Merge pull request #189488 from MicrosoftDocs/main

2/23 AM Publish

Author: huypub

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-product-account-explorer.md

@@ -16,7 +16,7 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-You can  view information about users, groups, and resources that can access account information from an external account in CloudKnox Permissions Management (CloudKnox). 
+You can view information about users, groups, and resources that can access account information from an external account in CloudKnox Permissions Management (CloudKnox).
 
 ## Display information about users, groups, or tasks
 
@@ -31,61 +31,48 @@ You can  view information about users, groups, and resources that can access acc
 
 1. To choose an account from your authorization system, select the lock icon in the left panel.
 1. In the **Authorization systems** pane, select an account, then select **Apply**.
-
 1. To choose a user, role, or group, select the person icon. 
 1. Select a user or group, then select **Apply**. 
-
-1. To choose a task, select the clipboard icon.
-1. In the **Task** pane, select **All** or **High-risk tasks**, then select **Apply**. 
+1. To choose an account from your authorization system, select it from the Authorization Systems menu.
+1. In the user type filter, user, role, or group.
+1. In the **Task** filter, select **All** or **High-risk tasks**, then select **Apply**.
 1. To delete a task, select **Delete**, then select **Apply**.
 
-
 ## Export information about users, groups, or tasks
 
-- To export the data in comma-separated values (CSV) file format, in the **User analytics** dashboard, Click **Export** and selet **CSV**.
+To export the data in comma-separated values (CSV) file format, select **Export** from the top-right hand corner of the table.
 
 ## View users and roles
-
 1. To view users and roles, select the lock icon, and then select the person icon to open the **Users** pane.
+1. To view the **Role summary**, select the "eye" icon to the right of the role name.
 
-1. To view the **Role summary**, select the "eye" icon to the right of the role name. 
-
-    The following details display:
-
-     - **Policies**: A list of all the policies attached to the role.
-     - **Trusted entities**: The identities from external accounts that can assume this role.
+   The following details display:
+   - **Policies**: A list of all the policies attached to the role.
+   - **Trusted entities**: The identities from external accounts that can assume this role.
 
 1. To view all the identities from various accounts that can assume this role, select the down arrow to the left of the role name.
+1. To view a graph of all the identities that can access the specified account and through which role(s), select the role name.
 
-1. To view a graph of all the identities that can access the specified account and through which role(s), select the role name. 
-
-     If CloudKnox is monitoring the external account, it lists specific identities from the accounts that can assume this role. Otherwise, it lists the identities declared in the **Trusted entity** section.
+   If CloudKnox is monitoring the external account, it lists specific identities from the accounts that can assume this role. Otherwise, it lists the identities declared in the **Trusted entity** section.
 
-     - **Connecting roles**: Lists the following roles for each account:
-
-         - *Direct roles* that are trusted by the account role.
-         - *Intermediary roles* that aren't directly trusted by the account role but are assumable by identities through role-chaining.
+   **Connecting roles**: Lists the following roles for each account:
+      - *Direct roles* that are trusted by the account role.
+      - *Intermediary roles* that aren't directly trusted by the account role but are assumable by identities through role-chaining.
 
 1. To view all the roles from that account that are used to access the specified account, select the down arrow to the left of the account name.
+1. To view the trusted identities declared by the role, select the down arrow to the left of the role name.
 
-1. To view the trusted identities declared by the role, select the down arrow to the left of the role name. 
-
-     The trusted identities for the role are listed only if the account is being monitored by CloudKnox.
-
-1. To view the role definition, select the "eye" icon to the right of the role name. 
-
-     When you select the down arrow and expand details, a search box is displayed. Enter your criteria in this box to search for specific roles.
-
-     - **Identities with access**: Lists the identities that come from external accounts:
-
-        - To view all the identities from that account can access the specified account, select the down arrow to the left of the account name.
-        - To view the **Role summary** for EC2 instances and Lambda functions, select the "eye" icon to the right of the identity name. 
-        -  To view a graph of how the identity can access the specified account and through which role(s), select the identity name.
+   The trusted identities for the role are listed only if the account is being monitored by CloudKnox.
 
