Merge pull request #221828 from MicrosoftDocs/main

Publish to live, Sunday 4 AM PST 12/18

Author: Maggiemouse1

.openpublishing.redirection.json

@@ -13238,6 +13238,11 @@
             "redirect_url": "/azure/expressroute/work-remotely-support",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/expressroute/howto-linkvnet-cli.md",
+            "redirect_url": "/azure/expressroute/expressroute-howto-linkvnet-cli",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/firewall/tutorial-diagnostics.md",
             "redirect_url": "/azure/firewall/firewall-diagnostics",

articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md

@@ -1,5 +1,5 @@
 ---
-title: Azure Monitor workbooks for reports | Microsoft Docs
+title: Azure Monitor workbooks for Azure Active Directory | Microsoft Docs
 description: Learn how to use Azure Monitor workbooks for Azure Active Directory reports.
 services: active-directory
 author: shlipsey3
@@ -8,144 +8,86 @@ ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 10/31/2022
+ms.date: 12/15/2022
 ms.author: sarahlipsey
 ms.reviewer: sarbar
 ---
-# How to use Azure Monitor workbooks for Azure Active Directory reports
-
-As an IT admin, you need powerful tools to turn the data about your Azure AD tenant into a visual representation that enables you to understand how your identity management environment is doing. Azure Monitor workbooks are an example for such a tool. 
-
-This article gives you an overview of how you can use Azure Monitor workbooks for Azure Active Directory reports to analyze your Azure AD tenant. 
-
-
-## What is Azure Monitor workbooks for Azure AD reports?
-
-Azure AD tracks all activities in your Azure AD in the activity logs. The data in your Azure AD logs enables you to assess how your Azure AD is doing. The Azure Active Directory portal gives you access to three activity logs:
-
-- **[Sign-ins](concept-sign-ins.md)** – Information about sign-ins and how your resources are used by your users.
-- **[Audit](concept-audit-logs.md)** – Information about changes applied to your tenant such as users and group management or updates applied to your tenant’s resources.
-- **[Provisioning](concept-provisioning-logs.md)** – Activities performed by the provisioning service, such as the creation of a group in ServiceNow or a user imported from Workday.
-
-
-Using the access capabilities provided by the Azure portal, you can review the information that is tracked in your activity logs. This option is helpful if you need to do a quick investigation of an event with a limited scope. For example, a user had trouble signing in during a period of a few hours. In this scenario, reviewing the recent records of this user in the sign-in logs can help to shed light on this issue. 
-
-For one-off investigations with a limited scope, the Azure portal is often the easiest way to find the data you need. However, there are also business problems requiring a more complex analysis of the data in your activity logs. One common example for a scenario that requires a trend analysis is related to blocking legacy authentication in your Azure AD tenant. 
-
-Azure AD supports several of the most widely used authentication and authorization protocols including legacy authentication. Legacy authentication refers to basic authentication, a widely used industry-standard method for collecting user name and password information. Examples of applications that commonly or only use legacy authentication are:
-
-- Microsoft Office 2013 or older.
-- Apps using mail protocols like POP, IMAP, and SMTP AUTH.
-
-
-Typically, legacy authentication clients can't enforce any type of second factor authentication. However, multi-factor authentication (MFA) is a common requirement in many environments to provide a high level of protection.   
-
-How can you determine whether it's safe to block legacy authentication in an environment? Answering this question requires an analysis of the sign-ins in your environment for a certain timeframe. Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
-
-With Azure Monitor workbooks, you can:
-
-- Query data from multiple sources in Azure
-- Visualize data for reporting and analysis
-- Combine multiple elements into a single interactive experience
-
-For more information, see [Azure Monitor workbooks](../../azure-monitor/visualize/workbooks-overview.md).
-
-
-## How does it help me?
-
-Common scenarios for using workbooks include:
-
-- Get shareable, at-a-glance summary reports about your Azure AD tenant, and build your own custom reports.
-
-- Find and diagnose sign-in failures, and get a trending view of your organization's sign-in health.
-
-- Monitor Azure AD logs for sign-ins, tenant administrator actions, provisioning, and risk together in a flexible, customizable format.
-
-- Watch trends in your tenant’s usage of Azure AD features such as conditional access, self-service password reset, and more.
-
-- Know who's using legacy authentications to sign in to your environment.
-
-- Understand the effect of your conditional access policies on your users' sign-in experience.
-
-
-
-
-## Who should use it?
-
-Typical personas for workbooks are:
-
-- **Reporting admin** - Someone who is responsible for creating reports on top of the available data and workbook templates
-
-- **Tenant admins** - People who use the available reports to get insight and take action.
-
-- **Workbook template builder** - Someone who “graduates” from the role of reporting admin by turning a workbook into a template for others with similar needs to use as a basis for creating their own workbooks.
-
-
-
-## How to use it
-
-When working with workbooks, you can either start with an empty workbook, or use an existing template. Workbook templates enable you to quickly get started using workbooks without needing to build from scratch. 
-
-There are:
-
-- **Public templates** published to a [gallery](../../azure-monitor/visualize/workbooks-overview.md#the-gallery) that serve as a good starting point when you're just getting started with workbooks.
-- **Private templates** when you start building your own workbooks and want to save one as a template to serve as the foundation for multiple workbooks in your tenant.
+# How to use Azure Monitor workbooks for Azure Active Directory
 
+When using Azure Workbooks, you can either start with an empty workbook, or use an existing template. Workbook templates enable you to quickly get started using workbooks without needing to build from scratch. 
 
