Merge pull request #190531 from MicrosoftDocs/main

3/03 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -19864,6 +19864,11 @@
       "redirect_url": "/azure/machine-learning/how-to-deploy-custom-docker-image",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/machine-learning/service/tutorial-labeling.md",
+      "redirect_url": "/azure/machine-learning/how-to-create-image-labeling-projects",
+      "redirect_document_id": "false"
+    },
     {
       "source_path_from_root": "/articles/machine-learning/service/how-to-deploy-existing-model.md",
       "redirect_url": "/azure/machine-learning/how-to-deploy-and-where",

articles/active-directory-b2c/whats-new-docs.md

@@ -28,8 +28,10 @@ The Azure Active Directory Authentication Library (ADAL) v1.0 enables applicatio
 
 > [!NOTE]
 > Looking for the Azure AD v2.0 libraries (MSAL)? Checkout the [MSAL library guide](../develop/reference-v2-libraries.md).
->
->
+
+
+> [!WARNING]
+> Support for Active Directory Authentication Library (ADAL) will end in December, 2022. Apps using ADAL on existing OS versions will continue to work, but technical support and security updates will end. Without continued security updates, apps using ADAL will become increasingly vulnerable to the latest security attack patterns. For more information, see [Migrate apps to MSAL](..\develop\msal-migration.md).
 
 ## Microsoft-supported Client Libraries
 

articles/active-directory/azuread-dev/active-directory-authentication-libraries.md

@@ -26,6 +26,9 @@ This section provides links to samples you can use to learn more about the Azure
 > [!NOTE]
 > If you are interested in Azure AD V2 code samples, see [v2.0 code samples by scenario](../develop/sample-v2-code.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json).
 
+> [!WARNING]
+> Support for Active Directory Authentication Library (ADAL) will end in December, 2022. Apps using ADAL on existing OS versions will continue to work, but technical support and security updates will end. Without continued security updates, apps using ADAL will become increasingly vulnerable to the latest security attack patterns. For more information, see [Migrate apps to MSAL](..\develop\msal-migration.md).
+
 To understand the basic scenario for each sample type, see [Authentication scenarios for Azure AD](v1-authentication-scenarios.md).
 
 You can also contribute to our samples on GitHub. To learn how, see [Microsoft Azure Active Directory samples and documentation](https://github.com/Azure-Samples?page=3&query=active-directory).

articles/active-directory/azuread-dev/sample-v1-code.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to 
 ms.workload: identity
-ms.date: 07/22/2021
+ms.date: 03/03/2022
 ms.author: shermanouko
 ms.custom: aaddev, has-adal-ref
 ms.reviewer: aiwang, marsma
@@ -19,7 +19,7 @@ ms.reviewer: aiwang, marsma
 
 # Get a complete list of apps using ADAL in your tenant
 
-Support for Active Directory Authentication Library (ADAL) will end on June 30, 2022. Apps using ADAL on existing OS versions will continue to work, but technical support and security updates will end. Without continued security updates, apps using ADAL will become increasingly vulnerable to the latest security attack patterns. This article provides guidance on how to use Azure Monitor workbooks to obtain a list of all apps that use ADAL in your tenant.
+Support for Active Directory Authentication Library (ADAL) will end in December, 2022. Apps using ADAL on existing OS versions will continue to work, but technical support and security updates will end. Without continued security updates, apps using ADAL will become increasingly vulnerable to the latest security attack patterns. For more information, see [Migrate apps to MSAL](msal-migration.md). This article provides guidance on how to use Azure Monitor workbooks to obtain a list of all apps that use ADAL in your tenant.
 
 ## Sign-ins workbook
 

articles/active-directory/develop/howto-get-list-of-all-active-directory-auth-library-apps.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 07/22/2021
+ms.date: 03/03/2022
 ms.author: jmprieur
 ms.reviewer: saeeda
 ms.custom: aaddev, has-adal-ref
@@ -21,11 +21,12 @@ ms.custom: aaddev, has-adal-ref
 
 If any of your applications use the Azure Active Directory Authentication Library (ADAL)  for authentication and authorization functionality, it's time to migrate them to the [Microsoft Authentication Library (MSAL)](msal-overview.md#languages-and-frameworks).
 
