Merge branch 'WI-71241-release-note-unified-disk-encryption-recommendation' of https://github.com/AlizaBernstein/azure-docs-pr into WI-71241-release-note-unified-disk-encryption-recommendation

Author: AlizaBernstein

articles/active-directory/develop/whats-new-docs.md

@@ -5,7 +5,7 @@ services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
 
-ms.date: 03/01/2023
+ms.date: 04/03/2023
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -18,6 +18,30 @@ ms.custom: has-adal-ref
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new docs that have been added and those that have had significant updates in the last three months.
 
+## March 2023
+
+### New articles
+
+- [Configure a SAML app to receive tokens with claims from an external store (preview)](custom-extension-configure-saml-app.md)
+- [Configure a custom claim provider token issuance event (preview)](custom-extension-get-started.md)
+- [Custom claims provider (preview)](custom-claims-provider-overview.md)
+- [Custom claims providers](custom-claims-provider-reference.md)
+- [Custom authentication extensions (preview)](custom-extension-overview.md)
+- [Troubleshoot your custom claims provider API (preview)](custom-extension-troubleshoot.md)
+- [Understanding application-only access](app-only-access-primer.md)
+
+### Updated articles
+
+- [ADAL to MSAL migration guide for Python](migrate-python-adal-msal.md)
+- [Handle errors and exceptions in MSAL for Python](msal-error-handling-python.md)
+- [How to migrate a JavaScript app from ADAL.js to MSAL.js](msal-compare-msal-js-and-adal-js.md)
+- [Microsoft identity platform access tokens](access-tokens.md)
+- [Microsoft Enterprise SSO plug-in for Apple devices (preview)](apple-sso-plugin.md)
+- [Restrict your Azure AD app to a set of users in an Azure AD tenant](howto-restrict-your-app-to-a-set-of-users.md)
+- [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md)
+- [Troubleshoot publisher verification](troubleshoot-publisher-verification.md)
+- [Tutorial: Call the Microsoft Graph API from a Universal Windows Platform (UWP) application](tutorial-v2-windows-uwp.md)
+
 ## February 2023
 
 ### New articles
@@ -46,20 +70,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Customize claims issued in the SAML token for enterprise applications](active-directory-saml-claims-customization.md)
 - [Enable cross-app SSO on Android using MSAL](msal-android-single-sign-on.md)
 - [Using redirect URIs with the Microsoft Authentication Library (MSAL) for iOS and macOS](redirect-uris-ios.md)
-
-## December 2022
-
-### New articles
-
-- [Block workload identity federation on managed identities using a policy](workload-identity-federation-block-using-azure-policy.md)
-- [Troubleshooting the configured permissions limits](troubleshoot-required-resource-access-limits.md)
-
-### Updated articles
-
-- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
-- [Quickstart: Get a token and call the Microsoft Graph API by using a console app's identity](quickstart-v2-netcore-daemon.md)
-- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
-- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
-- [Tutorial: Sign in users and call a protected API from a Blazor WebAssembly app](tutorial-blazor-webassembly.md)
-- [Web app that signs in users: App registration](scenario-web-app-sign-user-app-registration.md)
-- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)

articles/active-directory/manage-apps/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application management"
 description: "New and updated documentation for the Azure Active Directory application management."
-ms.date: 03/02/2023
+ms.date: 04/03/2023
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: reference
@@ -15,6 +15,23 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory (Azure AD) application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure AD](../fundamentals/whats-new.md).
 
+## March 2023
+
+### Updated articles
+
+- [Move application authentication to Azure Active Directory](migrate-adfs-apps-to-azure.md)
+- [Quickstart: Create and assign a user account](add-application-portal-assign-users.md)
+- [Configure sign-in behavior using Home Realm Discovery](configure-authentication-for-federated-users-portal.md)
+- [Disable auto-acceleration sign-in](prevent-domain-hints-with-home-realm-discovery.md)
+- [Review permissions granted to enterprise applications](manage-application-permissions.md)
+- [Migrate application authentication to Azure Active Directory](migrate-application-authentication-to-azure-active-directory.md)
+- [Azure Active Directory application management: What's new](whats-new-docs.md)
+- [Configure permission classifications](configure-permission-classifications.md)
+- [Restrict access to a tenant](tenant-restrictions.md)
+- [Tutorial: Migrate Okta sign-on policies to Azure Active Directory Conditional Access](migrate-okta-sign-on-policies-to-azure-active-directory-conditional-access.md)
+- [Delete an enterprise application](delete-application-portal.md)
+- [Restore an enterprise application in Azure AD](restore-application.md)
+
 ## February 2023
 
