Skip to content

Commit b9a896a

Browse files
committed
Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into main
2 parents 7220f0a + 843f553 commit b9a896a

File tree

65 files changed

+374
-629
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

65 files changed

+374
-629
lines changed

.openpublishing.redirection.json

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22650,6 +22650,36 @@
2265022650
"source_path": "articles/load-balancer/protect-load-balancer-with-ddos-standard.md",
2265122651
"redirect_URL": "/azure/load-balancer/tutorial-protect-load-balancer",
2265222652
"redirect_document_id": false
22653+
},
22654+
{
22655+
"source_path": "articles/load-balancer/tutorial-protect-load-balancer.md",
22656+
"redirect_URL": "/azure/load-balancer/tutorial-protect-load-balancer-ddos",
22657+
"redirect_document_id": false
22658+
},
22659+
{
22660+
"source_path": "articles/bastion/tutorial-protect-bastion-host.md",
22661+
"redirect_URL": "/azure/bastion/tutorial-protect-bastion-host-ddos",
22662+
"redirect_document_id": false
22663+
},
22664+
{
22665+
"source_path": "articles/firewall/tutorial-protect-firewall.md",
22666+
"redirect_URL": "/azure/firewall/tutorial-protect-firewall-ddos",
22667+
"redirect_document_id": false
22668+
},
22669+
{
22670+
"source_path": "articles/route-server/tutorial-protect-route-server.md",
22671+
"redirect_URL": "/azure/route-server/tutorial-protect-route-server-ddos",
22672+
"redirect_document_id": false
22673+
},
22674+
{
22675+
"source_path": "articles/virtual-network/nat-gateway/tutorial-protect-nat-gateway.md",
22676+
"redirect_URL": "/azure/virtual-network/nat-gateway/tutorial-protect-nat-gateway-ddos",
22677+
"redirect_document_id": false
22678+
},
22679+
{
22680+
"source_path": "articles/application-gateway/tutorial-protect-application-gateway.md",
22681+
"redirect_URL": "/azure/application-gateway/tutorial-protect-application-gateway-ddos",
22682+
"redirect_document_id": false
2265322683
}
2265422684
]
2265522685
}

articles/active-directory/fundamentals/whats-new.md

Lines changed: 1 addition & 289 deletions
Original file line numberDiff line numberDiff line change
@@ -1028,292 +1028,4 @@ In Azure AD entitlement management, a new form of access package assignment poli
10281028

