Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory/devices/manage-device-identities.md

@@ -118,6 +118,8 @@ In this preview, you have the ability to infinitely scroll, reorder columns, and
 - Join type (Azure AD joined, Hybrid Azure AD joined, Azure AD registered)
 - Activity timestamp
 - OS Type and Version
+   - Windows is displayed for Windows 11 and Windows 10 devices (with KB5006738).
+   - Windows Server is displayed for [supported versions managed with Microsoft Defender for Endpoint](/mem/intune/protect/mde-security-integration#supported-platforms).
 - Device type (printer, secure VM, shared device, registered device)
 - MDM
 - Autopilot

articles/active-directory/enterprise-users/domains-verify-custom-subdomain.md

@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 
 After a root domain is added to Azure Active Directory (Azure AD), part of Microsoft Entra, all subsequent subdomains added to that root in your Azure AD organization automatically inherit the authentication setting from the root domain. However, if you want to manage domain authentication settings independently from the root domain settings, you can now with the Microsoft Graph API. For example, if you have a federated root domain such as contoso.com, this article can help you verify a subdomain such as child.contoso.com as managed instead of federated.
 
-In the Azure portal, when the parent domain is federated and the admin tries to verify a managed subdomain on the **Custom domain names** page, you'll get a 'Failed to add domain' error with the reason "One or more properties contains invalid values." If you try to add this subdomain from the Microsoft 365 admin center, you will receive a similar error. For more information about the error, see [A child domain doesn't inherit parent domain changes in Office 365, Azure, or Intune](/office365/troubleshoot/administration/child-domain-fails-inherit-parent-domain-changes).
+In the Azure portal, when the parent domain is federated and the admin tries to verify a managed subdomain on the **Custom domain names** page, you'll get a 'Failed to add domain' error with the reason "One or more properties contains invalid values." If you try to add this subdomain from the Microsoft 365 admin center, you'll receive a similar error. For more information about the error, see [A child domain doesn't inherit parent domain changes in Office 365, Azure, or Intune](/office365/troubleshoot/administration/child-domain-fails-inherit-parent-domain-changes).
 
 Because subdomains inherit the authentication type of the root domain by default, you must promote the subdomain to a root domain in Azure AD using the Microsoft Graph so you can set the authentication type to your desired type.
 
@@ -31,6 +31,11 @@ Because subdomains inherit the authentication type of the root domain by default
 1. Use PowerShell to add the new subdomain, which has its root domain's default authentication type. The Azure AD and Microsoft 365 admin centers don't yet support this operation.
 
    ```powershell
+   Connect-MgGraph -Scopes "Domain.ReadWrite.All"
+    $param = @{
+      id="test.contoso.com"
+      AuthenticationType="Federated"  
+     }
    New-MsolDomain -Name "child.mydomain.com" -Authentication Federated
    ```
 
@@ -73,16 +78,16 @@ POST https://graph.microsoft.com/v1.0/{tenant-id}/domains/foo.contoso.com/promot
 
 Scenario | Method | Code | Message
 -------- | ------ | ---- | -------
-Invoking API with a subdomain whose parent domain is unverified | POST | 400 | Unverified domains cannot be promoted. Please verify the domain before promotion.
-Invoking API with a federated verified subdomain with user references | POST | 400 | Promoting a subdomain with user references is not allowed. Please migrate the users to the current root domain before promotion of the subdomain.
+Invoking API with a subdomain whose parent domain is unverified | POST | 400 | Unverified domains can't be promoted. Please verify the domain before promotion.
+Invoking API with a federated verified subdomain with user references | POST | 400 | Promoting a subdomain with user references isn't allowed. Please migrate the users to the current root domain before promotion of the subdomain.
 
