Skip to content

Commit c6a9035

Browse files
authored
Merge pull request #232420 from MicrosoftDocs/repo_sync_working_branch
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
2 parents 58cf305 + 3384843 commit c6a9035

14 files changed

+84
-60
lines changed

articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,13 +91,21 @@ To update certificate user IDs for federated users, configure Azure AD Connect t
9191

9292
### Synchronize X509:\<PN>PrincipalNameValue
9393

94-
To synchronize X509:\<PN>PrincipalNameValue, create an outbound synchronization rule, and choose **Expression** in the flow type. Choose the target attribute as \<certificateUserIds>, and in the source field, add the expression <"X509:\<PN>"&[userPrincipalName]>. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
94+
To synchronize X509:\<PN>PrincipalNameValue, create an outbound synchronization rule, and choose **Expression** in the flow type. Choose the target attribute as **certificateUserIds**, and in the source field, add the following expression. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
95+
96+
```
97+
"X509:\<PN>"&[userPrincipalName]
98+
```
9599

96100
:::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/pnexpression.png" alt-text="Screenshot of how to sync x509.":::
97101

98102
### Synchronize X509:\<RFC822>RFC822Name
99103

100-
To synchronize X509:\<RFC822>RFC822Name, create an outbound synchronization rule, choose **Expression** in the flow type. Choose the target attribute as \<certificateUserIds>, and in the source field, add the expression <"X509:\<RFC822>"&[userPrincipalName]>. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
104+
To synchronize X509:\<RFC822>RFC822Name, create an outbound synchronization rule, choose **Expression** in the flow type. Choose the target attribute as **certificateUserIds**, and in the source field, add the following expression. If your source attribute isn't userPrincipalName, you can change the expression accordingly.
105+
106+
```
107+
"X509:\<RFC822>"&[userPrincipalName]
108+
```
101109

102110
:::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/rfc822expression.png" alt-text="Screenshot of how to sync RFC822Name.":::
103111

@@ -122,11 +130,33 @@ AlternativeSecurityId isn't part of the default attributes. An administrator nee
122130

123131
1. Create an inbound synchronization rule to transform from altSecurityIdentities to alternateSecurityId attribute.
124132

133+
In the inbound rule, use the following options.
134+
135+
|Option | Value |
136+
|-------|-------|
137+
|Name | Descriptive name of the rule, such as: In from AD - altSecurityIdentities |
138+
|Connected System | Your on-premises AD domain |
139+
|Connected System Object Type | user |
140+
|Metaverse Object Type | person |
141+
|Precedence | Choose a random high number not currently used |
142+
143+
Then proceed to the Transformations tab and do a direct mapping of the target attribute of **alternativeSecurityId** to **altSecurityIdentities** as shown below.
144+
125145
:::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/alt-security-identity-inbound.png" alt-text="Screenshot of how to transform from altSecurityIdentities to alternateSecurityId attribute":::
126146

127147
1. Create an outbound synchronization rule to transform from alternateSecurityId attribute to certificateUserIds
128148
alt-security-identity-add.
129149

150+
|Option | Value |
151+
|-------|-------|
152+
|Name | Descriptive name of the rule, such as: Out to AAD - certificateUserIds |
153+
|Connected System | Your Azure AD doamin |
154+
|Connected System Object Type | user |
155+
|Metaverse Object Type | person |
156+
|Precedence | Choose a random high number not currently used |
157+
158+
Then proceed to the Transformations tab and change your FlowType option to *Expression*, the target attribute to **certificateUserIds** and then input the below expression in to the Source field.
159+
130160
:::image type="content" border="true" source="./media/concept-certificate-based-authentication-certificateuserids/alt-security-identity-outbound.png" alt-text="Screenshot of outbound synchronization rule to transform from alternateSecurityId attribute to certificateUserIds":::
131161

132162
To map the pattern supported by certificateUserIds, administrators must use expressions to set the correct value.

articles/active-directory/authentication/howto-authentication-passwordless-security-key.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ Registration features for passwordless authentication methods rely on the combin
4747

4848
1. Sign in to the [Azure portal](https://portal.azure.com).
4949
1. Browse to **Azure Active Directory** > **Security** > **Authentication methods** > **Authentication method policy**.
50-
1. Under the method **FIDO2 Security Key**, click **All users**, or click **Add groups** to select specific groups.
50+
1. Under the method **FIDO2 Security Key**, click **All users**, or click **Add groups** to select specific groups. *Only security groups are supported*.
5151
1. **Save** the configuration.
5252