10291029

10301030

1031-
---
1032-
1033-
## July 2022
1034-
1035-
### Public Preview - ADFS to Azure AD: SAML App Multi-Instancing
1036-
1037-
**Type:** New feature
1038-
**Service category:** Enterprise Apps
1039-
**Product capability:** SSO
1040-
1041-
Users can now configure multiple instances of the same application within an Azure AD tenant. It's now supported for both IdP, and Service Provider (SP), initiated single sign-on requests. Multiple application accounts can now have a separate service principal to handle instance-specific claims mapping and roles assignment. For more information, see:
1042-
1043-
- [Configure SAML app multi-instancing for an application - Microsoft Entra | Microsoft Docs](../develop/reference-app-multi-instancing.md)
1044-
- [Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md)
1045-
1046-
1047-
1048-
---
1049-
1050-
### Public Preview - ADFS to Azure AD: Apply RegEx Replace to groups claim content
1051-
1052-
**Type:** New feature
1053-
**Service category:** Enterprise Apps
1054-
**Product capability:** SSO
1055-
1056-
1057-
1058-
Administrators up until recently has the capability to transform claims using many transformations, however using regular expression for claims transformation wasn't exposed to customers. With this public preview release, administrators can now configure and use regular expressions for claims transformation using portal UX.
1059-
For more information, see:[Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md).
1060-
1061-
1062-
---
1063-
1064-
1065-
1066-
### Public Preview - Azure AD Domain Services - Trusts for User Forests
1067-
1068-
**Type:** New feature
1069-
**Service category:** Azure AD Domain Services
1070-
**Product capability:** Azure AD Domain Services
1071-
1072-
1073-
You can now create trusts on both user and resource forests. On-premises AD DS users can't authenticate to resources in the Azure AD DS resource forest until you create an outbound trust to your on-premises AD DS. An outbound trust requires network connectivity to your on-premises virtual network on which you have installed Azure AD Domain Service. On a user forest, trusts can be created for on-premises AD forests that aren't synchronized to Azure AD DS.
1074-
1075-
To learn more about trusts and how to deploy your own, visit [How trust relationships work for forests in Active Directory](../../active-directory-domain-services/concepts-forest-trust.md).
1076-
1077-
1078-
1079-
---
1080-
1081-
1082-
1083-
### New Federated Apps available in Azure AD Application gallery - July 2022
1084-
1085-
**Type:** New feature
1086-
**Service category:** Enterprise Apps
1087-
**Product capability:** 3rd Party Integration
1088-
1089-
1090-
In July 2022 we've added the following 28 new applications in our App gallery with Federation support:
1091-
1092-
[Lunni Ticket Service](https://ticket.lunni.io/login), [TESMA](https://tesma.com/), [Spring Health](https://benefits.springhealth.com/care), [Sorbet](https://lite.sorbetapp.com/login), [Rainmaker UPS](https://upsairlines.rainmaker.aero/rainmaker.security.web/), [Planview ID](../saas-apps/planview-id-tutorial.md), [Karbonalpha](https://saas.karbonalpha.com/settings/api), [Headspace](../saas-apps/headspace-tutorial.md), [SeekOut](../saas-apps/seekout-tutorial.md), [Stackby](../saas-apps/stackby-tutorial.md), [Infrascale Cloud Backup](../saas-apps/infrascale-cloud-backup-tutorial.md), [Keystone](../saas-apps/keystone-tutorial.md), [LMS・教育管理システム Leaf](../saas-apps/lms-and-education-management-system-leaf-tutorial.md), [ZDiscovery](../saas-apps/zdiscovery-tutorial.md), [ラインズeライブラリアドバンス (Lines eLibrary Advance)](../saas-apps/lines-elibrary-advance-tutorial.md), [Rootly](../saas-apps/rootly-tutorial.md), [Articulate 360](../saas-apps/articulate360-tutorial.md), [Rise.com](../saas-apps/risecom-tutorial.md), [SevOne Network Monitoring System (NMS)](../saas-apps/sevone-network-monitoring-system-tutorial.md), [PGM](https://ups-pgm.4gfactor.com/azure/), [TouchRight Software](https://app.touchrightsoftware.com/), [Tendium](../saas-apps/tendium-tutorial.md), [Training Platform](../saas-apps/training-platform-tutorial.md), [Znapio](https://app.znapio.com/), [Preset](../saas-apps/preset-tutorial.md), [itslearning MS Teams sync](https://itslearning.com/global/), [Veza](../saas-apps/veza-tutorial.md), [Trax](https://app.trax.co/authn/login)
1093-
1094-
You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial,
1095-
1096-
For listing your application in the Azure AD app gallery, please read the details here https://aka.ms/AzureADAppRequest
1097-
1098-
1099-
1100-
---
1101-
1102-
1103-
1104-
### General Availability - No more waiting, provision groups on demand into your SaaS applications.
1105-
1106-
**Type:** New feature
1107-
**Service category:** Provisioning
1108-
**Product capability:** Identity Lifecycle Management
1109-
1110-
1111-
Pick a group of up to five members and provision them into your third-party applications in seconds. Get started testing, troubleshooting, and provisioning to non-Microsoft applications such as ServiceNow, ZScaler, and Adobe. For more information, see: [On-demand provisioning in Azure Active Directory](../app-provisioning/provision-on-demand.md).
1112-
1113-
1114-
---
1115-
1116-
1117-