 
 ### Change the subdomain authentication type
 
 1. Use the following command to change the subdomain authentication type:
 
    ```powershell
-   Set-MsolDomainAuthentication -DomainName child.mydomain.com -Authentication Managed
+   Update-MgDomain -DomainId "test.contoso.com" -BodyParameter @{AuthenticationType="Managed"}
    ```
 
 1. Verify via GET in Microsoft Graph API that subdomain authentication type is now managed:

articles/active-directory/enterprise-users/groups-restore-deleted.md

@@ -16,17 +16,17 @@ ms.collection: M365-identity-device-management
 ---
 # Restore a deleted Microsoft 365 group in Azure Active Directory
 
-When you delete a Microsoft 365 group in Azure Active Directory (Azure AD), part of Microsoft Entra, the deleted group is retained but not visible for 30 days from the deletion date. This behavior is so that the group and its contents can be restored if needed. This functionality is restricted exclusively to Microsoft 365 groups in Azure AD. It is not available for security groups and distribution groups. Please note that the 30-day group restoration period is not customizable.
+When you delete a Microsoft 365 group in Azure Active Directory (Azure AD), part of Microsoft Entra, the deleted group is retained but not visible for 30 days from the deletion date. This behavior is so that the group and its contents can be restored if needed. This functionality is restricted exclusively to Microsoft 365 groups in Azure AD. It isn't available for security groups and distribution groups. Please note that the 30-day group restoration period isn't customizable.
 
 > [!NOTE]
-> Don't use `Remove-MsolGroup` because it purges the group permanently. Always use `Remove-AzureADMSGroup` to delete a Microsoft 365 group.
+> Don't use `Remove-MsolGroup` because it purges the group permanently. Always use `Remove-MgBetaGroup` to delete a Microsoft 365 group.
 
 The permissions required to restore a group can be any of the following:
 
 Role | Permissions
 --------- | ---------
-Global administrator, Group administrator, Partner Tier2 support, and Intune administrator | Can restore any deleted Microsoft 365 group
-User administrator and Partner Tier1 support | Can restore any deleted Microsoft 365 group except those groups assigned to the Global Administrator role
+Global administrator, Group administrator, Partner Tier 2 support, and Intune administrator | Can restore any deleted Microsoft 365 group
+User administrator and Partner Tier 1 support | Can restore any deleted Microsoft 365 group except those groups assigned to the Global Administrator role
 User | Can restore any deleted Microsoft 365 group that they own
 
 ## View and manage the deleted Microsoft 365 groups that are available to restore
@@ -46,19 +46,21 @@ User | Can restore any deleted Microsoft 365 group that they own
 
 ## View the deleted Microsoft 365 groups that are available to restore using PowerShell
 
-The following cmdlets can be used to view the deleted groups to verify that the one or ones you're interested in have not yet been permanently purged. These cmdlets are part of the [Azure AD PowerShell module](https://www.powershellgallery.com/packages/AzureAD/). More information about this module can be found in the [Azure Active Directory PowerShell Version 2](/powershell/azure/active-directory/install-adv2) article.
+The following cmdlets can be used to view the deleted groups to verify that the one or ones you're interested in haven't yet been permanently purged. These cmdlets are part of the [Microsoft Graph PowerShell module](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true). More information about this module can be found in the [Microsoft Graph PowerShell overview](/powershell/microsoftgraph/overview?view=graph-powershell-1.0&preserve-view=true) article.
 
-1.  Run the following cmdlet to display all deleted Microsoft 365 groups in your Azure AD organization that are still available to restore.
+1.  Run the following cmdlet to display all deleted Microsoft 365 groups in your Azure AD organization that are still available to restore. Please install the [Graph](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true) beta version if it isn't already installed on the machine.
 
 
     ```powershell
-    Get-AzureADMSDeletedGroup
+    Install-Module Microsoft.Graph.Beta
+    Connect-MgGraph -Scopes "Group.ReadWrite.All"
+    Get-MgBetaDirectoryDeletedGroup
     ```
 
-2.  Alternately, if you know the objectID of a specific group (and you can get it from the cmdlet in step 1), run the following cmdlet to verify that the specific deleted group has not yet been permanently purged.
+2.  Alternately, if you know the objectID of a specific group (and you can get it from the cmdlet in step 1), run the following cmdlet to verify that the specific deleted group hasn't yet been permanently purged.
 
-    ```
-    Get-AzureADMSDeletedGroup –Id <objectId>
+    ```powershell
+    Get-MgBetaDirectoryDeletedGroup -DirectoryObjectId <objectId>
     ```
 
 ## How to restore your deleted Microsoft 365 group using 
@@ -68,25 +70,25 @@ Once you have verified that the group is still available to restore, restore the
 1. Run the following cmdlet to restore the group and its contents.
  
