Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into gen2

Author: normesta

articles/active-directory-b2c/partner-idemia.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 03/10/2023
 ms.author: justinha 
 ---
 
@@ -174,11 +174,11 @@ Before you begin the migration process, complete the following initial checks an
 
     The following network security group Inbound rules are required for the managed domain to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet your managed domain is deployed into.
 
-    | Inbound port number | Protocol | Source                             | Destination | Action | Required | Purpose |
-    |:-----------:|:--------:|:----------------------------------:|:-----------:|:------:|:--------:|:--------|
-    | 5986        | TCP      | AzureActiveDirectoryDomainServices | Any         | Allow  | Yes      | Management of your domain. |
-    | 3389        | TCP      | CorpNetSaw                         | Any         | Allow  | Optional      | Debugging for support. |
-    | 636         | TCP      | AzureActiveDirectoryDomainServices | Inbound         | Allow  | Optional      | Secure LDAP. |
+    | Source      | Source service tag                 | Source port ranges |  Destination  | Service | Destination port ranges | Protocol | Action | Required | Purpose |
+    |:-----------:|:----------------------------------:|:------------------:|:-------------:|:-------:|:-----------------------:|:--------:|:------:|:--------:|:--------|
+    | Service tag | AzureActiveDirectoryDomainServices | *                  | Any           | WinRM   | 5986        | TCP       | Allow  | Yes       | Management of your domain |
+    | Service tag | CorpNetSaw                         | *                  | Any           | WinRM   | 3389        | TCP       | Allow  | Optional  | Debugging for support |
+    | Service tag | AzureActiveDirectoryDomainServices | *                  | Any           | WinRM   | 636         | TCP       | Allow  | Optional  | Secure LDAP |
 
     Make a note of this target resource group, target virtual network, and target virtual network subnet. These resource names are used during the migration process.
 

articles/active-directory-domain-services/migrate-from-classic-vnet.md

@@ -24,8 +24,9 @@ This article describes the general steps for managing automatic user account pro
 
 Use the Azure Active Directory portal to view and manage all applications that are configured for single sign-on in a directory. Enterprise apps are apps that are deployed and used within your organization. Follow these steps to view and manage your enterprise applications:
 
-1. Open the [Azure Active Directory portal](https://aad.portal.azure.com).
-1. Select **Enterprise applications** from the left pane. A list of all configured apps is shown, including apps that were added from the gallery.
+1. Open the [Azure portal](https://portal.azure.com).
+1. Browse to **Azure Active Directory** > **Enterprise applications**.
+1. A list of all configured apps is shown, including apps that were added from the gallery.
 1. Select any app to load its resource pane, where you can view reports and manage app settings.
 1. Select **Provisioning** to manage user account provisioning settings for the selected app.
 

articles/active-directory/app-provisioning/configure-automatic-user-provisioning-portal.md

@@ -29,8 +29,9 @@ You can customize the default attribute-mappings according to your business need
 
 Follow these steps to access the **Mappings** feature of user provisioning:
 
-1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com).
-1. Select **Enterprise applications** from the left pane. A list of all configured apps is shown, including apps that were added from the gallery.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Browse to **Azure Active Directory** > **Enterprise applications**.
+1. A list of all configured apps is shown, including apps that were added from the gallery.
 1. Select any app to load its app management pane, where you can view reports and manage app settings.
 1. Select **Provisioning** to manage user account provisioning settings for the selected app.
 1. Expand **Mappings** to view and edit the user attributes that flow between Azure AD and the target application. If the target application supports it, this section lets you optionally configure provisioning of groups and user accounts.
@@ -142,7 +143,7 @@ When you are editing the list of supported attributes, the following properties
 
 #### Provisioning a custom extension attribute to a SCIM compliant application
 The SCIM RFC defines a core user and group schema, while also allowing for extensions to the schema to meet your application's needs. To add a custom attribute to a SCIM application:
-   1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com), select **Enterprise Applications**, select your application, and then select **Provisioning**.
+   1. Sign in to the [Azure portal](https://portal.azure.com), select **Enterprise Applications**, select your application, and then select **Provisioning**.
    2. Under **Mappings**, select the object (user or group) for which you'd like to add a custom attribute.
    3. At the bottom of the page, select **Show advanced options**.
    4. Select **Edit attribute list for AppName**.