### General Availability – Protect against by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD
1118-
1119-
**Type:** New feature
1120-
**Service category:** MS Graph
1121-
**Product capability:** Identity Security & Protection
1122-
1123-
1124-
We're delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD. When enabled for a federated domain in your Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD Multi-Factor Authentication by imitating that a multi factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true).
1125-
1126-
1127-
We highly recommend enabling this new protection when using Azure AD Multi-Factor Authentication as your multi factor authentication for your federated users. To learn more about the protection and how to enable it, visit [Enable protection to prevent by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#enable-protection-to-prevent-by-passing-of-cloud-azure-ad-multi-factor-authentication-when-federated-with-azure-ad).
1128-
1129-
1130-
---
1131-
1132-
1133-
### Public preview - New provisioning connectors in the Azure AD Application Gallery - July 2022
1134-
1135-
**Type:** New feature
1136-
**Service category:** App Provisioning
1137-
**Product capability:** 3rd Party Integration
1138-
1139-
1140-
You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
1141-
1142-
- [Tableau Cloud](../saas-apps/tableau-online-provisioning-tutorial.md)
1143-
1144-
For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md).
1145-
1146-
1147-
---
1148-
1149-
1150-
### General Availability - Tenant-based service outage notifications
1151-
1152-
**Type:** New feature
1153-
**Service category:** Other
1154-
**Product capability:** Platform
1155-
1156-
1157-
Azure Service Health supports service outage notifications to Tenant Admins for Azure Active Directory issues. These outages will also appear on the Azure AD Admin Portal Overview page with appropriate links to Azure Service Health. Outage events will be able to be seen by built-in Tenant Administrator Roles. We'll continue to send outage notifications to subscriptions within a tenant for transition. More information is available at: [What are Service Health notifications in Azure Active Directory?](../reports-monitoring/overview-service-health-notifications.md).
1158-
1159-
1160-
1161-
---
1162-
1163-
1164-
1165-
### Public Preview - Multiple Passwordless Phone sign-in Accounts for iOS devices
1166-
1167-
**Type:** New feature
1168-
**Service category:** Authentications (Logins)
1169-
**Product capability:** User Authentication
1170-
1171-
1172-
End users can now enable passwordless phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. The Azure AD accounts can be in either the same, or different, tenants. Guest accounts aren't supported for multiple account sign-ins from one device.
1173-
1174-
1175-
Note that end users are encouraged to enable the optional telemetry setting in the Authenticator App, if not done so already. For more information, see: [Enable passwordless sign-in with Microsoft Authenticator](../authentication/howto-authentication-passwordless-phone.md)
1176-
1177-
1178-
1179-
---
1180-
1181-
1182-
1183-
### Public Preview - Azure AD Domain Services - Fine Grain Permissions
1184-
1185-
**Type:** Changed feature
1186-
**Service category:** Azure AD Domain Services
1187-
**Product capability:** Azure AD Domain Services
1188-
1189-
1190-
1191-
Previously to set up and administer your AAD-DS instance you needed top level permissions of Azure Contributor and Azure AD Global Administrator. Now for both initial creation, and ongoing administration, you can utilize more fine grain permissions for enhanced security and control. The prerequisites now minimally require:
1192-
1193-
- You need [Application Administrator](../roles/permissions-reference.md#application-administrator) and [Groups Administrator](../roles/permissions-reference.md#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
1194-
- You need [Domain Services Contributor](../../role-based-access-control/built-in-roles.md#domain-services-contributor) Azure role to create the required Azure AD DS resources.
1195-
1196-
1197-
Check out these resources to learn more:
1198-
1199-
- [Tutorial - Create an Azure Active Directory Domain Services managed domain | Microsoft Docs](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites)
1200-
- [Least privileged roles by task - Azure Active Directory | Microsoft Docs](../roles/delegate-by-task.md#domain-services)
1201-
- [Azure built-in roles - Azure RBAC | Microsoft Docs](../../role-based-access-control/built-in-roles.md#domain-services-contributor)
1202-
1203-
1204-
1205-
---
1206-
1207-
1208-
### General Availability- Azure AD Connect update release with new functionality and bug fixes
1209-
1210-
**Type:** Changed feature
1211-
**Service category:** Provisioning
1212-
**Product capability:** Identity Lifecycle Management
1213-
1214-
1215-
1216-
A new Azure AD Connect release fixes several bugs and includes new functionality. This release is also available for auto upgrade for eligible servers. For more information, see: [Azure AD Connect: Version release history](../hybrid/reference-connect-version-history.md#21150).
1217-
1218-
---
1219-
1220-
1221-
### General Availability - Cross-tenant access settings for B2B collaboration
1222-