 ### Updated articles
@@ -43,17 +60,3 @@ Welcome to what's new in Azure Active Directory (Azure AD) application managemen
 - [Create an enterprise application from a multi-tenant application in Azure Active Directory](create-service-principal-cross-tenant.md)
 - [Configure sign-in behavior using Home Realm Discovery](configure-authentication-for-federated-users-portal.md)
 - [Secure hybrid access with Azure Active Directory partner integrations](secure-hybrid-access-integrations.md)
-
-## December 2022
-
-### Updated articles
-
-- [Grant consent on behalf of a single user by using PowerShell](grant-consent-single-user.md)
-- [Tutorial: Configure F5 BIG-IP SSL-VPN for Azure AD SSO](f5-aad-password-less-vpn.md)
-- [Integrate F5 BIG-IP with Azure Active Directory](f5-aad-integration.md)
-- [Deploy F5 BIG-IP Virtual Edition VM in Azure](f5-bigip-deployment-guide.md)
-- [End-user experiences for applications](end-user-experiences.md)
-- [Tutorial: Migrate your applications from Okta to Azure Active Directory](migrate-applications-from-okta-to-azure-active-directory.md)
-- [Tutorial: Configure F5 BIG-IP Access Policy Manager for Kerberos authentication](f5-big-ip-kerberos-advanced.md)
-- [Tutorial: Configure F5 BIG-IP Easy Button for Kerberos single sign-on](f5-big-ip-kerberos-easy-button.md)
-- [Tutorial: Configure F5 BIG-IP Easy Button for header-based and LDAP single sign-on](f5-big-ip-ldap-header-easybutton.md)

articles/active-directory/saas-apps/convercent-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with Convercent'
+title: 'Tutorial: Azure Active Directory integration with Convercent | Microsoft Docs'
 description: Learn how to configure single sign-on between Azure Active Directory and Convercent.
 services: active-directory
 author: jeevansd
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 03/29/2023
 ms.author: jeedes
 ---
 # Tutorial: Azure Active Directory integration with Convercent
@@ -83,7 +83,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     `https://<INSTANCE_NAME>.convercent.com/`
 
     > [!NOTE]
-    > These values are not real. Update these values with the actual Identifier, Sign-On URL and Relay State. Contact [Convercent Client support team](http://support.convercent.com/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+    > These values are not real. Update these values with the actual Identifier, Sign-On URL and Relay State. Contact [Convercent Client support team](https://www.convercent.com/customers/services/customer-support) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 6. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
 
@@ -119,11 +119,11 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Convercent SSO
 
-To configure single sign-on on **Convercent** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Convercent support team](http://support.convercent.com/). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Convercent** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Convercent support team](https://www.convercent.com/customers/services/customer-support). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create Convercent test user
 
-In this section, you create a user called Britta Simon in Convercent. Work with [Convercent support team](http://support.convercent.com/) to add the users in the Convercent platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Convercent. Work with [Convercent support team](https://www.convercent.com/customers/services/customer-support) to add the users in the Convercent platform. Users must be created and activated before you use single sign-on.
 
