Merge pull request #239029 from MicrosoftDocs/main

5/23 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -22758,6 +22758,26 @@
             "source_path_from_root": "/articles/azure-functions/functions-create-function-linux-custom-image.md",
             "redirect_url": "/azure/azure-functions/functions-how-to-custom-container",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/windows-firewall-events-via-ama.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-meraki.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/cisco-asa-ftd-via-ama.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/threat-intelligence-upload-indicators-api.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/faq.yml

@@ -8,7 +8,7 @@ metadata:
   ms.service: active-directory
   ms.workload: identity
   ms.topic: faq
-  ms.date: 03/15/2023
+  ms.date: 05/23/2023
   ms.author: godonnell
   ms.subservice: B2C
   ms.custom: "b2c-support"
@@ -17,6 +17,20 @@ summary: This page answers frequently asked questions about the Azure Active Dir
 
 
 sections:
+  - name: Microsoft Entra External ID preview
+    questions:
+      - question: |
+          What is Microsoft Entra External ID?
+        answer: |
+          We announced early preview of our next generation Microsoft Entra External ID solution. This early preview represents an evolutionary step in unifying secure and engaging experiences across all external identities including partners, customers, citizens, patients, and others within a single, integrated platform. For more information about the preview, see [What is Microsoft Entra External ID for customers?](../active-directory/external-identities/customers/overview-customers-ciam.md). 
+      - question: |
+          How does this preview affect me?
+        answer: |
+          No action is required on your part at this time. The next generation platform is currently in early preview only. We remain fully committed to support of your current Azure AD B2C solution. There are no requirements for Azure AD B2C customers to migrate at this time and no plans to discontinue the current Azure AD B2C service. As the next generation platform approaches GA, details will be made available to all our valued B2C customers on available options including migration to the new platform.
+      - question: |
+          How do I participate in the preview?
+        answer: |
+          As the next generation platform represents our future for customer identity and access management (CIAM), we welcome and encourage your participation and feedback during early preview. If you're interested in joining the early preview, contact your sales team for details. 
   - name: General
     questions:
       - question: |
@@ -164,7 +178,7 @@ sections:
           If the TOTP authenticator app codes aren't working with your Android or iPhone mobile phone or device, your device's clock time might be incorrect. In your device's settings, select the option to use the network-provided time or to set the time automatically.
           
       - question: |
-          How do I know that the Go-Local add-on available in my country/region? 
+          How do I know that the Go-Local add-on is available in my country/region? 
         answer: |
           While [creating your Azure AD B2C tenant](tutorial-create-tenant.md), if the Go-Local add-on is available in your country, you're asked to enable it if you need it. 
       

articles/active-directory/authentication/how-to-migrate-mfa-server-to-mfa-user-authentication.md

@@ -1,25 +1,20 @@
 ---
 title: Migrate to Azure AD MFA and Azure AD user authentication
-description: Step-by-step guidance to move from MFA Server on-premises to Azure AD MFA and Azure AD user authentication
-
+description: Guidance to move from MFA Server on-premises to Azure AD MFA and Azure AD user authentication
 services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
-
+ms.date: 05/23/2023
 ms.author: gasinh
 author: gargi-sinha
 manager: martinco
 ms.reviewer: michmcla
-
 ms.collection: M365-identity-device-management
 ---
 # Migrate to Azure AD MFA and Azure AD user authentication
 
-Multi-factor authentication (MFA) helps secure your infrastructure and assets from bad actors. 
-Microsoft's Multi-Factor Authentication Server (MFA Server) is no longer offered for new deployments. 
-Customers who are using MFA Server should move to Azure AD Multi-Factor Authentication (Azure AD MFA). 
+Multi-factor authentication (MFA) helps secure your infrastructure and assets from bad actors. Microsoft Multi-Factor Authentication Server (MFA Server) is no longer offered for new deployments. Customers who are using MFA Server should move to Azure AD Multi-Factor Authentication (Azure AD MFA). 
 
