Merge pull request #188535 from davidmu1/configureprops1

laurabren · web-flow · commit f4a2ded16658 · 2022-02-24T11:22:36.000-08:00
configure app properties
diff --git a/articles/active-directory/manage-apps/add-application-portal-configure.md b/articles/active-directory/manage-apps/add-application-portal-configure.md
@@ -1,85 +1,44 @@
 ---
-title: 'Quickstart: Configure enterprise application properties'
+title: 'Configure enterprise application properties'
 titleSuffix: Azure AD
 description: Configure the properties of an enterprise application in Azure Active Directory.
 services: active-directory
 author: davidmu1
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
-ms.topic: quickstart
+ms.topic: how-to
 ms.workload: identity
 ms.date: 09/22/2021
 ms.author: davidmu
 ms.reviewer: ergreenl
-ms.custom: mode-other
 #Customer intent: As an administrator of an Azure AD tenant, I want to configure the properties of an enterprise application.
 ---
 
-# Quickstart: Configure enterprise application properties
+# Configure enterprise application properties
 
-In this quickstart, you use the Azure Active Directory Admin Center to configure the properties of an enterprise application that you previously added to your Azure Active Directory (Azure AD) tenant.
-
-You can configure the following common attributes of an enterprise application:
-
-- **Enabled for users to sign in?** - Determines whether users assigned to the application can sign in.
-- **User assignment required?** - Determines whether users who aren't assigned to the application can sign in.
-- **Visible to users?** - Determines whether users assigned to an application can see it in My Apps and Microsoft 365 app launcher. (See the waffle menu in the upper-left corner of a Microsoft 365 website.)
-- **Logo** - Determines the logo that represents the application.
-- **Notes** - Provides a place to add notes that apply to the application.
-
-It is recommended that you use a non-production environment to test the steps in this quickstart.
+This article shows you where you can configure the properties of an enterprise application in your Azure Active Directory (Azure AD) tenant. For more information about the properties that you can configure, see [Properties of an enterprise application](application-properties.md).
 
 ## Prerequisites
 
 To configure the properties of an enterprise application, you need:
 
 - An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
-- Completion of the steps in [Quickstart: Add an enterprise application](add-application-portal.md).
 
 ## Configure application properties
 
 Application properties control how the application is represented and how the application is accessed.
 
-To edit the application properties:
+To configure the application properties:
 
 1. Go to the [Azure Active Directory Admin Center](https://aad.portal.azure.com) and sign in using one of the roles listed in the prerequisites.
-1. In the left menu, select **Enterprise applications**. The **All applications** pane opens and displays a list of the applications in your Azure AD tenant. Search for and select the application that you want to use. For example, **Azure AD SAML Toolkit 1**.
+1. In the left menu, select **Enterprise applications**. The **All applications** pane opens and displays a list of the applications in your Azure AD tenant. Search for and select the application that you want to use.
 1. In the **Manage** section, select **Properties** to open the **Properties** pane for editing.
-1. Select **Yes** or **No** to decide whether the application is enabled for users to sign in.
-1. Select **Yes** or **No** to decide whether only user accounts that have been assigned to the application can sign in.
-1. Select **Yes** or **No** to decide whether users assigned to an application can see it in My Apps and Microsoft 365 portals. 
-
-    :::image type="content" source="media/add-application-portal-configure/configure-properties.png" alt-text="Configure the properties of an enterprise application.":::
-
-## Use a custom logo
-
-The application logo is seen on the My Apps and Microsoft 365 portals, and when administrators view this application in the enterprise application gallery. Custom logos must be exactly 215x215 pixels in size and be in the PNG format. It is recommended that you use a solid color background with no transparency in your application logo so that it appears best to users.
-
-To use a custom logo:
-
-1. Create a logo that's 215 by 215 pixels, and save it in .png format.
-1. Select the icon in **Select a file** to upload the logo.
-1. When you're finished, select **Save**.
-
-The thumbnail for the logo doesn't update right away. You can close and reopen the **Properties** pane to see the updated thumbnail.
-
-## Add notes
-
-You can use the **Notes** property to add any information that is relevant for the management of the application in Azure AD. The **Notes** property is a free text field with a maximum size of 1024 characters.
-
-To enter notes for the application:
-
-1. Enter the notes that you want to keep with the application.
-1. Select **Save**.
-
-## Clean up resources
-
-If you are planning to complete the next quickstart, keep the enterprise application that you created. Otherwise, you can consider deleting it to clean up your tenant. For more information, see [Delete an application](delete-application-portal.md).
+1. Configure the properties based on the needs of your application. 
 
