Merge pull request #104521 from MicrosoftDocs/master

2/14 PM Publish

Author: huypub

.gitignore

@@ -3,7 +3,6 @@
 Thumbs.db
 
 # Visual Studio and VS Code files
-.settings.json
 .vscode/*
 .vs/*
 log/
@@ -24,3 +23,4 @@ AzureMigration.ps1
 !/.vscode/extensions.json
 .gitignore
 **/.vscode/settings.json
+!/.vscode/settings.json

.vscode/settings.json

@@ -0,0 +1,58 @@
+{
+    "markdown.docsetLanguages": [
+        ".NET Core CLI",
+        "Apache",
+        "ASPX",
+        "AzCopy",
+        "Azure CLI",
+        "Azure CLI (Interactive)",
+        "Azure Powershell",
+        "Azure Powershell (Interactive)",
+        "Bash",
+        "C",
+        "C#",
+        "C# (Interactive)",
+        "C++",
+        "CSS",
+        "DAX Power BI",
+        "Diff",
+        "Dockerfile",
+        "DOS",
+        "F#",
+        "Go",
+        "Gradle",
+        "Groovy",
+        "HTML",
+        "HTTP",
+        "Ini",
+        "Java",
+        "JavaScript",
+        "JSON",
+        "Kotlin",
+        "Kusto",
+        "Markdown",
+        "MS Graph (Interactive)",
+        "Objective C",
+        "PHP",
+        "Plaintext no highlight",
+        "PostgreSQL & PL/pgSQL",
+        "PowerShell",
+        "PowerShell (Interactive)",
+        "Properties",
+        "Python",
+        "R",
+        "Razor CSHTML",
+        "Ruby",
+        "Scala",
+        "Shell",
+        "Solidity",
+        "SQL",
+        "Swift",
+        "Terraform (HCL)",
+        "TypeScript",
+        "VB.NET",
+        "XAML",
+        "XML",
+        "YAML"
+    ]
+}

articles/active-directory-domain-services/create-ou.md

@@ -50,7 +50,7 @@ When you create custom OUs in an Azure AD DS managed domain, you gain additional
 * A default OU for *AADDC Users* is created that contains all the synchronized user accounts from your Azure AD tenant.
     * You can't move users or groups from the *AADDC Users* OU to custom OUs that you create. Only user accounts or resources created in the Azure AD DS managed domain can be moved into custom OUs.
 * User accounts, groups, service accounts, and computer objects that you create under custom OUs aren't available in your Azure AD tenant.
-    * These objects don't show up using the Azure AD Graph API or in the Azure AD UI; they're only available in your Azure AD DS managed domain.
+    * These objects don't show up using the Microsoft Graph API or in the Azure AD UI; they're only available in your Azure AD DS managed domain.
 
 ## Create a custom OU
 

articles/active-directory/app-provisioning/application-provisioning-configure-api.md

@@ -1,6 +1,6 @@
 ---
-title: Use MS Graph APIs to configure provisioning - Azure Active Directory | Microsoft Docs
-description: Need to set up provisioning for multiple instances of an application? Learn how to save time by using MS Graph APIs to automate the configuration of automatic provisioning.
+title: Use Microsoft Graph APIs to configure provisioning - Azure Active Directory | Microsoft Docs
+description: Need to set up provisioning for multiple instances of an application? Learn how to save time by using the Microsoft Graph APIs to automate the configuration of automatic provisioning.
 services: active-directory
 documentationcenter: ''
 author: msmimart
@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 
 # Configure provisioning using Microsoft Graph APIs
 
-The Azure portal is a convenient way to configure provisioning for individual apps one at a time. But if you're creating several—or even hundreds—of instances of an application, it can be easier to automate app creation and configuration with Microsoft Graph APIs. This article outlines how to automate provisioning configuration through APIs. This method is commonly used for applications like [Amazon Web Services](../saas-apps/amazon-web-service-tutorial.md#configure-azure-ad-sso).
+The Azure portal is a convenient way to configure provisioning for individual apps one at a time. But if you're creating several—or even hundreds—of instances of an application, it can be easier to automate app creation and configuration with the Microsoft Graph APIs. This article outlines how to automate provisioning configuration through APIs. This method is commonly used for applications like [Amazon Web Services](../saas-apps/amazon-web-service-tutorial.md#configure-azure-ad-sso).
 
