Merge pull request #183346 from MicrosoftDocs/master

12/20 AM Publish

Author: huypub

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md",
+            "redirect_url": "/azure/sentinel/iot-solution",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/device-builders/quickstart-building-the-defender-micro-agent-from-source.md",
             "redirect_url": "/azure/defender-for-iot/device-builders/overview",

.openpublishing.redirection.json

@@ -2398,6 +2398,11 @@
       "redirect_url": "/azure/aks/kubernetes-portal",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/aks/egress.md",
+      "redirect_url": "/azure/aks/load-balancer-standard",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/analysis-services/analysis-services-create-model-portal.md",
       "redirect_url": "/azure/analysis-services/analysis-services-overview",

articles/active-directory/app-provisioning/known-issues.md

@@ -91,6 +91,10 @@ When a group is in scope and a member is out of scope, the group will be provisi
 
 If a user and their manager are both in scope for provisioning, the service provisions the user and then updates the manager. If on day one the user is in scope and the manager is out of scope, we'll provision the user without the manager reference. When the manager comes into scope, the manager reference won't be updated until you restart provisioning and cause the service to reevaluate all the users again. 
 
+#### Global reader
+
+The global reader role is unable to read the provisioning configuration. Please create a custom role with the `microsoft.directory/applications/synchronization/standard/read` permission in order to read the provisioning configuration from the Azure Portal. 
+
 ## On-premises application provisioning
 The following information is a current list of known limitations with the Azure AD ECMA Connector Host and on-premises application provisioning.
 

articles/active-directory/develop/publisher-verification-overview.md

@@ -36,7 +36,8 @@ Publisher verification provides the following benefits:
 - **Smoother enterprise adoption**- admins can configure [user consent policies](../manage-apps/configure-user-consent.md), with publisher verification status as one of the primary policy criteria.
 
 > [!NOTE]
-> Starting in November 2020, end-users will no longer be able to grant consent to most newly registered multi-tenant apps without verified publishers if [risk-based step-up consent](../manage-apps/configure-risk-based-step-up-consent.md) is enabled. This will apply to apps that are registered after November 8th 2020, use OAuth2.0 to request permissions beyond basic sign-in and read user profile, and request consent from users in different tenants than the one the app is registered in. A warning will be displayed on the consent screen informing users that these apps are risky and are from unverified publishers.    
+> - Starting in November 2020, end users will no longer be able to grant consent to most newly registered multi-tenant apps without verified publishers if [risk-based step-up consent](../manage-apps/configure-risk-based-step-up-consent.md) is enabled. This will apply to apps that are registered after November 8, 2020, use OAuth2.0 to request permissions beyond basic sign-in and read user profile, and request consent from users in different tenants than the one the app is registered in. A warning will be displayed on the consent screen informing users that these apps are risky and are from unverified publishers.    
+> - Publisher verification is not supported in national clouds. Applications registered in national cloud tenants can't be publisher-verified at this time.
 
 ## Requirements
 There are a few pre-requisites for publisher verification, some of which will have already been completed by many Microsoft partners. They are: 
@@ -74,4 +75,4 @@ Below are some frequently asked questions regarding the publisher verification p
 
 ## Next steps
 * Learn how to [mark an app as publisher verified](mark-app-as-publisher-verified.md).
-* [Troubleshoot](troubleshoot-publisher-verification.md) publisher verification.
+* [Troubleshoot](troubleshoot-publisher-verification.md) publisher verification.

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

@@ -14,7 +14,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 12/02/2021
+ms.date: 12/20/2021
 ms.author: markvi
 ms.reviewer: arvinh
 
@@ -296,6 +296,7 @@ Use the following table to better understand how to resolve errors that you find
 |ImportSkipped | When each user is evaluated, the system tries to import the user from the source system. This error commonly occurs when the user who's being imported is missing the matching property defined in your attribute mappings. Without a value present on the user object for the matching attribute, the system can't evaluate scoping, matching, or export changes. Note that the presence of this error does not indicate that the user is in scope, because you haven't yet evaluated scoping for the user.|
 |EntrySynchronizationSkipped | The provisioning service has successfully queried the source system and identified the user. No further action was taken on the user and they were skipped. The user might have been out of scope, or the user might have already existed in the target system with no further changes required.|
 |SystemForCrossDomainIdentityManagementMultipleEntriesInResponse| A GET request to retrieve a user or group received multiple users or groups in the response. The system expects to receive only one user or group in the response. [For example](../app-provisioning/use-scim-to-provision-users-and-groups.md#get-group), if you do a GET request to retrieve a group and provide a filter to exclude members, and your System for Cross-Domain Identity Management (SCIM) endpoint returns the members, you'll get this error.|
+|SystemForCrossDomainIdentityManagementServiceIncompatible|The Azure AD provisioning service is unable to parse the response from the third party application. Please work with the application developer to ensure that the SCIM server is compatible with the [Azure AD SCIM client](https://docs.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#understand-the-aad-scim-implementation).|
 
 ## Next steps
 

articles/active-directory/saas-apps/asana-tutorial.md

@@ -78,6 +78,9 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
     b. In the **Identifier (Entity ID)** text box, type the URL:
     `https://app.asana.com/`
+    
+    c. In the **Reply URL (Assertion Consumer Service URL)** text box, type the URL:
+    `https://app.asana.com/-/saml/consume`
 
 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
 

articles/advisor/resource-graph-samples.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Resource Graph sample queries for Azure Advisor
 description: Sample Azure Resource Graph queries for Azure Advisor showing use of resource types and tables to access Azure Advisor related resources and properties.
-ms.date: 10/12/2021
+ms.date: 12/20/2021
 ms.topic: sample
 ms.custom: subject-resourcegraph-sample
 ---

articles/aks/TOC.yml

@@ -328,8 +328,6 @@
               href: limit-egress-traffic.md
             - name: Use a user defined route for egress
               href: egress-outboundtype.md
-            - name: Use a basic load balancer and static IP address
-              href: egress.md
             - name: Managed NAT Gateway (preview)
               href: nat-gateway.md              
         - name: Customize CoreDNS

articles/aks/egress.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS)
 description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources.
-ms.date: 09/17/2021
+ms.date: 12/17/2021
 ms.topic: sample
 ms.service: container-service
 ms.custom: subject-policy-compliancecontrols