Merge pull request #249623 from MicrosoftDocs/main

Publish to live, Tuesday 4 AM PST, 8/29

Author: ttorble

articles/active-directory/app-provisioning/toc.yml

@@ -35,7 +35,7 @@ items:
         href: on-premises-web-services-connector.md
       - name: Provisioning with custom connectors
         href: on-premises-custom-connector.md
-      - name: Provisioning to SAP ECC 7.0
+      - name: Provisioning to SAP ECC (formerly SAP R/3)
         href: on-premises-sap-connector-configure.md
     - name: API-driven inbound provisioning tutorials
       items:

articles/active-directory/develop/test-setup-environment.md

@@ -65,16 +65,15 @@ You can [manually create a tenant](quickstart-create-new-tenant.md), which will
 
 For convenience, you may want to invite yourself and other members of your development team to be guest users in the tenant. This will create separate guest objects in the test tenant, but means you only have to manage one set of credentials for your corporate account and your test account.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Users**.
-3. Click on **New guest user** and invite your work account email address.
-4. Repeat for other members of the development and/or testing team for your application.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Invite external user** and invite your work account email address.
+1. Repeat for other members of the development and/or testing team for your application.
 
 You can also create test users in your test tenant. If you used one of the Microsoft 365 sample packs, you may already have some test users in your tenant. If not, you should be able to create some yourself as the tenant administrator.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select on **Azure Active Directory**.
-2. Go to **Users**.
-3. Click **New user** and create some new test users in your directory.
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Create new user** and create some new test users in your directory.
 
 ### Get an Azure AD subscription (optional)
 
@@ -96,26 +95,22 @@ Replicating Conditional Access policies ensures you don't encounter unexpected b
 
 Viewing your production tenant Conditional Access policies may need to be performed by a company administrator.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using your production tenant account.
 1. Go to **Azure Active Directory** > **Enterprise applications** > **Conditional Access**.
 1. View the list of policies in your tenant. Click the first one.
 1. Navigate to **Cloud apps or actions**.
 1. If the policy only applies to a select group of apps, then move on to the next policy. If not, then it will likely apply to your app as well when you move to production. You should copy the policy over to your test tenant.
 
 In a new tab or browser session, sign in to the [Azure portal](https://portal.azure.com) to access your test tenant.
 
-1. Go to **Azure Active Directory** > **Enterprise applications** > **Conditional Access**.
-1. Click on **New policy**
+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **Conditional Access**.
+1. Select **Create new policy**
 1. Copy the settings from the production tenant policy, identified through the previous steps.
 
 #### Permission grant policies
 
 Replicating permission grant policies ensures you don't encounter unexpected prompts for admin consent when moving to production.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using your production tenant account.
-1. Click on **Azure Active Directory**.
-1. Go to **Enterprise applications**.
-1. From your production tenant, go to **Azure Active Directory** > **Enterprise applications** > **Consent and permissions** > **User consent** settings. Copy the settings there to your test tenant.
+Browse to **Identity** > **Applications** > **Enterprise applications** > **Consent and permissions** > **User consent** settings. Copy the settings there to your test tenant.
 
 #### Token lifetime policies
 
@@ -134,20 +129,18 @@ You'll need to create an app registration to use in your test environment. This
 
 You'll need to create some test users with associated test data to use while testing your scenarios. This step might need to be performed by an admin.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Users**.
-3. Select **New user** and create some new test users in your directory.
+1. Browse to **Identity** > **Users** > **All users**.
+1. Select **New user** > **Create new user** and create some new test users in your directory.
 
 ### Add the test users to a group (optional)
 
 For convenience, you can assign all these users to a group, which makes other assignment operations easier.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Go to **Groups**.
-3. Click **New group**.
-4. Select either **Security** or **Microsoft 365** for group type.
-5. Name your group.
-6. Add the test users created in the previous step.
+1. Browse to **Identity** > **Groups** > **All groups**.
+1. Select **New group**.
+1. Select either **Security** or **Microsoft 365** for group type.
+1. Name your group.
+1. Add the test users created in the previous step.
 
