Merge branch 'main' into release-updatecenterv2-publicpreview

Author: v-alje

articles/active-directory-b2c/configure-authentication-in-azure-static-app.md

@@ -127,7 +127,7 @@ Once you've added the app ID and secrete, use the following steps to add the Azu
 
 1. Navigate to `/.auth/login/aadb2c`. The `/.auth/login` points the Azure Static app login endpoint. The `aadb2c` references to your [OpenID Connect identity provider](#31-add-an-openid-connect-identity-provider).  The following URL demonstrates an Azure Static app login endpoint: `https://witty-island-11111111.azurestaticapps.net/.auth/login/aadb2c`.
 1. Complete the sign up or sign in process.
-1. In your browser debugger, [run the following JavaScript in the Console](/microsoft-edge/devtools-guide-chromium/console/console-javascript.md). The JavaScript code will present information about the sign in user.
+1. In your browser debugger, [run the following JavaScript in the Console](/microsoft-edge/devtools-guide-chromium/console/console-javascript). The JavaScript code will present information about the sign in user.
 
     ```javascript
     async function getUserInfo() {
@@ -147,4 +147,4 @@ Once you've added the app ID and secrete, use the following steps to add the Azu
 ## Next steps
 
 * After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out [Accessing user information in Azure Static Web Apps](../static-web-apps/user-information.md).
-* Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-azure-static-app-options.md).
+* Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-azure-static-app-options.md).

articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md

@@ -15,7 +15,7 @@ ms.custom: "b2c-support"
 
 # Configure authentication in an Azure Web App configuration file by using Azure AD B2C
 
-This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [File-based configuration in Azure App Service authentication](/app-service/configure-authentication-file-based.md) article.
+This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [File-based configuration in Azure App Service authentication](/azure/app-service/configure-authentication-file-based) article.
 
 ## Overview
 
@@ -141,6 +141,6 @@ From your server code, the provider-specific tokens are injected into the reques
 
 ## Next steps
 
-* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/app-service/configure-authentication-user-identities).
-* Lear how to [Work with OAuth tokens in Azure App Service authentication](/app-service/configure-authentication-oauth-tokens).
+* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/azure/app-service/configure-authentication-user-identities).
+* Lear how to [Work with OAuth tokens in Azure App Service authentication](/azure/app-service/configure-authentication-oauth-tokens).
 

articles/active-directory-b2c/configure-authentication-in-azure-web-app.md

@@ -15,7 +15,7 @@ ms.custom: "b2c-support"
 
 # Configure authentication in an Azure Web App by using Azure AD B2C
 
-This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [configure your App Service or Azure Functions app to login using an OpenID Connect provider](/app-service/configure-authentication-provider-openid-connect.md) article.
+This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [configure your App Service or Azure Functions app to login using an OpenID Connect provider](/azure/app-service/configure-authentication-provider-openid-connect) article.
 
 ## Overview
 
@@ -94,7 +94,7 @@ To register your application, follow these steps:
 1. For the  **Client Secret** provide the Web App (client) secret from [step 2.2](#step-22-create-a-client-secret).
 
     > [!TIP]
-    > Your client secret will be stored as an app setting to ensure secrets are stored in a secure fashion. You can update that setting later to use [Key Vault references](/app-service/app-service-key-vault-references.md) if you wish to manage the secret in Azure Key Vault.
+    > Your client secret will be stored as an app setting to ensure secrets are stored in a secure fashion. You can update that setting later to use [Key Vault references](/azure/app-service/app-service-key-vault-references) if you wish to manage the secret in Azure Key Vault.
     