5353
>[!NOTE]

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

Lines changed: 3 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -98,37 +98,12 @@ If your users are [Having trouble with two-step verification](https://support.mi
9898

9999
### Health check script
100100

101-
The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose option 3.
101+
The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose option **1** to isolate the cause of the potential issue.
102102

103103
### Contact Microsoft support
104104

105105
If you need additional help, contact a support professional through [Azure Multi-Factor Authentication Server support](https://support.microsoft.com/oas/default.aspx?prid=14947). When contacting us, it's helpful if you can include as much information about your issue as possible. Information you can supply includes the page where you saw the error, the specific error code, the specific session ID, the ID of the user who saw the error, and debug logs.
106106

107-
To collect debug logs for support diagnostics, use the following steps on the NPS server:
107+
To collect debug logs for support diagnostics, run the [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) on the NPS server and choose option **4** to collect logs.
108108

109-
1. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **TRUE**
110-
2. Open an Administrator command prompt and run these commands:
111-
112-
```
113-
Mkdir c:\NPS
114-
Cd c:\NPS
115-
netsh trace start Scenario=NetConnection capture=yes tracefile=c:\NPS\nettrace.etl
116-
logman create trace "NPSExtension" -ow -o c:\NPS\NPSExtension.etl -p {7237ED00-E119-430B-AB0F-C63360C8EE81} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets
117-
logman update trace "NPSExtension" -p {EC2E6D3A-C958-4C76-8EA4-0262520886FF} 0xffffffffffffffff 0xff -ets
118-
```
119-
120-
3. Reproduce the issue
121-
122-
4. Stop the tracing with these commands:
123-
124-
```
125-
logman stop "NPSExtension" -ets
126-
netsh trace stop
127-
wevtutil epl AuthNOptCh C:\NPS\%computername%_AuthNOptCh.evtx
128-
wevtutil epl AuthZOptCh C:\NPS\%computername%_AuthZOptCh.evtx
129-
wevtutil epl AuthZAdminCh C:\NPS\%computername%_AuthZAdminCh.evtx
130-
Start .
131-
```
132-
133-
5. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **FALSE**
134-
6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.
109+
At the end, zip the contents of the C:\NPS folder and attach the zipped file to the support case.

articles/active-directory/authentication/howto-mfa-nps-extension.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -326,9 +326,7 @@ You can choose to create this key and set it to *FALSE* while your users are onb
326326

327327
### NPS extension health check script
328328

329-
The following script is available to perform basic health check steps when troubleshooting the NPS extension.
330-
331-
[MFA_NPS_Troubleshooter.ps1](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/)
329+
The [Azure AD MFA NPS Extension health check script](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose one of available options.
332330

333331
### How to fix the error "Service principal was not found" while running `AzureMfaNpsExtnConfigSetup.ps1` script?
334332

articles/active-directory/authentication/howto-mfaserver-deploy.md

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -128,11 +128,10 @@ Now that you have downloaded the server you can install and configure it. Be sur
128128

129129
1. Double-click the executable.
130130
2. On the Select Installation Folder screen, make sure that the folder is correct and click **Next**.
131-
3. Once the installation is complete, click **Finish**. The configuration wizard launches.
132-
4. On the configuration wizard welcome screen, check **Skip using the Authentication Configuration Wizard** and click **Next**. The wizard closes and the server starts.
133-
134-
![Skip using the Authentication Configuration Wizard](./media/howto-mfaserver-deploy/skip2.png)
135-
131+
The following libraries are installed:
132+
* [Visual C++ Redistributable for Visual Studio 2017 (x64)](https://go.microsoft.com/fwlink/?LinkId=746572)
133+
* [Visual C++ Redistributable for Visual Studio 2017 (x86)](https://go.microsoft.com/fwlink/?LinkId=746571)
134+
3. When the installation finishes, select **Finish**. The configuration wizard starts.
136135
5. Back on the page that you downloaded the server from, click the **Generate Activation Credentials** button. Copy this information into the Azure MFA Server in the boxes provided and click **Activate**.
137136

