Merge pull request #189246 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -908,85 +908,85 @@ Replaces values within a string in a case-sensitive manner. The function behaves
 #### Replace characters using a regular expression
 **Example 1:** Using **oldValue** and **replacementValue** to replace the entire source string with another string.
 
-Let’s say your HR system has an attribute `BusinessTitle`. As part of recent job title changes, your company wants to update anyone with the business title “Product Developer” to “Software Engineer”. 
+Let's say your HR system has an attribute `BusinessTitle`. As part of recent job title changes, your company wants to update anyone with the business title "Product Developer" to "Software Engineer". 
 Then in this case, you can use the following expression in your attribute mapping. 
 
 `Replace([BusinessTitle],"Product Developer", , , "Software Engineer", , )`
 
 * **source**: `[BusinessTitle]`
-* **oldValue**: “Product Developer”
-* **replacementValue**: “Software Engineer”
+* **oldValue**: "Product Developer"
+* **replacementValue**: "Software Engineer"
 * **Expression output**: Software Engineer
 
 **Example 2:** Using **oldValue** and **template** to insert the source string into another *templatized* string. 
 
 The parameter **oldValue** is a misnomer in this scenario. It is actually the value that will get replaced.  
-Let’s say you want to always generate login id in the format `<username>@contoso.com`. There is a source attribute called **UserID** and you want that value to be used for the `<username>` portion of the login id. 
+Let's say you want to always generate login id in the format `<username>@contoso.com`. There is a source attribute called **UserID** and you want that value to be used for the `<username>` portion of the login id. 
 Then in this case, you can use the following expression in your attribute mapping. 
 
 `Replace([UserID],"<username>", , , , , "<username>@contoso.com")`
 
-* **source:** `[UserID]` = “jsmith”
-* **oldValue:** “`<username>`”
-* **template:** “`<username>@contoso.com`”
-* **Expression output:** “[email protected]”
+* **source:** `[UserID]` = "jsmith"
+* **oldValue:** "`<username>`"
+* **template:** "`<username>@contoso.com`"
+* **Expression output:** "[email protected]"
 
 **Example 3:** Using **regexPattern** and **replacementValue** to extract a portion of the source string and replace it with an empty string or a custom value built using regex patterns or regex group names.
 
-Let’s say you have a source attribute `telephoneNumber` that has components `country code` and `phone number` separated by a space character. E.g. `+91 9998887777`
+Let's say you have a source attribute `telephoneNumber` that has components `country code` and `phone number` separated by a space character. E.g. `+91 9998887777`
 Then in this case, you can use the following expression in your attribute mapping to extract the 10 digit phone number. 
 
 `Replace([telephoneNumber], , "\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})", , "${phoneNumber}", , )`
 
-* **source:** `[telephoneNumber]` = “+91 9998887777”
-* **regexPattern:** “`\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})`”
-* **replacementValue:** “`${phoneNumber}`”
+* **source:** `[telephoneNumber]` = "+91 9998887777"
+* **regexPattern:** "`\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})`"
+* **replacementValue:** "`${phoneNumber}`"
 * **Expression output:** 9998887777
 
 You can also use this pattern to remove characters and collapse a string. 
 For example, the expression below removes parenthesis, dashes and space characters in the mobile number string and returns only digits. 
 
 `Replace([mobile], , "[()\\s-]+", , "", , )`
 
-* **source:** `[mobile] = “+1 (999) 888-7777”`
-* **regexPattern:** “`[()\\s-]+`”
-* **replacementValue:** “” (empty string)
+* **source:** `[mobile] = "+1 (999) 888-7777"`
+* **regexPattern:** "`[()\\s-]+`"
+* **replacementValue:** "" (empty string)
 * **Expression output:** 19998887777
 
 **Example 4:** Using **regexPattern**, **regexGroupName** and **replacementValue** to extract a portion of the source string and replace it with another literal value or empty string.
 
