Merge branch 'main' of https://github.com/microsoftdocs/azure-docs-pr into phsm-support-guide

Author: msmbaldwin

.openpublishing.publish.config.json

@@ -1020,6 +1020,7 @@
     "articles/load-testing/.openpublishing.redirection.azure-load-testing.json",
     "articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json",
     "articles/machine-learning/.openpublishing.redirection.machine-learning.json",
-    "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json"
+    "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",
+    ".openpublishing.redirection.virtual-desktop.json"
   ]
 }

.openpublishing.redirection.json

@@ -24728,11 +24728,6 @@
       "redirect_url": "/azure/traffic-manager/traffic-manager-manage-profiles",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/virtual-desktop/connect-windows-7-and-10.md",
-      "redirect_url": "/azure/virtual-desktop/connect-windows-7-10",
-      "redirect_document_id": true
-    },
     {
       "source_path_from_root": "/articles/troubleshoot-client-connection.md",
       "redirect_url": "/azure/virtual-desktop/troubleshoot-client",

.openpublishing.redirection.virtual-desktop.json

@@ -0,0 +1,9 @@
+{
+    "redirections": [
+        {
+            "source_path_from_root": "/articles/virtual-desktop/connect-windows-7-and-10.md",
+            "redirect_url": "/azure/virtual-desktop/connect-windows-7-10",
+            "redirect_document_id": true
+        }
+    ]
+}

articles/active-directory-b2c/azure-ad-external-identities-videos.md

@@ -29,7 +29,7 @@ Get a deeper view into the features and technical aspects of the Azure AD B2C se
 |[Azure AD B2C sign-up sign-in](https://www.youtube.com/watch?v=c8rN1ZaR7wk&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6&t=2s) 10:25       | [:::image type="icon" source="./media/external-identities-videos/customer-sign-up-sign-in.png" border="false":::](https://www.youtube.com/watch?v=c8rN1ZaR7wk&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6)  | [Azure AD B2C single sign on and self service password reset](https://www.youtube.com/watch?v=kRV-7PSLK38&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=7) 8:40       | [:::image type="icon" source="./media/external-identities-videos/single-sign-on.png" border="false":::](https://www.youtube.com/watch?v=kRV-7PSLK38&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=7) |
 | [Application and identity migration to Azure AD B2C](https://www.youtube.com/watch?v=Xw_YwSJmhIQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=9) 10:34       | [:::image type="icon" source="./media/external-identities-videos/identity-migration-aad-b2c.png" border="false":::](https://www.youtube.com/watch?v=Xw_YwSJmhIQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=9) | [Build resilient and scalable flows using Azure AD B2C](https://www.youtube.com/watch?v=8f_Ozpw9yTs&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=12) 16:47       | [:::image type="icon" source="./media/external-identities-videos/b2c-scalable-flows.png" border="false":::](https://www.youtube.com/watch?v=8f_Ozpw9yTs&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=12) |
 | [Building a custom CIAM solution with Azure AD B2C and ISV alliances](https://www.youtube.com/watch?v=UZjiGDD0wa8&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=8) 10:01       | [:::image type="icon" source="./media/external-identities-videos/build-custom-b2c-solution.png" border="false":::](https://www.youtube.com/watch?v=UZjiGDD0wa8&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=8) | [Protecting Web APIs with Azure AD B2C](https://www.youtube.com/watch?v=wuUu71RcsIo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=10) 19:03       | [:::image type="icon" source="./media/external-identities-videos/protecting-web-apis.png" border="false":::](https://www.youtube.com/watch?v=wuUu71RcsIo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=10) |
-| [Integration of SAML with Azure AD B2C](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) 9:09       | [:::image type="icon" source="./media/external-identities-videos/saml-integration.png" border="false":::](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) |
+| [Integration of SAML with Azure AD B2C](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) 9:09       | [:::image type="icon" source="./media/external-identities-videos/saml-integration.png" border="false":::](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) | [Azure AD B2C Identity Protection and Conditional Access](https://www.youtube.com/watch?v=frn5jVqbmUo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=15) 14:44       | [:::image type="icon" source="./media/external-identities-videos/identity-protection-and-conditional-access.png" border="false":::](https://www.youtube.com/watch?v=frn5jVqbmUo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=15)
 
 ## Azure Active Directory B2C how to series
 

articles/active-directory-b2c/media/external-identities-videos/identity-protection-and-conditional-access.png

@@ -249,6 +249,7 @@ The **InputClaim** element contains the following attributes:
 | --------- | -------- | ----------- |
 | ClaimTypeReferenceId | Yes | The identifier of a claim type. The claim is already defined in the claims schema section in the policy file or parent policy file. |
 | DefaultValue | No | A default value to use to create a claim if the claim indicated by ClaimTypeReferenceId doesn't exist so that the resulting claim can be used as an InputClaim element by the technical profile. |
+|AlwaysUseDefaultValue |No |Forces the use of the default value. |
 | PartnerClaimType | No | The identifier of the claim type of the external partner that the specified policy claim type maps to. If the PartnerClaimType attribute isn't specified, the specified policy claim type is mapped to the partner claim type of the same name. Use this property when your claim type name is different from the other party. An example is if the first claim name is *givenName*, while the partner uses a claim named *first_name*. |
 
 ## Display claims

articles/active-directory-b2c/technicalprofiles.md

@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 
 # Group writeback in the Azure Active Directory admin center (preview)
 
