Merge branch 'release-umc-rebranding' of https://github.com/MicrosoftDocs/azure-docs-pr into release-umc-rebranding

Author: SnehaSudhirG

.openpublishing.redirection.azure-monitor.json

@@ -6279,6 +6279,56 @@
             "source_path_from_root": "/articles/azure-monitor/essentials/prometheus-authorization-proxy.md",
             "redirect_url": "/azure/azure-monitor/containers/prometheus-authorization-proxy",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/azure-cli-metrics-alert-sample.md",
+            "redirect_url": "/azure/azure-monitor/alerts/azure-cli-metrics-alert-sample",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/terminology.md",
+            "redirect_url": "/azure/azure-monitor/overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/logs/create-pipeline-datacollector-api.md",
+            "redirect_url": "/azure/azure-monitor/logs/data-collector-api",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/visualize/vmext-troubleshoot.md",
+            "redirect_url": "/azure/azure-monitor/agents/vmext-troubleshoot",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/logs/unify-app-resource-data.md",
+            "redirect_url": "/azure/azure-monitor/logs/cross-workspace-query",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/insights/solution-agenthealth.md",
+            "redirect_url": "/azure/azure-monitor/agents/solution-agenthealth",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-hybrid-setup.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-enable-arc-enabled-clusters",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v3.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v4.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-hybrid.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
         }
     ]
 }

CONTRIBUTING.md

@@ -22,7 +22,7 @@ Please use the Feedback tool at the bottom of any article to submit bugs and sug
 
 ### Editing in GitHub
 
-Follow the guidance for [Quick edits to existing documents](https://learn.microsoft.com/contribute/#quick-edits-to-documentation) in our contributor guide.
+Follow the guidance for [Quick edits to existing documents](https://learn.microsoft.com/contribute/content/#quick-edits-to-documentation) in our contributor guide.
 