-Let’s say your source system has an attribute AddressLineData with two components street number and street name. As part of a recent move, let’s say the street number of the address changed and you want to update only the street number portion of the address line. 
-Then in this case, you can use the following expression in your attribute mapping to extract the 10 digit phone number.
+Let's say your source system has an attribute AddressLineData with two components street number and street name. As part of a recent move, let's say the street number of the address changed and you want to update only the street number portion of the address line. 
+Then in this case, you can use the following expression in your attribute mapping to extract the street number.
 
 `Replace([AddressLineData], ,"(?<streetNumber>^\\d*)","streetNumber", "888", , )`
 
-* **source:** `[AddressLineData]` = “545 Tremont Street”
-* **regexPattern:** “`(?<streetNumber>^\\d*)`”
-* **regexGroupName:** “streetNumber”
-* **replacementValue:** “888”
+* **source:** `[AddressLineData]` = "545 Tremont Street"
+* **regexPattern:** "`(?<streetNumber>^\\d*)`"
+* **regexGroupName:** "streetNumber"
+* **replacementValue:** "888"
 * **Expression output:** 888 Tremont Street
 
 Here is another example where the domain suffix from a UPN is replaced with an empty string to generate login id without domain suffix. 
 
 `Replace([userPrincipalName], , "(?<Suffix>@(.)*)", "Suffix", "", , )`
 
-* **source:** `[userPrincipalName]` = “[email protected]”
-* **regexPattern:** “`(?<Suffix>@(.)*)`”
-* **regexGroupName:** “Suffix”
-* **replacementValue:** “” (empty string)
+* **source:** `[userPrincipalName]` = "[email protected]"
+* **regexPattern:** "`(?<Suffix>@(.)*)`"
+* **regexGroupName:** "Suffix"
+* **replacementValue:** "" (empty string)
 * **Expression output:** jsmith
 
-**Example 5:** Using **regexPattern**, **regexGroupName** and **replacementAttributeName** to handle scenarios when the source attribute is empty or doesn’t have a value.
+**Example 5:** Using **regexPattern**, **regexGroupName** and **replacementAttributeName** to handle scenarios when the source attribute is empty or doesn't have a value.
 
-Let’s say your source system has an attribute telephoneNumber. If telephoneNumber is empty, you want to extract the 10 digits of the mobile number attribute.
+Let's say your source system has an attribute telephoneNumber. If telephoneNumber is empty, you want to extract the 10 digits of the mobile number attribute.
 Then in this case, you can use the following expression in your attribute mapping. 
 
 `Replace([telephoneNumber], , "\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})", "phoneNumber" , , [mobile], )`
 
-* **source:** `[telephoneNumber]` = “” (empty string)
-* **regexPattern:** “`\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})`”
-* **regexGroupName:** “phoneNumber”
-* **replacementAttributeName:** `[mobile]` = “+91 8887779999”
+* **source:** `[telephoneNumber]` = "" (empty string)
+* **regexPattern:** "`\\+(?<isdCode>\\d* )(?<phoneNumber>\\d{10})`"
+* **regexGroupName:** "phoneNumber"
+* **replacementAttributeName:** `[mobile]` = "+91 8887779999"
 * **Expression output:** 8887779999
 
 **Example 6:** You need to find characters that match a regular expression value and remove them.
@@ -1106,6 +1106,10 @@ Switch(source, defaultValue, key1, value1, key2, value2, …)
 **Description:** 
 When **source** value matches a **key**, returns **value** for that **key**. If **source** value doesn't match any keys, returns **defaultValue**.  **Key** and **value** parameters must always come in pairs. The function always expects an even number of parameters. The function should not be used for referential attributes such as manager. 
 
+> [!NOTE] 
+> Switch function performs a case-sensitive string comparison of the **source** and **key** values. If you'd like to perform a case-insensitive comparison, normalize the **source** string before comparison using a nested ToLower function and ensure that all **key** strings use lowercase. 
+> Example: `Switch(ToLower([statusFlag]), "0", "true", "1", "false", "0")`. In this example, the **source** attribute `statusFlag` may have values ("True" / "true" / "TRUE"). However, the Switch function will always convert it to lowercase string "true" before comparison with **key** parameters. 
+
 **Parameters:** 
 
 | Name | Required/ Repeating | Type | Notes |

articles/active-directory/manage-apps/f5-big-ip-headers-easy-button.md

@@ -31,13 +31,12 @@ To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD i
 
 This scenario looks at the classic legacy application using HTTP authorization headers to control access to protected content.
 
