Merge pull request #83345 from MicrosoftDocs/repo_sync_working_branch

Resolve syncing conflicts from repo_sync_working_branch to master

Author: ktoliver

.openpublishing.redirection.json

@@ -26616,6 +26616,11 @@
       "redirect_url": "/azure/spatial-anchors/how-tos/create-locate-anchors-unity",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/spring-cloud/how-to-provision-azure-spring-cloud-instance-terraform.md",
+      "redirect_url": "/azure/spring-cloud/quickstart-deploy-infrastructure-vnet-terraform",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/spring-cloud/spring-cloud-vnet-customer-responsibilities.md",
       "redirect_url": "/azure/spring-cloud/vnet-customer-responsibilities",

ISSUE_TEMPLATE

@@ -28,4 +28,4 @@ If you would like to contact Microsoft about other things, such as product feedb
 
 - If you need technical support using Azure, the paid and free support options are described here: https://azure.microsoft.com/support/options/.
 
-- Each article in the Azure technical documentation contains a product feedback button - it's best to submit product feedback directly from a relevant article. Otherwise, you can submit product feedback for most Azure products in the following product feedback forum: https://feedback.azure.com/forums/34192--general-feedback.
+- Each article in the Azure technical documentation contains a product feedback button - it's best to submit product feedback directly from a relevant article. Otherwise, you can submit product feedback for most Azure products in the following product feedback forum: https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4.

articles/active-directory-b2c/TOC.yml

@@ -633,6 +633,7 @@
     href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Frequently asked questions
     href: ./faq.yml
+    displayName: FAQ
   - name: Getting help
     href: ../active-directory/develop/developer-support-help-options.md
   - name: Pricing

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -105,7 +105,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 |[Azure AD B2C](identity-provider-azure-ad-b2c.md) | GA | GA | |
 |[eBay](identity-provider-ebay.md) | NA | Preview | |
 |[Facebook](identity-provider-facebook.md) | GA | GA | |
-|[GitHub](identity-provider-github.md) | GA | GA | |
+|[GitHub](identity-provider-github.md) | Preview | GA | |
 |[Google](identity-provider-google.md) | GA | GA | |
 |[ID.me](identity-provider-id-me.md) | GA | GA | |
 |[LinkedIn](identity-provider-linkedin.md) | GA | GA | |

articles/active-directory-b2c/faq.yml

@@ -149,7 +149,7 @@ sections:
       - question: |
           Can I use my own URLs on my sign-up and sign-in pages that are served by Azure AD B2C? For instance, can I change the URL from contoso.b2clogin.com to login.contoso.com?
         answer: |
-          This feature is available in public preview. For details, see [Azure AD B2C custom domains](./custom-domain.md?pivots=b2c-user-flow).
+          Yes, you can use your own domain. For details, see [Azure AD B2C custom domains](./custom-domain.md?pivots=b2c-user-flow).
           
       - question: |
           How do I delete my Azure AD B2C tenant?

articles/active-directory-domain-services/TOC.yml

@@ -167,6 +167,6 @@
     - name: Pricing
       href: https://azure.microsoft.com/pricing/details/active-directory-ds/
     - name: Azure AD feedback forum
-      href: https://feedback.azure.com/forums/169401-azure-active-directory
+      href: https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
     - name: Use Azure AD Domain Services in Azure CSP subscriptions
       href: csp.md

articles/active-directory-domain-services/delete-aadds.md

@@ -46,5 +46,5 @@ Consider [sharing feedback][feedback] for the features that you would like to se
 If you want to get started with Azure AD DS again, see [Create and configure an Azure Active Directory Domain Services managed domain][create-instance].
 
 <!-- INTERNAL LINKS -->
-[feedback]: https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160593%3fcategory_id%3d160593
-[create-instance]: tutorial-create-instance.md
+[feedback]: https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789?c=5d63b5b7-ae25-ec11-b6e6-000d3a4f0789
+[create-instance]: tutorial-create-instance.md

articles/active-directory/app-provisioning/scim-graph-scenarios.md

@@ -110,9 +110,9 @@ My application creates information about a user that customers need in Azure AD.
 **Recommendation** The Microsoft graph exposes /Users and /Groups endpoints that you can integrate with today to provision users into Azure AD. Please note that Azure Active Directory doesn't support writing those users back into Active Directory. 
 
