MicrosoftDocs
diff --git a/‎articles/active-directory/fundamentals/whats-new-archive.md
Lines changed: 108 additions & 0 deletions b/‎articles/active-directory/fundamentals/whats-new-archive.md
Lines changed: 108 additions & 0 deletions
diff --git a/‎articles/automation/automation-solution-vm-management.md
Lines changed: 1 addition & 1 deletion b/‎articles/automation/automation-solution-vm-management.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-monitor/alerts/media/itsmc-overview/add-new-itsm-connection.png
-41.7 KB b/‎articles/azure-monitor/alerts/media/itsmc-overview/add-new-itsm-connection.png
-41.7 KB
diff --git a/‎articles/azure-monitor/app/app-insights-overview.md
Lines changed: 2 additions & 2 deletions b/‎articles/azure-monitor/app/app-insights-overview.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-monitor/index.yml
Lines changed: 5 additions & 5 deletions b/‎articles/azure-monitor/index.yml
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/azure-monitor/logs/manage-access.md
Lines changed: 6 additions & 96 deletions b/‎articles/azure-monitor/logs/manage-access.md
Lines changed: 6 additions & 96 deletions
@@ -27,6 +27,114 @@ The What's new in Azure Active Directory? release notes provide information abou
 - Deprecated functionality
 - Plans for changes
 
+---
+
+## September 2022 
+
+### General Availability - SSPR writeback is now available for disconnected forests using Azure AD Connect cloud sync
+
+
+
+**Type:** New feature  
+**Service category:** Azure AD Connect Cloud Sync   
+**Product capability:** Identity Lifecycle Management 
+
+Azure AD Connect Cloud Sync Password writeback now provides customers the ability to synchronize Azure AD password changes made in the cloud to an on-premises directory in real time. This can be accomplished using the lightweight Azure AD cloud provisioning agent. For more information, see: [Tutorial: Enable cloud sync self-service password reset writeback to an on-premises environment](../authentication/tutorial-enable-cloud-sync-sspr-writeback.md).
+
+---
+
+### General Availability - Device-based conditional access on Linux Desktops
+
+
+
+**Type:** New feature  
+**Service category:** Conditional Access  
+**Product capability:** SSO 
+
+
+
+This feature empowers users on Linux clients to register their devices with Azure AD, enroll into Intune management, and satisfy device-based Conditional Access policies when accessing their corporate resources.
+
+- Users can register their Linux devices with Azure AD.
+- Users can enroll in Mobile Device Management (Intune), which can be used to provide compliance decisions based upon policy definitions to allow device based conditional access on Linux Desktops.
+- If compliant, users can use Microsoft Edge Browser to enable Single-Sign on to M365/Azure resources and satisfy device-based Conditional Access policies.
+
+For more information, see:
+
+- [Azure AD registered devices](../devices/concept-azure-ad-register.md)
+- [Plan your Azure Active Directory device deployment](../devices/plan-device-deployment.md)
+
+---
+
+### General Availability - Azure AD SCIM Validator
+
+
+
+**Type:** New feature  
+**Service category:** Provisioning  
+**Product capability:** Outbound to SaaS Applications 
+
+
+
+Independent Software Vendors(ISVs) and developers can self-test their SCIM endpoints for compatibility: We have made it easier for ISVs to validate that their endpoints are compatible with the SCIM-based Azure AD provisioning services. This is now in general availability (GA) status.
+
+For more information, see: [Tutorial: Validate a SCIM endpoint](../app-provisioning/scim-validator-tutorial.md)
+
+---
+
+### General Availability - prevent accidental deletions
+
+
+
+**Type:** New feature  
+**Service category:** Provisioning  
+**Product capability:** Outbound to SaaS Applications 
+
+
+
+Accidental deletion of users in any system could be disastrous. We’re excited to announce the general availability of the accidental deletions prevention capability as part of the Azure AD provisioning service. When the number of deletions to be processed in a single provisioning cycle spikes above a customer defined threshold the following will happen. The Azure AD provisioning service pauses, provide you with visibility into the potential deletions, and allow you to accept or reject the deletions. This functionality has historically been available for Azure AD Connect, and Azure AD Connect Cloud Sync. It's now available across the various provisioning flows, including both HR-driven provisioning and application provisioning.
+
+For more information, see: [Enable accidental deletions prevention in the Azure AD provisioning service](../app-provisioning/accidental-deletions.md)
+
+---
+
+### General Availability - Identity Protection Anonymous and Malicious IP for ADFS on-premises logins
+
+
+
+**Type:** New feature  
+**Service category:** Identity Protection  
+**Product capability:** Identity Security & Protection
+
+
+
+Identity protection expands its Anonymous and Malicious IP detections to protect ADFS sign-ins. This automatically applies to all customers who have AD Connect Health deployed and enabled, and show up as the existing "Anonymous IP" or "Malicious IP" detections with a token issuer type of "AD Federation Services".
+
+For more information, see: [What is risk?](../identity-protection/concept-identity-protection-risks.md)
+
+---
+
+
+### New Federated Apps available in Azure AD Application gallery - September 2022
+
+
+
+**Type:** New feature  
+**Service category:** Enterprise Apps  
+**Product capability:** 3rd Party Integration 
+
+
+
+In September 2022 we've added the following 15 new applications in our App gallery with Federation support:
+
+[RocketReach SSO](../saas-apps/rocketreach-sso-tutorial.md), [Arena EU](../saas-apps/arena-eu-tutorial.md), [Zola](../saas-apps/zola-tutorial.md), [FourKites SAML2.0 SSO for Tracking](../saas-apps/fourkites-tutorial.md), [Syniverse Customer Portal](../saas-apps/syniverse-customer-portal-tutorial.md), [Rimo](https://rimo.app/), [Q Ware CMMS](https://qware.app/), [Mapiq (OIDC)](https://app.mapiq.com/), [NICE Cxone](../saas-apps/nice-cxone-tutorial.md), [dominKnow|ONE](../saas-apps/dominknowone-tutorial.md), [Waynbo for Azure AD](https://webportal-eu.waynbo.com/Login), [innDex](https://web.inndex.co.uk/azure/authorize), [Profiler Software](https://www.profiler.net.au/), [Trotto go links](https://trot.to/_/auth/login), [AsignetSSOIntegration](../saas-apps/asignet-sso-tutorial.md).
+
+You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial,
+
+For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest
+
+
+
 ---
 
