teams Services
+- Microsoft Teams UIS
+- Microsoft Teams Web Client
+- Microsoft To-Do WebApp
+- Microsoft Whiteboard Services
+- O365 Suite UX
+- OCPS Checkin Service
+- Office 365 app, corresponding to a migrated siteId.
+- Office 365 Exchange Microservices
+- Office 365 Exchange Online
+- Office 365 Search Service
+- Office 365 SharePoint Online
+- Office 365 Yammer
+- Office Delve
+- Office Hive
+- Office Hive Azure Government
+- Office Online
+- Office Services Manager
+- Office Services Manager in USGov
+- Office Shredding Service
+- Office365 Shell WCSS-Client
+- Office365 Shell WCSS-Client in Azure Government
+- OfficeClientService
+- OfficeHome
+- OneDrive
+- OneDrive SyncEngine
+- OneNote
+- Outlook Browser Extension
+- Outlook Service for Exchange
+- PowerApps Service
+- PowerApps Web
+- PowerApps Web GCC
+- ProjectWorkManagement
+- ProjectWorkManagement_USGov
+- Reply at mention
+- Security & Compliance Center
+- SharePoint Online Web Client Extensibility
+- SharePoint Online Web Client Extensibility Isolated
+- Skype and Teams Tenant Admin API
+- Skype for Business Online
+- Skype meeting broadcast
+- Skype Presence Service
+- SmartCompose
+- Sway
+- Targeted Messaging Service
+- The GCC DoD app for office.com
+- The Office365 Shell DoD WCSS-Client

articles/active-directory/develop/msal-configuration.md

@@ -28,8 +28,8 @@ This article will help you understand the various settings in the configuration
 
 | Property | Data Type | Required | Notes |
 |-----------|------------|-------------|-------|
-| `client_id` | String | Yes | Your app's Client ID from the [Application registration page](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) |
-| `redirect_uri`   | String | Yes | Your app's Redirect URI from the [Application registration page](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) |
+| `client_id` | String | Yes | Your app's Client ID from the [Application registration page](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) |
+| `redirect_uri`   | String | Yes | Your app's Redirect URI from the [Application registration page](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) |
 | `broker_redirect_uri_registered` | Boolean | No | Possible values: `true`, `false` |
 | `authorities` | List\<Authority> | No | The list of authorities your app needs |
 | `authorization_user_agent` | AuthorizationAgent (enum) | No | Possible values: `DEFAULT`, `BROWSER`, `WEBVIEW` |

articles/active-directory/develop/scenario-web-app-sign-user-app-registration.md

@@ -31,7 +31,7 @@ To register your application, you can use:
 You can use these links to bootstrap the creation of your web application:
 
 - [ASP.NET Core](https://aka.ms/aspnetcore2-1-aad-quickstart-v2)
-- [ASP.NET](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/applicationsListBlade/quickStartType/AspNetWebAppQuickstartPage/sourceType/docs)
+- [ASP.NET](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/applicationsListBlade/quickStartType/AspNetWebAppQuickstartPage/sourceType/docs)
 
 ## Register an app by using the Azure portal
 

articles/active-directory/develop/v2-saml-bearer-assertion.md

@@ -38,9 +38,9 @@ The SAML assertion is posted to the OAuth token endpoint. The endpoint processes
 
 ## Register the application with Azure AD
 
-Start by registering the application in the [portal](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade):
+Start by registering the application in the [portal](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade):
 
-1. Sign in to the [app registration page of the portal](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) (Please note that we are using the v2.0 endpoints for Graph API and hence need to register the application in Azure portal. Otherwise we could have used the registrations in Azure AD).
+1. Sign in to the [app registration page of the portal](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) (Please note that we are using the v2.0 endpoints for Graph API and hence need to register the application in Azure portal. Otherwise we could have used the registrations in Azure AD).
 1. Select **New registration**.
 1. When the **Register an application** page appears, enter your application's registration information:
     1. **Name** - Enter a meaningful application name that will be displayed to users of the app.

articles/active-directory/manage-apps/f5-aad-integration.md

@@ -168,6 +168,9 @@ Refer to the following guided configuration tutorials using Easy Button template
 
 - [BIG-IP Easy Button for SSO to Oracle JD Edwards](f5-big-ip-oracle-jde-easy-button.md)
 
+## Azure AD B2B guest access
+Azure AD B2B guest access to SHA protected applications is also possible, but some scenarios may require some additional steps not covered in the tutorials. One example is Kerberos SSO, where a BIG-IP will perform kerberos constrained delegation (KCD) to obtain a service ticket from domain contollers. Without a local representation of a guest user exisiting locally, a domain controller will fail to honour the request on the basis that the user does not exist. To support this scenario, you would need to ensure external identities are flowed down from your Azure AD tenant to the directory used by the application. See [Grant B2B users in Azure AD access to your on-premises applications](../external-identities/hybrid-cloud-to-on-premises.md) for guidance.
+
 
 ## Next steps
 

articles/active-directory/manage-apps/f5-big-ip-headers-easy-button.md

@@ -15,9 +15,9 @@ ms.collection: M365-identity-device-management
 
 # Tutorial: Configure F5’s BIG-IP Easy Button for header-based SSO
 
-In this article, you’ll learn to implement Secure Hybrid Access (SHA) with single sign-on (SSO) to header-based applications using F5’s BIG-IP Easy Button Guided Configuration.
+In this article, learn to secure headers based applications with Azure Active Directory (Azure AD), through F5’s BIG-IP Easy Button guided configuration.
 
-Enabling BIG-IP published services for Azure Active Directory (Azure AD) SSO provides many benefits, including:
+Integrating a BIG-IP with Azure AD provides many benefits, including:
 
   * Improved Zero Trust governance through Azure AD pre-authentication and [Conditional Access](/conditional-access/overview)
 
@@ -29,13 +29,13 @@ To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD i
 
 ## Scenario description
 
-For this scenario, we have a legacy application using HTTP authorization headers to control access to protected content.
+This scenario looks at the classic legacy application using HTTP authorization headers to control access to protected content.
 
-Being legacy, the application lacks any form of modern protocols to support a direct integration with Azure AD. Modernizing the app is also costly, requires careful planning, and introduces risk of potential impact. 
+Being legacy, the application lacks any form of modern protocols to support a direct integration with Azure AD. Modernizing the app is also costly, requires careful planning, and introduces risk of potential downtime. 
 
 One option would be to consider [Azure AD Application Proxy](/azure/active-directory/app-proxy/application-proxy), to gate remote access to the application.
 
-Another approach is to use an F5 BIG-IP Application Delivery Controller, as it too provides the protocol transitioning required to bridge legacy applications to the modern ID control plane.
+Another approach is to use an F5 BIG-IP Application Delivery Controller (ADC), as it too provides the protocol transitioning required to bridge legacy applications to the modern ID control plane.
 
 Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and header-based SSO, significantly improving the overall security posture of the application for both remote and local access.