 ## Next steps
 
-Learn how to search for and view the applications in your Azure AD tenant.
+Learn more about how to manage enterprise applications.
 > [!div class="nextstepaction"]
-> [View applications](view-applications-portal.md)
+> [What is application management in Azure Active Directory?](what-is-application-management.md)
diff --git a/articles/active-directory/manage-apps/application-properties.md b/articles/active-directory/manage-apps/application-properties.md
@@ -0,0 +1,92 @@
+---
+title: 'Properties of an enterprise application'
+titleSuffix: Azure AD
+description: Learn about the properties of an enterprise application in Azure Active Directory.
+services: active-directory
+author: davidmu1
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: app-mgmt
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 09/22/2021
+ms.author: davidmu
+ms.reviewer: ergreenl
+#Customer intent: As an administrator of an Azure AD tenant, I want to learn more about the properties of an enterprise application that I can configure.
+---
+
+# Properties of an enterprise application
+
+This article describes the properties that you can configure for an enterprise application in your Azure Active Directory (Azure AD) tenant. To configure the properties, see [Configure enterprise application properties](add-application-portal-configure.md).
+
+## Enabled for users to sign in? 
+
+If this option is set to **Yes**, then assigned users are able to sign in to the application from the My Apps portal, the User access URL, or by navigating to the application URL directly. If assignment is required, then only users who are assigned to the application are able to sign-in. If assignment is required, applications must be assigned to be granted a token.
+
+If this option is set to **No**, then no users are able to sign in to the application, even if they're assigned to it. Tokens aren't issued for the application.  
+
+## Name 
+
+This property is the name of the application that users see on the My Apps portal. Administrators see the name when they manage access to the application. Other tenants see the name when integrating the application into their directory. 
+
+It's recommended that you choose a name that users can understand. This is important because this name is visible in the various portals, such as My Apps and O365 Launcher. 
+
+## Homepage URL 
+
+If the application is custom-developed, the homepage URL is the URL that a user can use to sign in to the application. For example, it's the URL that is launched when the application is selected in the My Apps portal. If this application is from the Azure AD Gallery, this URL is where you can go to learn more about the application or its vendor. 
+
+The homepage URL can't be edited within enterprise applications. The homepage URL must be edited on the application object. 
+
+## Logo 
+
+This is the application logo that users see on the My Apps portal and the Office 365 application launcher. Administrators also see the logo in the Azure AD gallery.
+
+Custom logos must be exactly 215x215 pixels in size and be in the PNG format. You should use a solid color background with no transparency in your application logo. The central image dimensions should be 94x94 pixels and the logo file size can't be over 100 KB.
+
+## Application ID 
+
+This property is the unique identifier for the application in your directory. You can use this application ID if you ever need help from Microsoft Support. You can also use the identifier to perform operations using the Microsoft Graph APIs or the Microsoft Graph PowerShell SDK.
+
+## Object ID 
+
+This is the unique identifier of the service principal object associated with the application. This identifier can be useful when performing management operations against this application using PowerShell or other programmatic interfaces. This identifier is different than the identifier for the application object. 
+
+The identifier is used to update information for the local instance of the application, such as assigning users and groups to the application. The identifier can also be used to update the properties of the enterprise application or to configure single-sign on. 
+
+## Assignment required 
+
+This option doesn't affect whether or not an application appears on the My Apps portal. To show the application there, assign an appropriate user or group to the application. This option has no effect on users' access to the application when it's configured for any of the other single sign-on modes. 
+
+If this option is set to **Yes**, then users and other applications or services must first be assigned this application before being able to access it. 
+ 
+If this option is set to **No**, then all users are able to sign in, and other applications and services are able to obtain an access token to the application. 
+ 
+This option only applies to the following types of applications and services: 
+- Applications using SAML
+- OpenID Connect
+- OAuth 2.0
+- WS-Federation for user sign
+- Application Proxy applications with Azure AD pre-authentication enabled
+- Applications or services for which other applications or service are requesting access tokens 
+
+## Visible to users 
+
+Makes the application visible in My Apps and the O365 Launcher 
+
+If this option is set to **Yes**, then assigned users see the application on the My Apps portal and O365 app launcher. 
+
+If this option is set to **No**, then no users see this application on their My Apps portal and O365 launcher. 
+
+Make sure that a homepage URL is included or else the application can't be launched from the My Apps portal.
+
+Regardless of whether assignment is required or not, only assigned users are able to see this application in the My Apps portal. If you want certain users to see the application in the My Apps portal, but everyone to be able to access it, assign the users in the **Users and Groups** tab, and set assignment required to **No**. 
+
+## Notes 
+
+You can use this field to add any information that is relevant for the management of the application. The field is a free text field with a maximum size of 1024 characters. 
+
+## Next steps
+
+Learn where to go to configure the properties of an enterprise application.
+
+- [Configure enterprise application properties](add-application-portal-configure.md)
diff --git a/articles/active-directory/manage-apps/toc.yml b/articles/active-directory/manage-apps/toc.yml
@@ -16,8 +16,6 @@
       href: add-application-portal-assign-users.md
     - name: Enable single sign-on
       href: add-application-portal-setup-sso.md
-    - name: Configure properties
-      href: add-application-portal-configure.md
     - name: View applications
       href: view-applications-portal.md
     - name: Delete applications
@@ -47,6 +45,8 @@
       href: overview-application-gallery.md
     - name: Application ownership
       href: overview-assign-app-owners.md
+    - name: Application properties
+      href: application-properties.md
     - name: Application security
       items:
       - name: App access options
@@ -92,6 +92,8 @@
       href: ../saas-apps/tutorial-list.md
     - name: Assign owners
       href: assign-app-owners.md
+    - name: Configure properties
+      href: add-application-portal-configure.md
     - name: Manage access
       items:
       - name: Manage consent and permissions
diff --git a/articles/active-directory/manage-apps/what-is-application-management.md b/articles/active-directory/manage-apps/what-is-application-management.md
@@ -20,7 +20,7 @@ Application management in Azure Active Directory (Azure AD) is the process of cr
 