1223-
**Type:** Changed feature
1224-
**Service category:** B2B
1225-
**Product capability:** B2B/B2C
1226-
1227-
1228-
1229-
Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you’ll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. For more information, see: [Cross-tenant access with Azure AD External Identities](../external-identities/cross-tenant-access-overview.md).
1230-
1231-
1232-
---
1233-
1234-
1235-
### General Availability- Expression builder with Application Provisioning
1236-
1237-
**Type:** Changed feature
1238-
**Service category:** Provisioning
1239-
**Product capability:** Outbound to SaaS Applications
1240-
1241-
1242-
Accidental deletion of users in your apps or in your on-premises directory could be disastrous. We’re excited to announce the general availability of the accidental deletions prevention capability. When a provisioning job would cause a spike in deletions, it will first pause and provide you visibility into the potential deletions. You can then accept or reject the deletions and have time to update the job’s scope if necessary. For more information, see [Understand how expression builder in Application Provisioning works](../app-provisioning/expression-builder.md).
1243-
1244-
1245-
---
1246-
1247-
1248-
1249-
### Public Preview - Improved app discovery view for My Apps portal
1250-
1251-
**Type:** Changed feature
1252-
**Service category:** My Apps
1253-
**Product capability:** End User Experiences
1254-
1255-
1256-
An improved app discovery view for My Apps is in public preview. The preview shows users more apps in the same space and allows them to scroll between collections. It doesn't currently support drag-and-drop and list view. Users can opt into the preview by selecting Try the preview and opt out by selecting Return to previous view. To learn more about My Apps, see [My Apps portal overview](../manage-apps/myapps-overview.md).
1257-
1258-
1259-
1260-
1261-
---
1262-
1263-
1264-
1265-
### Public Preview - New Azure AD Portal All Devices list
1266-
1267-
**Type:** Changed feature
1268-
**Service category:** Device Registration and Management
1269-
**Product capability:** End User Experiences
1270-
1271-
1272-
1273-
We're enhancing the All Devices list in the Azure AD Portal to make it easier to filter and manage your devices. Improvements include:
1274-
1275-
All Devices List:
1276-
1277-
- Infinite scrolling
1278-
- More devices properties can be filtered on
1279-
- Columns can be reordered via drag and drop
1280-
- Select all devices
1281-
1282-
For more information, see: [Manage devices in Azure AD using the Azure portal](../devices/device-management-azure-portal.md#view-and-filter-your-devices-preview).
1283-
1284-
1285-
1286-
1287-
---
1288-
1289-
1290-
1291-
### Public Preview - ADFS to Azure AD: Persistent NameID for IDP-initiated Apps
1292-
1293-
**Type:** Changed feature
1294-
**Service category:** Enterprise Apps
1295-
**Product capability:** SSO
1296-
1297-
1298-
Previously the only way to have persistent NameID value was to ​configure user attribute with an empty value. Admins can now explicitly configure the NameID value to be persistent ​along with the corresponding format.
1299-
1300-
For more information, see: [Customize app SAML token claims - Microsoft identity platform | Microsoft Docs](../develop/active-directory-saml-claims-customization.md#attributes).
1301-
1302-
1303-
---
1304-
1305-
1306-
1307-
### Public Preview - ADFS to Azure Active Directory: Customize attrname-format​
1308-
1309-
**Type:** Changed feature
1310-
**Service category:** Enterprise Apps
1311-
**Product capability:** SSO
1312-
1313-
1314-
With this new parity update, customers can now integrate non-gallery applications such as Socure DevHub with Azure AD to have SSO via SAML.
1315-
1316-
For more information, see [Claims mapping policy - Microsoft Entra | Microsoft Docs](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements).
1317-
1318-
1319-
---
1031+
---

articles/active-directory/governance/lifecycle-workflows-deployment.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 04/16/2021
14+
ms.date: 01/31/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/manage-workflow-properties.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ manager: amycolannino
77
ms.service: active-directory
88
ms.workload: identity
99
ms.topic: how-to
10-
ms.date: 02/15/2022
10+
ms.date: 01/31/2022
1111
ms.subservice: compliance
1212
ms.custom: template-how-to
1313
---
@@ -22,6 +22,7 @@ You can update the following basic information without creating a new workflow.
2222
- display name
2323
- description
2424
- whether or not it is enabled.
25+
- Whether or not workflow schedule is enabled.
2526

2627
If you change any other parameters, a new version is required to be created as outlined in the [Managing workflow versions](manage-workflow-tasks.md) article.
2728

articles/active-directory/governance/manage-workflow-tasks.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ manager: amycolannino
77
ms.service: active-directory
88
ms.workload: identity
99
ms.topic: how-to
10-
ms.date: 04/06/2022
10+
ms.date: 01/31/2023
1111
ms.subservice: compliance
1212
ms.custom: template-how-to
1313
---

0 commit comments

Comments
 (0)