 ## August 2022 
 
@@ -11,7 +11,7 @@ ms.custom: devx-track-azurepowershell, engagement-fy23
 # Start/Stop VMs during off-hours overview
 
 > [!NOTE]
-> Start/Stop VM during off-hours version 1 is unavailable in the marketplace now as it will retire by 30 September 2023. We recommend you start using [version 2](../azure-functions/start-stop-vms/overview.md), which is now generally available. The new version offers all existing capabilities and provides new features, such as multi-subscription support from a single Start/Stop instance. If you have the version 1 solution already deployed, you can still use the feature, and we will provide support until 30 September 2023. The details of the announcement will be shared soon. 
+> Start/Stop VM during off-hours version 1 is unavailable in the marketplace now as it will retire by 30 September 2023. We recommend you start using [version 2](../azure-functions/start-stop-vms/overview.md) which is now generally available. The new version offers all existing capabilities and provides new features, such as multi-subscription support from a single Start/Stop instance. If you have the version 1 solution already deployed, you can still use the feature, and we will provide support until 30 September 2023. The details of the announcement will be shared soon. 
 
 The Start/Stop VMs during off-hours feature start or stops enabled Azure VMs. It starts or stops machines on user-defined schedules, provides insights through Azure Monitor logs, and sends optional emails by using [action groups](../azure-monitor/alerts/action-groups.md). The feature can be enabled on both Azure Resource Manager and classic VMs for most scenarios.
 
 
@@ -12,12 +12,12 @@ Application Insights is an extension of [Azure Monitor](../overview.md) and prov
 1. *Proactively* understand how an application is performing.
 1. *Reactively* review application execution data to determine the cause of an incident.
 
+:::image type="content" source="media/overview-dashboard/0001-dashboard.png" alt-text="Screenshot of Application Insights in the Azure portal." lightbox="media/overview-dashboard/0001-dashboard.png":::
+
 In addition to collecting [Metrics](standard-metrics.md) and application [Telemetry](data-model-complete.md) data, which describe application activities and health, Application Insights can also be used to collect and store application [trace logging data](asp-net-trace-logs.md).
 
 The [log trace](asp-net-trace-logs.md) is associated with other telemetry to give a detailed view of the activity. Adding trace logging to existing apps only requires providing a destination for the logs; the logging framework rarely needs to be changed.
 