 There are several options for migrating from MFA Server to Azure Active Directory (Azure AD):
 
@@ -66,7 +61,7 @@ Groups are used in three capacities for MFA migration.
 ### Configure Conditional Access policies
 
 If you're already using Conditional Access to determine when users are prompted for MFA, you won't need any changes to your policies. 
-As users are migrated to cloud authentication, they'll start using Azure AD MFA as defined by your existing Conditional Access policies. 
+As users are migrated to cloud authentication, they'll start using Azure AD MFA as defined by your Conditional Access policies. 
 They won't be redirected to AD FS and MFA Server anymore.
 
 If your federated domains have the **federatedIdpMfaBehavior** set to `enforceMfaByFederatedIdp` or **SupportsMfa** flag set to `$True` (the **federatedIdpMfaBehavior** overrides **SupportsMfa** when both are set), you're likely enforcing MFA on AD FS by using claims rules. 
@@ -98,20 +93,20 @@ Now that Azure AD MFA is an additional authentication method, you can assign gro
 >[!NOTE]
 >Claims rules require on-premises security group. 
 
-#### Back up existing rules 
+#### Back up rules 
 
-Before configuring new claims rules, back up your existing rules. 
-You'll need to restore claims rules as a part of your cleanup steps. 
+Before configuring new claims rules, back up your rules. 
+You'll need to restore claims rules as a part of your clean-up steps. 
 
 Depending on your configuration, you may also need to copy the existing rule and append the new rules being created for the migration.
 
-To view existing global rules, run:  
+To view global rules, run:  
 
 ```powershell
 Get-AdfsAdditionalAuthenticationRule
 ```
 
-To view existing relying party trusts, run the following command and replace RPTrustName with the name of the relying party trust claims rule: 
+To view relying party trusts, run the following command and replace RPTrustName with the name of the relying party trust claims rule: 
 
 ```powershell
 (Get-AdfsRelyingPartyTrust -Name "RPTrustName").AdditionalAuthenticationRules
@@ -139,17 +134,17 @@ To find the group SID, run the following command and replace `GroupName` with yo
 Get-ADGroup GroupName
 ```
 
-![PowerShell command to get the group SID.](media/how-to-migrate-mfa-server-to-mfa-user-authentication/find-the-sid.png)
+![Microsoft Graph PowerShell command to get the group SID.](media/how-to-migrate-mfa-server-to-mfa-user-authentication/find-the-sid.png)
 
 #### Setting the claims rules to call Azure AD MFA
 
-The following PowerShell cmdlets invoke Azure AD MFA for users in the group when they aren't on the corporate network. 
-You must replace `"YourGroupSid"` with the SID found by running the preceding cmdlet.
+The following Microsoft Graph PowerShell cmdlets invoke Azure AD MFA for users in the group when they aren't on the corporate network. 
+Replace `"YourGroupSid"` with the SID found by running the preceding cmdlet.
 
 Make sure you review the [How to Choose Additional Auth Providers in 2019](/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server#how-to-choose-additional-auth-providers-in-2019). 
 
 >[!IMPORTANT] 
->Backup your existing claims rules before proceeding.
+>Back up your claims rules before proceeding.
 
 ##### Set global claims rule 
 
@@ -209,8 +204,7 @@ Value=="YourGroupSid"]) => issue(Type =
 
 ### Configure Azure AD MFA as an authentication provider in AD FS
 
-In order to configure Azure AD MFA for AD FS, you must configure each AD FS server. 
-If multiple AD FS servers are in your farm, you can configure them remotely using Azure AD PowerShell.
+In order to configure Azure AD MFA for AD FS, you must configure each AD FS server. If multiple AD FS servers are in your farm, you can configure them remotely using Microsoft Graph PowerShell.
 
 For step-by-step directions on this process, see [Configure the AD FS servers](/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa#configure-the-ad-fs-servers).
 
