Merge pull request #191531 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

.openpublishing.publish.config.json

@@ -830,6 +830,18 @@
       "url": "https://github.com/Azure-Samples/msdocs-nodejs-mongodb-azure-sample-app",
       "branch": "main",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "msdocs-django-postgresql-sample-app",
+      "url": "https://github.com/Azure-Samples/msdocs-django-postgresql-sample-app",
+      "branch": "main",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "msdocs-flask-postgresql-sample-app",
+      "url": "https://github.com/Azure-Samples/msdocs-flask-postgresql-sample-app",
+      "branch": "main",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

articles/active-directory/saas-apps/amazon-web-service-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 02/28/2022
+ms.date: 03/08/2022
 ms.author: jeedes
 ---
 
@@ -112,7 +112,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. In the Azure portal, on the **AWS Single-Account Access** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
@@ -388,14 +388,13 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 #### IDP initiated:
 
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the AWS Single-Account Access for which you set up the SSO 
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the AWS Single-Account Access for which you set up the SSO. 
 
 You can also use Microsoft My Apps to test the application in any mode. When you click the AWS Single-Account Access tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the AWS Single-Account Access for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
-
 ## Known issues
 
-* AWS Single-Account Access provisioning integration can be used only to connect to AWS public cloud endpoints. AWS Single-Account Access provisioning integration can't be used to access AWS Government environments.
+* AWS Single-Account Access provisioning integration can be used only to connect to AWS public cloud endpoints. AWS Single-Account Access provisioning integration can't be used to access AWS Government environments, or the AWS China regions.
 
 * In the **Provisioning** section, the **Mappings** subsection shows a "Loading..." message, and never displays the attribute mappings. The only provisioning workflow supported today is the import of roles from AWS into Azure AD for selection during a user or group assignment. The attribute mappings for this are predetermined, and aren't configurable.
 

articles/active-directory/saas-apps/aws-single-sign-on-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/26/2021
+ms.date: 03/10/2022
 ms.author: jeedes
 
 ---
@@ -37,7 +37,7 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
 
 * AWS Single Sign-on supports [**Automated user provisioning**](./aws-single-sign-on-provisioning-tutorial.md).
 
-## Adding AWS Single Sign-on from the gallery
+## Add AWS Single Sign-on from the gallery
 
 To configure the integration of AWS Single Sign-on into Azure AD, you need to add AWS Single Sign-on from the gallery to your list of managed SaaS apps.
 
@@ -48,7 +48,6 @@ To configure the integration of AWS Single Sign-on into Azure AD, you need to ad
 1. In the **Add from the gallery** section, type **AWS Single Sign-on** in the search box.
 1. Select **AWS Single Sign-on** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-
 ## Configure and test Azure AD SSO for AWS Single Sign-on
 
 Configure and test Azure AD SSO with AWS Single Sign-on using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in AWS Single Sign-on.
@@ -80,14 +79,15 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	![image2](common/browse-upload-metadata.png)
 
-	c. Once the metadata file is successfully uploaded, the **Identifier** and **Reply URL** values get auto populated in Basic SAML Configuration section:
-
-	![image3](common/idp-intiated.png)
+	c. Once the metadata file is successfully uploaded, the **Identifier** and **Reply URL** values get auto populated in Basic SAML Configuration section.
 
 	> [!Note]
 	> If the **Identifier** and **Reply URL** values are not getting auto populated, then fill in the values manually according to your requirement.
 
-1. If you don't have **Service Provider metadata file**, perform the following steps on the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+    > [!Note]
+    > When changing identity provider in AWS (i.e. from AD to external provider such as Azure AD) the AWS metadata will change and need to be reuploaded to Azure for SSO to function correctly.
+
+1. If you don't have **Service Provider metadata file**, perform the following steps on the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
 
     a. In the **Identifier** text box, type a URL using the following pattern:
     `https://<REGION>.signin.aws.amazon.com/platform/saml/<ID>`
@@ -107,7 +107,6 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	![image](common/edit-attribute.png)
 
-
     > [!NOTE]
     > If ABAC is enabled in AWS SSO, the additional attributes may be passed as session tags directly into AWS accounts.
 
@@ -210,8 +209,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
     g. Choose **Next: Groups**.
 
     > [!NOTE]
-    > Make sure the username entered in AWS SSO matches the user’s Azure AD sign-in name. This
-will you help avoid any authentication problems.
+    > Make sure the username entered in AWS SSO matches the user’s Azure AD sign-in name. This will you help avoid any authentication problems.
 
 5. Choose **Add user**.
 6. Next, you will assign the user to your AWS account. To do so, in the left navigation pane of the
@@ -244,11 +242,10 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 #### IDP initiated:
 
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO 
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO. 
 
