Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/sap-incident-response-playbooks

Author: your name

.openpublishing.redirection.azure-monitor.json

@@ -6036,6 +6036,11 @@
             "redirect_url": "/previous-versions/azure/azure-monitor/alerts/monitoring-classic-retirement",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-using-migration-tool.md",
+            "redirect_url": "previous-versions/azure/azure-monitor/alerts/alerts-using-migration-tool",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer.md",
             "redirect_url": "/previous-versions/azure/azure-monitor/visualize/view-designer",

.openpublishing.redirection.json

@@ -22198,6 +22198,11 @@
             "redirect_url": "/azure/event-grid/event-schema-communication-services",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/communication-services/how-tos/calling-sdk/lobby-admit-and-reject.md",
+            "redirect_url": "/azure/communication-services/how-tos/calling-sdk/lobby",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/load-balancer/tutorial-load-balancer-standard-manage-portal.md",
             "redirect_url": "/azure/load-balancer/quickstart-load-balancer-standard-public-portal",

articles/active-directory-b2c/whats-new-docs.md

@@ -25,14 +25,14 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 ### Updated articles
 
 - [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md) - [Azure AD B2C] Azure AD B2C Go-Local opt-in feature
-- [Tutorial: Configure security analytics for Azure Active Directory B2C data with Microsoft Sentinel](configure-security-analytics-sentinel.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
-- [Tutorial: Configure Azure Active Directory B2C with Azure Web Application Firewall](partner-web-application-firewall.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
+- [Tutorial: Configure security analytics for Azure Active Directory B2C data with Microsoft Sentinel](configure-security-analytics-sentinel.md) - Removing product name from filename and links. 
+- [Tutorial: Configure Azure Active Directory B2C with Azure Web Application Firewall](partner-web-application-firewall.md) - Removing product name from filename and links. 
 - [Title not found in: #240919](azure-ad-external-identities-videos.md) - Delete azure-ad-external-identities-videos.md
-- [Build a global identity solution with funnel-based approach](b2c-global-identity-funnel-based-design.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
-- [Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration](b2c-global-identity-proof-of-concept-funnel.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
-- [Azure Active Directory B2C global identity framework proof of concept for region-based configuration](b2c-global-identity-proof-of-concept-regional.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
-- [Build a global identity solution with region-based approach](b2c-global-identity-region-based-design.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
-- [Azure Active Directory B2C global identity framework](b2c-global-identity-solutions.md) - Removing product name from filename and links. Exempt from Acrolinx by prior arrangement
+- [Build a global identity solution with funnel-based approach](b2c-global-identity-funnel-based-design.md) - Removing product name from filename and links.
+- [Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration](b2c-global-identity-proof-of-concept-funnel.md) - Removing product name from filename and links. 
+- [Azure Active Directory B2C global identity framework proof of concept for region-based configuration](b2c-global-identity-proof-of-concept-regional.md) - Removing product name from filename and links.
+- [Build a global identity solution with region-based approach](b2c-global-identity-region-based-design.md) - Removing product name from filename and links. 
+- [Azure Active Directory B2C global identity framework](b2c-global-identity-solutions.md) - Removing product name from filename and links. 
 - [Azure Active Directory B2C: What's new](whats-new-docs.md) - [Azure AD B2C] What is new May 2023
 - [Use the Azure portal to create and delete consumer users in Azure AD B2C](manage-users-portal.md) - [Azure AD B2C] Revoke user's session
 - [Monitor Azure AD B2C with Azure Monitor](azure-monitor.md) - Added steps to disable Azure monitor

articles/active-directory/develop/howto-configure-app-instance-property-locks.md

@@ -52,3 +52,8 @@ To configure an app instance lock using the Azure portal:
    | **Token Encryption KeyId**                                | Locks the ability to change the `tokenEncryptionKeyId` property.  | 
 
 3. Select **Save** to save your changes.
+
+
+## Configure app instance lock using Microsoft Graph
+
+You manage the app instance lock feature through the **servicePrincipalLockConfiguration** property of the [application](/graph/api/resources/application) object of the multi-tenant app. For more information, see [Lock sensitive properties for service principals](/graph/tutorial-applications-basics#lock-sensitive-properties-for-service-principals).