-:::image type="content" source="media/overview-dashboard/0001-dashboard.png" alt-text="Screenshot of Application Insights in the Azure portal." lightbox="media/overview-dashboard/0001-dashboard.png":::
-
 Application Insights provides other features including, but not limited to:
 
 - [Live Metrics](live-stream.md) – observe activity from your deployed application in real time with no effect on the host environment
 
@@ -36,7 +36,7 @@ landingContent:
   # Card 
   - title: Common scenarios
     linkLists:
-      - linkListType: deploy
+      - linkListType: how-to-guide
         links:
           - text: Multi-cloud monitoring
             url: best-practices-multicloud.md
@@ -84,7 +84,7 @@ landingContent:
  # Card
   - title: Get started with Azure Monitor Logs
     linkLists: 
-      - linkListType: deploy
+      - linkListType: how-to-guide
         links:
           - text: Set up a Log Analytics workspace
             url: logs/log-analytics-workspace-overview.md
@@ -102,7 +102,7 @@ landingContent:
    # Card 
   - title: Get started with Application Insights
     linkLists:
-      - linkListType: get-started
+      - linkListType: how-to-guide
         links:
           - text: Application Insights overview
             url: app/app-insights-overview.md
@@ -120,7 +120,7 @@ landingContent:
  # Card
   - title: Visualize monitoring data
     linkLists: 
-      - linkListType: deploy
+      - linkListType: how-to-guide
         links:
           - text: Insights and curated visualizations
             url: /insights/insights-overview
@@ -136,7 +136,7 @@ landingContent:
  # Card
   - title: Respond to issues
     linkLists: 
-      - linkListType: deploy
+      - linkListType: how-to-guide
         links:
           - text: Alerts 
             url: /alerts/alerts-overview.md
 
@@ -297,105 +297,15 @@ In addition to using the built-in roles for a Log Analytics workspace, you can c
 
 ## Set table-level read access
 
-To create a [custom role](../../role-based-access-control/custom-roles.md) that lets specific users or groups read data from specific tables in a workspace:
-
-1. Create a custom role that grants users permission to execute queries in the Log Analytics workspace, based on the built-in Azure Monitor Logs **Reader** role:
-    
-    1. Navigate to your workspace and select **Access control (IAM)** > **Roles**.
-    
-    1. Right-click the **Reader** role and select **Clone**.
-    
-       :::image type="content" source="media/manage-access/access-control-clone-role.png" alt-text="Screenshot that shows the Roles tab of the Access control screen with the clone button highlighted for the Reader role." lightbox="media/manage-access/access-control-clone-role.png":::        
-      
-       This opens the **Create a custom role** screen.
-
-    1. On the **Basics** tab of the screen, enter a **Custom role name** value and, optionally, provide a description.
-
-        :::image type="content" source="media/manage-access/manage-access-create-custom-role.png" alt-text="Screenshot that shows the Basics tab of the Create a custom role screen with the Custom role name and Description fields highlighted." lightbox="media/manage-access/manage-access-create-custom-role.png":::
-
-    1. Select the **JSON** tab > **Edit**::
-        
-        1. In the `"actions"` section, add:
-    
-            - `Microsoft.OperationalInsights/workspaces/read`
-            - `Microsoft.OperationalInsights/workspaces/query/read`
-            - `Microsoft.OperationalInsights/workspaces/analytics/query/action`
-            - `Microsoft.OperationalInsights/workspaces/search/action`
-   
-        1. In the `"not actions"` section, add `Microsoft.OperationalInsights/workspaces/sharedKeys/read`.
-
-        :::image type="content" source="media/manage-access/manage-access-create-custom-role-json.png" alt-text="Screenshot that shows the JSON tab of the Create a custom role screen with the actions section of the JSON file highlighted." lightbox="media/manage-access/manage-access-create-custom-role-json.png":::    
-        
-    1. Select **Save** > **Review + Create** at the bottom of the screen, and then **Create** on the next page.   
-
-1. Assign your custom role to the relevant users or groups:
-    1. Select **Access control (AIM)** > **Add** > **Add role assignment**.
-    
-       :::image type="content" source="media/manage-access/manage-access-add-role-assignment-button.png" alt-text="Screenshot that shows the Access control screen with the Add role assignment button highlighted." lightbox="media/manage-access/manage-access-add-role-assignment-button.png":::
-
-    1. Select the custom role you created and select **Next**.
-    
-       :::image type="content" source="media/manage-access/manage-access-add-role-assignment-screen.png" alt-text="Screenshot that shows the Add role assignment screen with a custom role and the Next button highlighted." lightbox="media/manage-access/manage-access-add-role-assignment-screen.png":::
-     
-    
-       This opens the **Members** tab of the **Add custom role assignment** screen.   
-    
-    1. Click **+ Select members** to open the **Select members** screen.
-    
-        :::image type="content" source="media/manage-access/manage-access-add-role-assignment-select-members.png" alt-text="Screenshot that shows the Select members screen." lightbox="media/manage-access/manage-access-add-role-assignment-select-members.png":::
-    
-    1. Search for and select the relevant user or group and click **Select**.
-    1. Select **Review and assign**.
-
-1. Grant the users or groups read access to specific tables in a workspace by calling the `https://management.azure.com/batch?api-version=2020-06-01` POST API and sending the following details in the request body:
-
-    ```json
-    {
-        "requests": [
-            {
-                "content": {
-                    "Id": "<GUID_1>",
-                    "Properties": {
-                        "PrincipalId": "<user_object_ID>",
-                        "PrincipalType": "User",
-                        "RoleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
-                        "Scope": "/subscriptions/<subscription_ID>/resourceGroups/<resource_group_name>/providers/Microsoft.OperationalInsights/workspaces/<workspace_name>/Tables/<table_name>",
-                        "Condition": null,
-                        "ConditionVersion": null
-                    }
-                },
-                "httpMethod": "PUT",
-                "name": "<GUID_2>",
-                "requestHeaderDetails": {
-                    "commandName": "Microsoft_Azure_AD."
-                },
-                "url": "/subscriptions/<subscription_ID>/resourceGroups/<resource_group_name>/providers/Microsoft.OperationalInsights/workspaces/<workspace_name>/Tables/<table_name>/providers/Microsoft.Authorization/roleAssignments/<GUID_1>?api-version=2020-04-01-preview"
-            }
-        ]
-    }
-    ```
-
-    Where:
-    - You can generate a GUID for `<GUID 1>` and `<GUID 2>` using any GUID generator.
-    - `<user_object_ID>` is the object ID of the user to which you want to grant table read access.
-    - `<subscription_ID>` is the ID of the subscription related to the workspace.
-    - `<resource_group_name>` is the resource group of the workspace.
-    - `<workspace_name>` is the name of the workspace.
-    - `<table_name>` is the name of the table to which you want to assign the user or group permission to read data from.
-
-### Legacy method of setting table-level read access
-
-[Azure custom roles](../../role-based-access-control/custom-roles.md) let you grant access to specific tables in the workspace, although we recommend defining [table-level read access](#set-table-level-read-access) as described above. 
-
-Azure custom roles apply to workspaces with either workspace-context or resource-context [access control modes](#access-control-mode) regardless of the user's [access mode](#access-mode).
+[Azure custom roles](../../role-based-access-control/custom-roles.md) let you grant specific users or groups access to specific tables in the workspace. Azure custom roles apply to workspaces with either workspace-context or resource-context [access control modes](#access-control-mode) regardless of the user's [access mode](#access-mode).
 
