MicrosoftDocs
diff --git a/‎articles/active-directory/saas-apps/media/samanage-provisioning-tutorial/provisioning.png
7.15 KB b/‎articles/active-directory/saas-apps/media/samanage-provisioning-tutorial/provisioning.png
7.15 KB
diff --git a/‎articles/active-directory/saas-apps/samanage-provisioning-tutorial.md
Lines changed: 13 additions & 19 deletions b/‎articles/active-directory/saas-apps/samanage-provisioning-tutorial.md
Lines changed: 13 additions & 19 deletions
diff --git a/‎articles/active-directory/users-groups-roles/groups-lifecycle.md
Lines changed: 8 additions & 6 deletions b/‎articles/active-directory/users-groups-roles/groups-lifecycle.md
Lines changed: 8 additions & 6 deletions
diff --git a/‎articles/active-directory/users-groups-roles/media/groups-lifecycle/audit-logs-autorenew-group.png
170 KB b/‎articles/active-directory/users-groups-roles/media/groups-lifecycle/audit-logs-autorenew-group.png
170 KB
diff --git a/‎articles/aks/kubernetes-action.md
Lines changed: 0 additions & 4 deletions b/‎articles/aks/kubernetes-action.md
Lines changed: 0 additions & 4 deletions
diff --git a/‎articles/application-gateway/migrate-v1-v2.md
Lines changed: 11 additions & 6 deletions b/‎articles/application-gateway/migrate-v1-v2.md
Lines changed: 11 additions & 6 deletions
@@ -95,51 +95,45 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 4. Set the **Provisioning Mode** to **Automatic**.
 
-	![Samanage Provisioning Mode](./media/samanage-provisioning-tutorial/ProvisioningCredentials.png)
+	![Provisioning tab](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, enter the admin username and admin password of your Samanage account. Examples of these values are:
+5. Under the **Admin Credentials** section, input your Samanage **Tenant URL** and **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to Samanage. If the connection fails, ensure your Samanage account has Admin permissions and try again.
 
-   * In the **Admin Username** box, fill in the username of the admin account on your Samanage tenant. An example is [email protected].
+	![Samanage Test Connection](./media/samanage-provisioning-tutorial/provisioning.png)
 
-   * In the **Admin Password** box, fill in the password of the admin account that corresponds to the admin username.
-
-6. After you fill in the boxes shown in Step 5, select **Test Connection** to make sure that Azure AD can connect to Samanage. If the connection fails, make sure that your Samanage account has admin permissions and try again.
-
-	![Samanage Test Connection](./media/samanage-provisioning-tutorial/TestConnection.png)
-
-7. In the **Notification Email** box, enter the email address of the person or group to receive the provisioning error notifications. Select the **Send an email notification when a failure occurs** check box.
+6. In the **Notification Email** box, enter the email address of the person or group to receive the provisioning error notifications. Select the **Send an email notification when a failure occurs** check box.
 
 	![Samanage Notification Email](./media/samanage-provisioning-tutorial/EmailNotification.png)
 
-8. Select **Save**.
+7. Select **Save**.
 
-9. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Samanage**.
+8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Samanage**.
 
 	![Samanage user synchronization](./media/samanage-provisioning-tutorial/UserMappings.png)
 
-10. Review the user attributes that are synchronized from Azure AD to Samanage in the **Attribute Mappings** section. The attributes selected as **Matching** properties are used to match the user accounts in Samanage for update operations. To save any changes, select **Save**.
+9. Review the user attributes that are synchronized from Azure AD to Samanage in the **Attribute Mappings** section. The attributes selected as **Matching** properties are used to match the user accounts in Samanage for update operations. To save any changes, select **Save**.
 
 	![Samanage matching user attributes](./media/samanage-provisioning-tutorial/UserAttributeMapping.png)
 
-11. To enable group mappings, under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Samanage**.
+10. To enable group mappings, under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Samanage**.
 
 	![Samanage group synchronization](./media/samanage-provisioning-tutorial/GroupMappings.png)
 
-12. Set **Enabled** to **Yes** to synchronize groups. Review the group attributes that are synchronized from Azure AD to Samanage in the **Attribute Mappings** section. The attributes selected as **Matching** properties are used to match the user accounts in Samanage for update operations. To save any changes, select **Save**.
+11. Set **Enabled** to **Yes** to synchronize groups. Review the group attributes that are synchronized from Azure AD to Samanage in the **Attribute Mappings** section. The attributes selected as **Matching** properties are used to match the user accounts in Samanage for update operations. To save any changes, select **Save**.
 