 In this article, you learn these important aspects of managing the lifecycle of an application:
 
-- **Develop, add, or connect** – You take different paths depending on whether you are developing your own application, using a pre-integrated application, or connecting to an on-premises application.
+- **Develop, add, or connect** – You take different paths depending on whether you're developing your own application, using a pre-integrated application, or connecting to an on-premises application.
 - **Manage access** – Access can be managed by using single sign-on (SSO), assigning resources, defining the way access is granted and consented to, and using automated provisioning.
 - **Configure properties** – Configure the requirements for signing into the application and how the application is represented in user portals.
 - **Secure the application** – Manage configuration of permissions, multifactor authentication (MFA), conditional access, tokens, and certificates.
@@ -94,7 +94,7 @@ Azure AD provides customizable ways to deploy applications to users in your orga
 
 ## Configure properties
 
-When you add an application to your Azure AD tenant, you have the opportunity to [configure properties](add-application-portal-configure.md) that affect the way users can sign in. You can enable or disable the ability to sign in and user assignment can be required. You can also determine the visibility of the application, what logo represents the application, and any notes about the application.
+When you add an application to your Azure AD tenant, you have the opportunity to configure properties that affect the way users can interact with the application. You can enable or disable the ability to sign in and user assignment can be required. You can also determine the visibility of the application, what logo represents the application, and any notes about the application. For more information about the properties that can be configured, see [Properties of an enterprise application](application-properties.md).
 
 ## Secure the application
 
@@ -128,7 +128,7 @@ Your Azure AD reporting and monitoring solution depends on your legal, security,
 
 ## Clean up
 
-You can clean up access to applications. For example, [removing a user’s access](methods-for-removing-user-access.md). You can also [disable how a user signs in](disable-user-sign-in-portal.md). And finally, you can delete the application if it is no longer needed for the organization. For a simple example of how to delete an enterprise application from your Azure AD tenant, see [Quickstart: Delete an enterprise application](delete-application-portal.md).
+You can clean up access to applications. For example, [removing a user’s access](methods-for-removing-user-access.md). You can also [disable how a user signs in](disable-user-sign-in-portal.md). And finally, you can delete the application if it's no longer needed for the organization. For a simple example of how to delete an enterprise application from your Azure AD tenant, see [Quickstart: Delete an enterprise application](delete-application-portal.md).
 
 ## Next steps
 