@@ -340,7 +334,7 @@ Possible considerations when decommissions the MFA Server include:
 
 ## Move application authentication to Azure Active Directory
 
-If you migrate all your application authentication along with your MFA and user authentication, you'll be able to remove significant portions of your on-premises infrastructure, reducing costs and risks. 
+If you migrate all your application authentication with your MFA and user authentication, you'll be able to remove significant portions of your on-premises infrastructure, reducing costs and risks. 
 If you move all application authentication, you can skip the [Prepare AD FS](#prepare-ad-fs) stage and simplify your MFA migration.
 
 The process for moving all application authentication is shown in the following diagram.
@@ -353,5 +347,5 @@ For more information about migrating applications to Azure, see [Resources for m
 ## Next steps
 
 - [Migrate from Microsoft MFA Server to Azure AD MFA (Overview)](how-to-migrate-mfa-server-to-azure-mfa.md)
-- [Migrate applications from Windows Active Directory to Azure Active Directory](../manage-apps/migrate-application-authentication-to-azure-active-directory.md)
+- [Migrate applications from Windows Active Directory to Azure AD](../manage-apps/migrate-application-authentication-to-azure-active-directory.md)
 - [Plan your cloud authentication strategy](../fundamentals/active-directory-deployment-plans.md)

articles/active-directory/develop/custom-extension-get-started.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 04/10/2023
+ms.date: 05/23/2023
 ms.author: davidmu
 ms.custom: aaddev
 ms.reviewer: JasSuri
@@ -128,7 +128,7 @@ The following screenshot demonstrates how to configure the Azure HTTP trigger fu
         public Claims claims { get; set; }
         public Action()
         {
-            odatatype = "microsoft.graph.provideClaimsForToken";
+            odatatype = "microsoft.graph.tokenIssuanceStart.provideClaimsForToken";
             claims = new Claims();
         }
     }

articles/active-directory/devices/azuread-join-sso.md

@@ -42,6 +42,8 @@ Azure AD Connect or Azure AD Connect cloud sync synchronize your on-premises ide
 > Additional configuration is required when passwordless authentication to Azure AD joined devices is used.
 >
 > For FIDO2 security key based passwordless authentication and Windows Hello for Business Hybrid Cloud Trust, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md).
+>
+> For Windows Hello for Business Cloud Kerberos Trust, see [Configure and provision Windows Hello for Business - cloud Kerberos trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision).
 > 
 > For Windows Hello for Business Hybrid Key Trust, see [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base).
 > 

articles/active-directory/external-identities/customers/azure-rest-api-operations-tenant-management.md

@@ -0,0 +1,32 @@
+---
+title: Tenant management with Azure REST API
+description: Learn how to manage your Azure AD for customers tenant by calling the Azure REST API.
+services: active-directory
+author: garrodonnell
+manager: celested
+ms.author: godonnell
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: ciam
+ms.topic: how-to
+ms.date: 05/23/2023
+ms.custom: developer
+
+#Customer intent: As a dev, devops, I want to learn how to use the Azure REST API to manage my Azure AD for customers tenant.
+---
+
+# Manage Azure Active Directory for customers tenant with Azure REST API
+You can manage your Azure Active Directory for your tenant using the Azure REST API. The management of resources related to tenant management supports the following API operations. Each link in the following sections targets the corresponding page within the Microsoft Graph API reference for that operation.
+
+## Tenant Management operations
+
+You can perform tenant management operations with your Azure Active Directory for customers tenant with the following operations:
+
+- [Create or Update](/rest/api/azurestack/directory-tenants/create-or-update)
+- [Delete](/rest/api/azurestack/directory-tenants/delete)
+- [Get](/rest/api/azurestack/directory-tenants/get)
+- [List](/rest/api/azurestack/directory-tenants/list)
+
+## Next steps
+
+- To learn more about programmatic management, see [Microsoft Graph overview](/graph/overview). 