 > [!NOTE]
-> Microsoft has a provisioning service that pulls in data from HR applications such as Workday and SuccessFactors. These integrations are built and managed by Microsoft. For onboarding a new HR application to our service, you can request it on [UserVoice](https://feedback.azure.com/forums/374982-azure-active-directory-application-requests). 
+> Microsoft has a provisioning service that pulls in data from HR applications such as Workday and SuccessFactors. These integrations are built and managed by Microsoft. For onboarding a new HR application to our service, you can request it on [UserVoice](https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789). 
 
 ## Related articles
 
 - [Review the synchronization Microsoft Graph documentation](/graph/api/resources/synchronization-overview)
-- [Integrating a custom SCIM app with Azure AD](use-scim-to-provision-users-and-groups.md)
+- [Integrating a custom SCIM app with Azure AD](use-scim-to-provision-users-and-groups.md)

articles/active-directory/develop/v2-oauth-ropc.md

@@ -26,7 +26,7 @@ The Microsoft identity platform supports the [OAuth 2.0 Resource Owner Password
 
 > [!IMPORTANT]
 >
-> * The Microsoft identity platform only supports ROPC for Azure AD tenants, not personal accounts. This means that you must use a tenant-specific endpoint (`https://login.microsoftonline.com/{TenantId_or_Name}`) or the `organizations` endpoint.
+> * The Microsoft identity platform only supports ROPC within Azure AD tenants, not personal accounts. This means that you must use a tenant-specific endpoint (`https://login.microsoftonline.com/{TenantId_or_Name}`) or the `organizations` endpoint.
 > * Personal accounts that are invited to an Azure AD tenant can't use ROPC.
 > * Accounts that don't have passwords can't sign in with ROPC, which means features like SMS sign-in, FIDO, and the Authenticator app won't work with that flow. Use a flow other than ROPC if your app or users require these features.
 > * If users need to use [multi-factor authentication (MFA)](../authentication/concept-mfa-howitworks.md) to log in to the application, they will be blocked instead.

articles/active-directory/hybrid/how-to-connect-sync-endpoint-api-v2.md

@@ -31,159 +31,14 @@ Microsoft has deployed a new endpoint (API) for Azure AD Connect that improves t
 > It will not be made available in the Azure German cloud
 