articles/active-directory/external-identities/leave-the-organization.md

@@ -8,7 +8,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 01/17/2023
+ms.date: 07/04/2023
 
 ms.author: cmulligan 
 author: csmulligan 
@@ -91,7 +91,7 @@ Administrators can use the **External user leave settings** to control whether e
    - **Yes**: Users can leave the organization themselves without approval from your admin or privacy contact.
    - **No**: Users can't leave your organization themselves. They'll see a message guiding them to contact your admin, or privacy contact to request removal from your organization.
 
-   :::image type="content" source="media/leave-the-organization/external-user-leave-settings.png" alt-text="Screenshot showing External user leave settings in the portal.":::
+   :::image type="content" source="media/leave-the-organization/external-user-leave-settings.png" alt-text="Screenshot showing External user leave settings in the portal." lightbox="media/leave-the-organization/external-user-leave-settings.png":::
 
 ### Account removal
 
@@ -116,3 +116,4 @@ For B2B direct connect users, data removal begins as soon as the user selects **
 
 - Learn more about [user deletion](/compliance/regulatory/gdpr-dsr-azure#step-5-delete) and about how to delete a user's data when there's [no account in the Azure tenant](/compliance/regulatory/gdpr-dsr-azure#delete-a-users-data-when-there-is-no-account-in-the-azure-tenant). 
 - For more information about GDPR, see the GDPR section of the [Service Trust portal](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted).
+- Learn more about [audit logs and access reviews](auditing-and-reporting.md).

articles/active-directory/external-identities/media/leave-the-organization/external-user-leave-settings.png

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: tutorial
-ms.date: 02/28/2023
+ms.date: 07/04/2023
 
 ms.author: cmulligan
 author: csmulligan
@@ -29,13 +29,9 @@ If you use Azure Active Directory (Azure AD) B2B collaboration to work with exte
 > * Upload the .csv file to Azure AD
 > * Verify the users were added to the directory
 
-If you don’t have Azure Active Directory, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-
-
 ## Prerequisites
-
-You need two or more test email accounts that you can send the invitations to. The accounts must be from outside your organization. You can use any type of account, including social accounts such as gmail.com or outlook.com addresses.
-
+- If you don’t have Azure Active Directory, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+- You need two or more test email accounts that you can send the invitations to. The accounts must be from outside your organization. You can use any type of account, including social accounts such as gmail.com or outlook.com addresses.
 
 ## Invite guest users in bulk
 

articles/active-directory/external-identities/tutorial-bulk-invite.md

@@ -9,13 +9,13 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: troubleshooting
 ms.workload: identity
-ms.date: 05/27/2022
+ms.date: 06/15/2023
 ms.custom: enterprise-apps
 ---
 
 # Debug SAML-based single sign-on to applications
 
-Learn how to find and fix [single sign-on](what-is-single-sign-on.md) issues for applications in Azure Active Directory (Azure AD) that use SAML-based single sign-on.
+In this article, you learn how to find and fix [single sign-on](what-is-single-sign-on.md) issues for applications in Azure Active Directory (Azure AD) that use SAML-based single sign-on.
 
 ## Before you begin
 
@@ -33,10 +33,10 @@ To download and install the My Apps Secure Sign-in Extension, use one of the fol
 To test SAML-based single sign-on between Azure AD and a target application:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as a global administrator or other administrator that is authorized to manage applications.
-1. In the left blade, select **Azure Active Directory**, and then select **Enterprise applications**.
-1. From the list of enterprise applications, select the application for which you want to test single sign-on, and then from the options on the left select **Single sign-on**.
+1. In the left navigation pane, select **Azure Active Directory**, and then select **Enterprise applications**.
+1. From the list of enterprise applications, select the application for which you want to test single sign-on, and then from the options on the left, select **Single sign-on**.
 1. To open the SAML-based single sign-on testing experience, go to **Test single sign-on** (step 5). If the **Test** button is greyed out, you need to fill out and save the required attributes first in the **Basic SAML Configuration** section.
-1. In the **Test single sign-on** blade, use your corporate credentials to sign in to the target application. You can sign in as the current user or as a different user. If you sign in as a different user, a prompt will ask you to authenticate.
+1. In the **Test single sign-on** page, use your corporate credentials to sign in to the target application. You can sign in as the current user or as a different user. If you sign in as a different user, a prompt asks you to authenticate.
 