-Being legacy, the application lacks any form of modern protocols to support a direct integration with Azure AD. Modernizing the app is also costly, requires careful planning, and introduces risk of potential downtime. 
+Being legacy, the application lacks modern protocols to support a direct integration with Azure AD. The application can be modernized, but it is costly, requires careful planning, and introduces risk of potential downtime. Instead, an F5 BIG-IP Application Delivery Controller (ADC) is used to bridge the gap between the legacy application and the modern ID control plane, through protocol transitioning. 
 
-One option would be to consider [Azure AD Application Proxy](../app-proxy/application-proxy.md), to gate remote access to the application.
+Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and headers-based SSO, significantly improving the overall security posture of the application.
 
-Another approach is to use an F5 BIG-IP Application Delivery Controller (ADC), as it too provides the protocol transitioning required to bridge legacy applications to the modern ID control plane.
-
-Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and header-based SSO, significantly improving the overall security posture of the application for both remote and local access.
+> [!NOTE] 
+> Organizations can also gain remote access to this type of application with [Azure AD Application Proxy](../app-proxy/application-proxy.md)
 
 ## Scenario architecture
 
@@ -144,7 +143,7 @@ You can now access the Easy Button functionality that provides quick configurati
 
    ![Screenshot for Configure Easy Button- Install the template](./media/f5-big-ip-easy-button-ldap/easy-button-template.png)
 
-5. Review the list of configuration steps and select Next
+5. Review the list of configuration steps and select **Next**
 
    ![Screenshot for Configure Easy Button - List configuration steps](./media/f5-big-ip-easy-button-ldap/config-steps.png)
 
@@ -164,7 +163,7 @@ Consider the **Azure Service Account Details** be the BIG-IP client application
 
 2. Enable **Single Sign-On (SSO) & HTTP Headers**
 
-3. Enter the **Tenant Id**, **Client ID**, and **Client Secret** you noted down during tenant registration
+3. Enter the **Tenant Id**, **Client ID**, and **Client Secret** you noted when registering the Easy Button client in your tenant.
 
 4. Confirm the BIG-IP can successfully connect to your tenant, and then select **Next**
 
@@ -380,4 +379,4 @@ If you don’t see a BIG-IP error page, then the issue is probably more related
 
 2. The **View Variables** link in this location may also help root cause SSO issues, particularly if the BIG-IP APM fails to obtain the right attributes
 
-For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).
+For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).

articles/active-directory/manage-apps/f5-big-ip-kerberos-easy-button.md

@@ -31,11 +31,12 @@ To learn about all of the benefits, see the article on [F5 BIG-IP and Azure AD i
 
 For this scenario, we have an application using **Kerberos authentication**, also known as **Integrated Windows Authentication (IWA)**, to gate access to protected content.
 
-Being legacy, the application lacks modern protocols to support a direct integration with Azure AD. Modernizing the app would be ideal, but is costly, requires careful planning, and introduces risk of potential downtime.
+Being legacy, the application lacks modern protocols to support a direct integration with Azure AD. The application can be modernized, but it is costly, requires careful planning, and introduces risk of potential downtime. Instead, an F5 BIG-IP Application Delivery Controller (ADC) is used to bridge the gap between the legacy application and the modern ID control plane, through protocol transitioning. 
 
-One option would be to consider using [Azure AD Application Proxy](../app-proxy/application-proxy.md), as it provides the protocol transitioning required to bridge the legacy application to the modern identity control plane. Or for our scenario, we'll achieve this using F5's BIG-IP Application Delivery Controller (ADC).
+Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and headers-based SSO, significantly improving the overall security posture of the application.
 