-- All Microsoft support and development for ADAL, including security fixes, ends on June 30, 2022.
+- All Microsoft support and development for ADAL, including security fixes, ends in December, 2022.
+- There are no ADAL feature releases or new platform version releases planned prior to December, 2022.
 - No new features have been added to ADAL since June 30, 2020.
 
 > [!WARNING]
-> If you choose not to migrate to MSAL before ADAL support ends on June 30, 2022, you put your app's security at risk. Existing apps that use ADAL will continue to work after the end-of-support date, but Microsoft will no longer release security fixes on ADAL.
+> If you choose not to migrate to MSAL before ADAL support ends in December, 2022, you put your app's security at risk. Existing apps that use ADAL will continue to work after the end-of-support date, but Microsoft will no longer release security fixes on ADAL.
 
 ## Why switch to MSAL?
 
@@ -34,7 +35,7 @@ MSAL provides multiple benefits over ADAL, including the following features:
 |Features|MSAL|ADAL|
 |---------|---------|---------|
 |**Security**|||
-|Security fixes beyond June 30, 2022|![Security fixes beyond June 30, 2022 - MSAL provides the feature][y]|![Security fixes beyond June 30, 2022 - ADAL doesn't provide the feature][n]|
+|Security fixes beyond December, 2022|![Security fixes beyond December, 2022 - MSAL provides the feature][y]|![Security fixes beyond December, 2022 - ADAL doesn't provide the feature][n]|
 | Proactively refresh and revoke tokens based on policy or critical events for Microsoft Graph and other APIs that support [Continuous Access Evaluation (CAE)](app-resilience-continuous-access-evaluation.md).|![Proactively refresh and revoke tokens based on policy or critical events for Microsoft Graph and other APIs that support Continuous Access Evaluation (CAE) - MSAL provides the feature][y]|![Proactively refresh and revoke tokens based on policy or critical events for Microsoft Graph and other APIs that support Continuous Access Evaluation (CAE) - ADAL doesn't provide the feature][n]|
 | Standards compliant with OAuth v2.0 and OpenID Connect (OIDC) |![Standards compliant with OAuth v2.0 and OpenID Connect (OIDC) - MSAL provides the feature][y]|![Standards compliant with OAuth v2.0 and OpenID Connect (OIDC) - ADAL doesn't provide the feature][n]|
 |**User accounts and experiences**|||

articles/active-directory/develop/msal-migration.md

@@ -116,6 +116,12 @@ If your organization subscribes to the Azure Monitor service, you can use the [C
 
 If your organization exports sign-in logs to a Security Information and Event Management (SIEM) system, you can retrieve required information from your SIEM system.
 
+## Identify changes to cross-tenant access settings
+
+The Azure AD audit logs capture all activity around cross-tenant access setting changes and activity. To audit changes to your cross-tenant access settings, use the **category** of ***CrossTenantAccessSettings*** to filter all activity to show changes to cross-tenant access settings.
+
+![Audit logs for cross-tenant access settings](media/cross-tenant-access-overview/cross-tenant-access-settings-audit-logs.png)
+
 ## Next steps
 
-[Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.md)
+[Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.md)

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -142,7 +142,7 @@ To support temporary passwords in Azure AD for synchronized users, you can enabl
 
 #### Account expiration
 
-If your organization uses the accountExpires attribute as part of user account management, this attribute is not synchronized to Azure AD. As a result, an expired Active Directory account in an environment configured for password hash synchronization will still be active in Azure AD. We recommend that if the account is expired, a workflow action should trigger a PowerShell script that disables the user's Azure AD account (use the [Set-AzureADUser](/powershell/module/azuread/set-azureaduser) cmdlet). Conversely, when the account is turned on, the Azure AD instance should be turned on.
+If your organization uses the accountExpires attribute as part of user account management, this attribute is not synchronized to Azure AD. As a result, an expired Active Directory account in an environment configured for password hash synchronization will still be active in Azure AD. We recommend using a scheduled PowerShell script that disables users' AD accounts, once they expire (use the [Set-ADUser](/powershell/module/activedirectory/set-aduser) cmdlet). Conversely, during the process of removing the expiration from an AD account, the account should be re-enabled.
 