 
-   ```
-    Restore-AzureADMSDeletedDirectoryObject –Id <objectId>
+   ```powershell    
+    Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId <objectId>
     ``` 
 
 2. Alternatively, the following cmdlet can be run to permanently remove the deleted group.
     
 
-    ```
-    Remove-AzureADMSDeletedDirectoryObject –Id <objectId>
+    ```powershell
+    Remove-MgBetaDirectoryDeletedItem -DirectoryObjectId <objectId>
     ```
 
 ## How do you know this worked?
 
-To verify that you’ve successfully restored a Microsoft 365 group, run the `Get-AzureADGroup –ObjectId <objectId>` cmdlet to display information about the group. After the restore request is completed:
+To verify that you’ve successfully restored a Microsoft 365 group, run the `Get-MgBetaGroup –GroupId <objectId>` cmdlet to display information about the group. After the restore request is completed:
 
 - The group appears in the Left navigation bar on Exchange
 - The plan for the group will appear in Planner
 - Any SharePoint sites and all of their contents will be available
-- The group can be accessed from any of the Exchange endpoints and other Microsoft365 workloads that support Microsoft 365 groups
+- The group can be accessed from any of the Exchange endpoints and other Microsoft 365 workloads that support Microsoft 365 groups
 
 ## Next steps
 

articles/active-directory/enterprise-users/groups-troubleshooting.md

@@ -21,19 +21,32 @@ This article contains troubleshooting information for groups in Azure Active Dir
 ## Troubleshooting group creation issues
 
 **I disabled security group creation in the Azure portal but groups can still be created via PowerShell**  
-The **User can create security groups in Azure portals** setting in the Azure portal controls whether or not non-admin users can create security groups in the Access panel or the Azure portal. It does not control security group creation via PowerShell.
+The **User can create security groups in Azure portals** setting in the Azure portal controls whether or not nonadmin users can create security groups in the Access panel or the Azure portal. It does not control security group creation via PowerShell.
 
-To disable group creation for non-admin users in PowerShell:
-1. Verify that non-admin users are allowed to create groups:
+To disable group creation for nonadmin users in PowerShell:
+1. Verify that nonadmin users are allowed to create groups:
 
    ```powershell
-   Get-MsolCompanyInformation | Format-List UsersPermissionToCreateGroupsEnabled
+   Get-MgBetaDirectorySetting | select -ExpandProperty values
    ```
 
-2. If it returns `UsersPermissionToCreateGroupsEnabled : True`, then non-admin users can create groups. To disable this feature:
+2. If it returns `EnableGroupCreation : True`, then nonadmin users can create groups. To disable this feature:
 
