Merge pull request #99853 from MicrosoftDocs/master

12/30 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -27455,6 +27455,16 @@
       "redirect_url": "/azure/security-center/security-center-enable-data-collection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/recommendations-network.md",
+      "redirect_url": "/azure/security-center/recommendations-reference#recs-network",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/recommendations-compute-and-apps.md",
+      "redirect_url": "/azure/security-center/recommendations-reference#recs-computeapp",
+      "redirect_document_id": false
+    },
     {
       "source_path": "azure/security-center/security-center-resolve-endpoint-protection-health-alerts.md",
       "redirect_url": "/azure/security-center/security-center-faq",

articles/active-directory/cloud-provisioning/concept-attributes.md

@@ -1,6 +1,6 @@
 ---
-title: 'Understanding the Azure AD schema and custom expressions'
-description: This topic describes the Azure AD schema, the attributes that the provisioning agent flows and custom expressions.
+title: 'Understand the Azure AD schema and custom expressions'
+description: This article describes the Azure AD schema, the attributes that the provisioning agent flows, and custom expressions.
 services: active-directory
 documentationcenter: ''
 author: billmath
@@ -19,41 +19,41 @@ ms.collection: M365-identity-device-management
 ---
 
 
-# Understanding the Azure AD schema
-An object in Azure AD, like any directory, is a programmatic high-level data construct that represents such things as users, groups, and contacts.  When you create a new user or contact in Azure AD, you are creating a new instance of that object.  These instances can be differentiated based on their properties.
+# Understand the Azure AD schema
+An object in Azure Active Directory (Azure AD), like any directory, is a programmatic high-level data construct that represents such things as users, groups, and contacts. When you create a new user or contact in Azure AD, you're creating a new instance of that object. These instances can be differentiated based on their properties.
 
-Properties, in Azure AD are the elements responsible for storing information about an instance of an object in Azure AD.  
+Properties in Azure AD are the elements responsible for storing information about an instance of an object in Azure AD.
 
-The Azure AD schema defines the rules for which properties may be used in an entry, the kinds of values that those properties may have, and how users may interact with those values. 
+The Azure AD schema defines the rules for which properties might be used in an entry, the kinds of values that those properties might have, and how users might interact with those values. 
 
-Azure AD has two types of properties.  The properties are:
-- **Built in properties** – Properties that are pre-defined by the Azure AD schema.  These properties provide different uses and may or may not be accessible.
-- **Directory extensions** – Properties that are provided so that you can customize Azure AD for your own use.  For example, if you have extended your on-premises Active Directory with a certain attribute and want to flow that attribute, you can use one of the custom properties that are provided. 
+Azure AD has two types of properties:
+- **Built-in properties**: Properties that are predefined by the Azure AD schema. These properties provide different uses and might or might not be accessible.
+- **Directory extensions**: Properties that are provided so that you can customize Azure AD for your own use. For example, if you've extended your on-premises Active Directory with a certain attribute and want to flow that attribute, you can use one of the custom properties that's provided. 
 
 ## Attributes and expressions
-When an object, such as a user is provisioned to Azure AD, a new instance of the user object is created.  This creation includes the properties of that object, which are also known as attributes.  Initially, the newly created object will have its attributes set to values that are determined by the synchronization rules.  These attributes are then kept up to date via the cloud provisioning agent.
+When an object such as a user is provisioned to Azure AD, a new instance of the user object is created. This creation includes the properties of that object, which are also known as attributes. Initially, the newly created object has its attributes set to values that are determined by the synchronization rules. These attributes are then kept up to date via the cloud provisioning agent.
 
-![](media/concept-attributes/attribute1.png)
+![Object provisioning](media/concept-attributes/attribute1.png)
 
-For example, if a user is part of the Marketing department, their Azure AD department attribute will initially be created when they are provisioned and then the value would be set to Marketing.  But then, six months later, they change to Sales.  Their on-premises AD department attribute is changed to Sales.  This change will then synchronize to Azure AD and be reflected on their Azure AD user object.
+For example, a user might be part of a Marketing department. Their Azure AD department attribute is initially created when they're provisioned, and the value is set to Marketing. Six months later if they change to Sales, their on-premises Active Directory department attribute is changed to Sales. This change synchronizes to Azure AD and is reflected in their Azure AD user object.
 
-Attribute synchronization may be either direct, where the value in Azure AD is directly set to the value of the on-premises attribute.  Or, there may be a programmatic expression that handles this synchronization.  A programmatic expression would be needed in cases where some logic or a determination needed to be made in order to populate the value.
+Attribute synchronization might be direct, where the value in Azure AD is directly set to the value of the on-premises attribute. Or, a programmatic expression might handle the synchronization. A programmatic expression is needed in cases where some logic or a determination must be made to populate the value.
 
