Skip to content

Commit e09db6f

Browse files
authored
Merge pull request #204498 from MicrosoftDocs/main
7/12 PM Publish
2 parents 5395b44 + e1f4558 commit e09db6f

File tree

143 files changed

+1252
-1173
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

143 files changed

+1252
-1173
lines changed

.openpublishing.publish.config.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -884,6 +884,12 @@
884884
"branch": "main",
885885
"branch_mapping": {}
886886
},
887+
{
888+
"path_to_root": "azure-cosmos-tableapi-dotnet",
889+
"url": "https://github.com/Azure-Samples/cosmos-db-table-api-dotnet-samples",
890+
"branch": "v12",
891+
"branch_mapping": {}
892+
},
887893
{
888894
"path_to_root": "msdocs-django-postgresql-sample-app",
889895
"url": "https://github.com/Azure-Samples/msdocs-django-postgresql-sample-app",

.openpublishing.redirection.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6911,6 +6911,11 @@
69116911
"redirect_url": "/azure/azure-functions/functions-bindings-event-hubs-output",
69126912
"redirect_document_id": false
69136913
},
6914+
{
6915+
"source_path_from_root": "/articles/azure-functions/monitor-metrics.md",
6916+
"redirect_url": "/azure/azure-functions/monitor-functions",
6917+
"redirect_document_id": false
6918+
},
69146919
{
69156920
"source_path_from_root": "/articles/azure-functions/functions-bindings-errors.md",
69166921
"redirect_url": "/azure/azure-functions/functions-bindings-error-pages",

articles/active-directory-b2c/azure-monitor.md

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.topic: how-to
1212
ms.author: kengaderdus
1313
ms.subservice: B2C
14-
ms.date: 06/03/2022
14+
ms.date: 07/12/2022
1515
---
1616

1717
# Monitor Azure AD B2C with Azure Monitor
@@ -124,7 +124,7 @@ To create the custom authorization and delegation in Azure Lighthouse, we use an
124124
| Region | Select the region where the resource will be deployed. |
125125
| Msp Offer Name | A name describing this definition. For example, _Azure AD B2C Monitoring_. It's the name that will be displayed in Azure Lighthouse. The **MSP Offer Name** must be unique in your Azure AD. To monitor multiple Azure AD B2C tenants, use different names. |
126126
| Msp Offer Description | A brief description of your offer. For example, _Enables Azure Monitor in Azure AD B2C_. |
127-
| Managed By Tenant Id | The **Tenant ID** of your Azure AD B2C tenant (also known as the directory ID). |
127+
| Managed By Tenant ID | The **Tenant ID** of your Azure AD B2C tenant (also known as the directory ID). |
128128
| Authorizations | Specify a JSON array of objects that include the Azure AD `principalId`, `principalIdDisplayName`, and Azure `roleDefinitionId`. The `principalId` is the **Object ID** of the B2C group or user that will have access to resources in this Azure subscription. For this walkthrough, specify the group's Object ID that you recorded earlier. For the `roleDefinitionId`, use the [built-in role](../role-based-access-control/built-in-roles.md) value for the _Contributor role_, `b24988ac-6180-42a0-ab88-20f7382dd24c`. |
129129
| Rg Name | The name of the resource group you create earlier in your Azure AD tenant. For example, _azure-ad-b2c-monitor_. |
130130

@@ -173,18 +173,21 @@ You're ready to [create diagnostic settings](../active-directory/reports-monitor
173173
To configure monitoring settings for Azure AD B2C activity logs:
174174

175175
1. Sign in to the [Azure portal](https://portal.azure.com/) with your Azure AD B2C administrative account. This account must be a member of the security group you specified in the [Select a security group](#32-select-a-security-group) step.
176-
1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
177-
1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
176+
1. Make sure you're using the directory that contains your Azure AD B2C tenant:
177+
1. Select the **Directories + subscriptions** icon in the portal toolbar.
178+
2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
178179
1. Select **Azure Active Directory**
179180
1. Under **Monitoring**, select **Diagnostic settings**.
180-
1. If there are existing settings for the resource, you'll see a list of settings already configured. Either select **Add diagnostic setting** to add a new setting, or select **Edit** to edit an existing setting. Each setting can have no more than one of each of the destination types.
181+
1. If there are existing settings for the resource, you'll see a list of settings already configured. Either select **Add diagnostic setting** to add a new setting, or select **Edit settings** to edit an existing setting. Each setting can have no more than one of each of the destination types.
181182

182-
![Diagnostics settings pane in Azure portal](./media/azure-monitor/azure-monitor-portal-05-diagnostic-settings-pane-enabled.png)
183+
![Screenshot of the diagnostics settings pane in Azure portal.](./media/azure-monitor/azure-monitor-portal-05-diagnostic-settings-pane-enabled.png)
183184