 	![Samanage matching group attributes](./media/samanage-provisioning-tutorial/GroupAttributeMapping.png)
 
-13. To configure scoping filters, follow the instructions in the [scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+12. To configure scoping filters, follow the instructions in the [scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
 
-14. To enable the Azure AD provisioning service for Samanage, in the **Settings** section, change **Provisioning Status** to **On**.
+13. To enable the Azure AD provisioning service for Samanage, in the **Settings** section, change **Provisioning Status** to **On**.
 
 	![Samanage Provisioning Status](./media/samanage-provisioning-tutorial/ProvisioningStatus.png)
 
-15. Define the users or groups that you want to provision to Samanage. In the **Settings** section, select the values you want in **Scope**. When you select the **Sync all users and groups** option, consider the limitations as described in the following section "Connector limitations."
+14. Define the users or groups that you want to provision to Samanage. In the **Settings** section, select the values you want in **Scope**. When you select the **Sync all users and groups** option, consider the limitations as described in the following section "Connector limitations."
 
 	![Samanage Scope](./media/samanage-provisioning-tutorial/ScopeSync.png)
 
-16. When you're ready to provision, select **Save**.
+15. When you're ready to provision, select **Save**.
 
 	![Samanage Save](./media/samanage-provisioning-tutorial/SaveProvisioning.png)
 
 
@@ -25,12 +25,12 @@ This article tells you how to manage the lifecycle of Office 365 groups by setti
 
 Once you set a group to expire:
 
-- Groups with user activities are automatically renewed as the expiration nears
-- Owners of the group are notified to renew the group, if the group is not auto-renewed
-- Any group that is not renewed is deleted
-- Any Office 365 group that is deleted can be restored within 30 days by the group owners or the administrator
+- Groups with user activities are automatically renewed as the expiration nears.
+- Owners of the group are notified to renew the group, if the group is not auto-renewed.
+- Any group that is not renewed is deleted.
+- Any Office 365 group that is deleted can be restored within 30 days by the group owners or the administrator.
 
-Currently only one expiration policy can be configured for all Office 365 groups in an Azure AD organization.
+Currently, only one expiration policy can be configured for all Office 365 groups in an Azure AD organization.
 
 > [!NOTE]
 > Configuring and using the expiration policy for Office 365 groups requires you to possess but not necessarily assign Azure AD Premium licenses for the members of all groups to which the expiration policy is applied.
@@ -39,7 +39,7 @@ For information on how to download and install the Azure AD PowerShell cmdlets,
 
 ## Activity-based automatic renewal
 
-With Azure AD intelligence, groups are now automatically renewed based on whether they have been in recent used. This feature eliminates the need for manual action by group owners, because it based on user activity in groups across Office 365 services like Outlook, SharePoint, Teams, or Yammer. For example, if an owner or a group member does something like upload a document in SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed and the owner does not get any renewal notifications.
+With Azure AD intelligence, groups are now automatically renewed based on whether they have been recently used. This feature eliminates the need for manual action by group owners, because it's based on user activity in groups across Office 365 services like Outlook, SharePoint, Teams, or Yammer. For example, if an owner or a group member does something like upload a document in SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed and the owner does not get any renewal notifications.
 
 ### Activities that automatically renew group expiration
 
@@ -53,6 +53,8 @@ The following user actions cause automatic group renewal:
 
 Administrators can get a list of automatically renewed groups from the activity audit logs in Azure AD.
 
+![Automatic renewal of groups based on activity](./media/groups-lifecycle/audit-logs-autorenew-group.png)
+
 ## Roles and permissions
 
 The following are roles that can configure and use expiration for Office 365 groups in Azure AD.
 
@@ -14,10 +14,6 @@ ms.author: atulmal
 
 [GitHub Actions](https://help.github.com/en/articles/about-github-actions) gives you the flexibility to build an automated software development lifecycle workflow. The Kubernetes action [azure/aks-set-context@v1](https://github.com/Azure/aks-set-context) facilitate deployments to Azure Kubernetes Service clusters. The action sets the target AKS cluster context, which could be used by other actions like [azure/k8s-deploy](https://github.com/Azure/k8s-deploy/tree/master), [azure/k8s-create-secret](https://github.com/Azure/k8s-create-secret/tree/master) etc. or run any kubectl commands.
 
-> [!IMPORTANT]
-> GitHub Actions is currently in beta. You must first [sign-up to join the preview](https://github.com/features/actions) using your GitHub account.
-> 
-
 A workflow is defined by a YAML (.yml) file in the `/.github/workflows/` path in your repository. This definition contains the various steps and parameters that make up the workflow.
 
