Skip to content

Commit d619c64

Browse files
committed
Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into egridmetrics0307
2 parents 0b222fa + 11eba76 commit d619c64

File tree

178 files changed

+2530
-1501
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

178 files changed

+2530
-1501
lines changed

.openpublishing.redirection.azure-monitor.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,11 @@
3535
"redirect_url": "/azure/azure-monitor/change/change-analysis",
3636
"redirect_document_id": false
3737
},
38+
{
39+
"source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
40+
"redirect_url": "/azure/azure-monitor/app/app-insights-overview",
41+
"redirect_document_id": false
42+
},
3843
{
3944
"source_path_from_root": "/articles/azure-monitor/app/resource-manager-web-app.md",
4045
"redirect_url": "/previous-versions/azure/azure-monitor/app/resource-manager-web-app",

.openpublishing.redirection.json

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6313,16 +6313,6 @@
63136313
"redirect_url": "/azure/architecture/service-fabric/migrate-from-cloud-services",
63146314
"redirect_document_id": false
63156315
},
6316-
{
6317-
"source_path_from_root": "/articles/batch/batch-custom-image-pools-to-azure-compute-gallery-migration-guide.md",
6318-
"redirect_url": "/azure/batch",
6319-
"redirect_document_id": false
6320-
},
6321-
{
6322-
"source_path_from_root": "/articles/batch/batch-pools-to-simplified-compute-node-communication-model-migration-guide.md",
6323-
"redirect_url": "/azure/batch",
6324-
"redirect_document_id": false
6325-
},
63266316
{
63276317
"source_path_from_root": "/articles/batch/big-compute-resources.md",
63286318
"redirect_url": "/azure/architecture/topics/high-performance-computing/",

.openpublishing.redirection.virtual-desktop.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,11 @@
169169
"source_path_from_root": "/articles/virtual-desktop/deploy-windows-server-virtual-machine.md",
170170
"redirect_url": "/azure/virtual-desktop/add-session-hosts-host-pool",
171171
"redirect_document_id": false
172+
},
173+
{
174+
"source_path_from_root": "/articles/virtual-desktop/environment-setup.md",
175+
"redirect_url": "/azure/virtual-desktop/terminology",
176+
"redirect_document_id": false
172177
}
173178
]
174179
}

articles/active-directory-domain-services/concepts-custom-attributes.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
title: Create and manage custom attributes for Azure AD Domain Services | Microsoft Docs
33
description: Learn how to create and manage custom attributes in an Azure AD DS managed domain.
44
services: active-directory-ds
5-
author: justinha
5+
author: AlexCesarini
66
manager: amycolannino
77

88
ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
99
ms.service: active-directory
1010
ms.subservice: domain-services
1111
ms.workload: identity
1212
ms.topic: how-to
13-
ms.date: 03/06/2023
13+
ms.date: 03/07/2023
1414
ms.author: justinha
1515

1616
---
@@ -44,7 +44,7 @@ After you create a managed domain, click **Custom Attributes (Preview)** under *
4444

4545
## Enable predefined attribute synchronization
4646

47-
Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1.0).
47+
Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes).
4848

4949
## Synchronize Azure AD directory extension attributes
5050

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: app-provisioning
99
ms.workload: identity
1010
ms.topic: tutorial
11-
ms.date: 02/28/2023
11+
ms.date: 03/07/2023
1212
ms.author: kenwith
1313
ms.reviewer: arvinh
1414
---
@@ -195,7 +195,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
195195
* Don't require a case-sensitive match on structural elements in SCIM, in particular **PATCH** `op` operation values, as defined in [section 3.5.2](https://tools.ietf.org/html/rfc7644#section-3.5.2). Azure AD emits the values of `op` as **Add**, **Replace**, and **Remove**.
196196
* Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com).
197197
* Support HTTPS on your SCIM endpoint.
198-
* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
198+
* Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Name/value attributes can be mapped to easily, but flowing data to complex attributes with three or more sub-attributes isn't supported.
199199
* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
200200
* The header for all the responses should be of content-Type: application/scim+json
201201

@@ -914,7 +914,7 @@ TLS 1.2 Cipher Suites minimum bar:
914914

915915
### IP Ranges
916916

917-
The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You'll need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
917+
The Azure AD provisioning service currently operates under the IP Ranges for AzureActiveDirectory as listed [here](https://www.microsoft.com/download/details.aspx?id=56519&WT.mc_id=rss_alldownloads_all). You can add the IP ranges listed under the AzureActiveDirectory tag to allow traffic from the Azure AD provisioning service into your application. You need to review the IP range list carefully for computed addresses. An address such as '40.126.25.32' could be represented in the IP range list as '40.126.0.0/18'. You can also programmatically retrieve the IP range list using the following [API](/rest/api/virtualnetwork/servicetags/list).
918918