    ```powershell
-   Set-MsolCompanySettings -UsersPermissionToCreateGroupsEnabled $False
+    Install-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
+    Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
+    $params = @{
+	TemplateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
+	Values = @(		
+		@{
+			Name = "EnableGroupCreation"
+			Value = "false"
+		}		
+	)
+    }
+    Connect-MgGraph -Scopes "Directory.ReadWrite.All"
+    New-MgBetaDirectorySetting -BodyParameter $params
+    
    ```
 
 **I received a max groups allowed error when trying to create a Dynamic Group in PowerShell**  
@@ -46,7 +59,7 @@ To create any new Dynamic groups, you'll first need to delete some existing Dyna
 **I configured a rule on a group but no memberships get updated in the group**  
 1. Verify the values for user or device attributes in the rule. Ensure there are users that satisfy the rule.
 For devices, check the device properties to ensure any synced attributes contain the expected values.  
-2. Check the membership processing status to confirm if it is complete. You can check the [membership processing status](groups-create-rule.md#check-processing-status-for-a-rule) and the last updated date on the **Overview** page for the group.
+2. Check the membership processing status to confirm if it's complete. You can check the [membership processing status](groups-create-rule.md#check-processing-status-for-a-rule) and the last updated date on the **Overview** page for the group.
 
 If everything looks good, please allow some time for the group to populate. Depending on the size of your Azure AD organization, the group may take up to 24 hours for populating for the first time or after a rule change.
 
@@ -57,15 +70,15 @@ This is expected behavior. Existing members of the group are removed when a rule
 Dedicated membership evaluation is done periodically in an asynchronous background process. How long the process takes is determined by the number of users in your directory and the size of the group created as a result of the rule. Typically, directories with small numbers of users will see the group membership changes in less than a few minutes. Directories with a large number of users can take 30 minutes or longer to populate.
 
 **How can I force the group to be processed now?**  
-Currently, there is no way to automatically trigger the group to be processed on demand. However, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end.
+Currently, there's no way to automatically trigger the group to be processed on demand. However, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end.
 
 **I encountered a rule processing error**  
 The following table lists common dynamic membership rule errors and how to correct them.
 
 | Rule parser error | Error usage | Corrected usage |
 | --- | --- | --- |
 | Error: Attribute not supported. |(user.invalidProperty -eq "Value") |(user.department -eq "value")<br/><br/>Make sure the attribute is on the [supported properties list](groups-dynamic-membership.md#supported-properties). |
-| Error: Operator is not supported on attribute. |(user.accountEnabled -contains true) |(user.accountEnabled -eq true)<br/><br/>The operator used is not supported for the property type (in this example, -contains cannot be used on type boolean). Use the correct operators for the property type. |
+| Error: Operator isn't supported on attribute. |(user.accountEnabled -contains true) |(user.accountEnabled -eq true)<br/><br/>The operator used isn't supported for the property type (in this example, -contains can't be used on type boolean). Use the correct operators for the property type. |
 | Error: Query compilation error. | 1. (user.department -eq "Sales") (user.department -eq "Marketing")<br>2. (user.userPrincipalName -match "\*@domain.ext") | 1. Missing operator. Use -and or -or to join predicates<br>(user.department -eq "Sales") -or (user.department -eq "Marketing")<br>2. Error in regular expression used with -match<br>(user.userPrincipalName -match ".\*@domain.ext")<br>or alternatively: (user.userPrincipalName -match "@domain.ext$") |
 
 ## Next steps

articles/active-directory/enterprise-users/users-bulk-add.md

@@ -91,7 +91,7 @@ Next, you can check to see that the users you created exist in the Azure AD orga
 Run the following command:
 
 ``` PowerShell
-Get-AzureADUser -Filter "UserType eq 'Member'"
+Get-MgUser -Filter "UserType eq 'Member'"
 ```
 
 You should see that the users that you created are listed.

articles/active-directory/enterprise-users/users-bulk-delete.md

@@ -71,7 +71,7 @@ Next, you can check to see that the users you deleted exist in the Azure AD orga
 Run the following command:
 
 ``` PowerShell
-Get-AzureADUser -Filter "UserType eq 'Member'"
+Get-MgUser -Filter "UserType eq 'Member'"
 ```
 
 Verify that the users that you deleted are no longer listed.

articles/active-directory/identity-protection/media/overview-identity-protection/identity-protection-overview.png

@@ -124,7 +124,7 @@ For steps on how to edit your rule, see the following [Edit dynamic membership r
       "displayName": "Windows Devices",
       "description": "All Contoso devices running Windows",
       "membershipType": "Dynamic",
-      "membershipRule": "(device.deviceOSType -eq \"Windows\")",
+      "membershipRule": "(deviceOSType -eq 'Windows')",
       "membershipRuleProcessingState": "On"
     }
     ```