-For example, if I had my mail attribute ("[email protected]") and I needed to strip out the "@contoso.com" portion and flow just the value "john.smith" I would use something like this:
+For example, if you had the mail attribute "[email protected]" and needed to strip out the "@contoso.com" portion and flow only the value "john.smith," you'd use something like this:
 
 `Replace([mail], "@contoso.com", , ,"", ,)`  
 
-**Sample input / output:** <br>
+**Sample input/output:** <br>
 
 * **INPUT** (mail): "[email protected]"
-* **OUTPUT**:  "john.smith"
+* **OUTPUT**: "john.smith"
 
-For additional information, on writing custom expressions, and the syntax see [Writing Expressions for Attribute Mappings in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/functions-for-customizing-application-data).
+For more information on how to write custom expressions and the syntax, see [Writing expressions for attribute mappings in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/functions-for-customizing-application-data).
 
-The following list are common attributes and how they are synchronized to Azure AD.
+The following table lists common attributes and how they're synchronized to Azure AD.
 
 
-|On-premises Active Directory|Mapping Type|Azure AD|
+|On-premises Active Directory|Mapping type|Azure AD|
 |-----|-----|-----|
 |cn|Direct|commonName
 |countryCode|Direct|countryCode|
@@ -63,14 +63,14 @@ The following list are common attributes and how they are synchronized to Azure
 |userprincipalName|Direct|userPrincipalName|
 |ProxyAdress|Direct|ProxyAddress|
 
-## Viewing the schema
-In order to view the schema and verify it, do the following steps:
+## View the schema
+To view the schema and verify it, follow these steps.
 
-1.  Navigate to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
-2.  Sign in with your global administrator account
-3.  On the left, click **modify permissions** and ensure that **Directory.ReadWrite.All** is Consented.
-4.  Run the following query: https://graph.microsoft.com/beta/serviceprincipals/.  This query will return a list of service principals.
-5.  Locate "appDisplayName": "Active Directory to Azure Active Directory Provisioning" and note the "id:" value.
+1.  Go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
+1.  Sign in with your global administrator account.
+1.  On the left, select **modify permissions** and ensure that **Directory.ReadWrite.All** is *Consented*.
+1.  Run the query https://graph.microsoft.com/beta/serviceprincipals/. This query returns a list of service principals.
+1.  Locate `"appDisplayName": "Active Directory to Azure Active Directory Provisioning"` and note the value for `"id"`.
     ```
     "value": [
             {
@@ -143,8 +143,8 @@ In order to view the schema and verify it, do the following steps:
                 "passwordCredentials": []
             },
     ```
-6. Replace the {Service Principal id} with your value and run the following query: `https://graph.microsoft.com/beta/serviceprincipals/{Service Principal id}/synchronization/jobs/`
-7. Locate the "id": "AD2AADProvisioning.fd1c9b9e8077402c8bc03a7186c8f976" section and note the "id:".
+1. Replace `{Service Principal id}` with your value, and run the query `https://graph.microsoft.com/beta/serviceprincipals/{Service Principal id}/synchronization/jobs/`.
+1. Locate `"id": "AD2AADProvisioning.fd1c9b9e8077402c8bc03a7186c8f976"` and note the value for `"id"`.
     ```
     {
                 "id": "AD2AADProvisioning.fd1c9b9e8077402c8bc03a7186c8f976",
@@ -235,16 +235,17 @@ In order to view the schema and verify it, do the following steps:
                 ]
             }
     ```
-8. Now run the following query: `https://graph.microsoft.com/beta/serviceprincipals/{Service Principal Id}/synchronization/jobs/{AD2AAD Provisioning id}/schema`
+1. Now run the query `https://graph.microsoft.com/beta/serviceprincipals/{Service Principal Id}/synchronization/jobs/{AD2AAD Provisioning id}/schema`.
  
-    Example:  https://graph.microsoft.com/beta/serviceprincipals/653c0018-51f4-4736-a3a3-94da5dcb6862/synchronization/jobs/AD2AADProvisioning.e9287a7367e444c88dc67a531c36d8ec/schema
+    Example: https://graph.microsoft.com/beta/serviceprincipals/653c0018-51f4-4736-a3a3-94da5dcb6862/synchronization/jobs/AD2AADProvisioning.e9287a7367e444c88dc67a531c36d8ec/schema
 
- Replace the {Service Principal Id} and {AD2ADD Provisioning Id} with your values.
+   Replace `{Service Principal Id}` and `{AD2ADD Provisioning Id}` with your values.
 