-1. The **Info** tab displays the **Privilege creep index** and **Service control policy (SCP)** information about the account. 
+1. To view the role definition, select the "eye" icon to the right of the role name.
 
-     For more information about the **Privilege creep index** and SCP information, see [View key statistics and data about your authorization system](cloudknox-ui-dashboard.md).
+   When you select the down arrow and expand details, a search box is displayed. Enter your criteria in this box to search for specific roles.
 
-<!---## Next steps--->
+   **Identities with access**: Lists the identities that come from external accounts:
+      - To view all the identities from that account can access the specified account, select the down arrow to the left of the account name.
+      - To view the **Role summary** for EC2 instances and Lambda functions, select the "eye" icon to the right of the identity name.
+      - To view a graph of how the identity can access the specified account and through which role(s), select the identity name.
 
+1. The **Info** tab displays the **Privilege creep index** and **Service control policy (SCP)** information about the account.
 
+For more information about the **Privilege creep index** and SCP information, see [View key statistics and data about your authorization system](cloudknox-ui-dashboard.md).

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-product-rule-based-anomalies.md

@@ -29,28 +29,29 @@ Rule-based anomalies identify recent activity in CloudKnox Permissions Managemen
 
       - **Alert name**: Lists the name of the alert.
 
-         - To view the specific identity, resource, and task names that occurred during the alert collection period, select the **Alert Name**.
+      - To view the specific identity, resource, and task names that occurred during the alert collection period, select the **Alert Name**.
 
       - **Anomaly alert rule**: Displays the name of the rule select when creating the alert.
       - **# of occurrences**: How many times the alert trigger has occurred.
-      - **Task**: How many tasks are affected by the alert.
-      - **Resources**: How many resources are affected by the alert.
-      - **Identity**: How many identities are affected by the alert.
+      - **Task**: How many tasks performed are triggered by the alert.
+      - **Resources**: How many resources accessed are triggered by the alert.
+      - **Identity**: How many identities performing unusual behavior are triggered by the alert.
       - **Authorization system**: Displays which authorization systems the alert applies to, Amazon Web Services (**AWS**), Microsoft **Azure**, or Google Cloud Platform (**GCP**). 
       - **Date/Time**: Lists the date and time of the alert.
       - **Date/Time (UTC)**: Lists the date and time of the alert in Coordinated Universal Time (UTC).
-      - **View trigger**: Displays the current trigger settings and applicable authorization system details.
-      - **Activity**: Displays details about the **Identity Name**, **Resource Name**, **Task Name**, **Date**, and **IP Address**.
+      
 
 1. To filter alerts:
 
     - From the **Alert Name** dropdown, select **All** or the appropriate alert name.  
     - From the **Date** dropdown menu, select **Last 24 Hours**, **Last 2 Days**, **Last Week**, or **Custom Range**, and select **Apply**.
 
-        - If you select **Custom Range**, also enter **From** and **To** duration settings.
+     - If you select **Custom Range**, also enter **From** and **To** duration settings.
 1. To view details that match the alert criteria, select the ellipses (**...**). 
 
-    For example, **Authorization System Type**, **Authorization Systems**, **Resources**, **Tasks**, and **Identities**.
+     - **View Trigger**: Displays the current trigger settings and applicable authorization system details
+     - **Details**: Displays details about **Authorization System Type**, **Authorization Systems**, **Resources**, **Tasks**, **Identities**, and **Activity**
+     - **Activity**: Displays details about the **Identity Name**, **Resource Name**, **Task Name**, **Date/Time**, **Inactive For**, and **IP Address**. Selecting the "eye" icon displays the **Raw Events Summary**
 
 ## Create a rule-based anomaly trigger
 
@@ -63,11 +64,11 @@ Rule-based anomalies identify recent activity in CloudKnox Permissions Managemen
 1. Select one of the following conditions:
       - **Any Resource Accessed for the First Time**: The identity accesses a resource for the first time during the specified time interval.
       - **Identity Performs a Particular Task for the First Time**: The identity does a specific task for the first time during the specified time interval.
-      - **Inactive Identity Becomes Active**: An identity that hasn't been active for 90 days becomes active and does any task in the selected time interval.
+       - **Identity Performs a Task for the First Time**: The identity performs any task for the first time during the specified time interval
 1. Select **Next**.
-1. On the **Authorization systems** tab, select the available authorization systems accounts and folders, or select **All**. 
+1. On the **Authorization Systems** tab, select the available authorization systems and folders, or select **All**. 
 