     ![Screenshot showing the test SAML SSO page](./media/debug-saml-sso-issues/test-single-sign-on.png)
 
@@ -54,10 +54,10 @@ To debug this error, you need the error message and the SAML request. The My App
 
 ### To resolve the sign-in error with the My Apps Secure Sign-in Extension installed
 
-1. When an error occurs, the extension redirects you back to the Azure AD **Test single sign-on** blade.
-1. On the **Test single sign-on** blade, select **Download the SAML request**.
+1. When an error occurs, the extension redirects you back to the Azure AD **Test single sign-on** page.
+1. On the **Test single sign-on** page, select **Download the SAML request**.
 1. You should see specific resolution guidance based on the error and the values in the SAML request.
-1. You'll see a **Fix it** button to automatically update the configuration in Azure AD to resolve the issue. If you don't see this button, then the sign-in issue isn't due to a misconfiguration on Azure AD.
+1. You see a **Fix it** button to automatically update the configuration in Azure AD to resolve the issue. If you don't see this button, then the sign-in issue isn't due to a misconfiguration on Azure AD.
 
 If no resolution is provided for the sign-in error, we suggest that you use the feedback textbox to inform us.
 
@@ -66,7 +66,7 @@ If no resolution is provided for the sign-in error, we suggest that you use the
 1. Copy the error message at the bottom right corner of the page. The error message includes:
     - A CorrelationID and Timestamp. These values are important when you create a support case with Microsoft because they help the engineers to identify your problem and provide an accurate resolution to your issue.
     - A statement identifying the root cause of the problem.
-1. Go back to Azure AD and find the **Test single sign-on** blade.
+1. Go back to Azure AD and find the **Test single sign-on** page.
 1. In the text box above **Get resolution guidance**, paste the error message.
 1. Select **Get resolution guidance** to display steps for resolving the issue. The guidance might require information from the SAML request or SAML response. If you're not using the  My Apps Secure Sign-in Extension, you might need a tool such as [Fiddler](https://www.telerik.com/fiddler) to retrieve the SAML request and response.
 1. Verify that the destination in the SAML request corresponds to the SAML Single Sign-on Service URL obtained from Azure AD.
@@ -75,13 +75,13 @@ If no resolution is provided for the sign-in error, we suggest that you use the
 
 ## Resolve a sign-in error on the application page
 
-You might sign in successfully and then see an error on the application's page. This occurs when Azure AD issued a token to the application, but the application doesn't accept the response.
+You might sign in successfully and then see an error on the application's page. This error occurs when Azure AD issued a token to the application, but the application doesn't accept the response.
 
 To resolve the error, follow these steps, or watch this [short video about how to use Azure AD to troubleshoot SAML SSO](https://www.youtube.com/watch?v=poQCJK0WPUk&list=PLLasX02E8BPBm1xNMRdvP6GtA6otQUqp0&index=8):
 
 1. If the application is in the Azure AD Gallery, verify that you've followed all the steps for integrating the application with Azure AD. To find the integration instructions for your application, see the [list of SaaS application integration tutorials](../saas-apps/tutorial-list.md).
 1. Retrieve the SAML response.
-    - If the My Apps Secure Sign-in extension is installed, from the **Test single sign-on** blade, select **download the SAML response**.
+    - If the My Apps Secure Sign-in extension is installed, from the **Test single sign-on** page, select **download the SAML response**.
     - If the extension isn't installed, use a tool such as [Fiddler](https://www.telerik.com/fiddler) to retrieve the SAML response.
 1. Notice these elements in the SAML response token:
    - User unique identifier of NameID value and format
@@ -95,4 +95,4 @@ To resolve the error, follow these steps, or watch this [short video about how t
 