184185
1. Give your setting a name if it doesn't already have one.
185-
1. Check the box for each destination to send the logs. Select **Configure** to specify their settings **as described in the following table**.
186-
1. Select **Send to Log Analytics**, and then select the **Name of workspace** you created earlier (`AzureAdB2C`).
187186
1. Select **AuditLogs** and **SignInLogs**.
187+
1. Select **Send to Log Analytics Workspace**, and then:
188+
1. Under **Subscription**, select your subscription.
189+
2. Under **Log Analytics Workspace**, select the name of the workspace you created earlier such as `AzureAdB2C`.
190+
188191

189192
> [!NOTE]
190193
> Only the **AuditLogs** and **SignInLogs** diagnostic settings are currently supported for Azure AD B2C tenants.
@@ -204,7 +207,7 @@ Now you can configure your Log Analytics workspace to visualize your data and co
204207

205208
Log queries help you to fully use the value of the data collected in Azure Monitor Logs. A powerful query language allows you to join data from multiple tables, aggregate large sets of data, and perform complex operations with minimal code. Virtually any question can be answered and analysis performed as long as the supporting data has been collected, and you understand how to construct the right query. For more information, see [Get started with log queries in Azure Monitor](../azure-monitor/logs/get-started-queries.md).
206209

207-
1. From **Log Analytics workspace**, select **Logs**
210+
1. From **Log Analytics workspace** window, select **Logs**
208211
1. In the query editor, paste the following [Kusto Query Language](/azure/data-explorer/kusto/query/) query. This query shows policy usage by operation over the past x days. The default duration is set to 90 days (90d). Notice that the query is focused only on the operation where a token/code is issued by policy.
209212