919919
Azure AD also supports an agent based solution to provide connectivity to applications in private networks (on-premises, hosted in Azure, hosted in AWS, etc.). Customers can deploy a lightweight agent, which provides connectivity to Azure AD without opening any inbound ports, on a server in their private network. Learn more [here](./on-premises-scim-provisioning.md).
920920

articles/active-directory/develop/tutorial-v2-windows-uwp.md

Lines changed: 50 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: develop
1010
ms.topic: tutorial
1111
ms.workload: identity
12-
ms.date: 12/13/2019
12+
ms.date: 03/03/2023
1313
ms.author: henrymbugua
1414
ms.reviewer: jmprieur
1515
ms.custom: "devx-track-csharp, aaddev, identityplatformtop40"
@@ -108,6 +108,7 @@ This section shows how to use the Microsoft Authentication Library to get a toke
108108
```csharp
109109
using Microsoft.Identity.Client;
110110
using Microsoft.Graph;
111+
using Microsoft.Graph.Models;
111112
using System.Diagnostics;
112113
using System.Threading.Tasks;
113114
using System.Net.Http.Headers;
@@ -152,7 +153,7 @@ This section shows how to use the Microsoft Authentication Library to get a toke
152153
GraphServiceClient graphClient = await SignInAndInitializeGraphServiceClient(scopes);
153154

154155
// Call the /me endpoint of Graph
155-
User graphUser = await graphClient.Me.Request().GetAsync();
156+
User graphUser = await graphClient.Me.GetAsync();
156157

157158
// Go back to the UI thread to make changes to the UI
158159
await Dispatcher.RunAsync(Windows.UI.Core.CoreDispatcherPriority.Normal, () =>
@@ -236,6 +237,42 @@ Eventually, the `AcquireTokenSilent` method fails. Reasons for failure include a
236237

237238
### Instantiate the Microsoft Graph Service Client by obtaining the token from the SignInUserAndGetTokenUsingMSAL method
238239

240+
In the project, create a new file named *TokenProvider.cs*: right-click on the project, select **Add** > **New Item** > **Blank Page**.
241+
242+
Add to the newly created file the following code:
243+
244+
```csharp
245+
using Microsoft.Kiota.Abstractions.Authentication;
246+
using System;
247+
using System.Collections.Generic;
248+
using System.Threading;
249+
using System.Threading.Tasks;
250+
251+
namespace UWP_app_MSGraph {
252+
public class TokenProvider : IAccessTokenProvider {
253+
private Func<string[], Task<string>> getTokenDelegate;
254+
private string[] scopes;
255+
256+
public TokenProvider(Func<string[], Task<string>> getTokenDelegate, string[] scopes) {
257+
this.getTokenDelegate = getTokenDelegate;
258+
this.scopes = scopes;
259+
}
260+
261+
public Task<string> GetAuthorizationTokenAsync(Uri uri, Dictionary<string, object> additionalAuthenticationContext = default,
262+
CancellationToken cancellationToken = default) {
263+
return getTokenDelegate(scopes);
264+
}
265+
266+
public AllowedHostsValidator AllowedHostsValidator { get; }
267+
}
268+
}
269+
```
270+
271+
> [!TIP]
272+
> After pasting the code, make sure that the namespace in the *TokenProvider.cs* file matches the namespace of your project. This will allow you to more easily reference the `TokenProvider` class in your project.
273+
274+
The `TokenProvider` class defines a custom access token provider that executes the specified delegate method to get and return an access token.
275+
239276
Add the following new method to *MainPage.xaml.cs*:
240277

241278
```csharp
@@ -245,16 +282,22 @@ Add the following new method to *MainPage.xaml.cs*:
245282
/// <returns>GraphServiceClient</returns>
246283
private async static Task<GraphServiceClient> SignInAndInitializeGraphServiceClient(string[] scopes)
247284
{
248-
GraphServiceClient graphClient = new GraphServiceClient(MSGraphURL,
249-
new DelegateAuthenticationProvider(async (requestMessage) =>
250-
{
251-
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", await SignInUserAndGetTokenUsingMSAL(scopes));
252-
}));
285+
var tokenProvider = new TokenProvider(SignInUserAndGetTokenUsingMSAL, scopes);
286+
var authProvider = new BaseBearerTokenAuthenticationProvider(tokenProvider);
287+
var graphClient = new GraphServiceClient(authProvider, MSGraphURL);
253288