 ## Prerequisites  
-In order to use the new V2 endpoint, you will need to use [Azure AD Connect version 1.5.30.0](https://www.microsoft.com/download/details.aspx?id=47594) or later and follow the deployment steps provided below to enable the V2 endpoint for your Azure AD Connect server.   
-
-## Deployment guidance 
-You will need to deploy [Azure AD Connect version 1.5.30.0](https://www.microsoft.com/download/details.aspx?id=47594) or later to use the V2 endpoint. Use the link provided to download. 
-
-It is recommended that you follow the [swing migration](./how-to-upgrade-previous-version.md#swing-migration) method for rolling out the new endpoint in your environment. This will provide a clear contingency plan in the event, that a major rollback is necessary. The following example illustrates how a swing migration can be used in this scenario. For more information on the swing migration deployment method, refer to the link provided. 
-
-### Swing migration for deploying V2 endpoint
-The following steps will guide you through deploying the v2 endpoint using the swing method.
-
-1. Deploy the V2 endpoint on the current staging server. This server will be known as the **V2 server** in the steps below. The current active server will continue to process the production workload using the V1 endpoint, which will be called the **V1 server** below.
-1. Validate that the **V2 server** is still processing imports as expected. At this stage, large groups will not be provisioned to Azure AD or on-prem AD, but you will be able to verify that the upgrade did not result in any other unexpected impact to the existing synchronization process. 
-2. Once validation is complete, switch the **V2 server** to be the active server and the **V1 server** to be the staging server. At this time, large groups that are in scope to be synced will be provisioned to Azure AD, as well as large Microsoft 365 unified groups will be provisioned to AD, if group writeback is enabled.
-3. Validate that the **V2 server** is performing and processing large groups successfully. You may choose to stay at this step and monitor the synchronization process for a period.
-  >[!NOTE]
-  > If you need to transition back to your previous configuration, you can perform a swing migration from the **V2 server** back to the **V1 server**. Since the V1 endpoint does not support groups with over 50k members, any large group that was provisioned by Azure AD Connect, in either Azure AD or on-prem AD, will be subsequently deleted. 
-4. Once you are confident in using the V2 endpoint, upgrade the **V1 server** to begin using the V2 endpoint. 
- 
-
-## Expectations of performance impact  
-When using the V2 endpoint, performance gains are a function of the number of synced groups, size of those groups, and their group churn (the activity resulting from adding and removing users as members of the group). Using the new endpoint, without increasing the number, size, or churn of the synced groups, should result in shorter times for export and import to Azure AD. 
- 
-However, the performance gains can be negated by the additional processing required when syncing large groups. You could end up increasing the overall sync time by adding a too many large groups to the sync process.  
-
-To gain a better understanding of how the addition of the new groups will impact your sync performance, it is recommended that you start by syncing only a few large groups with less than 100k members. You can then increase the number and size of groups by bringing more of them in scope, through OU, attribute, or max group size filtering. The performance improvements will be realized on the export and import tasks for the Azure AD connector, not the on-premises AD connector. 
-
-## Deployment step by step 
-The following three phases are an in-depth example of deploying the new V2 endpoint.  Use the phases as a guideline for your deployment.
-
-### Phase 1 – install and validate Azure AD Connect 
-It is recommended that you first perform the steps to install or upgrade to [Azure AD Connect version 1.5.30.0](https://www.microsoft.com/download/details.aspx?id=47594) or later and validate the sync process before you go to the second phase where you will enable the V2 endpoint. 
-On the Azure AD Connect server: 
-
-
-1. [Optional] Take database backup 
-2. Install or upgrade to [Azure AD Connect version 1.5.30.0](https://www.microsoft.com/download/details.aspx?id=47594) or later.
-3. Validate the installation 
-
-### Phase 2 – enable the V2 endpoint 
-The next step is to enable the V2 endpoint. 
-
-> [!NOTE]
-> After you have enabled the V2 endpoint for your server you will be able to see some performance improvements for your existing workload. You will not yet be able to sync groups with more that 50K members though. 
-
-To switch to the V2 endpoint, use the following steps: 
-
-1. Open a PowerShell prompt as administrator. 
-2. Disable the sync scheduler after verifying that no synchronization operations are running: 
- 
- `Set-ADSyncScheduler -SyncCycleEnabled $false`
- 
-3. Import the new module: 
- 
- `Import-Module 'C:\Program Files\Microsoft Azure AD Sync\Extensions\AADConnector.psm1'` 
- 
-4.  Switch to the v2 endpoint:
-
- `Set-ADSyncAADConnectorExportApiVersion 2` 
- 
- `Set-ADSyncAADConnectorImportApiVersion 2` 
-
- ![PowerShell](media/how-to-connect-sync-endpoint-api-v2/endpoint1.png)
- 
-You have now enabled the V2 endpoint for your server. Take some time to verify that there are no unexpected results after enabling the V2 endpoint before you move to the next phase where you will increase the group size limit. 
->[!NOTE]
->The file / module paths may use a different drive letter, depending on the installation path provided when installing Azure AD Connect. 
-
-
-### Phase 3 – increase the group membership limit 
