Merge remote-tracking branch 'upstream/master'

Author: alexbuckgit

.openpublishing.redirection.json

@@ -5693,6 +5693,11 @@
       "redirect_url": "/azure/azure-arc/data/release-notes",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-arc/data/reference/overview.md",
+      "redirect_url": "/azure/azure-arc/data/reference/reference-az-arcdata",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-arc/data/create-data-controller-using-k8s-native-tools.md",
       "redirect_url": "/azure/azure-arc/data/create-data-controller-using-kubernetes-native-tools",

.openpublishing.redirection.synapse-analytics.json

@@ -64,6 +64,11 @@
             "source_path_from_root": "/articles/synapse-analytics/machine-learning/tutorial-spark-pool-filesystem-spec.md",
             "redirect_url": "/azure/synapse-analytics/spark/tutorial-spark-pool-filesystem-spec",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/synapse-analytics/security/synapse-workspace-managed-identity.md",
+            "redirect_url": "/azure/data-factory/data-factory-service-identity",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/app-provisioning/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application provisioning"
 description: "New and updated documentation for the Azure Active Directory application provisioning."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: reference
@@ -15,6 +15,13 @@ manager: karenh444
 
 Welcome to what's new in Azure Active Directory application provisioning documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the provisioning service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### New articles
+
+- [Configuring Azure AD to provision users into LDAP directories](on-premises-ldap-connector-configure.md)
+
+
 ## September 2021
 
 ### New articles

articles/active-directory/app-proxy/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application proxy"
 description: "New and updated documentation for the Azure Active Directory application proxy."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-proxy
 ms.topic: reference
@@ -15,6 +15,14 @@ manager: karenh444
 
 Welcome to what's new in Azure Active Directory application proxy documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### Updated articles
+
+- [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md)
+- [Active Directory (Azure AD) Application Proxy frequently asked questions](application-proxy-faq.yml)
+
+
 ## September 2021
 
 ### Updated articles

articles/active-directory/conditional-access/concept-conditional-access-session.md

@@ -78,6 +78,9 @@ For more information, see the article [Configure authentication session manageme
    - Non-CAE capable clients shouldn't get a regular token for CAE-capable services.
    - Reject when IP seen by resource provider isn't in the allowed range.
 
+> [!NOTE] 
+> You should only enable strict enforcement after you ensure that all the client applications support CAE and you have included all your IP addresses seen by Azure AD and the resource providers, like Exchange online and Azure Resource Mananger, in your location policy under Conditional Access. Otherwise, users in your tenants could be blocked.
+
 :::image type="content" source="media/concept-conditional-access-session/continuous-access-evaluation-session-controls.png" alt-text="CAE Settings in a new Conditional Access policy in the Azure portal." lightbox="media/concept-conditional-access-session/continuous-access-evaluation-session-controls.png":::
 
 ## Disable resilience defaults (Preview)

articles/active-directory/fundamentals/customize-branding.md

@@ -30,7 +30,7 @@ Your custom branding won't immediately appear when your users go to sites such a
 > [!NOTE]
 > **All branding elements are optional and will remain default when unchanged.** For example, if you specify a banner logo with no background image, the sign-in page will show your logo with a default background image from the destination site such as Microsoft 365.<br><br>Additionally, sign-in page branding doesn't carry over to personal Microsoft accounts. If your users or business guests sign in using a personal Microsoft account, the sign-in page won't reflect the branding of your organization.
 
-### To customize your branding
+### To configure your branding for the first time
 1. Sign in to the [Azure portal](https://portal.azure.com/) using a Global administrator account for the directory.
 
 2. Select **Azure Active Directory**, and then select **Company branding**, and then select **Configure**.
@@ -98,7 +98,7 @@ Your custom branding won't immediately appear when your users go to sites such a
 
 3. After you've finished adding your branding, select **Save**.
 
-    If this process creates your first custom branding configuration, it becomes the default for your tenant. If you have additional configurations, you'll be able to choose your default configuration.
+    This process creates your first custom branding configuration, and it becomes the default for your tenant. The default custom branding configuration serves as a fallback option for all language-specific branding configurations. The configuration can't be removed after you create it.
 