 ### Restrict your test application to specific users
 

articles/active-directory/governance/create-lifecycle-workflow.md

@@ -19,28 +19,24 @@ Lifecycle workflows allow for tasks associated with the lifecycle process to be
 - **Tasks**: Actions taken when a workflow is triggered.
 - **Execution conditions**: The who and when of a workflow. These conditions define which users (scope) this workflow should run against, and when (trigger) the workflow should run.
 
-You can create and customize workflows for common scenarios by using templates, or you can build a workflow from scratch without using a template. Currently, if you use the Azure portal, any workflow that you create must be based on a template. If you want to create a workflow without using a template, use Microsoft Graph.
+You can create and customize workflows for common scenarios by using templates, or you can build a workflow from scratch without using a template. Currently, if you use the Microsoft Entra admin center, any workflow that you create must be based on a template. If you want to create a workflow without using a template, use Microsoft Graph.
 
 ## Prerequisites
 
 [!INCLUDE [Microsoft Entra ID Governance license](../../../includes/active-directory-entra-governance-license.md)]
 
 
-## Create a lifecycle workflow by using a template in the Azure portal
+## Create a lifecycle workflow by using a template in the Microsoft Entra admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-If you're using the Azure portal to create a workflow, you can customize existing templates to meet your organization's needs. These templates include one for pre-hire common scenarios.
 
-To create a workflow based on a template:
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
+If you're using the Microsoft Entra admin center to create a workflow, you can customize existing templates to meet your organization's needs. These templates include one for pre-hire common scenarios.
 
-1. Select **Azure Active Directory** > **Identity Governance**.
+To create a workflow based on a template:
 
-1. On the left menu, select **Lifecycle Workflows**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 
-1. Select **Workflows**.
+1. Browse to **Identity governance** > **Lifecycle workflows** > **Create a workflow**.
 
 1. On the **Choose a workflow** page, select the workflow template that you want to use.
 

articles/active-directory/governance/manage-workflow-properties.md

@@ -28,13 +28,11 @@ You can update the following basic information without creating a new workflow.
 
 If you change any other parameters, a new version is required to be created as outlined in the [Managing workflow versions](manage-workflow-tasks.md) article.
 
-If done via the Azure portal, the new version is created automatically. If done using Microsoft Graph, you must manually create a new version of the workflow.  For more information, see [Edit the properties of a workflow using Microsoft Graph](#edit-the-properties-of-a-workflow-using-microsoft-graph).
+If done via the Microsoft Entra Admin center, the new version is created automatically. If done using Microsoft Graph, you must manually create a new version of the workflow.  For more information, see [Edit the properties of a workflow using Microsoft Graph](#edit-the-properties-of-a-workflow-using-microsoft-graph).
 
-## Edit the properties of a workflow using the Azure portal
+## Edit the properties of a workflow using the Microsoft Entra Admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-To edit the properties of a workflow using the Azure portal, you do the following steps:
+To edit the properties of a workflow using the Microsoft Entra admin center, you do the following steps:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 

articles/active-directory/governance/manage-workflow-tasks.md

@@ -16,15 +16,12 @@ ms.custom: template-how-to
 
 Workflows created with Lifecycle Workflows are able to grow and change with the needs of your organization. Workflows exist as versions from creation. When making changes to other than basic information, you create a new version of the workflow. For more information, see  [Manage a workflow's properties](manage-workflow-properties.md).
 
-Changing a workflow's tasks or execution conditions requires the creation of a new version of that workflow. Tasks within workflows can be added, reordered, and removed at will. Updating a workflow's tasks or execution conditions within the Azure portal will trigger the creation of a new version of the workflow automatically. Making these updates in Microsoft Graph will require the new workflow version to be created manually.
+Changing a workflow's tasks or execution conditions requires the creation of a new version of that workflow. Tasks within workflows can be added, reordered, and removed at will. Updating a workflow's tasks or execution conditions within the Microsoft Entra admin center will trigger the creation of a new version of the workflow automatically. Making these updates in Microsoft Graph will require the new workflow version to be created manually.
 