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -1308,8 +1308,9 @@ Applications that support the SCIM profile described in this article can be conn
 
 **To connect an application that supports SCIM:**
 
-1. Sign in to the [Azure AD portal](https://aad.portal.azure.com). You can get access a free trial for Azure AD with P2 licenses by signing up for the [developer program](https://developer.microsoft.com/microsoft-365/dev-program))
-1. Select **Enterprise applications** from the left pane. A list of all configured apps is shown, including apps that were added from the gallery.
+1. Sign in to the [Azure portal](https://portal.azure.com). You can get access a free trial for Azure AD with P2 licenses by signing up for the [developer program](https://developer.microsoft.com/microsoft-365/dev-program))
+1. Browse to **Azure Active Directory** > **Enterprise applications**.
+1. A list of all configured apps is shown, including apps that were added from the gallery.
 1. Select **+ New application** > **+ Create your own application**.
 1. Enter a name for your application, choose the option "*integrate any other application you don't find in the gallery*" and select **Add** to create an app object. The new app is added to the list of enterprise applications and opens to its app management screen.
 
@@ -1397,9 +1398,7 @@ The provisioning service supports the [authorization code grant](https://tools.i
 > [!NOTE]
 > OAuth v1 is not supported due to exposure of the client secret. OAuth v2 is supported.  
 
-Best practices (recommended, but not required):
-* Support multiple redirect URLs. Administrators can configure provisioning from both "portal.azure.com" and "aad.portal.azure.com". Supporting multiple redirect URLs will ensure that users can authorize access from either portal.
-* Support multiple secrets for easy renewal, without downtime. 
+Supportting multiple secrets for easy renewal, without downtime is recommended, but not required.
 
 #### How to set up OAuth code grant flow
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -33,9 +33,8 @@ Publish your proxy application as you would any other application and assign use
 
 You now need to register your application in Azure AD, as follows:
 
-1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/). The **Dashboard** for the **Azure Active Directory admin center** appears.
-1. In the sidebar, select **Azure Active Directory**. The **Azure Active Directory** overview page appears.
-1. In the Azure AD overview sidebar, select **App registrations**. The list of all app registrations appears.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Browse to **Azure Active Directory** > **App registrations**. The list of all app registrations appears.
 1. Select **New registration**. The **Register an application** page appears.
 
    ![Create a new app registration in the Azure portal](./media/application-proxy-configure-native-client-application/create.png)

articles/active-directory/app-proxy/application-proxy-configure-native-client-application.md

@@ -42,8 +42,8 @@ If you've enabled Application Proxy enabled and installed a connector already, y
 
 The Application Proxy connector is a Windows Server service that directs the traffic from your remote employees to your published applications. For more detailed installation instructions, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md).
 
-1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/) as an application administrator. The **Azure Active Directory admin center** page appears.
-1. Select **Azure Active Directory** > **Application proxy** > **Download connector service**. The **Application Proxy Connector Download** page appears.
+1. Sign in to the [Azure portal](https://portal.azure.com) as an Application Administrator.
+1. Browse to **Azure Active Directory** > **Application proxy** > **Download connector service**. The **Application Proxy Connector Download** page appears.
 
    ![Application proxy connector download](./media/application-proxy-configure-single-sign-on-with-ping-access/application-proxy-connector-download.png)
 
@@ -66,8 +66,8 @@ You'll first have to publish your application. This action involves:
 
 To publish your own on-premises application:
 
-1. If you didn't in the last section, sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/) as an application administrator.
-1. Select **Enterprise applications** > **New application** > **Add an on-premises application**. The **Add your own on-premises application** page appears.
+1. If you didn't in the last section, sign in to the [Azure portal](https://portal.azure.com) as an Application Administrator.
+1. Browse to **Enterprise applications** > **New application** > **Add an on-premises application**. The **Add your own on-premises application** page appears.
 
