Merge pull request #225281 from MicrosoftDocs/main

1/26 PM Publish

Author: huypub

articles/active-directory-b2c/partner-gallery.md

@@ -45,6 +45,7 @@ Microsoft partners with the following ISVs for MFA and Passwordless authenticati
 |:-------------------------|:--------------|
 | ![Screenshot of a asignio logo](./media/partner-gallery/asignio-logo.png) | [Asignio](./partner-asignio.md) is a passwordless, soft biometric, and MFA solution. Asignio uses a combination of the patented Asignio Signature and live facial verification for user authentication. The changeable biometric signature eliminates passwords, fraud, phishing, and credential reuse through omni-channel authentication. |
 | ![Screenshot of a bloksec logo](./media/partner-gallery/bloksec-logo.png) | [BlokSec](./partner-bloksec.md) is a passwordless authentication and tokenless MFA solution, which provides real-time consent-based services and protects customers against identity-centric cyber-attacks such as password stuffing, phishing, and man-in-the-middle attacks. |
+| ![Screenshot of a grit biometric authentication logo.](./media/partner-gallery/grit-logo.png) | [Grit biometric authentication](./partner-grit-authentication.md) provides users the option to sign in using finger print, face ID or [Windows Hello](https://support.microsoft.com/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0) for enhanced security. 
 | ![Screenshot of a haventec logo](./media/partner-gallery/haventec-logo.png) | [Haventec](./partner-haventec.md) is a passwordless authentication provider, which provides decentralized identity platform that eliminates passwords, shared secrets, and friction. |
 | ![Screenshot of a hypr logo](./media/partner-gallery/hypr-logo.png) | [Hypr](./partner-hypr.md) is a passwordless authentication provider, which replaces passwords with public key encryptions eliminating fraud, phishing, and credential reuse. |
 | ![Screenshot of a idemia logo](./media/partner-gallery/idemia-logo.png) | [IDEMIA](./partner-idemia.md) is a passwordless authentication provider, which provides real-time consent-based services with biometric authentication like faceID and fingerprinting eliminating fraud and credential reuse. |
@@ -111,7 +112,7 @@ Microsoft partners with the following ISVs for tools that can help with implemen
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
 | ![Screenshot of a grit ief editor logo.](./media/partner-gallery/grit-logo.png) | [Grit Visual Identity Experience Framework Editor](./partner-grit-editor.md) provides a low code/no code experience for developers to create sophisticated authentication user journeys. The tool comes with integrated debugger and templates for the most used scenarios.|
-| ![Screenshot of a grit biometric authentication logo.](./media/partner-gallery/grit-logo.png) | [Grit biometric authentication](./partner-grit-authentication.md) provides users the option to sign in using finger print, face ID or [Windows Hello](https://support.microsoft.com/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0) for enhanced security. 
+
 
 ## Additional information
 

articles/active-directory/cloud-sync/TOC.yml

@@ -72,6 +72,8 @@
       href: how-to-gmsa-cmdlets.md
     - name: How to map usertype with cloud sync
       href: how-to-map-usertype.md
+    - name: Azure AD cloud sync insights workbook
+      href: how-to-cloud-sync-workbook.md
   - name: Develop
     items:
     - name: Transformations

articles/active-directory/cloud-sync/custom-attribute-mapping.md

@@ -30,14 +30,14 @@ For additional information on directory extensions see [Using directory extensio
  
 ## Syncing directory extensions for Azure Active Directory Connect cloud sync 
 
-You can use [directory extensions](https://learn.microsoft.com/graph/api/resources/extensionproperty?view=graph-rest-1.0) to extend the synchronization schema directory definition in Azure Active Directory (Azure AD) with your own attributes. 
+You can use [directory extensions](/graph/api/resources/extensionproperty?view=graph-rest-1.0&preserve-view=true) to extend the synchronization schema directory definition in Azure Active Directory (Azure AD) with your own attributes. 
 