 For a workflow targeting AKS, the file has three sections:
 
@@ -97,7 +97,7 @@ To run the script:
    * **appgwName: [String]: Optional**. This is a string you specify to use as the name for the new Standard_v2 or WAF_v2 gateway. If this parameter isn't supplied, the name of your existing v1 gateway will be used with the suffix *_v2* appended.
    * **sslCertificates: [PSApplicationGatewaySslCertificate]: Optional**.  A comma-separated list of PSApplicationGatewaySslCertificate objects that you create to represent the SSL certs from your v1 gateway must be uploaded to the new v2 gateway. For each of your SSL certs configured for your Standard v1 or WAF v1 gateway, you can create a new PSApplicationGatewaySslCertificate object via the `New-AzApplicationGatewaySslCertificate` command shown here. You need the path to your SSL Cert file and the password.
 
-       This parameter is only optional if you don’t have HTTPS listeners configured for your v1 gateway or WAF. If you have at least one HTTPS listener setup, you must specify this parameter.
+     This parameter is only optional if you don’t have HTTPS listeners configured for your v1 gateway or WAF. If you have at least one HTTPS listener setup, you must specify this parameter.
 
       ```azurepowershell  
       $password = ConvertTo-SecureString <cert-password> -AsPlainText -Force
@@ -109,12 +109,17 @@ To run the script:
         -Password $password
       ```
 
-      You can pass in `$mySslCert1, $mySslCert2` (comma-separated) in the previous example as values for this parameter in the script.
-   * **trustedRootCertificates: [PSApplicationGatewayTrustedRootCertificate]: Optional**. A comma-separated list of PSApplicationGatewayTrustedRootCertificate objects that you create to represent the [Trusted Root certificates](ssl-overview.md) for authentication of your backend instances from your v2 gateway.  
+     You can pass in `$mySslCert1, $mySslCert2` (comma-separated) in the previous example as values for this parameter in the script.
+   * **trustedRootCertificates: [PSApplicationGatewayTrustedRootCertificate]: Optional**. A comma-separated list of PSApplicationGatewayTrustedRootCertificate objects that you create to represent the [Trusted Root certificates](ssl-overview.md) for authentication of your backend instances from your v2 gateway.
+   
+      ```azurepowershell
+      $certFilePath = ".\rootCA.cer"
+      $trustedCert = New-AzApplicationGatewayTrustedRootCertificate -Name "trustedCert1" -CertificateFile $certFilePath
+      ```
 
       To create a list of PSApplicationGatewayTrustedRootCertificate objects, see [New-AzApplicationGatewayTrustedRootCertificate](https://docs.microsoft.com/powershell/module/Az.Network/New-AzApplicationGatewayTrustedRootCertificate?view=azps-2.1.0&viewFallbackFrom=azps-2.0.0).
    * **privateIpAddress: [String]: Optional**. A specific private IP address that you want to associate to your new v2 gateway.  This must be from the same VNet that you allocate for your new v2 gateway. If this isn't specified, the script allocates a private IP address for your v2 gateway.
-    * **publicIpResourceId: [String]: Optional**. The resourceId of a public IP address (standard SKU) resource in your subscription that you want to allocate to the new v2 gateway. If this isn't specified, the script allocates a new public IP in the same resource group. The name is the v2 gateway’s name with *-IP* appended.
+   * **publicIpResourceId: [String]: Optional**. The resourceId of existing public IP address (standard SKU) resource in your subscription that you want to allocate to the new v2 gateway. If this isn't specified, the script allocates a new public IP in the same resource group. The name is the v2 gateway’s name with *-IP* appended.
    * **validateMigration: [switch]: Optional**. Use this parameter if you want the script to do some basic configuration comparison validations after the v2 gateway creation and the configuration copy. By default, no validation is done.
    * **enableAutoScale: [switch]: Optional**. Use this parameter if you want the script to enable AutoScaling on the new v2 gateway after it's created. By default, AutoScaling is disabled. You can always manually enable it later on the newly created v2 gateway.
 
@@ -127,10 +132,10 @@ To run the script:
       -resourceId /subscriptions/8b1d0fea-8d57-4975-adfb-308f1f4d12aa/resourceGroups/MyResourceGroup/providers/Microsoft.Network/applicationGateways/myv1appgateway `
       -subnetAddressRange 10.0.0.0/24 `
       -appgwname "MynewV2gw" `
-      -sslCertificates $Certs `
+      -sslCertificates $mySslCert1,$mySslCert2 `
       -trustedRootCertificates $trustedCert `
       -privateIpAddress "10.0.0.1" `
-      -publicIpResourceId "MyPublicIP" `
+      -publicIpResourceId "/subscriptions/8b1d0fea-8d57-4975-adfb-308f1f4d12aa/resourceGroups/MyResourceGroup/providers/Microsoft.Network/publicIPAddresses/MyPublicIP" `
       -validateMigration -enableAutoScale
    ```