 You can also use Microsoft My Apps to test the application in any mode. When you click the AWS Single Sign-on tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
-
 ## Next steps
 
-Once you configure AWS Single Sign-on you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
+Once you configure AWS Single Sign-on you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

articles/active-directory/saas-apps/fortiweb-web-application-firewall-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with FortiWeb Web Application Firewall | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with FortiWeb Web Application Firewall'
 description: Learn how to configure single sign-on between Azure Active Directory and FortiWeb Web Application Firewall.
 services: active-directory
 author: jeevansd
@@ -9,12 +9,12 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/24/2020
+ms.date: 03/11/2020
 ms.author: jeedes
 
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with FortiWeb Web Application Firewall
+# Tutorial: Azure AD SSO integration with FortiWeb Web Application Firewall
 
 In this tutorial, you'll learn how to integrate FortiWeb Web Application Firewall with Azure Active Directory (Azure AD). When you integrate FortiWeb Web Application Firewall with Azure AD, you can:
 
@@ -29,6 +29,9 @@ To get started, you need the following items:
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * FortiWeb Web Application Firewall single sign-on (SSO) enabled subscription.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.

articles/active-directory/saas-apps/tribeloo-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Tribeloo | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Tribeloo'
 description: Learn how to configure single sign-on between Azure Active Directory and Tribeloo.
 services: active-directory
 author: jeevansd
@@ -9,12 +9,12 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/02/2021
+ms.date: 03/11/2021
 ms.author: jeedes
 
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Tribeloo
+# Tutorial: Azure AD SSO integration with Tribeloo
 
 In this tutorial, you'll learn how to integrate Tribeloo with Azure Active Directory (Azure AD). When you integrate Tribeloo with Azure AD, you can:
 
@@ -29,6 +29,9 @@ To get started, you need the following items:
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * Tribeloo single sign-on (SSO) enabled subscription.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.

articles/active-directory/standards/index.yml

@@ -1,56 +1,56 @@
-### YamlMime:Landing
-
-title: Azure Active Directory configuring to standards documentation 
-summary: Azure and Azure Active Directory enable you to leverage their compliance certifications and configure your environment to meet governmental and industry standards.
-
-metadata:
-  title: Azure Active Directory configuring to standards documentation 
-  description: "Learn to configure Azure and Azure Active directory to meet governmental and industry standards."
-  manager: mtillman
-  ms.author: baselden
-  ms.collection: na
-  ms.date: 04/26/2021
-  ms.service: active-directory
-  ms.subservice: na
-  ms.topic: landing-page
-  services: active-directory
-
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
-
-landingContent:
-  # Card 
-  - title: Standards overviews
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Configure to identity standards
-            url: standards-overview.md
-          - text: NIST AAL overview
-            url: nist-overview.md
-          - text: FedRAMP High impact overview
-            url: configure-azure-active-directory-for-fedramp-high-impact.md
-    
-  # Card 
-  - title: Configure NIST AALs
-    linkLists:
-      - linkListType: how-to-guide
-        links:
-          - text: Achieve NIST AAL 1
-            url: nist-authenticator-assurance-level-1.md
-          - text: Achieve NIST AAL 2
-            url: nist-authenticator-assurance-level-2.md
-          - text: Achieve NIST AAL 3
-            url:  nist-authenticator-assurance-level-3.md
-
-  # Card
-  - title: Configure FedRAMP controls
-    linkLists:
-      - linkListType: how-to-guide
-        links:
-          - text: Configure access controls
-            url: fedramp-access-controls.md
-          - text: Configure identification and authentication controls
-            url: fedramp-identification-and-authentication-controls.md
-          - text: Configure additional controls
-            url: fedramp-other-controls.md
-  
+### YamlMime:Landing
+
+title: Azure Active Directory configuring to standards documentation 
+summary: Azure and Azure Active Directory enable you to leverage their compliance certifications and configure your environment to meet governmental and industry standards.
+
+metadata:
+  title: Azure Active Directory configuring to standards documentation 
+  description: "Learn to configure Azure and Azure Active directory to meet governmental and industry standards."
+  manager: mtillman
+  ms.author: baselden
+  ms.collection: na
+  ms.date: 04/26/2021
+  ms.service: active-directory
+  ms.subservice: na
+  ms.topic: landing-page
+  services: active-directory
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+  # Card 
+  - title: Standards overviews
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Configure to identity standards
+            url: standards-overview.md
+          - text: NIST AAL overview
+            url: nist-overview.md
+          - text: FedRAMP High impact overview
+            url: configure-azure-active-directory-for-fedramp-high-impact.md
+    
+  # Card 
+  - title: Configure NIST AALs
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Achieve NIST AAL 1
+            url: nist-authenticator-assurance-level-1.md
+          - text: Achieve NIST AAL 2
+            url: nist-authenticator-assurance-level-2.md
+          - text: Achieve NIST AAL 3
+            url:  nist-authenticator-assurance-level-3.md
+
+  # Card
+  - title: Configure FedRAMP controls
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Configure access controls
+            url: fedramp-access-controls.md
+          - text: Configure identification and authentication controls
+            url: fedramp-identification-and-authentication-controls.md
+          - text: Configure additional controls
+            url: fedramp-other-controls.md
+