     >[!IMPORTANT]
     >To add more corporate branding configurations to your tenant, you must choose **New language** on the **Contoso - Company branding** page. This opens the **Configure company branding** page, where you can follow the same steps as above.

articles/active-directory/manage-apps/tenant-restrictions.md

@@ -73,7 +73,7 @@ The headers should include the following elements:
 
 - For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, as well as the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`
 
-- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`.  You **must** use your own directory ID in this spot in order to get logs for these authentications.
+- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`. You *must* use your own directory ID here to get logs for these authentications. If you use any directory ID other than your own, those sign-in logs *will* appear in someone else’s tenant, with all personal information removed. For more information, see [Admin experience](#admin-experience).
 
 > [!TIP]
 > You can find your directory ID in the [Azure Active Directory portal](https://aad.portal.azure.com/). Sign in as an administrator, select **Azure Active Directory**, then select **Properties**.

articles/active-directory/manage-apps/toc.yml

@@ -136,6 +136,8 @@
       items:
       - name: Secure hybrid access with Azure AD 
         href: secure-hybrid-access.md
+      - name: Secure hybrid access partner integrations
+        href: secure-hybrid-access-integrations.md
       - name: Datawiza
         href: datawiza-with-azure-ad.md 
       - name: F5

articles/active-directory/manage-apps/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application management"
 description: "New and updated documentation for the Azure Active Directory application management."
-ms.date: 10/05/2021
+ms.date: 11/04/2021
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: reference
@@ -16,6 +16,23 @@ reviewer: napuri
 
 Welcome to what's new in Azure Active Directory application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## October 2021
+
+### Updated articles
+
+- [Manage consent to applications and evaluate consent requests in Azure Active Directory](manage-consent-requests.md)
+- [What is application management in Azure Active Directory?](what-is-application-management.md)
+- [Configure how end-users consent to applications using Azure Active Directory](configure-user-consent.md)
+- [What is single sign-on in Azure Active Directory?](what-is-single-sign-on.md)
+- [Assign enterprise application owners](assign-app-owners.md)
+- [Configure the admin consent workflow](configure-admin-consent-workflow.md)
+- [Secure hybrid access: Secure legacy apps with Azure Active Directory](secure-hybrid-access.md)
+- [Azure Active Directory application management: What's new](whats-new-docs.md)
+- [Tutorial: Migrate Okta sign on policies to Azure Active Directory Conditional Access](migrate-okta-sign-on-policies-to-azure-active-directory-conditional-access.md)
+- [Tutorial: Migrate Okta sync provisioning to Azure AD Connect-based synchronization](migrate-okta-sync-provisioning-to-azure-active-directory.md)
+- [Manage certificates for federated single sign-on in Azure Active Directory](manage-certificates-for-federated-single-sign-on.md)
+
+
 ## September 2021
 
 ### New articles

articles/active-directory/roles/security-planning.md

@@ -5,9 +5,9 @@ description: Ensure that your organization's administrative access and administr
 services: active-directory 
 keywords: 
 author: rolyon
-manager: daveba
+manager: KarenH444
 ms.author: rolyon
-ms.date: 11/05/2020
+ms.date: 11/04/2021
 ms.topic: conceptual
 ms.service: active-directory
 ms.workload: identity
@@ -174,7 +174,7 @@ Azure AD Identity Protection is an algorithm-based monitoring and reporting tool
 
 #### Obtain your Microsoft 365 Secure Score (if using Microsoft 365)
 
-Secure Score looks at your settings and activities for the Microsoft 365 services you're using and compares them to a baseline established by Microsoft. You'll get a score based on how aligned you are with security practices. Anyone who has the administrator permissions for a Microsoft 365 Business Standard or Enterprise subscription can access the Secure Score at `https://securescore.office.com`.
+Secure Score looks at your settings and activities for the Microsoft 365 services you're using and compares them to a baseline established by Microsoft. You'll get a score based on how aligned you are with security practices. Anyone who has the administrator permissions for a Microsoft 365 Business Standard or Enterprise subscription can access the Secure Score at `https://security.microsoft.com/securescore`.
 
 #### Review the Microsoft 365 security and compliance guidance (if using Microsoft 365)