MicrosoftDocs
diff --git a/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/policy-reference.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-domain-services/policy-reference.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new-archive.md
Lines changed: 40 additions & 0 deletions b/‎articles/active-directory/fundamentals/whats-new-archive.md
Lines changed: 40 additions & 0 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 168 additions & 58 deletions b/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 168 additions & 58 deletions
diff --git a/‎articles/active-directory/saas-apps/altamira-hrm-tutorial.md
Lines changed: 21 additions & 27 deletions b/‎articles/active-directory/saas-apps/altamira-hrm-tutorial.md
Lines changed: 21 additions & 27 deletions
diff --git a/‎articles/active-directory/saas-apps/convene-tutorial.md
Lines changed: 23 additions & 28 deletions b/‎articles/active-directory/saas-apps/convene-tutorial.md
Lines changed: 23 additions & 28 deletions
@@ -216,6 +216,11 @@
             "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/visualize/workbooks-groups.md",   
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-create-workbook",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/workbooks-add-text.md",
             "redirect_url": "/azure/azure-monitor/visualize/workbooks-add-workbook-elements",
 
@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 05/11/2022
+ms.date: 06/29/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha
 
@@ -33,9 +33,9 @@ persist after the user leaves the organization.
 You can remove unmanaged Azure AD accounts from your Azure AD tenants
 and prevent these types of accounts from redeeming future invitations.
 
-1. Read how to enable [one-time
-    passcodes](https://docs.microsoft.com/azure/active-directory/external-identities/one-time-passcode#enable-email-one-time-passcode)
-    (OTP)
+1. Enable [email one-time
+    passcode](https://docs.microsoft.com/azure/active-directory/external-identities/one-time-passcode#enable-email-one-time-passcode)
+    (OTP).
 
 2. Use the sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests) or
     go to
 
@@ -30,6 +30,46 @@ The What's new in Azure Active Directory? release notes provide information abou
 
 ---
 
+## December 2021
+
+### Tenant enablement of combined security information registration for Azure Active Directory
+
+**Type:** Plan for change  
+**Service category:** MFA  
+**Product capability:** Identity Security & Protection  
+ 
+We previously announced in April 2020, a new combined registration experience enabling users to register authentication methods for SSPR and multi-factor authentication at the same time was generally available for existing customer to opt in. Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting in 2022 Microsoft will be enabling the multi-factor authentication and SSPR combined registration experience for existing customers. [Learn more](../authentication/concept-registration-mfa-sspr-combined.md).
+ 
+---
+
+### Public Preview - Number Matching now available to reduce accidental notification approvals
+
+**Type:** New feature  
+**Service category:** Microsoft Authenticator App  
+**Product capability:** User Authentication  
+ 
+To prevent accidental notification approvals, admins can now  require users to enter the number displayed on the sign in screen when approving a multi-factor authentication notification in the Authenticator app. This feature adds an extra security measure to the Microsoft Authenticator app. [Learn more](../authentication/how-to-mfa-number-match.md).
+ 
+---
+
+### Pre-authentication error events removed from Azure AD Sign-in Logs
+
+**Type:** Deprecated  
+**Service category:** Reporting  
+**Product capability:** Monitoring & Reporting  
+ 
+We’re no longer publishing sign-in logs with the following error codes because these events are pre-authentication events that occur before our service has authenticated a user. Because these events happen before authentication, our service isn’t always able to correctly identify the user. If a user continues on to authenticate, the user sign-in will show up in your tenant Sign-in logs. These logs are no longer visible in the Azure portal UX, and querying these error codes in the Graph API will no longer return results.
+
+|Error code | Failure reason|
+| --- | --- |
+|50058| Session information isn’t sufficient for single-sign-on.|
+|16000| Either multiple user identities are available for the current request or selected account isn’t supported for the scenario.|
+|500581| Rendering JavaScript. Fetching sessions for single-sign-on on V2 with prompt=none requires JavaScript to verify if any MSA accounts are signed in.|
+|81012| The user trying to sign in to Azure AD is different from the user signed into the device.|
+
+---
+
+
 
 ## November 2021
 
 
@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Altamira HRM | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Altamira HRM'
 description: Learn how to configure single sign-on between Azure Active Directory and Altamira HRM.
 services: active-directory
 author: jeevansd
@@ -9,20 +9,18 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 08/04/2020
+ms.date: 06/29/2022
 ms.author: jeedes
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Altamira HRM
+# Tutorial: Azure AD SSO integration with Altamira HRM
 
 In this tutorial, you'll learn how to integrate Altamira HRM with Azure Active Directory (Azure AD). When you integrate Altamira HRM with Azure AD, you can:
 
 * Control in Azure AD who has access to Altamira HRM.
 * Enable your users to be automatically signed-in to Altamira HRM with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-
 ## Prerequisites
 