-After you have verified that the service is running without unexpected results, you can proceed to raising the group membership limit. It is recommended to first raise the membership limit to a slightly higher value, e g. 75K members, to see the larger groups syncing to Azure AD. Once you are satisfied with the results you can further raise the member limit.  
-
-The maximum limit is 250K members per group. 
-
-The following steps can be used to increase the membership limit:  
-
-1. Open Azure AD Synchronization Rules Editor 
-2. In the editor, choose **Outbound** for Direction 
-3. Click on the **Out to AAD – Group Join** sync rule 
-4. Click the **Edit** button 
- ![Screenshot that shows the "View and manage your synchronization rules" with "Out to AAD - Group Join" selected.](media/how-to-connect-sync-endpoint-api-v2/endpoint2.png)
-
-6. Click the **Yes** button to disable the default rule and create an editable copy.
- ![Screenshot that shows the "Edit Reserved Rule Confirmation" window with the "Yes" button selected.](media/how-to-connect-sync-endpoint-api-v2/endpoint3.png)
-
-7. In the pop-up window on the **Description** page, set the precedence to an available value between 1 and 99
-![Screenshot that shows the "Edit outbound synchronization rule" window with "Precedence" highlighted.](media/how-to-connect-sync-endpoint-api-v2/endpoint4.png)
-
-8. On the **Transformations** page, update the **Source** value for the **member** transformation, replacing ‘50000’ with a value between 50001 and 250000. This replacement will increase the maximum membership size of groups that will sync to Azure AD. We suggest starting with a number of 100k, to understand the impact that syncing large groups will have on your sync performance. 
- 
- **Example** 
- 
- `IIF((ValueCount("member")> 75000),Error("Maximum Group member count exceeded"),IgnoreThisFlow)` 
- 
- ![Edit synch rule](media/how-to-connect-sync-endpoint-api-v2/endpoint5.png)
-
-9. Click Save 
-10. Open admin PowerShell prompt 
-11. Re-enable the Sync Scheduler 
- 
- `Set-ADSyncScheduler -SyncCycleEnabled $true` 
- 
->[!NOTE]
-> If Azure AD Connect Health is not enabled, change the Windows application event log settings to archive the logs, instead of overwriting them. The logs may be used to assist in future troubleshooting efforts. 
-
->[!NOTE]
-> After enabling the new endpoint, you may see additional export errors on the AAD connector with name ‘dn-attributes-failure’. There will be a corresponding event log entry for each error with id 6949. The errors are informational and do not indicate a problem with your installation, but rather that the sync process could not add certain members to a group in Azure AD because the member object itself was not synced to Azure AD. 
-
-The new V2 endpoint code handles some types of export errors slightly different from how the V1 code did.  You may see more of the informational error messages when you use the V2 endpoint. 
-
->[!NOTE]
-> When upgrading Azure AD Connect, ensure that the steps in Phase 2 are rerun, as the changes are not preserved through the upgrade process. 
-
-During subsequent increases to the group member limit in the **Out to AAD – Group Join** sync rule, a full sync is not necessary, so you can elect to suppress the full sync by running the following command in PowerShell. 
-
- `Set-ADSyncSchedulerConnectorOverride -FullSyncRequired $false -ConnectorName "<AAD Connector Name>" `
- 
->[!NOTE]
-> If you have Microsoft 365 unified groups that have more than 50k members, the groups will be read into Azure AD Connect, and if group writeback is enabled, they will be written to your on-premises AD. 
-
-## Rollback 
-If you have enabled the v2 endpoint and need to rollback, follow these steps: 
-
-1. On the Azure AD Connect server: 
-    a. [Optional] Take database backup 
-2. Open an admin PowerShell prompt:
-3. Disable the sync scheduler after verifying that no synchronization operations are running
- 
- `Set-ADSyncScheduler -SyncCycleEnabled $false`
-
-4. Switch to the V1 endpoint * 
- 
- `Import-Module 'C:\Program Files\Microsoft Azure AD Sync\Extensions\AADConnector.psm1'` 
-
- `Set-ADSyncAADConnectorExportApiVersion 1`
-
- `Set-ADSyncAADConnectorImportApiVersion 1`
- 
-5. Open Azure AD Synchronization Rules Editor 
-6. Delete the editable copy of the **Out to AAD – Group Join** sync rule 
-7. Enable the default copy of the **Out to AAD – Group Join** sync rule 
-8. Open an admin PowerShell prompt 
-9. Re-enable the Sync Scheduler 
- 
- `Set-ADSyncScheduler -SyncCycleEnabled $true`
- 
->[!NOTE]
-> When switching back from the V2 to V1 endpoints, groups synced with more than 50k members will be deleted after a full sync is run, for both AD groups provisioned to Azure AD and Microsoft 365 unified groups provisioned to AD. 
+In order to use the new V2 endpoint, you will need to use Azure AD Connect v2.0. When you deploy AADConnect V2.0, the V2 endpoint will be automatically enabled.
+Note that support for the V2 endpoint is no longer available for V1.x versions. If you need to sync groups with more than 50K members you need to upgrade to Azure AD Connect V2.0.
 
 ## Frequently asked questions  
 
 **When will the new end point become the default for upgrades and new installations?**  
-</br>We are planning a new release of AADConnect to be published for download in February 2021. This release will use the V2 end point by default and will enable syncing groups larger than 50K without any additional configuration. This release will subsequently be published for auto upgrade to eligible servers.
- 
+The V2 endpoint is the default setting for AADConnect V2.0 and is not supported for AADConnect V1.x
+
 ## Next steps
 
 * [Azure AD Connect sync: Understand and customize synchronization](how-to-connect-sync-whatis.md)