 ### Pull requests
 

articles/active-directory-b2c/enable-authentication-web-application.md

@@ -260,7 +260,7 @@ Azure AD B2C identity provider settings are stored in the *appsettings.json* fil
   "Instance": "https://<your-tenant-name>.b2clogin.com",
   "ClientId": "<web-app-application-id>",
   "Domain": "<your-b2c-domain>",
-  "SignedOutCallbackPath": "/signout-oidc
+  "SignedOutCallbackPath": "/signout-oidc",
   "SignUpSignInPolicyId": "<your-sign-up-in-policy>"
 }
 ```

articles/active-directory/app-provisioning/skip-out-of-scope-deletions.md

@@ -20,7 +20,7 @@ This article describes how to use the Microsoft Graph API and the Microsoft Grap
 * If ***SkipOutOfScopeDeletions*** is set to 0 (false), accounts that go out of scope are disabled in the target.
 * If ***SkipOutOfScopeDeletions*** is set to 1 (true), accounts that go out of scope aren't disabled in the target. This flag is set at the *Provisioning App* level and can be configured using the Graph API. 
 
-Because this configuration is widely used with the *Workday to Active Directory user provisioning* app, the following steps include screenshots of the Workday application. However, the configuration can also be used with *all other apps*, such as ServiceNow, Salesforce, and Dropbox and [cross-tenant synchronization](../multi-tenant-organizations/cross-tenant-synchronization-configure.md). To successfully complete this procedure, you must have first set up app provisioning for the app. Each app has its own configuration article. For example, to configure the Workday application, see [Tutorial: Configure Workday to Azure AD user provisioning](../saas-apps/workday-inbound-cloud-only-tutorial.md).
+Because this configuration is widely used with the *Workday to Active Directory user provisioning* app, the following steps include screenshots of the Workday application. However, the configuration can also be used with *all other apps*, such as ServiceNow, Salesforce, and Dropbox. To successfully complete this procedure, you must have first set up app provisioning for the app. Each app has its own configuration article. For example, to configure the Workday application, see [Tutorial: Configure Workday to Azure AD user provisioning](../saas-apps/workday-inbound-cloud-only-tutorial.md). SkipOutOfScopeDeletions does not work for cross-tenant synchronization.
 
 ## Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
 

articles/active-directory/app-proxy/application-proxy-connectors.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-proxy
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 11/17/2022
+ms.date: 08/09/2023
 ms.author: kenwith
 ms.reviewer: ashishj
 ---
@@ -28,6 +28,8 @@ To deploy Application Proxy successfully, you need at least one connector, but w
 ### Windows Server
 You need a server running Windows Server 2012 R2 or later on which you can install the Application Proxy connector. The server needs to connect to the Application Proxy services in Azure, and the on-premises applications that you're publishing.
 
+Starting from the version 1.5.3437.0, having the .NET version 4.7.1 or greater is required for successful installation (upgrade).
+
 The server needs to have TLS 1.2 enabled before you install the Application Proxy connector. To enable TLS 1.2 on the server:
 
 1. Set the following registry keys:
@@ -36,7 +38,7 @@ The server needs to have TLS 1.2 enabled before you install the Application Prox
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
-    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
+    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.8.4250.0] "SchUseStrongCrypto"=dword:00000001
     ```
 
     A `regedit` file you can use to set these values follows:
@@ -51,7 +53,7 @@ The server needs to have TLS 1.2 enabled before you install the Application Prox
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
     "DisabledByDefault"=dword:00000000
     "Enabled"=dword:00000001
-    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
+    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.8.4250.0]
     "SchUseStrongCrypto"=dword:00000001
     ```
     

articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md

@@ -14,6 +14,7 @@ ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.
 ---
+
 # System-preferred multifactor authentication  - Authentication methods policy
 
 System-preferred multifactor authentication (MFA) prompts users to sign in by using the most secure method they registered. Administrators can enable system-preferred MFA to improve sign-in security and discourage less secure sign-in methods like SMS.
@@ -111,7 +112,7 @@ When a user signs in, the authentication process checks which authentication met
 
 1. [Temporary Access Pass](howto-authentication-temporary-access-pass.md)
 1. [FIDO2 security key](concept-authentication-passwordless.md#fido2-security-keys)
-1. [Microsoft Authenticator push notifications](concept-authentication-authenticator-app.md)
+1. [Microsoft Authenticator notifications](concept-authentication-authenticator-app.md)
 1. [Time-based one-time password (TOTP)](concept-authentication-oath-tokens.md)<sup>1</sup>
 1. [Telephony](concept-authentication-phone-options.md)<sup>2</sup>
 1. [Certificate-based authentication](concept-certificate-based-authentication.md)
@@ -134,3 +135,5 @@ The system-preferred MFA also applies for users who are enabled for MFA in the l
 
 * [Authentication methods in Azure Active Directory](concept-authentication-authenticator-app.md)
 * [How to run a registration campaign to set up Microsoft Authenticator](how-to-mfa-registration-campaign.md)
+
+

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -27,6 +27,8 @@
         href: onboard-enable-controller-after-onboarding.md
       - name: Add an account/ subscription/ project after onboarding is complete
         href: onboard-add-account-after-onboarding.md
+      - name: Create folders to organize your Authorization Systems
+        href: how-to-create-folders.md
     - name: View information about your Authorization Systems
       expanded: false
       items:

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-folders.md

@@ -0,0 +1,32 @@
+---
+title: Create folders to organize your Authorization Systems
+description: How to create folders to organize Authorization Systems - accounts, subscriptions, and projects - in Microsoft Entra Permissions Management.
+services: active-directory
+author: jenniferf-skc
+manager: amycolannino
+ms.service: active-directory 
+ms.subservice: ciem
+ms.workload: identity
+ms.topic: how-to
+ms.date: 08/09/2023
+ms.author: jfields
+---
+
+# Create folders to organize your authorization systems
+
+After onboarding your cloud environment to Permissions Management, you might have multiple authorization systems (AWS accounts, Azure subscriptions, or GCP projets) that you need to manage. You can create folders to organize and group together your list of accounts, subscriptions, or projects to manage your workflow more efficiently. 
+
+## Create a folder
+
+1. On the Permissions Management home page, select the **Data Collectors** tab and make sure that the **Status** for your cloud environment is **Onboarded**.