    ![Add your own on-premises application](./media/application-proxy-configure-single-sign-on-with-ping-access/add-your-own-on-premises-application.png)
 1. Fill out the required fields with information about your new application. Use the guidance below for the settings.
@@ -158,8 +158,8 @@ To collect this information:
 
 **Update the `acceptMappedClaims` field:**
 
-1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/) as an application administrator.
-1. Select **Azure Active Directory** > **App registrations**. A list of applications appears.
+1. Sign in to the [Azure portal](https://portal.azure.com) as an Application Administrator.
+1. Browse to **Azure Active Directory** > **App registrations**. A list of applications appears.
 1. Select your application.
 1. From the sidebar of the **App registrations** page for your application, select **Manifest**. The manifest JSON code for your application's registration appears.
 1. Search for the `acceptMappedClaims` field, and change the value to `True`.

articles/active-directory/app-proxy/application-proxy-ping-access-publishing-guide.md

@@ -343,7 +343,7 @@ import-module MSOnline
 Connect-MsolService
 New-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -DisplayName "Azure Multi-Factor Auth Client"
 ```
-Once done , go to https://aad.portal.azure.com > "Enterprise Applications" > Search for "Azure Multi-Factor Auth Client" > Check properties for this app > Confirm if the service principal is enabled or disabled > Click on the application entry > Go to Properties of the app > If the option "Enabled for users to sign-in? is set to No in Properties of this app , please set it to Yes.
+Once done , go to the [Azure portal](https://portal.azure.com) > **Azure Active Directory** > **Enterprise Applications** > Search for "Azure Multi-Factor Auth Client" > Check properties for this app > Confirm if the service principal is enabled or disabled > Click on the application entry > Go to Properties of the app > If the option "Enabled for users to sign-in? is set to No in Properties of this app , please set it to Yes.
 
 Run the `AzureMfaNpsExtnConfigSetup.ps1` script again and it should not return the `Service principal was not found` error. 
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -15,17 +15,19 @@ ms.reviewer: manrath, sureshja
 
 # Validation differences by supported account types (signInAudience)
 
-When registering an application with the Microsoft identity platform for developers, you're asked to select which account types your application supports. In the application object and manifest, this property is `signInAudience`.
+When registering an application with the Microsoft identity platform for developers, you're asked to select which account types your application supports. You can refer to the **Help me choose** link under **Supported account types** during the registration process. The value you select for this property has implications on other app object properties.
 
-The options include the following values:
+After the application has been registered, you can check or change the account type that the application supports at any time. Under the **Manage** pane of your application, search for **Manifest** and find the `signInAudience` value. The different account types, and the corresponding `signInAudience` are shown in the following table:
 
-- **AzureADMyOrg**: Only accounts in the organizational directory where the app is registered (single-tenant).
-- **AzureADMultipleOrgs**: Accounts in any organizational directory (multi-tenant).
-- **AzureADandPersonalMicrosoftAccount**: Accounts in any organizational directory (multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox, and Outlook.com).
+| Supported account types (Register an application) | `signInAudience` (Manifest) |
+|---------------------------------------------------|-----------------------------|
+| Accounts in this organizational directory only (Single tenant) | `AzureADMyOrg` |
+| Accounts in any organizational directory (Any Azure AD directory - Multitenant) | `AzureADMultipleOrgs` |
+| Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) | `AzureADandPersonalMicrosoftAccount` |
 
-For registered applications, you can find the value for supported account types on the **Authentication** section of an application. You can also find it under the `signInAudience` property in the **Manifest**.
+If you change this property you may need to change other properties first. 
 
-The value you select for this property has implications on other app object properties. As a result, if you change this property you may need to change other properties first.
+## Validation differences
 
 See the following table for the validation differences of various properties for different supported account types.
 

articles/active-directory/develop/supported-accounts-validation.md

@@ -35,8 +35,8 @@ Below are some common issues that may occur during the process.
     4. Navigate to the [partner profile page](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) where the MPN ID and primary account contact will be listed.
 
 - **I don’t know who my Azure AD Global Administrator (also known as company admin or tenant admin) is, how do I find them? What about the Application Administrator or Cloud Application Administrator?**
-    1. Sign in to the [Azure AD Portal](https://aad.portal.azure.com) using a user account in your organization's primary tenant.
-    2. Navigate to [Role Management](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators).
+    1. Sign in to the [Azure portal](https://portal.azure.com) using a user account in your organization's primary tenant.
+    1. Browse to **Azure Active Directory** > [Roles and administrators](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators).
     3. Select the desired admin role.
     4. The list of users assigned that role will be displayed.