-9. This query will return the schema.
-  ![](media/concept-attributes/schema1.png)
+1. This query returns the schema.
+
+   ![Returned schema](media/concept-attributes/schema1.png)
  
-## Next steps 
+## Next steps
 
 - [What is provisioning?](what-is-provisioning.md)
 - [What is Azure AD Connect cloud provisioning?](what-is-cloud-provisioning.md)

articles/active-directory/cloud-provisioning/how-to-automatic-upgrade.md

@@ -1,6 +1,6 @@
 ---
 title: 'Azure AD Connect cloud provisioning agent: Automatic upgrade | Microsoft Docs'
-description: This topic describes the built-in automatic upgrade feature in the Azure AD Connect cloud provisioning agent.
+description: This article describes the built-in automatic upgrade feature in the Azure AD Connect cloud provisioning agent.
 services: active-directory
 documentationcenter: ''
 author: billmath
@@ -19,26 +19,26 @@ ms.collection: M365-identity-device-management
 ---
 # Azure AD Connect cloud provisioning agent: Automatic upgrade
 
-Making sure your Azure AD Connect cloud provisioning agent installation is always up to date has never been easier with the **automatic upgrade** feature. This feature is enabled by default and cannot be disabled.
+Making sure your Azure Active Directory (Azure AD) Connect cloud provisioning agent installation is always up to date is easy with the automatic upgrade feature. This feature is enabled by default and can't be disabled.
 
-The agent is installed here:  **"Program files\Azure AD Connect Provisioning Agent\AADConnectProvisioningAgent.exe"**
+The agent is installed here: "Program files\Azure AD Connect Provisioning Agent\AADConnectProvisioningAgent.exe"
 
-You can verify your version by right-clicking on the executable and selecting properties and then details.
+To verify your version, right-click the executable and select properties and then details.
 
 ![Agent file version](media/how-to-automatic-upgrade/agent1.png)
 
-The agent updater is installed here:  **"Program files\Azure AD Connect Provisioning Agent Updater\AzureADConnectAgentUpdater.exe"**
+The agent updater is installed here: "Program files\Azure AD Connect Provisioning Agent Updater\AzureADConnectAgentUpdater.exe"
 
-You can verify your version by right-clicking on the executable and selecting properties and then details.
+To verify your version, right-click the executable and select properties and then details.
 
 ![Agent updater version](media/how-to-automatic-upgrade/agent2.png)
 
-## Uninstalling the agent
-To remove the agent, navigate to **Uninstall or change a program** and uninstall the following:
+## Uninstall the agent
+To remove the agent, go to **Uninstall or change a program** and uninstall the following:
 
-- Microsoft Azure AD Connect Agent Updater
-- Microsoft Azure AD Connect Provisioning Agent
-- Microsoft Azure AD Connect Provisioning Agent Package
+- **Microsoft Azure AD Connect Agent Updater**
+- **Microsoft Azure AD Connect Provisioning Agent**
+- **Microsoft Azure AD Connect Provisioning Agent Package**
 
 ![Agent removal](media/how-to-automatic-upgrade/agent3.png)
 

articles/active-directory/cloud-provisioning/how-to-configure.md

@@ -1,6 +1,6 @@
 ---
 title: 'Azure AD Connect cloud provisioning new agent configuration'
-description: This topic describes how to install cloud provisioning.
+description: This article describes how to install cloud provisioning.
 services: active-directory
 author: billmath
 manager: daveba
@@ -13,67 +13,76 @@ ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Azure AD Connect cloud provisioning new configuration
+# Azure AD Connect cloud provisioning new agent configuration
 
-Once you have installed the agent, you need to sign-in to the Azure portal and configure provisioning.  Use the following steps to enable the agent.
+After you've installed the agent, you need to sign in to the Azure portal and configure Azure Active Directory (Azure AD) Connect cloud provisioning. Follow these steps to enable the agent.
 
 ## Configure provisioning
-To configure provisioning, use the following steps:
+To configure provisioning, follow these steps.
 
-1.  In the Azure AD portal, click **Azure Active Directory**
-2.  Click **Azure AD Connect**
-3.  Select **Manage provisioning (Preview)**
-![](media/how-to-configure/manage1.png)
+1.  In the Azure portal, select **Azure Active Directory**.
+1.  Select **Azure AD Connect**.
+1.  Select **Manage provisioning (Preview)**.
 