 To define access to a particular table, create a [custom role](../../role-based-access-control/custom-roles.md):
 
 * Set the user permissions in the **Actions** section of the role definition. 
 * Use `Microsoft.OperationalInsights/workspaces/query/*` to grant access to all tables.
 * To exclude access to specific tables when you use a wildcard in **Actions**, list the tables excluded tables in the **NotActions** section of the role definition.
 
-#### Examples
+### Examples
 
 Here are examples of custom role actions to grant and deny access to specific tables.
 
@@ -434,14 +344,14 @@ Grant access to all tables except the _SecurityAlert_ table:
 ],
 ```
 
-#### Custom tables
+### Custom tables
 
- Custom tables store data you collect from data sources such as [text logs](../agents/data-sources-custom-logs.md) and the [HTTP Data Collector API](data-collector-api.md). To identify the table type, [view table information in Log Analytics](./log-analytics-tutorial.md#view-table-information).
+Custom tables store data you collect from data sources such as [text logs](../agents/data-sources-custom-logs.md) and the [HTTP Data Collector API](data-collector-api.md). To identify the table type, [view table information in Log Analytics](./log-analytics-tutorial.md#view-table-information).
 
 > [!NOTE]
 > Tables created by the [Logs ingestion API](../essentials/../logs/logs-ingestion-api-overview.md) don't yet support table-level RBAC.
 
- You can't grant access to individual custom log tables, but you can grant access to all custom logs. To create a role with access to all custom log tables, create a custom role by using the following actions:
+You can't grant access to individual custom log tables at the table level, but you can grant access to all custom log tables. To create a role with access to all custom log tables, create a custom role by using the following actions:
 
 ```
 "Actions":  [
@@ -457,7 +367,7 @@ Some custom logs come from sources that aren't directly associated to a specific
 
 For example, if a specific firewall is sending custom logs, create a resource group called *MyFireWallLogs*. Make sure that the API requests contain the resource ID of *MyFireWallLogs*. The firewall log records are then accessible only to users who were granted access to *MyFireWallLogs* or those users with full workspace access.
 
-#### Considerations
+### Considerations
 
 - If a user is granted global read permission with the standard Reader or Contributor roles that include the _\*/read_ action, it will override the per-table access control and give them access to all log data.
 - If a user is granted per-table access but no other permissions, they can access log data from the API but not from the Azure portal. To provide access from the Azure portal, use Log Analytics Reader as its base role.