-Having a BIG-IP in front of the application enables us to overlay the service with Azure AD pre-authentication and header-based SSO, significantly improving the overall security posture of the application for remote and local access.
+> [!NOTE] 
+> Organizations can also gain remote access to this type of application with [Azure AD Application Proxy](../app-proxy/application-proxy.md)
 
 ## Scenario architecture
 
@@ -176,11 +177,11 @@ Consider the **Azure Service Account Details** be the BIG-IP client application
 
 2. Enable **Single Sign-On (SSO) & HTTP Headers**
 
-3. Enter the **Tenant Id, Client ID,** and **Client Secret** you noted down during tenant registration
+3. Enter the **Tenant Id, Client ID,** and **Client Secret** you noted when registering the Easy Button client in your tenant.
 
    ![Screenshot for Configuration General and Service Account properties](./media/f5-big-ip-kerberos-easy-button/azure-configuration-properties.png)
 
-Before you select **Next**, confirm that BIG-IP can successfully connect to your tenant.
+Before you select **Next**, confirm the BIG-IP can successfully connect to your tenant.
 
 ### Service Provider
 
@@ -479,4 +480,4 @@ If you don’t see a BIG-IP error page, then the issue is probably more related
 
 2. Select the link for your active session. The **View Variables** link in this location may also help determine root cause KCD issues, particularly if the BIG-IP APM fails to obtain the right user and domain identifiers.
 
-See [BIG-IP APM variable assign examples]( https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107) and [F5 BIG-IP session variables reference]( https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/session-variables.html) for more info.
+See [BIG-IP APM variable assign examples]( https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107) and [F5 BIG-IP session variables reference]( https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/session-variables.html) for more info.

articles/active-directory/manage-apps/f5-big-ip-ldap-header-easybutton.md

@@ -182,7 +182,7 @@ Consider the **Azure Service Account Details** be the BIG-IP client application
 
 2. Enable **Single Sign-On (SSO) & HTTP Headers**
 
-3. Enter the **Tenant Id**, **Client ID**, and **Client Secret** you noted down during tenant registration
+3. Enter the **Tenant Id**, **Client ID**, and **Client Secret** you noted when registering the Easy Button client in your tenant.
 
 5. Confirm the BIG-IP can successfully connect to your tenant, and then select **Next**
 
@@ -432,4 +432,4 @@ If you don’t see a BIG-IP error page, then the issue is probably more related
 
  ```ldapsearch -xLLL -H 'ldap://192.168.0.58' -b "CN=partners,dc=contoso,dc=lds" -s sub -D "CN=f5-apm,CN=partners,DC=contoso,DC=lds" -w 'P@55w0rd!' "(cn=testuser)" ```
 
-For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).
+For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).

articles/active-directory/manage-apps/f5-big-ip-oracle-enterprise-business-suite-easy-button.md

@@ -160,9 +160,9 @@ Some of these are global settings so can be re-used for publishing more applicat
 
 2. Enable **Single Sign-On (SSO) & HTTP Headers**
 
-3. Enter the **Tenant Id, Client ID**, and **Client Secret** you noted down from your registered application
+3. Enter the **Tenant Id, Client ID**, and **Client Secret** you noted when registering the Easy Button client in your tenant.
 
-4. Before you select **Next**, confirm that BIG-IP can successfully connect to your tenant.
+4. Before you select **Next**, confirm the BIG-IP can successfully connect to your tenant.
 
    ![ Screenshot for Configuration General and Service Account properties](./media/f5-big-ip-oracle/configuration-general-and-service-account-properties.png)
 

articles/active-directory/manage-apps/f5-big-ip-oracle-jde-easy-button.md

@@ -156,7 +156,7 @@ Some of these are global settings so can be re-used for publishing more applicat
 
 3. Enter the **Tenant Id, Client ID**, and **Client Secret** you noted down from your registered application
 
-4. Before you select **Next**, confirm that BIG-IP can successfully connect to your tenant.
+4. Before you select **Next**, confirm the BIG-IP can successfully connect to your tenant.
 
    ![Screenshot for Configuration General and Service Account properties](./media/f5-big-ip-easy-button-oracle-jde/configuration-general-and-service-account-properties.png)