210213
```kusto
@@ -253,7 +256,7 @@ Workbooks provide a flexible canvas for data analysis and the creation of rich v
253256

254257
Follow the instructions below to create a new workbook using a JSON Gallery Template. This workbook provides a **User Insights** and **Authentication** dashboard for Azure AD B2C tenant.
255258

256-
1. From the **Log Analytics workspace**, select **Workbooks**.
259+
1. From the **Log Analytics workspace** window, select **Workbooks**.
257260
1. From the toolbar, select **+ New** option to create a new workbook.
258261
1. On the **New workbook** page, select the **Advanced Editor** using the **</>** option on the toolbar.
259262

@@ -279,7 +282,7 @@ The workbook will display reports in the form of a dashboard.
279282

280283
## Create alerts
281284

282-
Alerts are created by alert rules in Azure Monitor and can automatically run saved queries or custom log searches at regular intervals. You can create alerts based on specific performance metrics or when certain events occur. You can also create alerts on absence of an event, or a number of events are occur within a particular time window. For example, alerts can be used to notify you when average number of sign in exceeds a certain threshold. For more information, see [Create alerts](../azure-monitor/alerts/alerts-log.md).
285+
Alerts are created by alert rules in Azure Monitor and can automatically run saved queries or custom log searches at regular intervals. You can create alerts based on specific performance metrics or when certain events occur. You can also create alerts on absence of an event, or a number of events occur within a particular time window. For example, alerts can be used to notify you when average number of sign in exceeds a certain threshold. For more information, see [Create alerts](../azure-monitor/alerts/alerts-log.md).
283286

284287
Use the following instructions to create a new Azure Alert, which will send an [email notification](../azure-monitor/alerts/action-groups.md#configure-notifications) whenever there's a 25% drop in the **Total Requests** compared to previous period. Alert will run every 5 minutes and look for the drop in the last hour compared to the hour before it. The alerts are created using Kusto query language.
285288

133 KB
Loading
-9.98 KB
Loading

articles/active-directory-b2c/tutorial-create-tenant.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ manager: CelesteDG
88
ms.service: active-directory
99
ms.workload: identity
1010
ms.topic: tutorial
11-
ms.date: 10/29/2021
11+
ms.date: 07/12/2022
1212
ms.author: kengaderdus
1313
ms.subservice: B2C
1414
ms.custom: "b2c-support"
@@ -43,14 +43,15 @@ You learn how to register an application in the next tutorial.
4343

4444
1. Sign in to the [Azure portal](https://portal.azure.com/).
4545

46-
1. Switch to the directory that contains your subscription:
46+
1. Make sure you're using the directory that contains your subscription:
47+
4748
1. In the Azure portal toolbar, select the **Directories + subscriptions** filter icon.
4849

4950
![Directories + subscriptions filter icon](media/tutorial-create-tenant/directories-subscription-filter-icon.png)
5051

51-
1. Find the directory that contains your subscription and select the **Switch** button next to it. Switching a directory reloads the portal.
52+
1. Find the directory that contains your subscription and select the **Switch** button next to it. Switching a directory reloads the portal. If the directory that contains your subscription has the **Current** label next to it, you don't need to do anything.
5253

53-
![Directories + subscriptions with Switch button](media/tutorial-create-tenant/switch-directory.png)
54+
![Screenshot of the directories and subscriptions window.](media/tutorial-create-tenant/switch-directory.png)
5455

5556
1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription you're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
5657

articles/active-directory/fundamentals/road-to-the-cloud-posture.md

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@ In enterprise-sized organizations, IAM transformation, or even transformation fr
5252

5353
[ ![Diagram that shows five elements, each depicting a possible network architecture. Options include cloud attached, hybrid, cloud first, AD minimized, and 100% cloud.](media/road-to-cloud-posture/road-to-the-cloud-five-states.png) ](media/road-to-cloud-posture/road-to-the-cloud-five-states.png#lightbox)
5454

55+
>[!NOTE]
56+
> The states in this diagram represent a logical progression of cloud transformation.
57+
5558
**State 1 Cloud attached** - In this state, organizations have created an Azure AD tenant to enable user productivity and collaboration tools and the tenant is fully operational. Most companies that use Microsoft products and services in their IT environment are already in or beyond this state. In this state operational costs may be higher because there's an on-premises environment and cloud environment to maintain and make interactive. Also, people must have expertise in both environments to support their users and the organization. In this state:
5659

5760
* Devices are joined to AD and managed using group policy and or on-premises device management tools.
@@ -122,17 +125,11 @@ As a migration of IAM to Azure AD is started, organizations must determine the p
122125

123126
:::image type="content" source="media/road-to-cloud-posture/road-to-the-cloud-migration.png" alt-text="Table depicting three major milestones that organizations move through when implementing an AD to Azure AD migration. These include Establish Azure AD capabilities, Implement cloud-first approach, and Move workloads to the cloud." border="false":::
124127

125-
## Establish Azure AD footprint
126-
127-
* **Initialize tenant** - Create your new Azure AD tenant that supports the vision for your end-state deployment.
128-
129-
* **Secure tenant** - Adopt a [Zero Trust](https://www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/) approach and a security model that [protects your tenant from on-premises compromise](../fundamentals/protect-m365-from-on-premises-attacks.md) early in your journey.
128+
* **Establish Azure AD footprint**: Initialize your new Azure AD tenant to supports the vision for your end-state deployment. Adopt a [Zero Trust](https://www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/) approach and a security model that [protects your tenant from on-premises compromise](../fundamentals/protect-m365-from-on-premises-attacks.md) early in your journey.
130129

131-
## Implement cloud-first approach
132-
Establish a policy that mandates all new devices, apps and services should be cloud-first. New applications and services using legacy protocols (NTLM, Kerberos, LDAP etc.) should be by exception only.
130+
* **Implement cloud-first approach**: Establish a policy that mandates all new devices, apps and services should be cloud-first. New applications and services using legacy protocols (NTLM, Kerberos, LDAP etc.) should be by exception only.
133131

134-
## Transition to the cloud
135-
Shift the management and integration of users, apps and devices away from on-premises and over to cloud-first alternatives. Optimize user provisioning by taking advantage of [cloud-first provisioning capabilities](../governance/what-is-provisioning.md) that integrate with Azure AD.
132+
* **Transition to the cloud**: Shift the management and integration of users, apps and devices away from on-premises and over to cloud-first alternatives. Optimize user provisioning by taking advantage of [cloud-first provisioning capabilities](../governance/what-is-provisioning.md) that integrate with Azure AD.
136133

137134
The transformation changes how users accomplish tasks and how support teams provide end-user support. Initiatives or projects should be designed and implemented in a manner that minimizes the impact on user productivity. As part of the transformation, self-service IAM capabilities are introduced. Some portions of the workforce more easily adapt to the self-service user environment prevalent in cloud-based businesses.
138135

articles/active-directory/roles/permissions-reference.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1077,6 +1077,7 @@ Users in this role can read settings and administrative information across Micro
10771077
>- [Azure Information Protection](/azure/information-protection/what-is-information-protection) - Global Reader is supported [for central reporting](/azure/information-protection/reports-aip) only, and when your Azure AD organization isn't on the [unified labeling platform](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform).
10781078
> - [SharePoint](https://admin.microsoft.com/sharepoint) - Global Reader currently can't access SharePoint using PowerShell.
10791079
> - [Power Platform admin center](https://admin.powerplatform.microsoft.com) - Global Reader is not yet supported in the Power Platform admin center.
1080+
> - Microsoft Purview doesn't support the Global Reader role.
10801081
>
10811082
> These features are currently in development.
10821083
>

0 commit comments

Comments
 (0)