 1. Keep the rest of the settings with the default values.
 1. Press the **Add** button to finish setting up the identity provider. 
@@ -119,6 +119,6 @@ From your server code, the provider-specific tokens are injected into the reques
 
 ## Next steps
 
-* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/app-service/configure-authentication-user-identities).
-* Lear how to [Work with OAuth tokens in Azure App Service authentication](/app-service/configure-authentication-oauth-tokens).
+* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/azure/app-service/configure-authentication-user-identities).
+* Lear how to [Work with OAuth tokens in Azure App Service authentication](/azure/app-service/configure-authentication-oauth-tokens).
 

articles/active-directory-b2c/validation-technical-profile.md

@@ -86,7 +86,7 @@ Following example uses these validation technical profiles:
 ```xml
 <ValidationTechnicalProfiles>
   <ValidationTechnicalProfile ReferenceId="login-NonInteractive" ContinueOnError="false" />
-  <ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomertsDatabase" ContinueOnError="true" >
+  <ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomersDatabase" ContinueOnError="true" >
     <Preconditions>
       <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
         <Value>userType</Value>

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -82,7 +82,7 @@ After the first failure, the first retry happens within the next 2 hours (usuall
 - The fifth retry happens 48 hours after the first failure.
 - The sixth retry happens 72 hours after the first failure.
 - The seventh retry happens 96 hours after the first failure.
-- The eigth retry happens 120 hours after the first failure.
+- The eighth retry happens 120 hours after the first failure.
 
 This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
 

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -42,16 +42,12 @@ Yes, non-Azure customers can use our solution. Permissions Management is a multi
 
 ## Is Permissions Management available for tenants hosted in the European Union (EU)?
 
-No, the Permissions Management PREVIEW is currently not available for tenants hosted in the European Union (EU).
+Yes, Permissions Management is currently for tenants hosted in the European Union (EU).
 
 ## If I'm already using Azure AD  Privileged Identity Management (PIM) for Azure, what value does Permissions Management provide?
 
 Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while Permissions Management allows multi-cloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
 
-## What languages does Permissions Management support?
-
-Permissions Management currently supports English.
-
 ## What public cloud infrastructures are supported by Permissions Management?
 
 Permissions Management currently supports the three major public clouds: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
@@ -109,7 +105,6 @@ Yes, Permissions Management has various types of system report available that ca
 
 For information about permissions usage reports, see [Generate and download the Permissions analytics report](product-permissions-analytics-reports.md).
 
-
 ## Does Permissions Management integrate with third-party ITSM (Information Technology Service Management) tools?
 
 Permissions Management integrates with ServiceNow.
@@ -144,7 +139,7 @@ We also have the ability to remove, export or modify specific data should the Gl
 
 ## Do I require a license to use Entra Permissions Management? 
 
-Yes, as of July 1st, 2022, new customers must acquire a free 90-trial license or a paid license to use the service. You can enable a trial or purchase licenses here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement)
+Yes, as of July 1st, 2022, new customers must acquire a free 90-trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
 
 ## What do I do if I’m using Public Preview version of Entra Permissions Management?  
 

articles/active-directory/external-identities/google-federation.md

@@ -7,12 +7,11 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 03/02/2022
+ms.date: 07/12/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
-ms.reviewer: mal
 ms.custom: "it-pro, seo-update-azuread-jan, has-adal-ref"
 ms.collection: M365-identity-device-management
 ---
@@ -33,7 +32,7 @@ By setting up federation with Google, you can allow invited users to sign in to
 
 ## What is the experience for the Google user?
 
-When a Google user redeems your invitation, their experience varies depending on whether they're already signed in to Google:
+You can invite a Google user to B2B collaboration in various ways. For example, you can [add them to your directory via the Azure portal](b2b-quickstart-add-guest-users-portal.md). When they redeem your invitation, their experience varies depending on whether they're already signed in to Google:
 
 - Guest users who aren't signed in to Google will be prompted to do so.
 - Guest users who are already signed in to Google will be prompted to choose the account they want to use. They must choose the account you used to invite them.

articles/active-directory/fundamentals/road-to-the-cloud-implement.md

@@ -24,9 +24,7 @@ You can enrich user attributes in Azure AD to make more user attributes availabl
 
 * App provisioning - The data source of app provisioning is Azure AD and necessary user attributes must be in there.
 
-* Application authorization - Token issued by Azure AD can include claims generated from user attributes. 
-