 ## Test SSO
 

articles/active-directory/saas-apps/media/zendesk-tutorial/zendesk-create-sso-configuration.png

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ServiceNow'
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ServiceNow | Microsoft Docs'
 description: Learn how to configure single sign-on between Azure Active Directory and ServiceNow.
 services: active-directory
 author: jeevansd
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 03/29/2023
 ms.author: jeedes
 ---
 
@@ -172,7 +172,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 4. In the **Basic SAML Configuration** section, perform the following steps:
 
-	a. For **Sign on URL**, enter one of the following URL pattern:
+	a. For **Sign on URL**, enter one of the following URL patterns:
 
 	| Sign on URL |
 	|-----------|
@@ -183,7 +183,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
     b. For **Identifier (Entity ID)**, enter a URL that uses the following pattern:
     `https://<instance-name>.service-now.com`
 
-	c. For **Reply URL**, enter one of the following URL pattern:
+	c. For **Reply URL**, enter one of the following URL patterns:
 
 	| Reply URL |
 	|-----------|
@@ -372,7 +372,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 The objective of this section is to create a user called B.Simon in ServiceNow. ServiceNow supports automatic user provisioning, which is enabled by default.
 
 > [!NOTE]
-> If you need to create a user manually, contact the [ServiceNow Client support team](https://www.servicenow.com/support/contact-support.html).
+> If you need to create a user manually, contact the [ServiceNow Client support team](https://support.servicenow.com/now).
 
 ### Configure ServiceNow Express SSO
 

articles/active-directory/saas-apps/media/zendesk-tutorial/zendesk-saml-configuration-settings.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/16/2023
+ms.date: 03/29/2023
 ms.author: jeedes
 
 ---
@@ -63,12 +63,12 @@ Complete the following steps to enable Azure AD single sign-on in the Azure port
     `urn:amazon:cognito:sp:InstanceName`
 
     b. In the **Reply URL** textbox, type a URL using the following pattern:
-    `https://InstanceName-tanium.auth.<SUBDOMAIN>.amazoncognito.com/saml2/idpresponse`
+    `https://<InstanceName>-tanium.auth.<SUBDOMAIN>.amazoncognito.com/saml2/idpresponse`
 
 1. If you wish to configure the application in **SP** initiated mode, then perform the following step:
 
     In the **Sign on URL** textbox, type a URL using the following pattern:
-    `https://InstanceName.cloud.tanium.com`
+    `https://<InstanceName>.cloud.tanium.com`
 
     > [!NOTE]
     > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Tanium Cloud SSO Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.

articles/active-directory/saas-apps/servicenow-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 03/29/2023
 ms.author: jeedes
 ---
 
@@ -144,11 +144,11 @@ You can set up one SAML configuration for team members and a second SAML configu
 
 1. In the **Zendesk Admin Center**, go to **Account -> Security -> Single sign-on**, then click **Create SSO configuration** and select **SAML**.
 
-	![Screenshot shows the Zendesk Admin Center with Security settings selected.](https://zen-marketing-documentation.s3.amazonaws.com/docs/en/zendesk_create_sso_configuration.png "Security")
+	![Screenshot shows the Zendesk Admin Center with Security settings selected.](./media/zendesk-tutorial/zendesk-create-sso-configuration.png "Security")
 
 1. Perform the following steps in the **Single sign-on** page.
 
-	![Single sign-on](https://zen-marketing-documentation.s3.amazonaws.com/docs/en/zendesk_saml_configuration_settings.png "Single sign-on")
+	![Single sign-on](./media/zendesk-tutorial/zendesk-saml-configuration-settings.png "Single sign-on")
 
     a. In **Configuration name**, enter a name for your configuration. Up to two SAML and two JWT configurations are possible.
 

articles/active-directory/saas-apps/tanium-cloud-sso-tutorial.md

@@ -3,7 +3,7 @@ title: Azure Automation data security
 description: This article helps you learn how Azure Automation protects your privacy and secures your data.
 services: automation
 ms.subservice: shared-capabilities
-ms.date: 12/11/2022
+ms.date: 04/02/2023
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell
 ---
@@ -14,7 +14,7 @@ This article contains several topics explaining how data is protected and secure
 
 ## TLS 1.2 for Azure Automation
 
-To insure the security of data in transit to Azure Automation, we strongly encourage you to configure the use of Transport Layer Security (TLS) 1.2. The following are a list of methods or clients that communicate over HTTPS to the Automation service:
+To ensure the security of data in transit to Azure Automation, we strongly encourage you to configure the use of Transport Layer Security (TLS) 1.2. The following are a list of methods or clients that communicate over HTTPS to the Automation service:
 
 * Webhook calls
 
@@ -56,7 +56,7 @@ The following table summarizes the retention policy for different resources.
 