-    This screen defaults to **List** view, but you can change it to **Folder** view. You can select the applicable folder instead of individually by system. 
+    This screen defaults to **List** view, but you can change it to **Folders** view. You can select the applicable folder instead of individually selecting by authorization system. 
 
       - The **Status** column displays if the authorization system is online or offline. 
       - The **Controller** column displays if the controller is enabled or disabled.
@@ -82,14 +83,13 @@ Rule-based anomalies identify recent activity in CloudKnox Permissions Managemen
 
     The **Alert triggers** subtab displays the following information:
 
-      - **Alert**: Displays the name of the alert.
+      - **Alerts**: Displays the name of the alert.
       - **Anomaly Alert Rule**: Displays the name of the selected rule when creating the alert.
       - **# of users subscribed**: Displays the number of users subscribed to the alert.
       - **Created by**: Displays the email address of the user who created the alert.
-      - **Last modified by**: Displays the email address of the user who last modified the alert.
-      - **Last modified on**: Displays the date and time the trigger was last modified.
-      - **Subscription**: Switches between **On** and **Off**.
-      - **View Trigger**: Displays the current trigger settings and applicable authorization system details.
+      - **Last Modified By**: Displays the email address of the user who last modified the alert.
+      - **Last Modified On**: Displays the date and time the trigger was last modified.
+      - **Subscription**: Subscribes you to receive alert emails. Switches between **On** and **Off**. 
 
 1. To view other options available to you, select the ellipses (**...**), and then select from the available options:
 
@@ -99,16 +99,16 @@ Rule-based anomalies identify recent activity in CloudKnox Permissions Managemen
 
        Only the user who created the alert can edit the trigger screen, rename an alert, deactivate an alert, and delete an alert. Changes made by other users aren't saved.
 
-    - **Duplicate**: Create a duplicate of the alert called "**Copy of XXX**".
+    - **Duplicate**: Create a duplicate copy of the selected alert trigger.
     - **Rename**: Enter the new name of the query, and then select **Save.**
     - **Deactivate**: The alert will still be listed, but will no longer send emails to subscribed users.
     - **Activate**: Activate the alert trigger and start sending emails to subscribed users.
-    - **Notification settings**: View the **Email** of users who are subscribed to the alert trigger and their **User status**. 
+    - **Notification settings**: View the **Email** of users who are subscribed to the alert trigger. 
     - **Delete**: Delete the alert.
 
     If the **Subscription** is **Off**, the following options are available:
     - **View**: View  details of the alert trigger.
-    - **Notification settings**: View the **Email** of users who are subscribed to the alert trigger and their **User status**. 
+    - **Notification settings**: View the **Email** of users who are subscribed to the alert trigger.
     - **Duplicate**: Create a duplicate copy of the selected alert trigger.
 
 1. To filter by **Activated** or **Deactivated**, in the **Status** section, select **All**, **Activated**, or **Deactivated**, and then select **Apply**.
@@ -120,4 +120,4 @@ Rule-based anomalies identify recent activity in CloudKnox Permissions Managemen
 - For an overview on activity triggers, see [View information about activity triggers](cloudknox-ui-triggers.md).
 - For information on activity alerts and alert triggers, see [Create and view activity alerts and alert triggers](cloudknox-howto-create-alert-trigger.md). 
 - For information on finding outliers in identity's behavior, see [Create and view statistical anomalies and anomaly triggers](cloudknox-product-statistical-anomalies.md).
-- For information on permission analytics triggers, see [Create and view permission analytics triggers](cloudknox-product-permission-analytics.md).
+- For information on permission analytics triggers, see [Create and view permission analytics triggers](cloudknox-product-permission-analytics.md).