 ## Next steps
 
-Now that single sign-on is working to your application, you could [Automate user provisioning and de-provisioning to SaaS applications](../app-provisioning/user-provisioning.md) or [get started with Conditional Access](../conditional-access/app-based-conditional-access.md).
+Now that single sign-on is working to your application, you could [Automate user provisioning and deprovisioning to SaaS applications](../app-provisioning/user-provisioning.md) or [get started with Conditional Access](../conditional-access/app-based-conditional-access.md).

articles/active-directory/manage-apps/debug-saml-sso-issues.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/21/2022
+ms.date: 06/15/2023
 ms.author: jomondi
 ms.reviewer: alamaral
 ms.collection: M365-identity-device-management
@@ -42,8 +42,8 @@ To configure enterprise application's SAML token encryption, follow these steps:
 
     Create an asymmetric key pair to use for encryption. Or, if the application supplies a public key to use for encryption, follow the application's instructions to download the X.509 certificate.
 
-    The public key should be stored in an X.509 certificate file in .cer format.
-
+    The public key should be stored in an X.509 certificate file in .cer format. You can copy the contents of the certificate file to a text editor and save it as a .cer file. The certificate file should contain only the public key and not the private key.
+    
     If the application uses a key that you create for your instance, follow the instructions provided by your application for installing the private key that the application will use to decrypt tokens from your Azure AD tenant.
 
 1. Add the certificate to the application configuration in Azure AD.
@@ -54,7 +54,9 @@ You can add the public cert to your application configuration within the Azure p
 
 1. Go to the [Azure portal](https://portal.azure.com).
 
-1. Go to the **Azure Active Directory > Enterprise applications** blade and then select the application that you wish to configure token encryption for.
+1. Search for and select the **Azure Active Directory**.
+
+1. Select **Enterprise applications** blade and then select the application that you wish to configure token encryption for.
 
 1. On the application's page, select **Token encryption**.
 
@@ -101,8 +103,6 @@ To configure token encryption, follow these steps:
 
 1. In the application's page, select **Manifest** to edit the [application manifest](../develop/reference-app-manifest.md).
 
-1. Set the value for the `tokenEncryptionKeyId` attribute.
-
     The following example shows an application manifest configured with two encryption certificates, and with the second selected as the active one using the tokenEncryptionKeyId.
 
     ```json
@@ -172,7 +172,7 @@ To configure token encryption, follow these steps:
     }  
     ```
 
-# [PowerShell](#tab/azure-powershell)
+# [Azure AD PowerShell](#tab/azuread-powershell)
 
 1. Use the latest Azure AD PowerShell module to connect to your tenant.
 
@@ -190,7 +190,29 @@ To configure token encryption, follow these steps:
     $app.TokenEncryptionKeyId
     ```
 
+# [Microsoft Graph PowerShell](#tab/msgraph-powershell)
 
+1. Use the Microsoft Graph PowerShell module to connect to your tenant.
+
+1. Set the token encryption settings using the **[Update-MgApplication](/powershell/module/microsoft.graph.applications/update-mgapplication?view=graph-powershell-1.0&preserve-view=true)** command.
+
+    ```powershell
+
+    Update-MgApplication -ApplicationId <ApplicationObjectId> -KeyCredentials "<KeyCredentialsObject>"  -TokenEncryptionKeyId <keyID>
+
+    ```
+
+1. Read the token encryption settings using the following commands.
+
+    ```powershell
+
+    $app=Get-MgApplication -ApplicationId <ApplicationObjectId>
+
+    $app.KeyCredentials
+
+    $app.TokenEncryptionKeyId
+
+    ```
 # [Microsoft Graph](#tab/microsoft-graph)
 
 1. Update the application's `keyCredentials` with an X.509 certificate for encryption. The following example shows a Microsoft Graph JSON payload with a collection of key credentials associated with the application.
@@ -221,7 +243,6 @@ To configure token encryption, follow these steps:
 
 ---
 
-
 ## Next steps
 
 * Find out [How Azure AD uses the SAML protocol](../develop/active-directory-saml-protocol-reference.md)