+- **Public templates** published to a [gallery](../../azure-monitor/visualize/workbooks-overview.md#the-gallery) are a good starting point when you're just getting started with workbooks.
+- **Private templates** are helpful when you start building your own workbooks and want to save one as a template to serve as the foundation for multiple workbooks in your tenant.
 
 ## Prerequisites
 
-To use Monitor workbooks, you need:
-
-- An Azure Active Directory tenant with a premium (P1 or P2) license. Learn how to [get a premium license](../fundamentals/active-directory-get-started-premium.md).
-
-- A [Log Analytics workspace](../../azure-monitor/logs/quick-create-workspace.md).
-
-- [Access](../../azure-monitor/logs/manage-access.md#azure-rbac) to the log analytics workspace
-- Following roles in Azure Active Directory (if you're accessing Log Analytics through Azure Active Directory portal)
-    - Security administrator
-    - Security reader
-    - Reports reader
-    - Global administrator
-
-## Roles
-
-To access workbooks in Azure Active Directory, you must have access to the underlying [Log Analytics workspace](../../azure-monitor/logs/manage-access.md#azure-rbac) and be assigned to one of the following roles:
-
-
-- Global Reader
-
-- Reports Reader
-
-- Security Reader
-
-- Application Administrator 
-
-- Cloud Application Administrator
-
-- Company Administrator
-
-- Security Administrator
-
-
-
+To use Azure Workbooks for Azure AD, you need:
+- An Azure Active Directory (Azure AD) tenant with a premium (P1 or P2) license. Learn how to [get a premium license](../fundamentals/active-directory-get-started-premium.md)
+- The appropriate roles for the Log Analytics workspace *and* Azure AD
+- A Log Analytics workspace
+
+1. Create a [Log Analytics workspace](../../azure-monitor/logs/quick-create-workspace.md)
+    - Access to the Log Analytics workspace is determined by the workspace settings, access to the resources sending the data to the workspace, and the method used to access the workspace.
+    - To ensure you have the right access, review the [Manage access to Log Analytics workspaces](../../azure-monitor/logs/manage-access.md?tabs=tabs=portal#azure-rbac) article.
+
+2. Ensure that you have one of the following roles in Azure AD (if you're accessing the workspace through the Azure AD portal):
+    - Security Administrator
+    - Security Reader
+    - Reports Reader
+    - Global Administrator
+
+3. Ensure that you have the one of the following Azure subscription roles:
+    - Global Reader
+    - Reports Reader
+    - Security Reader
+    - Application Administrator 
+    - Cloud Application Administrator
+    - Company Administrator
+    - Security Administrator
+    - For more information on Azure subscription roles, see [Roles, permissions, and security in Azure Monitor](../../azure-monitor/roles-permissions-security.md).
+
+## How to access Azure Workbooks for Azure AD
 
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Navigate to **Azure Active Directory** > **Monitoring** > **Workbooks**. 
+    - **Workbooks**: All workbooks created in your tenant
+    - **Public Templates**: Pre-built workbooks for common or high priority scenarios
+    - **My Templates**: Templates you've created
+1. Select a report or template from the list. Workbooks may take a few moments to populate. 
+    - Search for a template by name.
+    - Select the **Browse across galleries** to view templates that aren't specific to Azure AD.
 
-## Workbook access 
+    ![Find the Azure Monitor workbooks in Azure AD](./media/howto-use-azure-monitor-workbooks/azure-monitor-workbooks-in-azure-ad.png)
 
-To access workbooks:
+## Create a new workbook
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+Workbooks can be created from scratch or from a template. When creating a new workbook, you can add elements as you go or use the **Advanced Editor** option to paste in the JSON representation of a workbook, copied from the [workbooks GitHub repository](https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json).
 
-1. Navigate to **Azure Active Directory** > **Monitoring** > **Workbooks**. 
+**To create a new workbook from scratch**:
+1. Navigate to **Azure AD** > **Monitoring** > **Workbooks**.
+1. Select **+ New**.
+1. Select an element from the **+ Add** menu.
 
-1. Select a report or template, or on the toolbar select **Open**. 
+    For more information on the available elements, see [Creating an Azure Workbook](../../azure-monitor/visualize/workbooks-create-workbook.md).
 