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 02/07/2022
+ms.date: 02/23/2022
 
 ms.author: mimart
 author: msmimart
@@ -94,11 +94,16 @@ The output is a summary of all available sign-in events for inbound and outbound
 To determine your users' access to external Azure AD organizations, you can use the [Get-MgAuditLogSignIn](/powershell/module/microsoft.graph.reports/get-mgauditlogsignin) cmdlet in the Microsoft Graph PowerShell SDK to view data from your sign-in logs for the last 30 days. For example, run the following command:
 
 ```powershell
-Get-MgAuditLogSignIn ` 
--Filter “ResourceTenantID ne ‘your tenant id’” ` 
--all:$True| ` 
-group ResourceTenantId,AppDisplayName,UserPrincipalName| ` 
-select count, @{n=’Ext TenantID/App User Pair’;e={$_.name}}] 
+#Initial connection
+Connect-MgGraph -Scopes "AuditLog.Read.All"
+Select-MgProfile -Name "beta"
+
+#Get external access
+$TenantId = "<replace-with-your-tenant-ID>"
+
+Get-MgAuditLogSignIn -Filter "ResourceTenantId ne '$TenantID'" -All:$True |
+Group-Object ResourceTenantId,AppDisplayName,UserPrincipalName |
+Select-Object count,@{n='Ext TenantID/App User Pair';e={$_.name}}
 ```
 
 The output is a list of outbound sign-ins initiated by your users to apps in external tenants.

articles/active-directory/governance/entitlement-management-onboard-external-user.md

@@ -3,7 +3,7 @@ title: Tutorial - Onboard external users to Azure AD through an approval process
 description: Step-by-step tutorial for how to create an access package for external users requiring approvals in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
-author: sama
+author: Sammak
 ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na
@@ -62,7 +62,7 @@ For more information, see [License requirements](entitlement-management-overview
 
 2. In the **Users who can request access** section, click **For users not in your directory** and then click **All users (All connected organizations + any new external users)**.
 
-3. Ensure that **Require approval** is set to **Yes**.
+3. Because any user who is not yet in your directory can view and submit a request for this access package, **Yes** is mandatory for the **Require approval** setting.
 
 4. The following settings allow you to configure how your approvals work for your external users:
 

articles/active-directory/saas-apps/smartsheet-provisioning-tutorial.md

@@ -118,7 +118,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Screenshot of the Provisioning Mode dropdown list with the Automatic option called out.](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved earlier from Smartsheet in **Tenant URL** and **Secret Token** respectively.. Click **Test Connection** to ensure Azure AD can connect to Smartsheet. If the connection fails, ensure your Smartsheet account has SysAdmin permissions and try again.
+5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL** of https://scim.smartsheet.com/v2 and **Access Token** value retrieved earlier from Smartsheet in **Secret Token** respectively. Click **Test Connection** to ensure Azure AD can connect to Smartsheet. If the connection fails, ensure your Smartsheet account has SysAdmin permissions and try again.
 
 	![Token](common/provisioning-testconnection-tenanturltoken.png)
 
@@ -182,6 +182,7 @@ Once you've configured provisioning, use the following resources to monitor your
 
 * 06/16/2020 - Added support for enterprise extension attributes "Cost Center", "Division", "Manager" and "Department" for users.
 * 02/10/2021 - Added support for core attributes "emails[type eq "work"]" for users.
+* 02/12/2022 - Added SCIM base/tenant URL of https://scim.smartsheet.com/v2 for SmartSheet integration under Admin Credentials section.
 
 ## Additional resources
 
@@ -190,4 +191,4 @@ Once you've configured provisioning, use the following resources to monitor your
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/advisor/resource-graph-samples.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Resource Graph sample queries for Azure Advisor
 description: Sample Azure Resource Graph queries for Azure Advisor showing use of resource types and tables to access Azure Advisor related resources and properties.
-ms.date: 01/20/2022
+ms.date: 02/16/2022
 ms.topic: sample
 ms.custom: subject-resourcegraph-sample
 ---