+1. Select the **Authorization Systems** subtab, then **Folders**.
+1. Click **Create Folder**.
+1. In the **Folder Name** field, enter a name for the folder you want to create.
+1. From the list of names, select all Authorization Systems (accounts, subscriptions, or projects) you want to add to this folder.
+1. Click **Save**. Your folder is created. 
+1. Repeat these steps to create as many folders as you need. 
+
+## Next steps
+
+- [View key statistics and data about your authorization systems](ui-dashboard.md)
+- [View data about the activity in your authorization system](product-dashboard.md)

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md

@@ -8,24 +8,24 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/16/2023
+ms.date: 08/09/2023
 ms.author: jfields
 ---
 
 # Onboard a Google Cloud Platform (GCP) project
 
-This article describes how to onboard a Google Cloud Platform (GCP) project on Permissions Management.
+This article describes how to onboard a Google Cloud Platform (GCP) project in Microsoft Entra Permissions Management.
 
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
 ## Explanation
 
-For GCP, permissions management is scoped to a *GCP project*. A GCP project is a logical collection of your resources in GCP, like a subscription in Azure, albeit with further configurations you can perform such as application registrations and OIDC configurations.
+For GCP, Permissions Management is scoped to a *GCP project*. A GCP project is a logical collection of your resources in GCP, like a subscription in Azure, but with further configurations you can perform such as application registrations and OIDC configurations.
 
 <!-- Diagram from Gargi-->
 
-There are several moving parts across GCP and Azure, which are required to be configured before onboarding.
+There are several moving parts across GCP and Azure, which should be configured before onboarding.
 
 * An Azure AD OIDC App
 * A Workload Identity in GCP
@@ -39,7 +39,7 @@ There are several moving parts across GCP and Azure, which are required to be co
 
     - In the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
 
-1. On the **Data Collectors** tab, select **GCP**, and then select **Create Configuration**.
+1. On the **Data Collectors** tab, select **GCP**, then select **Create Configuration**.
 
 ### 1. Create an Azure AD OIDC app.
 
@@ -50,7 +50,7 @@ There are several moving parts across GCP and Azure, which are required to be co
 1. To create the app registration, copy the script and run it in your command-line app.
 
     > [!NOTE]
-    > 1. To confirm that the app was created, open **App registrations** in Azure and, on the **All applications** tab, locate your app.
+    > 1. To confirm the app was created, open **App registrations** in Azure and, on the **All applications** tab, locate your app.
     > 1. Select the app name to open the **Expose an API** page. The **Application ID URI** displayed in the **Overview** page is the *audience value* used while making an OIDC connection with your GCP account.
     > 1. Return to the Permissions Management window, and in the **Permissions Management Onboarding - Azure AD OIDC App Creation**, select **Next**.
 
@@ -73,15 +73,15 @@ Choose from three options to manage GCP projects.
 
 #### Option 1: Automatically manage 
 
-The automatically manage option allows projects to be automatically detected and monitored without extra configuration. Steps to detect list of projects and onboard for collection:  
+The automatically manage option allows you to automatically detect and monitor projects without extra configuration. Steps to detect a list of projects and onboard for collection:  
 
-1. Firstly, grant **Viewer** and **Security Reviewer** role to service account created in previous step at organization, folder or project scope. 
+1. Grant **Viewer** and **Security Reviewer** roles to a service account created in the previous step at a project, folder or organization level. 
 
-To enable controller mode 'On' for any projects, add following roles to the specific projects:
+To enable Controller mode **On** for any projects, add these roles to the specific projects:
 - Role Administrators
 - Security Admin 
 
-2. Once done, the steps are listed in the screen, which shows how to further configure in the GPC console, or programmatically with the gCloud CLI.
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
 
 3. Select **Next**.
 
@@ -93,34 +93,36 @@ You have the ability to specify only certain GCP member projects to manage and m
 
 2. You can choose to download and run the script at this point, or you can do it via Google Cloud Shell.
 
-    To enable controller mode 'On' for any projects, add following roles to the specific projects:
+    To enable controller mode 'On' for any projects, add these roles to the specific projects:
     - Role Administrators
     - Security Admin 
 
 3. Select **Next**.
 
 #### Option 3: Select authorization systems 
 
-This option detects all projects that are accessible by the Cloud Infrastructure Entitlement Management application.  
+This option detects all projects accessible by the Cloud Infrastructure Entitlement Management application.  
 
-1. Firstly, grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope
+1. Grant **Viewer** and **Security Reviewer** roles to a service account created in the previous step at a project, folder or organization level. 
+
+To enable Controller mode **On** for any projects, add these roles to the specific projects:
+- Role Administrators
+- Security Admin 
+
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
 
-    To enable controller mode 'On' for any projects, add following roles to the specific projects:
-    - Role Administrators
-    - Security Admin 
-2.  Once done, the steps are listed in the screen to do configure manually in the GPC console, or programmatically with the gCloud CLI
 3. Select **Next**.
 
 
 ### 3. Review and save.
 
 - In the **Permissions Management Onboarding – Summary** page, review the information you've added, and then select **Verify Now & Save**.
 
-    The following message appears: **Successfully Created Configuration.**
+    The following message appears: **Successfully Created Configuration**.
 
     On the **Data Collectors** tab, the **Recently Uploaded On** column displays **Collecting**. The **Recently Transformed On** column displays **Processing.**
 
-    You have now completed onboarding GCP, and Permissions Management has started collecting and processing your data.
+    You've completed onboarding GCP, and Permissions Management has started collecting and processing your data.
 
 ### 4. View the data.
 

articles/active-directory/develop/howto-call-a-web-api-with-curl.md

@@ -1,10 +1,13 @@
 ---
 title: Call an ASP.NET Core web API with cURL
 description: Learn how to call a protected ASP.NET Core Web API using the Microsoft identity platform with cURL
-manager: CelesteDG
+services: active-directory
 author: henrymbuguakiarie
-ms.author: henrymbugua
+
 ms.service: active-directory
+ms.subservice: develop
+ms.author: henrymbugua
+manager: CelesteDG
 ms.topic: how-to
 ms.date: 03/14/2023
 zone_pivot_groups: web-api-howto-prereq