Merge pull request #214233 from omondiatieno/configure-user-consent

v-regandowner · web-flow · commit d6d44b98333f · 2022-11-02T10:13:23.000-04:00
add clarity on how to get deleted service principal
diff --git a/articles/active-directory/manage-apps/admin-consent-workflow-overview.md b/articles/active-directory/manage-apps/admin-consent-workflow-overview.md
@@ -7,8 +7,8 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
-ms.topic: how-to
-ms.date: 06/10/2022
+ms.topic: conceptual
+ms.date: 11/02/2022
 ms.author: ergreenl
 ms.collection: M365-identity-device-management
 
diff --git a/articles/active-directory/manage-apps/disable-user-sign-in-portal.md b/articles/active-directory/manage-apps/disable-user-sign-in-portal.md
@@ -1,5 +1,5 @@
 ---
-title: Disable how a how a user signs in
+title: Disable user sign-in for application
 description: How to disable an enterprise application so that no users may sign in to it in Azure Active Directory
 services: active-directory
 author: eringreenlee
@@ -12,19 +12,19 @@ ms.date: 09/06/2022
 ms.author: ergreenl
 ms.custom: it-pro
 ms.collection: M365-identity-device-management
-#customer intent: As an admin, I want to disable the way a user signs in for an application so that no user can sign in to it in Azure Active Directory.
+#customer intent: As an admin, I want to disable user sign-in for an application so that no user can sign in to it in Azure Active Directory.
 ---
 # Disable user sign-in for an application
 
 There may be situations while configuring or managing an application where you don't want tokens to be issued for an application. Or, you may want to preemptively block an application that you do not want your employees to try to access. To accomplish this, you can disable user sign-in for the application, which will prevent all tokens from being issued for that application.
 
-In this article, you will learn how to disable how a user signs in to an application in Azure Active Directory through both the Azure portal and PowerShell. If you are looking for how to block specific users from accessing an application, use [user or group assignment](./assign-user-or-group-access-portal.md).
+In this article, you will learn how to prevent users from signing in to an application in Azure Active Directory through both the Azure portal and PowerShell. If you are looking for how to block specific users from accessing an application, use [user or group assignment](./assign-user-or-group-access-portal.md).
 
 
 
 ## Prerequisites
 
-To disable how a user signs in, you need:
+To disable user sign-in, you need:
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
diff --git a/articles/active-directory/manage-apps/restore-application.md b/articles/active-directory/manage-apps/restore-application.md
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
-ms.date: 07/28/2022
+ms.date: 11/02/2022
 ms.author: jomondi
 ms.reviewer: sureshja
 ms.custom: mode-other
@@ -53,8 +53,11 @@ To recover your enterprise application with its previous configurations, first d
 1. To view the recently deleted enterprise application, run the following command:
 
    ```powershell
-   Get-AzureADMSDeletedDirectoryObject -Id 'd4142c52-179b-4d31-b5b9-08940873507b'
-   ```   
+   Get-AzureADMSDeletedDirectoryObject -Id <id>
+   ```
+
+Replace id with the object ID of the service principal that you want to restore.
+ 
 :::zone-end
 
 :::zone pivot="ms-powershell"
@@ -64,8 +67,10 @@ To recover your enterprise application with its previous configurations, first d
 1. To view the recently deleted enterprise applications, run the following command:
    
    ```powershell
-   Get-MgDirectoryDeletedItem -DirectoryObjectId 'd4142c52-179b-4d31-b5b9-08940873507b'
+   Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
    ```
+Replace id with the object ID of the service principal that you want to restore.
+
 :::zone-end
 
 :::zone pivot="ms-graph"
@@ -77,7 +82,11 @@ To get the list of deleted enterprise applications in your tenant, run the follo
    ```http
    GET https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal
    ```
-Record the ID of the enterprise application you want to restore.
+From the list of deleted service principals generated, record the ID of the enterprise application you want to restore.
+
+Alternatively, if you want to get the specific enterprise application that was deleted, fetch the deleted service principal and filter the results by the client's application ID (appId) property using the following syntax:
+
+`https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=appId eq '{appId}'`. Once you've retrieved the object ID of the deleted service principal, proceed to restore it.
 
 :::zone-end
 
@@ -89,17 +98,23 @@ Record the ID of the enterprise application you want to restore.
 
 
    ```powershell  
-   Restore-AzureADMSDeletedDirectoryObject -Id 'd4142c52-179b-4d31-b5b9-08940873507b'
+   Restore-AzureADMSDeletedDirectoryObject -Id <id>
    ```
+
+Replace id with the object ID of the service principal that you want to restore.
+
 :::zone-end
 
 :::zone pivot="ms-powershell"
 
 1. To restore the enterprise application, run the following command:
 
    ```powershell   
-   Restore-MgDirectoryObject -DirectoryObjectId 'd4142c52-179b-4d31-b5b9-08940873507b'
+   Restore-MgDirectoryObject -DirectoryObjectId <id>
    ```
+
+Replace id with the object ID of the service principal that you want to restore.
+
 :::zone-end
    
 :::zone pivot="ms-graph"
@@ -109,6 +124,9 @@ Record the ID of the enterprise application you want to restore.
    ```http
    POST https://graph.microsoft.com/v1.0/directory/deletedItems/{id}/restore
    ```
+
+Replace id with the object ID of the service principal that you want to restore.
+
 :::zone-end
 
 ## Permanently delete an enterprise application
@@ -121,7 +139,7 @@ Record the ID of the enterprise application you want to restore.
 To permanently delete a soft deleted enterprise application, run the following command:
 
 ```powershell
-Remove-AzureADMSDeletedDirectoryObject -Id 'd4142c52-179b-4d31-b5b9-08940873507b'
+Remove-AzureADMSDeletedDirectoryObject -Id <id>
 ```
 :::zone-end
 
@@ -130,7 +148,7 @@ Remove-AzureADMSDeletedDirectoryObject -Id 'd4142c52-179b-4d31-b5b9-08940873507b
 1. To permanently delete the soft deleted enterprise application, run the following command:
    
    ```powershell
-   Remove-MgDirectoryDeletedItem -DirectoryObjectId 'd4142c52-179b-4d31-b5b9-08940873507b'
+   Remove-MgDirectoryDeletedItem -DirectoryObjectId <id>
    ``` 
 
 :::zone-end
diff --git a/articles/active-directory/manage-apps/toc.yml b/articles/active-directory/manage-apps/toc.yml
@@ -124,7 +124,7 @@
         href: assign-user-or-group-access-portal.md
       - name: Assign custom security attributes
         href: custom-security-attributes-apps.md
-      - name: Disable user sign-on
+      - name: Disable user sign-in
         href: disable-user-sign-in-portal.md
       - name: Force auto-acceleration
         href: configure-authentication-for-federated-users-portal.md
@@ -240,7 +240,7 @@
         href: application-sign-in-problem-application-error.md
       - name: Problem signing into a Microsoft app
         href: application-sign-in-problem-first-party-microsoft.md
-    - name: Deprecate
+    - name: Delete and restore apps
       items:
       - name: Delete an enterprise application
         href: delete-application-portal.md