-![Find the Azure Monitor workbooks in Azure AD](./media/howto-use-azure-monitor-workbooks/azure-monitor-workbooks-in-azure-ad.png)
+    ![Screenshot of the Azure Workbooks +Add menu options.](./media/howto-use-azure-monitor-workbooks/create-new-workbook-elements.png)
 
+**To create a new workbook from a template**:
+1. Navigate to **Azure AD** > **Monitoring** > **Workbooks**.
+1. Select a workbook template from the Gallery.
+1. Select **Edit** from the top of the page.
+    - Each element of the workbook has its own **Edit** button. 
+    - or more information on editing workbook elements, see [Azure Workbooks Templates](../../azure-monitor/visualize/workbooks-templates.md)
 
+1. Select the **Edit** button for any element. Make your changes and select **Done editing**.
+        ![Screenshot of a workbook in Edit mode, with the Edit and Done Editing buttons highlighted.](./media/howto-use-azure-monitor-workbooks/edit-buttons.png)
+1. When you're done editing the workbook, select the **Save As** to save your workbook with a new name.
+1. In the **Save As** window:
+    - Provide a **Title**, **Subscription**, **Resource Group** (you must have the ability to save a workbook for the selected Resource Group), and **Location**.
+    - Optionally choose to save your workbook content to an [Azure Storage Account](../../azure-monitor/visualize/workbooks-bring-your-own-storage.md).
+1. Select the **Apply** button.
 
 ## Next steps
 
 * [Create interactive reports by using Monitor workbooks](../../azure-monitor/visualize/workbooks-overview.md).
-* [Create custom Azure Monitor queries using Azure PowerShell](../governance/entitlement-management-logs-and-reporting.md).
+* [Create custom Azure Monitor queries using Azure PowerShell](../governance/entitlement-management-logs-and-reporting.md).

articles/active-directory/reports-monitoring/index.yml

@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Azure Active Directory reports and monitoring documentation
-summary: Learn how to use reports in Azure AD.
+summary: Learn how to use reports, monitoring, workbooks, and recommendations in Azure Active Directory (Azure AD).
 
 metadata:
   title: Azure Active Directory reports and monitoring documentation
@@ -12,7 +12,7 @@ metadata:
   ms.topic: landing-page
   author: shlipsey3
   ms.author: sarahlipsey
-  ms.date: 08/29/2019
+  ms.date: 12/16/2022
   ms.collection: M365-identity-device-management
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
@@ -21,43 +21,75 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card
-  - title: About Azure Active Directory reports and monitoring
+  - title: About Azure AD reports and monitoring
     linkLists:
       - linkListType: overview
         links:
-          - text: What are Azure Active Directory reports?
+          - text: What are Azure AD reports?
             url: overview-reports.md
-          - text: What is Azure Active Directory monitoring?
+          - text: What is Azure AD monitoring?
             url: overview-monitoring.md
       - linkListType: concept
         links:
          - text: Audit logs
            url: concept-audit-logs.md
          - text: Sign-in logs
            url: concept-sign-ins.md
-         - text: Risky sign-in logs
-           url: ../identity-protection/overview-identity-protection.md
-         - text: Users flagged for risk logs
-           url: ../identity-protection/overview-identity-protection.md
          - text: Provisioning logs
            url: concept-provisioning-logs.md
   # Card
-  - title: Use reports in Azure AD
+  - title: Use logs and reports in Azure AD
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Find activity reports
-            url: howto-find-activity-reports.md
-          - text: Remediate users flagged for risk
-            url: howto-remediate-users-flagged-for-risk.md
-          - text: Use Azure AD workbooks
-            url: howto-use-azure-monitor-workbooks.md
+          - text: Access activity logs
+            url: howto-access-activity-logs.md
+          - text: Download activity logs
+            url: howto-download-logs.md
+          - text: How to manage inactive user accounts
+            url: howto-manage-inactive-user-accounts.md
   # Card
   - title: Use monitoring in Azure AD
     linkLists:
       - linkListType: how-to-guide
         links:
           - text: Analyze activity logs in Azure Monitor logs
             url: howto-analyze-activity-logs-log-analytics.md
-          - text: Install and use the log analytics views for Azure AD
-            url: howto-install-use-log-analytics-views.md
+
+  # Card
+  - title: Use workbooks in Azure AD
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What are Azure Active Directory workbooks?
+            url: overview-reports.md
+      - linkListType: how-to-guide
+        links:
+          - text: Use Azure AD workbooks
+            url: howto-use-azure-monitor-workbooks.md
+
+  # Card
+  - title: Use recommendations in Azure AD
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What are Azure Active Directory recommendations?
+            url: overview-recommendations.md
+      - linkListType: reference
+        links:
+          - text: Convert per-user MFA to Conditional Access
+            url: recommendation-turn-off-per-user-mfa.md
+          - text: Migrate to Microsoft Authenticator
+            url: recommendation-migrate-to-authenticator.md           
+
+  # Card
+  - title: Common scenarios for using reports and monitoring
+    linkLists:
+      - linkListType: concept
+        links:
+          - text: Send Azure AD logs to Azure Monitor
+            url: concept-activity-logs-azure-monitor.md
+          - text: Explore basic info on the sign-in logs
+            url: reference-basic-info-sign-in-logs.md
+          - text: Troubleshoot sign-in errors
+            url: howto-troubleshoot-sign-in-errors.md