 
-## Edit the tasks of a workflow using the Azure portal
+## Edit the tasks of a workflow using the Microsoft Entra admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-
-Tasks within workflows can be added, edited, reordered, and removed at will. To edit the tasks of a workflow using the Azure portal, you complete the following steps:
+Tasks within workflows can be added, edited, reordered, and removed at will. To edit the tasks of a workflow using the Microsoft Entra admin center, you complete the following steps:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../roles/permissions-reference.md#lifecycle-workflows-administrator).
 
@@ -45,9 +42,9 @@ Tasks within workflows can be added, edited, reordered, and removed at will. To
 1. After making changes, select **save** to capture changes to the tasks.
 
 
-## Edit the execution conditions of a workflow using the Azure portal
+## Edit the execution conditions of a workflow using the Microsoft Entra admin center
 
-To edit the execution conditions of a workflow using the Azure portal, you do the following steps:
+To edit the execution conditions of a workflow using the Microsoft Entra admin center, you do the following steps:
 
 
 1. On the left menu of Lifecycle Workflows, select **Workflows**.
@@ -66,7 +63,7 @@ To edit the execution conditions of a workflow using the Azure portal, you do th
 1. After making changes, select **save** to capture changes to the execution conditions.
 
 
-## See versions of a workflow using the Azure portal
+## See versions of a workflow using the Microsoft Entra admin center
 
 1. On the left menu of Lifecycle Workflows, select **Workflows**.
 

articles/active-directory/governance/on-demand-workflow.md

@@ -18,11 +18,9 @@ ms.custom: template-how-to
 Scheduled workflows by default run every 3 hours, but can also run on-demand so that they can be applied to specific users whenever you see fit. A workflow can be run on demand for any user, and doesn't take into account whether or not a user meets the workflow's execution conditions. Running a workflow on-demand allows you to test workflows before their scheduled run. This testing, on a set of users up to 10 at a time, allows you to see how a workflow will run before it processes a larger set of users. Testing your workflow before their scheduled runs helps you proactively solve potential lifecycle issues more quickly.
 
 
-## Run a workflow on-demand in the Azure portal
+## Run a workflow on-demand in the Microsoft Entra admin center
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-Use the following steps to run a workflow on-demand.
+Use the following steps to run a workflow on-demand:
 
 >[!NOTE]
 >To be run on demand, the  workflow must be enabled.

articles/active-directory/governance/trigger-custom-task.md

@@ -25,7 +25,7 @@ Lifecycle Workflows can be used to trigger custom tasks via an extension to Azur
 For more information about Lifecycle Workflows extensibility, see: [Workflow Extensibility](lifecycle-workflow-extensibility.md).
 
 
-## Create a custom task extension using the Azure portal
+## Create a custom task extension using the Microsoft Entra admin center
 
 To use a custom task extension in your workflow, first a custom task extension must be created to be linked with an Azure Logic App. You're able to create a Logic App at the same time you're creating a custom task extension. To do this, you complete these steps:
 

articles/active-directory/governance/understanding-lifecycle-workflows.md

@@ -61,7 +61,7 @@ A workflow can be broken down into the following three main parts:
 
 ## Templates
 
-Creating a workflow via the Azure portal requires the use of a template. A Lifecycle Workflow template is a framework that is used for predefined tasks, and helps automate the creation of a workflow.  
+Creating a workflow via the Microsoft Entra admin center requires the use of a template. A Lifecycle Workflow template is a framework that is used for predefined tasks, and helps automate the creation of a workflow.  
 
   [![Understanding workflow template diagram.](media/understanding-lifecycle-workflows/workflow-3.png)](media/understanding-lifecycle-workflows/workflow-3.png#lightbox)
 
@@ -116,7 +116,7 @@ The **My Feed** section of the workflow overview contains a quick peek into when
 The **Quick Action** section allows you to quickly take action with your workflow. These quick actions can either be making the workflow do something, or used for history or editing purposes. The following actions you can take are:
 