 ## Data backup
 
-When you delete an Automation account in Azure, all objects in the account are deleted. The objects include runbooks, modules, configurations, settings, jobs, and assets. They can't be recovered after the account is deleted. You can use the following information to back up the contents of your Automation account before deleting it.
+When you delete an Automation account in Azure, all objects in the account are deleted. The objects include runbooks, modules, configurations, settings, jobs, and assets. You can [recover](delete-account.md#restore-a-deleted-automation-account) a deleted Automation account within 30 days. You can also use the following information to back up the contents of your Automation account before deleting it:
 
 ### Runbooks
 
@@ -76,16 +76,10 @@ You can't retrieve the values for encrypted variables or the password fields of
 
 You can export your DSC configurations to script files using either the Azure portal or the [Export-AzAutomationDscConfiguration](/powershell/module/az.automation/export-azautomationdscconfiguration) cmdlet in Windows PowerShell. You can import and use these configurations in another Automation account.
 
-## Geo-replication in Azure Automation
+## Data residency
 
-Geo-replication is standard in Azure Automation accounts. You choose a primary region when setting up your account. The internal Automation geo-replication service assigns a secondary region to the account automatically. The service then continuously backs up account data from the primary region to the secondary region. The full list of primary and secondary regions can be found at [Cross-region replication in Azure: Business continuity and disaster recovery](../availability-zones/cross-region-replication-azure.md).
+You specify a region during the creation of an Azure Automation account. Service data such as assets, configuration, logs are stored in that region and may transit or be processed in other regions within the same geography. These global endpoints are necessary to provide end-users with a high-performance, low-latency experience regardless of location. Only for the Brazil South (Sao Paulo State) region of Brazil geography, Southeast Asia region (Singapore) and East Asia region (Hongkong) of the Asia Pacific geography, we store Azure Automation data in the same region to accommodate data-residency requirements for these regions.
 
-The backup created by the Automation geo-replication service is a complete copy of Automation assets, configurations, and the like. This backup can be used if the primary region goes down and loses data. In the unlikely event that data for a primary region is lost, Microsoft attempts to recover it.
-
-> [!NOTE]
-> Azure Automation stores customer data in the region selected by the customer. For the purpose of BCDR, for all regions except Brazil South and Southeast Asia, Azure Automation data is stored in a different region (Azure paired region). Only for the Brazil South (Sao Paulo State) region of Brazil geography and Southeast Asia region (Singapore) of the Asia Pacific geography, we store Azure Automation data in the same region to accommodate data-residency requirements for these regions.
-
-The Automation geo-replication service isn't accessible directly to external customers if there is a regional failure. If you want to maintain Automation configuration and runbooks during regional failures, set up disaster recovery of the Automation accounts and their dependent resources, such as Modules, Connections, Credentials, Certificates, Variables and Schedules. [Learn more](automation-disaster-recovery.md).
 
 ## Next steps
 

articles/active-directory/saas-apps/zendesk-tutorial.md

@@ -81,7 +81,7 @@ See the [full list](./update-management/operating-system-requirements.md) of sup
 
 **Type:** New feature
 
-In all regions except Brazil South and Southeast Asia, Azure Automation data is stored in a different region (Azure paired region) for providing Business Continuity and Disaster Recovery (BCDR). For the Brazil and Southeast Asia regions only, we now store Azure Automation data in the same region to accommodate data-residency requirements for these regions. For more information, see [Geo-replication in Azure Automation](./automation-managing-data.md#geo-replication-in-azure-automation).
+In all regions except Brazil South and Southeast Asia, Azure Automation data is stored in a different region (Azure paired region) for providing Business Continuity and Disaster Recovery (BCDR). For the Brazil and Southeast Asia regions only, we now store Azure Automation data in the same region to accommodate data-residency requirements for these regions. For more information, see [Data residency](./automation-managing-data.md#data-residency).
 
 ## February 2021