 >[!Important]
 > Directory extension for Azure Active Directory Connect cloud sync is only supported for applications with the identifier URI “api://<tenantId>/CloudSyncCustomExtensionsApp” and the [Tenant Schema Extension App](../hybrid/how-to-connect-sync-feature-directory-extensions.md#configuration-changes-in-azure-ad-made-by-the-wizard) created by Azure AD Connect 
 
 ### Create application and service principal for directory extension 
 
-You need to create an [application](https://learn.microsoft.com/graph/api/resources/application?view=graph-rest-1.0) with the identifier URI "api://<tenantId>/CloudSyncCustomExtensionsApp" if it doesn't exist and create a service principal for the application if it doesn't exist. 
+You need to create an [application](/graph/api/resources/application?view=graph-rest-1.0&preserve-view=true) with the identifier URI "api://<tenantId>/CloudSyncCustomExtensionsApp" if it doesn't exist and create a service principal for the application if it doesn't exist. 
 
 
  1. Check if application with the identifier URI "api://<tenantId>/CloudSyncCustomExtensionsApp" exists. 
@@ -48,15 +48,15 @@ You need to create an [application](https://learn.microsoft.com/graph/api/resour
      GET /applications?$filter=identifierUris/any(uri:uri eq 'api://<tenantId>/CloudSyncCustomExtensionsApp')
      ```
 
-     For more information, see [Get application](https://learn.microsoft.com/graph/api/application-get?view=graph-rest-1.0&tabs=http)
+     For more information, see [Get application](/graph/api/application-get?view=graph-rest-1.0&tabs=http&preserve-view=true)
 
      - Using PowerShell 
      
      ```
      Get-AzureADApplication -Filter "identifierUris/any(uri:uri eq 'api://<tenantId>/CloudSyncCustomExtensionsApp')"
      ```
 
-     For more information, see [Get-AzureADApplication](https://learn.microsoft.com/powershell/module/azuread/get-azureadapplication?view=azureadps-2.0)
+     For more information, see [Get-AzureADApplication](/powershell/module/azuread/get-azureadapplication?view=azureadps-2.0&preserve-view=true)
 
  2. If the application doesn't exist, create the application with identifier URI “api://&LT;tenantId&GT;/CloudSyncCustomExtensionsApp.”
 
@@ -70,13 +70,13 @@ You need to create an [application](https://learn.microsoft.com/graph/api/resour
       "identifierUris": ["api://<tenant id>/CloudSyncCustomExtensionsApp"]
      }
      ```
-     For more information, see [create application](https://learn.microsoft.com/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http)
+     For more information, see [create application](/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http&preserve-view=true)
 
      - Using PowerShell 
      ```
      New-AzureADApplication -DisplayName "CloudSyncCustomExtensionsApp" -IdentifierUris "api://<tenant id>/CloudSyncCustomExtensionsApp"
      ```
-     For more information, see [New-AzureADApplication](https://learn.microsoft.com/powershell/module/azuread/new-azureadapplication?view=azureadps-2.0)
+     For more information, see [New-AzureADApplication](/powershell/module/azuread/new-azureadapplication?view=azureadps-2.0&preserve-view=true)
 
  
 
@@ -86,13 +86,13 @@ You need to create an [application](https://learn.microsoft.com/graph/api/resour
      ```
      GET /servicePrincipals?$filter=(appId eq '{appId}')
      ```
-     For more information, see [get service principal](https://learn.microsoft.com/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http)
+     For more information, see [get service principal](/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http&preserve-view=true)
 
      - Using PowerShell 
      ```
      Get-AzureADServicePrincipal -ObjectId  '<application objectid>'
      ```
-     For more information, see [Get-AzureADServicePrincipal](https://learn.microsoft.com/powershell/module/azuread/get-azureadserviceprincipal?view=azureadps-2.0)
+     For more information, see [Get-AzureADServicePrincipal](/powershell/module/azuread/get-azureadserviceprincipal?view=azureadps-2.0&preserve-view=true&preserve-view=true)
  
 
  4. If a service principal doesn't exist, create a new service principal for the application with identifier URI “api://&LT;tenantId&GT;/CloudSyncCustomExtensionsApp”
@@ -107,31 +107,31 @@ You need to create an [application](https://learn.microsoft.com/graph/api/resour
      "<application appId>"
      }
      ```
-     For more information, see [create servicePrincipal](https://learn.microsoft.com/graph/api/serviceprincipal-post-serviceprincipals?view=graph-rest-1.0&tabs=http)
+     For more information, see [create servicePrincipal](/graph/api/serviceprincipal-post-serviceprincipals?view=graph-rest-1.0&tabs=http&preserve-view=true)
 