 - Run on Demand: Allows you to quickly run the workflow on demand. For more information on this process, see: [Run a workflow on-demand](on-demand-workflow.md)
-- Edit tasks: Allows you to add, delete, edit, or reorder tasks within the workflow. For more information on this process, see: [Edit the tasks of a workflow using the Azure portal](manage-workflow-tasks.md#edit-the-tasks-of-a-workflow-using-the-azure-portal)
+- Edit tasks: Allows you to add, delete, edit, or reorder tasks within the workflow. For more information on this process, see: [Edit the tasks of a workflow using the MicrosoftEntra admin center](manage-workflow-tasks.md#edit-the-tasks-of-a-workflow-using-the-microsoft-entra-admin-center)
 - View Workflow History: Allows you to view the history of the workflow. For more information on the three history perspectives, see: [Lifecycle Workflows history](lifecycle-workflow-history.md)
 
 Actions taken from the overview of a workflow allow you to quickly complete tasks, which can normally be done via the manage section of a workflow.
@@ -147,7 +147,7 @@ The offset determines how many days before or after the time-based attribute the
 
 
 > [!NOTE]
-> The offsetInDays value in the Azure portal is shown as *Days from event*. When you schedule a workflow to run, this value is used as the baseline for who a workflow will run. Currently there is a 3 day window in processing scheduled workflows. For example, if you schedule a workflow to run for users who joined 7 days ago, a user who meets the execution conditions for the workflow, but joined between 7 to 10 days ago would have the workflow ran for them.
+> The offsetInDays value in the Microsoft Entra admin center is shown as *Days from event*. When you schedule a workflow to run, this value is used as the baseline for who a workflow will run. Currently there is a 3 day window in processing scheduled workflows. For example, if you schedule a workflow to run for users who joined 7 days ago, a user who meets the execution conditions for the workflow, but joined between 7 to 10 days ago would have the workflow ran for them.
 
 ## Configure scope
 
@@ -205,5 +205,5 @@ For more information, see: [Lifecycle Workflows Versioning](lifecycle-workflow-v
 
 
 ## Next steps
-- [Create a custom workflow using the Azure portal](tutorial-onboard-custom-workflow-portal.md)
+- [Create a custom workflow using the Microsoft Entra admin center](tutorial-onboard-custom-workflow-portal.md)
 - [Create a Lifecycle workflow](create-lifecycle-workflow.md)

articles/active-directory/manage-apps/certificate-signing-options.md

@@ -1,14 +1,14 @@
 ---
 title: Advanced certificate signing options in a SAML token
-description: Learn how to use advanced certificate signing options in the SAML token for pre-integrated apps in Azure Active Directory
+description: Learn how to use advanced certificate signing options in the SAML token for preintegrated apps in Azure Active Directory
 services: active-directory
 author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/21/2022
+ms.date: 07/18/2023
 ms.author: jomondi
 ms.reviewer: saumadan
 ms.custom: aaddev, enterprise-apps
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 
 # Advanced certificate signing options in a SAML token
 
-Today Azure Active Directory (Azure AD) supports thousands of pre-integrated applications in the Azure Active Directory App Gallery. Over 500 of the applications support single sign-on by using the [Security Assertion Markup Language](https://wikipedia.org/wiki/Security_Assertion_Markup_Language) (SAML) 2.0 protocol, such as the [NetSuite](https://azuremarketplace.microsoft.com/marketplace/apps/aad.netsuite) application. When a customer authenticates to an application through Azure AD by using SAML, Azure AD sends a token to the application (via an HTTP POST). The application then validates and uses the token to sign in the customer instead of prompting for a username and password. These SAML tokens are signed with the unique certificate that's generated in Azure AD and by specific standard algorithms.
+Today Azure Active Directory (Azure AD) supports thousands of preintegrated applications in the Azure Active Directory App Gallery. Over 500 of the applications support single sign-on by using the [Security Assertion Markup Language](https://wikipedia.org/wiki/Security_Assertion_Markup_Language) (SAML) 2.0 protocol, such as the [NetSuite](https://azuremarketplace.microsoft.com/marketplace/apps/aad.netsuite) application. When a customer authenticates to an application through Azure AD by using SAML, Azure AD sends a token to the application (via an HTTP POST). The application then validates and uses the token to sign in the customer instead of prompting for a username and password. These SAML tokens are signed with the unique certificate that's generated in Azure AD and by specific standard algorithms.
 
 Azure AD uses some of the default settings for the gallery applications. The default values are set up based on the application's requirements.