-* Application can make authorization decision based on the claims in token.
+* Application authorization - Token issued by Azure AD can include claims generated from user attributes so that applications can make authorization decision based on the claims in token.
 
 * Group membership population and maintenance - Dynamic groups enables dynamic population of group membership based on user attributes such as department information.
 

articles/active-directory/fundamentals/road-to-the-cloud-posture.md

@@ -34,7 +34,7 @@ The five states have exit criteria to help you determine where your environment
 
 The content then provides more detailed guidance organized to help with intentional changes to people, process, and technology to:
 
-* Establish Azure AD capabilities
+* Establish Azure AD footprint
 
 * Implement a cloud-first approach
 
@@ -101,7 +101,7 @@ In enterprise-sized organizations, IAM transformation, or even transformation fr
 
 The transformation between the states is similar to moving locations:
 
-* **Establish new location** - You purchase your destination and establish connectivity between the current location and the new location. This enables you to maintain your productivity and ability to operate. In this content, the activities are described in **[Establish Azure AD capabilities](road-to-the-cloud-establish.md)**. The results transition you to State 2.
+* **Establish new location** - You purchase your destination and establish connectivity between the current location and the new location. This enables you to maintain your productivity and ability to operate. In this content, the activities are described in **[Establish Azure AD footprint](road-to-the-cloud-establish.md)**. The results transition you to State 2.
 
 * **Limit new items in old location** - You stop investing in the old location and set policy to stage new items in new location. In this content, the activities are described in **[Implement cloud-first approach](road-to-the-cloud-implement.md)**. The activities set the foundation to migrate at scale and reach State 3.
 
@@ -122,7 +122,7 @@ As a migration of IAM to Azure AD is started, organizations must determine the p
 
 :::image type="content" source="media/road-to-cloud-posture/road-to-the-cloud-migration.png" alt-text="Table depicting three major milestones that organizations move through when implementing an AD to Azure AD migration. These include Establish Azure AD capabilities, Implement cloud-first approach, and Move workloads to the cloud." border="false":::
 
-## Establish Azure AD capabilities
+## Establish Azure AD footprint
 
 * **Initialize tenant** - Create your new Azure AD tenant that supports the vision for your end-state deployment.
 

articles/active-directory/governance/what-is-identity-lifecycle-management.md

@@ -35,19 +35,19 @@ The typical process for establishing identity lifecycle management in an organiz
 
 2. Connect those systems of record with one or more directories and databases used by applications, and resolve any inconsistencies between the directories and the systems of record. For example, a directory may have obsolete data, such as an account for a former employee, that is no longer needed. 
 
-3. Determine what processes can be used to supply authoritative information in the absence of a system of record.  For example, if there are digital identities but visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
+3. Determine what processes can be used to supply authoritative information in the absence of a system of record.  For example, if there are digital identities for visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
 
-4. Configure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
+4. Ensure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
 
 ## Identity lifecycle management for representing employees and other individuals with an organizational relationship
 
 When planning identity lifecycle management for employees, or other individuals with an organizational relationship such as a contractor or student, many organizations model the "join, move, and leave" process.  These are:
 
    - Join - when an individual comes into scope of needing access, an identity is needed by those applications, so a new digital identity may need to be created if one is not already available
-   - Move - when an individual moves between boundaries, that require additional access authorizations to be added or removed to their digital identity
-   - Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer by required by applications other than for audit or forensics purposes
+   - Move - when an individual moves between boundaries that require additional access authorizations to be added or removed to their digital identity
+   - Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer be required by applications other than for audit or forensics purposes
 
-So for example, if a new employee joins your organization, who has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD.  The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work.  Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process.  This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
+So for example, if a new employee joins your organization and that employee has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD.  The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work.  Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process.  This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
 
 ## Identity lifecycle management for guests