 ### Overwrite synchronized passwords
 

articles/active-directory/external-identities/media/cross-tenant-access-overview/cross-tenant-access-settings-audit-logs.png

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Allocadia | Microsoft Docs'
+title: 'Tutorial: Azure AD SSO integration with Allocadia'
 description: Learn how to configure single sign-on between Azure Active Directory and Allocadia.
 services: active-directory
 author: jeevansd
@@ -9,20 +9,18 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 12/17/2019
+ms.date: 02/25/2022
 ms.author: jeedes
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Allocadia
+# Tutorial: Azure AD SSO integration with Allocadia
 
 In this tutorial, you'll learn how to integrate Allocadia with Azure Active Directory (Azure AD). When you integrate Allocadia with Azure AD, you can:
 
 * Control in Azure AD who has access to Allocadia.
 * Enable your users to be automatically signed-in to Allocadia with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-
 ## Prerequisites
 
 To get started, you need the following items:
@@ -34,59 +32,58 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Allocadia supports **IDP** initiated SSO
-* Allocadia supports **Just In Time** user provisioning
+* Allocadia supports **IDP** initiated SSO.
+* Allocadia supports **Just In Time** user provisioning.
 
-## Adding Allocadia from the gallery
+## Add Allocadia from the gallery
 
 To configure the integration of Allocadia into Azure AD, you need to add Allocadia from the gallery to your list of managed SaaS apps.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
 1. In the **Add from the gallery** section, type **Allocadia** in the search box.
 1. Select **Allocadia** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD single sign-on for Allocadia
+## Configure and test Azure AD SSO for Allocadia
 
 Configure and test Azure AD SSO with Allocadia using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Allocadia.
 
-To configure and test Azure AD SSO with Allocadia, complete the following building blocks:
+To configure and test Azure AD SSO with Allocadia, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-    * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
-    * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
 1. **[Configure Allocadia SSO](#configure-allocadia-sso)** - to configure the single sign-on settings on application side.
-    * **[Create Allocadia test user](#create-allocadia-test-user)** - to have a counterpart of B.Simon in Allocadia that is linked to the Azure AD representation of user.
+    1. **[Create Allocadia test user](#create-allocadia-test-user)** - to have a counterpart of B.Simon in Allocadia that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Allocadia** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Allocadia** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
-
-    a. In the **Identifier** text box, type a URL using the following pattern:
-
-	For test environment -  `https://na2standby.allocadia.com`
+1. On the **Basic SAML Configuration** section, perform the following steps:
 
-	For production environment - `https://na2.allocadia.com`
+    a. In the **Identifier** text box, type one of the following URLs:
 
-    b. In the **Reply URL** text box, type a URL using the following pattern:
+	| **Identifier** |
+	|------- |
+	| For test environment - `https://na2standby.allocadia.com` |
+	| For production environment - `https://na2.allocadia.com`
 
-	For test environment - `https://na2standby.allocadia.com/allocadia/saml/SSO`
+    b. In the **Reply URL** text box, type one of the following URLs:
 
-	For production environment - `https://na2.allocadia.com/allocadia/saml/SSO`
-
-	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Allocadia Client support team](mailto:support@allocadia.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	| **Reply URL** |
+	|--------|
+	| For test environment - `https://na2standby.allocadia.com/allocadia/saml/SSO` |
+	| For production environment - `https://na2.allocadia.com/allocadia/saml/SSO` |
 
 1. Allocadia application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
@@ -99,7 +96,6 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 	| firstname | user.givenname |
 	| lastname | user.surname |
 	| email | user.mail |
-	| | |
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
@@ -128,13 +124,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
 1. In the applications list, select **Allocadia**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
-   ![The "Users and groups" link](common/users-groups-blade.png)
-
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
-	![The Add User link](common/add-assign-user.png)
-
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
@@ -149,16 +139,12 @@ In this section, a user called B.Simon is created in Allocadia. Allocadia suppor
 
 ## Test SSO
 
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Allocadia tile in the Access Panel, you should be automatically signed in to the Allocadia for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
-
-## Additional resources
+In this section, you test your Azure AD single sign-on configuration with following options.
 
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on Test this application in Azure portal and you should be automatically signed in to the Allocadia for which you set up the SSO.
 
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the Allocadia tile in the My Apps, you should be automatically signed in to the Allocadia for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
 
-- [Try Allocadia with Azure AD](https://aad.portal.azure.com/)
+Once you configure Allocadia you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).