 To get started, you need the following items:
@@ -34,15 +32,15 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Altamira HRM supports **SP and IDP** initiated SSO
-* Altamira HRM supports **Just In Time** user provisioning
+* Altamira HRM supports **SP and IDP** initiated SSO.
+* Altamira HRM supports **Just In Time** user provisioning.
 * Once you configure Altamira HRM you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
 
-## Adding Altamira HRM from the gallery
+## Add Altamira HRM from the gallery
 
 To configure the integration of Altamira HRM into Azure AD, you need to add Altamira HRM from the gallery to your list of managed SaaS apps.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
@@ -54,7 +52,7 @@ To configure the integration of Altamira HRM into Azure AD, you need to add Alta
 
 Configure and test Azure AD SSO with Altamira HRM using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Altamira HRM.
 
-To configure and test Azure AD SSO with Altamira HRM, complete the following building blocks:
+To configure and test Azure AD SSO with Altamira HRM, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -67,9 +65,9 @@ To configure and test Azure AD SSO with Altamira HRM, complete the following bui
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Altamira HRM** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Altamira HRM** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
@@ -116,15 +114,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
 1. In the applications list, select **Altamira HRM**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
-   ![The "Users and groups" link](common/users-groups-blade.png)
-
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
-	![The Add User link](common/add-assign-user.png)
-
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
 ## Configure Altamira HRM SSO
@@ -137,18 +129,20 @@ In this section, a user called Britta Simon is created in Altamira HRM. Altamira
 
 ## Test SSO 
 
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
 
-When you click the Altamira HRM tile in the Access Panel, you should be automatically signed in to the Altamira HRM for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* Click on **Test this application** in Azure portal. This will redirect to Altamira HRM Sign on URL where you can initiate the login flow.
 
-## Additional resources
+* Go to Altamira HRM Sign-on URL directly and initiate the login flow from there.
 
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+#### IDP initiated:
 
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Altamira HRM for which you set up the SSO
 
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Altamira HRM tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Altamira HRM for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
-- [Try Altamira HRM with Azure AD](https://aad.portal.azure.com/)
+## Next steps
 
-- [What is session control in Microsoft Defender for Cloud Apps?](/cloud-app-security/proxy-intro-aad)
+Once you configure Altamira HRM you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Convene | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Convene'
 description: Learn how to configure single sign-on between Azure Active Directory and Convene.
 services: active-directory
 author: jeevansd
@@ -9,19 +9,18 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/22/2019
+ms.date: 06/29/2022
 ms.author: jeedes
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Convene
+# Tutorial: Azure AD SSO integration with Convene
 
 In this tutorial, you'll learn how to integrate Convene with Azure Active Directory (Azure AD). When you integrate Convene with Azure AD, you can:
 
 * Control in Azure AD who has access to Convene.
 * Enable your users to be automatically signed-in to Convene with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
 
 ## Prerequisites
 
@@ -34,31 +33,29 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-
-
-* Convene supports **SP and IDP** initiated SSO
-* Convene supports **Just In Time** user provisioning
+* Convene supports **SP and IDP** initiated SSO.
+* Convene supports **Just In Time** user provisioning.
 
 > [!NOTE]
 > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
 
-## Adding Convene from the gallery
+## Add Convene from the gallery
 
 To configure the integration of Convene into Azure AD, you need to add Convene from the gallery to your list of managed SaaS apps.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
 1. In the **Add from the gallery** section, type **Convene** in the search box.
 1. Select **Convene** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
 
-## Configure and test Azure AD single sign-on for Convene
+## Configure and test Azure AD SSO for Convene
 
 Configure and test Azure AD SSO with Convene using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Convene.
 
-To configure and test Azure AD SSO with Convene, complete the following building blocks:
+To configure and test Azure AD SSO with Convene, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
@@ -71,9 +68,9 @@ To configure and test Azure AD SSO with Convene, complete the following building
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Convene** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Convene** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
@@ -121,15 +118,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
 1. In the applications list, select **Convene**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
-   ![The "Users and groups" link](common/users-groups-blade.png)
-
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
-	![The Add User link](common/add-assign-user.png)
-
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
 ## Configure Convene SSO
@@ -145,16 +136,20 @@ In this section, a user called Britta Simon is created in Convene. Convene suppo
 
 ## Test SSO 
 
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Convene Sign on URL where you can initiate the login flow.
 
-When you click the Convene tile in the Access Panel, you should be automatically signed in to the Convene for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* Go to Convene Sign-on URL directly and initiate the login flow from there.
 
-## Additional resources
+#### IDP initiated:
 
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Convene for which you set up the SSO
 
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Convene tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Convene for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
 
-- [Try Convene with Azure AD](https://aad.portal.azure.com/)
+Once you configure Convene you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).