articles/active-directory/external-identities/customers/faq-customers.md

@@ -0,0 +1,72 @@
+---
+title: Frequently asked questions
+description: Find answers to some of the most frequently asked questions about Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers. 
+services: active-directory
+author: msmimart
+manager: celestedg
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: ciam
+ms.topic: reference
+ms.date: 05/23/2023
+ms.author: mimart
+ms.custom: it-pro
+---
+
+# Microsoft Entra External ID for customers frequently asked questions
+
+This article answers frequently asked questions about Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers. This document offers guidance to help customers better understand Microsoft’s current external identities capabilities and the journey for our next generation platform (Microsoft Entra External ID).
+
+This FAQ references customer identity and access management (CIAM). CIAM is an industry recognized category that covers solutions that manage identity, authentication, and authorization for external identity use cases (partners, customers, and citizens). Common functionality includes self-service capabilities, adaptive access, single sign-on (SSO), and bring your own identity (BYOI).
+
+## Frequently asked questions
+
+### What is Microsoft Entra External ID?
+
+Microsoft Entra External ID is our next generation CIAM platform that represents an evolutionary step in unifying secure and engaging experiences across all external identities including customers, partners, citizens, and others, within a single, integrated platform.
+
+### Is Microsoft Entra External ID a new name for Azure AD B2C?
+
+No, this isn't a new name for Azure AD B2C. Microsoft Entra External ID builds on the success of our existing Azure AD B2C technologies but represents our future for CIAM. The new platform serves as the foundation for rapid innovation, features, and capabilities that address use cases across all external users.  
+
+### What is the release date for Microsoft Entra External ID?  
+
+Microsoft Entra External ID (for customers) entered preview at Microsoft Build 2023. The existing B2B collaboration feature remains unchanged.
+
+### What is the pricing for Microsoft Entra External ID?
+
+Microsoft Entra External ID (for customers) is in preview, so no pricing details are available at this time. The pricing for existing B2B collaboration features is unchanged.
+
+### How does Microsoft Entra External ID affect B2B collaboration?
+
+There are no changes to the existing B2B collaboration features or related pricing. Upon general availability, Microsoft Entra External ID will address use cases across all external user identities, including partners, customers, citizens, and others.
+
+### How long will you support the current Azure AD B2C platform?
+
+We remain fully committed to support of the current Azure AD B2C product. The SLA remains unchanged, and we’ll continue investments in the product to ensure security, availability, and reliability. For existing Azure AD B2C customers that have an interest in moving to the next generation platform, more details will be made available after general availability.
+
+### I have many investments tied up in Azure AD B2C, both in code artifacts and CI/CD pipelines. Do I need to plan for a migration or some other effort?
+
+We recognize the large investments in building and managing custom policies. We’ve listened to many customers who, like you, have shared that custom policies are too hard to build and manage. Our next generation platform will resolve the need for intricate custom policies. In addition to many other platform and feature improvements, you’ll have equivalent functionality in the new platform but a much easier way to build and manage it. We expect to share migration options closer to general availability of the next generation platform.  
+
+### I’ve heard I can preview the Microsoft Entra External ID platform. Where can I learn more?
+
+You can learn more about the preview and the features we're delivering on the new platform by visiting the Microsoft Entra External ID for customers [developer center](https://aka.ms/ciam/dev).
+
+### As a new customer, which solution is a better fit, Azure AD B2C or Microsoft Entra External ID (preview)?
+
+Opt for the current Azure AD B2C product if:
+
+- You have an immediate need to deploy a production ready build for customer-facing apps.
+  
+   > [!NOTE]
+   > Keep in mind that the next generation Microsoft Entra External ID platform represents the future of CIAM for Microsoft, and rapid innovation, new features and capabilities will be focused on this platform. By choosing the next generation platform from the start, you will receive the benefits of rapid innovation and a future-proof architecture.
+
+Opt for the next generation Microsoft Entra External ID platform if:
+
+- You’re starting fresh building identities into apps or you're in the early stages of product discovery.
+- The benefits of rapid innovation, new features and capabilities are a priority.
+
+## Next steps
+
+[Learn more about Microsoft Entra External ID for customers](index.yml)