      - Using PowerShell 
      
      ```
      New-AzureADServicePrincipal -AppId '<appId>'
      ```
-     For more information, see [New-AzureADServicePrincipal](https://learn.microsoft.com/powershell/module/azuread/new-azureadserviceprincipal?view=azureadps-2.0)
+     For more information, see [New-AzureADServicePrincipal](/powershell/module/azuread/new-azureadserviceprincipal?view=azureadps-2.0&preserve-view=true)
  
  5. You can create directory extensions in Azure AD in several different ways. 
 
 |Method|Description|URL|
 |-----|-----|-----|
-|MS Graph|Create extensions using GRAPH|[Create extensionProperty](https://learn.microsoft.com/graph/api/application-post-extensionproperty?view=graph-rest-1.0&tabs=http)|
-|PowerShell|Create extensions using PowerShell|[New-AzureADApplicationExtensionProperty](https://learn.microsoft.com/powershell/module/azuread/new-azureadapplicationextensionproperty?view=azureadps-2.0)| 
-Using Cloud Sync and Azure AD Connect|Create extensions using Azure AD Connect|[Create an extension attribute using Azure AD Connect](https://learn.microsoft.com/azure/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping#create-an-extension-attribute-using-azure-ad-connect)|
-|Customizing attributes to sync|Information on customizing which attributes to synch|[Customize which attributes to synchronize with Azure AD](https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions#customize-which-attributes-to-synchronize-with-azure-ad)
+|MS Graph|Create extensions using GRAPH|[Create extensionProperty](/graph/api/application-post-extensionproperty?view=graph-rest-1.0&tabs=http&preserve-view=true)|
+|PowerShell|Create extensions using PowerShell|[New-AzureADApplicationExtensionProperty](/powershell/module/azuread/new-azureadapplicationextensionproperty?view=azureadps-2.0&preserve-view=true)| 
+Using Cloud Sync and Azure AD Connect|Create extensions using Azure AD Connect|[Create an extension attribute using Azure AD Connect](../app-provisioning/user-provisioning-sync-attributes-for-mapping.md#create-an-extension-attribute-using-azure-ad-connect)|
+|Customizing attributes to sync|Information on customizing which attributes to synch|[Customize which attributes to synchronize with Azure AD](../hybrid/how-to-connect-sync-feature-directory-extensions.md#customize-which-attributes-to-synchronize-with-azure-ad)
 
 ## Use attribute mapping to map Directory Extensions
 If you have extended Active Directory to include custom attributes, you can add these attributes and map them to users.  
 
 To discover and map attributes, click **Add attribute mapping**.  The attributes will automatically be discovered and will be available in the drop-down under **source attribute**.  Fill in the type of mapping you want and click **Apply**.
  [![Custom attribute mapping](media/custom-attribute-mapping/schema-1.png)](media/custom-attribute-mapping/schema-1.png#lightbox)
 
-For information on new attributes that are added and updated in Azure AD see the [user resource type](https://docs.microsoft.com/graph/api/resources/user?view=graph-rest-1.0#properties) and consider subscribing to [change notifications](https://docs.microsoft.com/graph/webhooks).
+For information on new attributes that are added and updated in Azure AD see the [user resource type](/graph/api/resources/user?view=graph-rest-1.0#properties&preserve-view=true) and consider subscribing to [change notifications](/graph/webhooks).
 
 For more information on extension attributes, see [Syncing extension attributes for Azure Active Directory Application Provisioning](../app-provisioning/user-provisioning-sync-attributes-for-mapping.md)
 