254289
return await Task.FromResult(graphClient);
255290
}
256291
```
257292

293+
In this method, you're using the custom access token provider `TokenProvider` to connect the `SignInUserAndGetTokenUsingMSAL` method to the Microsoft Graph .NET SDK and create an authenticated client.
294+
295+
To use the `BaseBearerTokenAuthenticationProvider`, in the *MainPage.xaml.cs* file, add the following reference:
296+
297+
```cs
298+
using Microsoft.Kiota.Abstractions.Authentication;
299+
```
300+
258301
#### More information on making a REST call against a protected API
259302

260303
In this sample application, the `GetGraphServiceClient` method instantiates `GraphServiceClient` by using an access token. Then, `GraphServiceClient` is used to get the user's profile information from the **me** endpoint.

articles/active-directory/develop/v2-admin-consent.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: develop
1010
ms.workload: identity
1111
ms.topic: conceptual
12-
ms.date: 3/29/2022
12+
ms.date: 02/17/2023
1313
ms.author: ryanwi
1414
ms.reviewer: ludwignick
1515
ms.custom: aaddev

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
title: Create a trust relationship between a user-assigned managed identity and an external identity provider
33
description: Set up a trust relationship between a user-assigned managed identity in Azure AD and an external identity provider. This allows a software workload outside of Azure to access Azure AD protected resources without using secrets or certificates.
44
services: active-directory
5-
author: davidmu1
5+
author: rwike77
66
manager: CelesteDG
77

88
ms.service: active-directory
99
ms.subservice: develop
1010
ms.topic: how-to
1111
ms.workload: identity
12-
ms.date: 01/19/2023
13-
ms.author: davidmu
12+
ms.date: 03/06/2023
13+
ms.author: ryanwi
1414
ms.custom: aaddev
1515
ms.reviewer: shkhalide, udayh, vakarand
1616
zone_pivot_groups: identity-wif-mi-methods
@@ -38,7 +38,7 @@ To learn more about supported regions, time to propagate federated credential up
3838
- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
3939
- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
4040
- Get the information for your external IdP and software workload, which you need in the following steps.
41-
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
41+
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
4242
- [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity)
4343
- Find the object ID of the user-assigned managed identity, which you need in the following steps.
4444

@@ -179,7 +179,7 @@ To delete a specific federated identity credential, select the **Delete** icon f
179179
- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
180180
- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
181181
- Get the information for your external IdP and software workload, which you need in the following steps.
182-
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
182+
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
183183
- [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azcli#create-a-user-assigned-managed-identity-1)
184184
- Find the object ID of the user-assigned managed identity, which you need in the following steps.
185185

@@ -277,7 +277,7 @@ az identity federated-credential delete --name $ficId --identity-name $uaId --re
277277
- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
278278
- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
279279
- Get the information for your external IdP and software workload, which you need in the following steps.
280-
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
280+
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
281281
- To run the example scripts, you have two options:
282282
- Use [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open by using the **Try It** button in the upper-right corner of code blocks.
283283
- Run scripts locally with Azure PowerShell, as described in the next section.
@@ -351,7 +351,7 @@ Remove-AzFederatedIdentityCredentials -ResourceGroupName azure-rg-test -Identity
351351
- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
352352
- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
353353
- Get the information for your external IdP and software workload, which you need in the following steps.
354-
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
354+
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
355355
- [Create a user-assigned manged identity](../managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-arm#create-a-user-assigned-managed-identity-3)
356356
- Find the object ID of the user-assigned managed identity, which you need in the following steps.
357357

@@ -468,7 +468,7 @@ Make sure that any kind of automation creates federated identity credentials und
468468
- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](../managed-identities-azure-resources/overview.md). Be sure to review the [difference between a system-assigned and user-assigned managed identity](../managed-identities-azure-resources/overview.md#managed-identity-types).
469469
- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/) before you continue.
470470
- Get the information for your external IdP and software workload, which you need in the following steps.
471-
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
471+
- To create a user-assigned managed identity and configure a federated identity credential, your account needs the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) or [Owner](../../role-based-access-control/built-in-roles.md#owner) role assignment.
472472
- You can run all the commands in this article either in the cloud or locally:
473473
- To run in the cloud, use [Azure Cloud Shell](../../cloud-shell/overview.md).
474474
- To run locally, install [curl](https://curl.haxx.se/download.html) and the [Azure CLI](/cli/azure/install-azure-cli).

articles/active-directory/external-identities/faq.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,4 +217,4 @@ additionalContent: |
217217
218218
## Next steps
219219
220-
[What is Azure AD B2B collaboration?](what-is-b2b.md)
220+
[What is Azure AD B2B collaboration?](what-is-b2b.md)
-4.26 KB
Loading

0 commit comments

Comments
 (0)