-4.  Click on **New configuration**.
-5.  On the configuration screen, the on-premises domain is pre-populated
-6. Enter a **Notification email**. This email will be notified when provisioning is not healthy.  
-8. Move the selector to **Enable** and click **Save**.
-![](media/tutorial-single-forest/configure2.png)
+    ![Manage provisioning (Preview)](media/how-to-configure/manage1.png)
 
-## Scoping provisioning to specific users and groups
-If you want to scope the agent to only synchronize specific users and groups, you can do this. You can scope using on-premises AD groups or Organizational Units. You cannot configure groups and Organizational Units within a configuration. 
+1.  Select **New configuration**.
+1.  On the configuration screen, the on-premises domain is prepopulated.
+1.  Enter a **Notification email**. This email will be notified when provisioning isn't healthy.
+1.  Move the selector to **Enable**, and select **Save**.
 
-1.  In the Azure AD portal, click **Azure Active Directory**
-2.  Click **Azure AD Connect**
-3.  Select **Manage provisioning (Preview)**
-4.  Under **Configuration** click on your configuration.  
-![](media/how-to-configure/scope1.png)
+    ![Azure AD provisioning (Preview)](media/tutorial-single-forest/configure2.png)
 
-5.  Under **Configure**, select **All users** to change the scope of the configuration rule.
-![](media/how-to-configure/scope2.png)
+## Scope provisioning to specific users and groups
+You can scope the agent to synchronize specific users and groups by using on-premises Active Directory groups or organizational units. You can't configure groups and organizational units within a configuration. 
 
-6. On the right, you can change the scope to include only security groups by entering the distinguished name of the group and clicking **Add**.
-![](media/how-to-configure/scope3.png)
+1.  In the Azure portal, select **Azure Active Directory**.
+1.  Select **Azure AD Connect**.
+1.  Select **Manage provisioning (Preview)**.
+1.  Under **Configuration**, select your configuration.
 
-7. Or change it to include only specific OUs. Click **Done** and **Save**.
-![](media/how-to-configure/scope4.png)
+    ![Configuration section](media/how-to-configure/scope1.png)
+
+1.  Under **Configure**, select **All users** to change the scope of the configuration rule.
+
+    ![All users option](media/how-to-configure/scope2.png)
+
+1. On the right, you can change the scope to include only security groups. Enter the distinguished name of the group, and select **Add**.
+
+    ![Selected security groups option](media/how-to-configure/scope3.png)
+
+1.  Or you can change the scope to include only specific organizational units. Select **Done** and **Save**.
+
+    ![Selected organizational units option](media/how-to-configure/scope4.png)
 
 
 ## Restart provisioning 
-If you do not want to wait for the next scheduled run, you can trigger the provisioning run using the restart provisioning button. 
-1.  In the Azure AD portal, click **Azure Active Directory**
-2.  Click **Azure AD Connect**
-3.  Select **Manage provisioning (Preview)**
-4.  Under **Configuration** click on your configuration.  
-![](media/how-to-configure/scope1.png)
+If you don't want to wait for the next scheduled run, trigger the provisioning run by using the **Restart provisioning** button. 
+1.  In the Azure portal, select **Azure Active Directory**.
+1.  Select **Azure AD Connect**.
+1.  Select **Manage provisioning (Preview)**.
+1.  Under **Configuration**, select your configuration.
+
+    ![Configuration selection to restart provisioning](media/how-to-configure/scope1.png)
+
+1.  At the top, select **Restart provisioning**.
+
+## Remove a configuration
+To delete a configuration, follow these steps.
 
-5.  At the top, click **Restart provisioning**.
+1.  In the Azure portal, select **Azure Active Directory**.
+1.  Select **Azure AD Connect**.
+1.  Select **Manage provisioning (Preview)**.
+1.  Under **Configuration**, select your configuration.
 
-## Removing a configuration
-If you want to delete a configuration you can do that by using the following steps.
+    ![Configuration selection to remove configuration](media/how-to-configure/scope1.png)
 
-1.  In the Azure AD portal, click **Azure Active Directory**
-2.  Click **Azure AD Connect**
-3.  Select **Manage provisioning (Preview)**
-4.  Under **Configuration** click on your configuration.  
-![](media/how-to-configure/scope1.png)
+1.  At the top of the configuration screen, select **Delete**.
 
-5.  At the top, click **Delete**.
-![](media/how-to-configure/remove1.png)
+    ![Delete button](media/how-to-configure/remove1.png)
 
 >[!IMPORTANT]
->There is no confirmation prior to deleting a configuration so be sure that this is the action you want to take before clicking **Delete**.
+>There's no confirmation prior to deleting a configuration. Make sure this is the action you want to take before you select **Delete**.
 
 
 ## Next steps