Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into migration

Author: fauhse

articles/active-directory/develop/msal-net-use-brokers-with-xamarin-apps.md

@@ -180,7 +180,7 @@ The portal has a new experience app registration portal to help you compute the
 
 MSAL.NET only support the Xamarin.iOS platform at the moment. It doesn't yet support brokers for the Xamarin.Android platform.
 
-The MSAL Android native library already supports it. For details see [Brokered auth in Android](https://docs.microsoft.com/azure/active-directory/develop/brokered-auth.md)
+The MSAL Android native library already supports it. For details see [Brokered auth in Android](brokered-auth.md)
 
 ## Next steps
 

articles/active-directory/governance/entitlement-management-access-package-assignments.md

@@ -75,6 +75,24 @@ In some cases, you might want to directly assign specific users to an access pac
 
     After a few moments, click **Refresh** to see the users in the Assignments list.
 
+## Remove an assignment
+
+**Prerequisite role:** Global administrator, User administrator, Catalog owner, or Access package manager
+
+1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
+
+1. In the left menu, click **Access packages** and then open the access package.
+
+1. In the left menu, click **Assignments**.
+ 
+1. Click the check box next to the user whose assignment you want to remove from the access package. 
+
+1. Click the **Remove** button near the top of the left pane. 
+ 
+    ![Assignments - Remove user from access package](./media/entitlement-management-access-package-assignments/remove-assignment-select-remove-assignment.png)
+
+    A notification will appear informing you that the assignment has been removed. 
+
 ## Next steps
 
 - [Change request and settings for an access package](entitlement-management-access-package-request-policy.md)

articles/active-directory/governance/entitlement-management-request-access.md

@@ -79,6 +79,30 @@ If you request access to an access package that has multiple policies that apply
 
 ![My Access portal - Request access - multiple policies](./media/entitlement-management-request-access/my-access-multiple-policies.png)
 
+## Resubmit a request
+
+When you request access to an access package, your request might be denied or your request might expire if approvers don't respond in time. If you need access, you can try again and resubmit your request. The following procedure explains how to resubmit an access request:
+
+**Prerequisite role:** Requestor
+
+1. Sign in to the **My Access** portal.
+
+1. Click **Request history** from the navigation menu to the left.
+
+1. Find the access package for which you are resubmitting a request.
+
+1. Click the check mark to select the access package.
+
+1. Click the blue **View** link to the right of the selected access package.
+    
+    ![Select access package and view link](./media/entitlement-management-request-access/resubmit-request-select-request-and-view.png)
+
+    A pane will open to the right with the request history for the access package.
+    
+    ![Select resubmit button](./media/entitlement-management-request-access/resubmit-request-select-resubmit.png)
+
+1. Click the **Resubmit** button at the bottom of the pane.
+
 ## Cancel a request
 
 If you submit an access request and the request is still in the **pending approval** state, you can cancel the request.

articles/active-directory/governance/media/entitlement-management-access-package-assignments/remove-assignment-select-remove-assignment.png

@@ -81,4 +81,4 @@ If provisioning is being enabled for the first time for an application, turn on
 
 Change the **Provisioning Status** to **Off**  to pause the provisioning service. In this state, Azure doesn't create, update, or remove any user or group objects in the app. Change the state back to **On** and the service picks up where it left off.
 
-**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. This should not be used to trigger a delete or disable request as these events can be dropped when triggering a clear state and restart. The initial cycle also takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here.](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-when-will-provisioning-finish-specific-user). 
+**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here.](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-when-will-provisioning-finish-specific-user). 

articles/active-directory/governance/media/entitlement-management-request-access/requestor-resubmit-request-button.png

@@ -181,7 +181,7 @@ This role is available for assignment only as an additional local administrator
 
 Users in this role can read basic directory information. This role should be used for:
 * Granting a specific set of guest users read access instead of granting it to all guest users.
-* Granting a specific set of non-admin users access to Azure Portal when “Restrict access to Azure AD portal to admins only” is set to “Yes”.
+* Granting a specific set of non-admin users access to Azure portal when “Restrict access to Azure AD portal to admins only” is set to “Yes”.
 * Granting service principals access to directory where Directory.Read.All is not an option.
 
 ### [Directory Synchronization Accounts](#directory-synchronization-accounts-permissions)
@@ -234,7 +234,7 @@ Users in this role can read settings and administrative information across Micro
 >- [Azure AD portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/) - Global reader can't read the provisioning mode of an enterprise app.
 >- [M365 admin center](https://admin.microsoft.com/Adminportal/Home#/homepage) - Global reader can't read customer lockbox requests. You won't find the **Customer lockbox requests** tab under **Support** in the left pane of M365 Admin Center.
 >- [M365 Security center](https://security.microsoft.com/homepage) - Global reader can't read sensitivity and retention labels. You won't find **Sensitivity labels**, **Retention labels**, and **Label analytics** tabs in the left pane of the M365 Security center.
->- [Office Security & Compliance Center](https://protection.microsoft.com) - Global reader can't read SCC audit logs or do content search.
+>- [Office Security & Compliance Center](https://sip.protection.office.com/homepage) - Global reader can't read SCC audit logs or do content search.
 >- [Teams admin center](https://admin.teams.microsoft.com) - Global reader cannot read **Teams lifecycle**, **Analytics & reports**, **IP phone device management** and **App catalog**.
 >- [Privileged Access Management (PAM)](https://docs.microsoft.com/office365/securitycompliance/privileged-access-management-overview) doesn't support the Global reader role.
 >- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) - Global reader is supported [for central reporting](https://docs.microsoft.com/azure/information-protection/reports-aip) only, and when your Azure AD organization isn't on the [unified labeling platform](https://docs.microsoft.com/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform).
@@ -244,7 +244,7 @@ Users in this role can read settings and administrative information across Micro
 
 ### [Group Administrator](#group-administrator)
 
-Users in this role can create/manage groups and its settings like naming and expiration policies. It is important to understand that assigning a user to this role gives them the ability to manage all groups in the tenant across various workloads like Teams, SharePoint, Yammer in addition to Outlook. Also the user will be able to manage the various groups settings across various admin portals like Microsoft Admin Center, Azure Portal, as well as workload specific ones like Teams and SharePoint Admin Centers.
+Users in this role can create/manage groups and its settings like naming and expiration policies. It is important to understand that assigning a user to this role gives them the ability to manage all groups in the tenant across various workloads like Teams, SharePoint, Yammer in addition to Outlook. Also the user will be able to manage the various groups settings across various admin portals like Microsoft Admin Center, Azure portal, as well as workload specific ones like Teams and SharePoint Admin Centers.
 
 ### [Guest Inviter](#guest-inviter-permissions)