138137
> [!NOTE]
@@ -223,4 +222,4 @@ Once you have upgraded to or installed MFA Server version 8.x or higher, it is r
223222
- Set up and configure the Azure MFA Server with [Active Directory Federation Service](multi-factor-authentication-get-started-adfs.md), [RADIUS Authentication](howto-mfaserver-dir-radius.md), or [LDAP Authentication](howto-mfaserver-dir-ldap.md).
224223
- Set up and configure [Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS](howto-mfaserver-nps-rdg.md).
225224
- [Deploy the Azure Multi-Factor Authentication Server Mobile App Web Service](howto-mfaserver-deploy-mobileapp.md).
226-
- [Advanced scenarios with Azure Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md).
225+
- [Advanced scenarios with Azure Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md).

articles/active-directory/authentication/tutorial-enable-cloud-sync-sspr-writeback.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ With password writeback enabled in Azure AD Connect cloud sync, now verify, and
4747
To verify and enable password writeback in SSPR, complete the following steps:
4848
1. Sign in to the [Azure portal](https://portal.azure.com) using a Global Administrator account.
4949
1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
50-
1. Check the option for **Write back passwords to your on-premises directory** .
50+
1. Check the option for **Enable password write back for synced users** .
5151
1. (optional) If Azure AD Connect provisioning agents are detected, you can additionally check the option for **Write back passwords with Azure AD Connect cloud sync**.
5252
3. Check the option for **Allow users to unlock accounts without resetting their password** to *Yes*.
5353

@@ -68,7 +68,7 @@ If you no longer want to use the SSPR writeback functionality you have configure
6868

6969
1. Sign in to the [Azure portal](https://portal.azure.com).
7070
1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
71-
1. Uncheck the option for **Write back passwords to your on-premises directory**.
71+
1. Uncheck the option for **Enable password write back for synced users**.
7272
1. Uncheck the option for **Write back passwords with Azure AD Connect cloud sync**.
7373
1. Uncheck the option for **Allow users to unlock accounts without resetting their password**.
7474
1. When ready, select **Save**.

articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@ using Microsoft.Identity.Web;
126126
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
127127
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
128128
.EnableTokenAcquisitionToCallDownstreamApi()
129-
.AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
129+
.AddDownstreamApi("MyApi", Configuration.GetSection("GraphBeta"))
130130
.AddInMemoryTokenCaches();
131131
// ...
132132
```
@@ -228,4 +228,4 @@ For more information about the OBO protocol, see the [Microsoft identity platfor
228228
## Next steps
229229

230230
Move on to the next article in this scenario,
231-
[Acquire a token for the app](scenario-web-api-call-api-acquire-token.md).
231+
[Acquire a token for the app](scenario-web-api-call-api-acquire-token.md).

articles/azure-maps/create-data-source-android-sdk.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -769,9 +769,9 @@ A vector tile source describes how to access a vector tile layer. Use the `Vecto
769769

770770
Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
771771

772-
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
773-
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
774-
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
772+
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
773+
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
774+
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
775775
- Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
776776

777777
> [!TIP]

articles/azure-maps/create-data-source-ios-sdk.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -309,9 +309,9 @@ A vector tile source describes how to access a vector tile layer. Use the `Vecto
309309

310310
Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
311311

312-
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
313-
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
314-
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
312+
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
313+
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
314+
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
315315
- Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
316316

317317
> [!TIP]

articles/azure-maps/create-data-source-web-sdk.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,9 +77,9 @@ A vector tile source describes how to access a vector tile layer. Use the [Vecto
7777

7878
Azure Maps adheres to the [Mapbox Vector Tile Specification](https://github.com/mapbox/vector-tile-spec), an open standard. Azure Maps provides the following vector tiles services as part of the platform:
7979

80-
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile) | [data format details](https://developer.tomtom.com/maps-api/maps-api-documentation-vector/tile)
81-
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-incidents/vector-incident-tiles)
82-
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile) | [data format details](https://developer.tomtom.com/traffic-api/traffic-api-documentation-traffic-flow/vector-flow-tiles)
80+
- Road tiles [documentation](/rest/api/maps/render-v2/get-map-tile)
81+
- Traffic incidents [documentation](/rest/api/maps/traffic/gettrafficincidenttile)
82+
- Traffic flow [documentation](/rest/api/maps/traffic/gettrafficflowtile)
8383
- Azure Maps Creator also allows custom vector tiles to be created and accessed through the [Render V2-Get Map Tile API](/rest/api/maps/render-v2/get-map-tile)
8484

8585
> [!TIP]

0 commit comments

Comments
 (0)