-Group writeback is a valuable tool for administrators of Azure Active Directory (Azure AD) tenants being synced with on-premises Active Directory groups. Microsoft is now previewing new capabilities for group writeback. In this preview, you can specify in the Azure AD admin center which groups you want to write back and what you’d like each group to write back as. You can write Microsoft 365 groups back to on-premises Active Directory as Distribution, Mail-enabled Security, or Security groups, and write Security groups back as Security groups. Groups are written back with a scope of universal​.
+Group writeback is a valuable tool for administrators of Azure Active Directory (Azure AD) tenants being synced with on-premises Active Directory groups. Microsoft is now previewing new capabilities for group writeback for tenants with an Azure AD Premium license and Azure AD Connect version 2021 December release or later. In this preview, once you have [enabled Azure AD Connect group writeback](..//hybrid/how-to-connect-group-writeback-v2.md), you can specify in the Azure AD admin center which groups you want to write back and what you’d like each group to write back as. You can write Microsoft 365 groups back to on-premises Active Directory as Distribution, Mail-enabled Security, or Security groups, and write Security groups back as Security groups. Groups are written back with a scope of universal​.
 
 >[!NOTE]
 > If you were previously writing Microsoft 365 groups back to on-premises Active Directory as universal distribution groups, they will appear in the Azure portal as not enabled for writeback in both the **Groups** page and in the properties page for a group. These pages display a new property introduced for the preview, “writeback enabled”. This property is not set by the current version of group writeback to ensure backward compatibility with the legacy version of group writeback and to avoid breaking existing customer setups.

articles/active-directory/enterprise-users/groups-write-back-portal.md

@@ -119,7 +119,7 @@ To enable group writeback via PowerShell:
     Set-ADSyncScheduler -SyncCycleEnabled $true 
     ```
 
-You've now enabled the group writeback feature. 
+You've now enabled the group writeback feature, and can [select the groups for writeback](../enterprise-users/groups-write-back-portal.md).
 
 ### Optional Configuration 
 
@@ -194,4 +194,5 @@ Limitations and known issues specific to Group Writeback:
 
 ## Next steps
 
-Learn more about [Integrating your on-premises identities with Azure Active Directory](whatis-hybrid-identity.md).
+- Configure [group writeback in the Azure Active Directory Admin Center](../enterprise-users/groups-write-back-portal.md)
+- Learn more about [Integrating your on-premises identities with Azure Active Directory](whatis-hybrid-identity.md).

articles/active-directory/hybrid/how-to-connect-group-writeback-v2.md

@@ -0,0 +1,140 @@
+---
+title: 'Tutorial: Azure AD SSO integration with Ediwin SaaS EDI'
+description: Learn how to configure single sign-on between Azure Active Directory and Ediwin SaaS EDI.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 07/23/2022
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure AD SSO integration with Ediwin SaaS EDI
+
+In this tutorial, you'll learn how to integrate Ediwin SaaS EDI with Azure Active Directory (Azure AD). When you integrate Ediwin SaaS EDI with Azure AD, you can:
+
+* Control in Azure AD who has access to Ediwin SaaS EDI.
+* Enable your users to be automatically signed-in to Ediwin SaaS EDI with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Ediwin SaaS EDI single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Ediwin SaaS EDI supports **SP** initiated SSO.
+
+## Add Ediwin SaaS EDI from the gallery
+
+To configure the integration of Ediwin SaaS EDI into Azure AD, you need to add Ediwin SaaS EDI from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Ediwin SaaS EDI** in the search box.
+1. Select **Ediwin SaaS EDI** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+
+## Configure and test Azure AD SSO for Ediwin SaaS EDI
+
+Configure and test Azure AD SSO with Ediwin SaaS EDI using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Ediwin SaaS EDI.
+
+To configure and test Azure AD SSO with Ediwin SaaS EDI, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Ediwin SaaS EDI SSO](#configure-ediwin-saas-edi-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create Ediwin SaaS EDI test user](#create-ediwin-saas-edi-test-user)** - to have a counterpart of B.Simon in Ediwin SaaS EDI that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Ediwin SaaS EDI** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+    ![Screenshot shows to edit Basic S A M L Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, perform the following steps:
+
+    a. In the **Identifier** textbox, type a URL using the following pattern:
+    `https://web.sedeb2b.com/<EdiwinDomain>`
+
+    b. In the **Reply URL** textbox, type a URL using the following pattern:
+    `https://web.sedeb2b.com/Ediwin/samlLogin/<EdiwinDomain>`
+
+    c. In the **Sign-on URL** text box, type a URL using the following pattern:
+    `https://web.sedeb2b.com/Ediwin/samlLogin/<EdiwinDomain>`
+
+    > [!Note]
+    > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Ediwin SaaS EDI support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
+
+    ![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
+
+1. On the **Set up Ediwin SaaS EDI** section, copy the appropriate URL(s) based on your requirement.
+
+	![Screenshot shows to copy configuration appropriate U R L.](common/copy-configuration-urls.png "Attributes")  
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+   1. In the **Name** field, enter `B.Simon`.  
+   1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
+   1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+   1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Ediwin SaaS EDI.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Ediwin SaaS EDI**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Ediwin SaaS EDI SSO
+
+To configure single sign-on on **Ediwin SaaS EDI** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Ediwin SaaS EDI support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Ediwin SaaS EDI test user
+
+In this section, you create a user called Britta Simon in Ediwin SaaS EDI. Work with [Ediwin SaaS EDI support team](mailto:[email protected]) to add the users in the Ediwin SaaS EDI platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+* Click on **Test this application** in Azure portal. This will redirect to Ediwin SaaS EDI Sign-on URL where you can initiate the login flow. 
+
+* Go to Ediwin SaaS EDI Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the Ediwin SaaS EDI tile in the My Apps, this will redirect to Ediwin SaaS EDI Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Next steps
+
+Once you configure Ediwin SaaS EDI you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).