articles/active-directory/cloud-sync/how-to-cloud-sync-workbook.md

@@ -0,0 +1,95 @@
+---
+title: 'Azure AD cloud sync insights workbook'
+description: This article describes the Azure Monitor workbook for cloud sync.
+services: active-directory
+author: billmath
+manager: amycolannino
+ms.service: active-directory
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 01/26/2023
+ms.subservice: hybrid
+ms.author: billmath
+ms.collection: M365-identity-device-management
+---
+
+
+
+# Azure AD cloud sync insights workbook
+The Cloud sync workbook provides a flexible canvas for data analysis. The workbook allows you to create rich visual reports within the Azure portal. To learn more, see Azure Monitor Workbooks overview.
+
+This workbook is intended for Hybrid Identity Admins who use cloud sync to sync users from AD to Azure AD.  It allows admins to gain insights into sync status and details.
+
+The workbook can be accessed by select **Insights** on the left hand side of the cloud sync page.
+
+
+ :::image type="content" source="media/how-to-cloud-sync-workbook/workbook-1.png" alt-text="Screenshot of the cloud sync workbook." lightbox="media/how-to-cloud-sync-workbook/workbook-1.png":::
+
+>[!NOTE]
+>The Insights node is available at both the all configurations level and the individual configuration level.  To view information on individual configurations select the Job Id for the configuration.
+
+This workbook:
+
+- Provides a synchronization summary of users and groups synchronized from AD to Azure AD
+- Provides a detailed view of information captured by the cloud sync provisioning logs.
+- Allows you to customize the data to tailor it to your specific needs
+
+
+
+|Field|Description|
+|-----|-----|
+|Date|The range that you want to view data on.|
+|Status|View the provisioning status such as Success or Skipped.|
+|Action|View the provisioning actions taken such as Create or Delete.|
+|Job Id|Allows you to target specific Job Ids.  This can be used to see individual configuration data if you have multiple configurations.|
+|SyncType|Filter by type of synchronization such as object or password.|
+
+
+## Enabling provisioning logs
+
+You should already be familiar with Azure monitoring and Log Analytics. If not, jump over to learn about them and then come back to learn about application provisioning logs. To learn more about Azure monitoring, see [Azure Monitor overview](../../azure-monitor/overview.md). To learn more about Azure Monitor logs and Log Analytics, see [Overview of log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md) and [Provisioning Logs for troubleshooting cloud sync](how-to-troubleshoot.md).
+
+## Sync summary  
+The sync summary section provides a summary of your organizations synchronization activities.  These activities include:
+   - Sync actions per day by action
+   - Sync actions per day by status
+   - Unique sync count by status
+   - Recent sync errors
+
+
+
+ :::image type="content" source="media/how-to-cloud-sync-workbook/workbook-2.png" alt-text="Screenshot of the cloud sync summary." lightbox="media/how-to-cloud-sync-workbook/workbook-2.png":::
+
+
+## Sync details
+The sync details tab allows you to drill into the synchronization data and get more information.  This information includes:
+   - Objects sync by status
+   - Sync log details
+ 
+ :::image type="content" source="media/how-to-cloud-sync-workbook/workbook-3.png" alt-text="Screenshot of the cloud sync details." lightbox="media/how-to-cloud-sync-workbook/workbook-3.png":::
+
+You can further drill in to the sync log details for additional information.
+
+  :::image type="content" source="media/how-to-cloud-sync-workbook/workbook-4.png" alt-text="Screenshot of the log details." lightbox="media/how-to-cloud-sync-workbook/workbook-4.png":::
+
+## Job Id
+A Job Id will be created for each configuration when it runs and is populated with data.  You can look at individual configuration based on Job Id.   
+
+
+
+## Custom queries
+
+You can create custom queries and show the data on Azure dashboards. To learn how, see [Create and share dashboards of Log Analytics data](../../azure-monitor/logs/get-started-queries.md). Also, be sure to check out [Overview of log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).
+
+## Custom alerts
+
+Azure Monitor lets you configure custom alerts so that you can get notified about key events related to Provisioning. For example, you might want to receive an alert on spikes in failures. Or perhaps spikes in disables or deletes. Another example of where you might want to be alerted is a lack of any provisioning, which indicates something is wrong.
+
+To learn more about alerts, see [Azure Monitor Log Alerts](../../azure-monitor/alerts/alerts-log.md).
+
+## Next steps 
+
+- [What is provisioning?](what-is-provisioning.md)
+- [What is Azure AD Connect cloud sync?](what-is-cloud-sync.md)
+- [Known limitations](how-to-prerequisites.md#known-limitations)
+- [Error codes](reference-error-codes.md)

articles/active-directory/cloud-sync/media/how-to-cloud-sync-workbook/workbook-1.png

@@ -12,6 +12,7 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 11/11/2021
 ms.author: davidmu
+ms.reviewer: jeedes
 ---
 
 # Configure the role claim issued in the SAML token for enterprise applications

articles/active-directory/cloud-sync/media/how-to-cloud-sync-workbook/workbook-2.png

@@ -11,6 +11,7 @@ ms.topic: how-to
 ms.date: 12/19/2022
 ms.author: davidmu
 ms.custom: aaddev
+ms.reviewer: rahulnagraj, alamaral
 ---
 
 # Customize claims issued in the JSON web token (JWT) for enterprise applications (Preview)