 **Overview of steps for using Microsoft Graph APIs to automate provisioning configuration**
 

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -108,7 +108,7 @@ Applications and systems that support customization of the attribute list includ
 - Salesforce
 - ServiceNow
 - Workday
-- Azure Active Directory ([Azure AD Graph API default attributes](https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#user-entity) and custom directory extensions are supported)
+- Azure Active Directory ([Microsoft Graph REST API v1.0 reference](https://docs.microsoft.com/graph/api/overview?view=graph-rest-1.0) and custom directory extensions are supported)
 - Apps that support [SCIM 2.0](https://tools.ietf.org/html/rfc7643), where attributes defined in the [core schema](https://tools.ietf.org/html/rfc7643) need to be added
 
 > [!NOTE]
@@ -129,7 +129,7 @@ When editing the list of supported attributes, the following properties are prov
 - **Multi-value?** - Whether the attribute supports multiple values.
 - **Exact case?** - Whether the attributes values are evaluated in a case-sensitive way.
 - **API Expression** - Don't use, unless instructed to do so by the documentation for a specific provisioning connector (such as Workday).
-- **Referenced Object Attribute** - If it's a Reference type attribute, then this menu lets you select the table and attribute in the target application that contains the value associated with the attribute. For example, if you have an attribute named "Department" whose stored value references an object in a separate "Departments" table, you would select "Departments.Name". The reference tables and the primary ID fields supported for a given application are pre-configured and currently can't be edited using the Azure portal, but can be edited using the [Graph API](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/synchronization-configure-with-custom-target-attributes).
+- **Referenced Object Attribute** - If it's a Reference type attribute, then this menu lets you select the table and attribute in the target application that contains the value associated with the attribute. For example, if you have an attribute named "Department" whose stored value references an object in a separate "Departments" table, you would select "Departments.Name". The reference tables and the primary ID fields supported for a given application are pre-configured and currently can't be edited using the Azure portal, but can be edited using the [Microsoft Graph API](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/synchronization-configure-with-custom-target-attributes).
 
 #### Provisioning a custom extension attribute to a SCIM compliant application
 The SCIM RFC defines a core user and group schema, while also allowing for extensions to the schema to meet your application's needs. To add a custom attribute to a SCIM application:

articles/active-directory/app-provisioning/export-import-provisioning-configuration.md

@@ -1,6 +1,6 @@
 ---
-title: 'Export or import your provisioning configuration by using Graph API | Microsoft Docs'
-description: Learn how to export and import provisioning configuration using Graph API.
+title: 'Export or import your provisioning configuration by using the Microsoft Graph API | Microsoft Docs'
+description: Learn how to export and import provisioning configuration using the Microsoft Graph API.
 services: active-directory
 author: cmmdesai
 documentationcenter: na
@@ -18,14 +18,14 @@ ms.author: chmutali
 
 ms.collection: M365-identity-device-management
 ---
-# Export or import your provisioning configuration by using Graph API
+# Export or import your provisioning configuration by using the Microsoft Graph API
 
-You can use Microsoft Graph API and Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration. 
+You can use the Microsoft Graph API and the Microsoft Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration. 
 
 ## Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
 
 1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your  provisioning application. For e.g. if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app. 
-1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Graph Explorer operations.
+1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Microsoft Graph Explorer operations.
 
    ![Workday App Service Principal ID](./media/export-import-provisioning-configuration/wd_export_01.png)
 
@@ -34,7 +34,7 @@ You can use Microsoft Graph API and Graph Explorer to export your User Provision
 1. Launch [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
 1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Admin or App Admin credentials.
 
-    ![Graph Sign-in](./media/export-import-provisioning-configuration/wd_export_02.png)
+    ![Microsoft Graph Sign-in](./media/export-import-provisioning-configuration/wd_export_02.png)
 
 1. Upon successful sign-in, you will see the user account details in the left-hand pane.
 

articles/active-directory/app-provisioning/how-provisioning-works.md

@@ -88,7 +88,7 @@ Note that the userPrincipalName for a guest user is often stored as "alias#EXT#@
 
 ## Provisioning cycles: Initial and incremental
 
-When Azure AD is the source system, the provisioning service uses the [Differential Query feature of the Azure AD Graph API](https://msdn.microsoft.com/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-differential-query) to monitor users and groups. The provisioning service runs an initial cycle against the source system and target system, followed by periodic incremental cycles.
+When Azure AD is the source system, the provisioning service uses the [Use delta query to track changes in Microsoft Graph data](https://docs.microsoft.com/graph/delta-query-overview) to monitor users and groups. The provisioning service runs an initial cycle against the source system and target system, followed by periodic incremental cycles.
 
 ### Initial cycle
 
@@ -139,8 +139,8 @@ After the initial cycle, all other cycles will:
 
 The provisioning service continues running back-to-back incremental cycles indefinitely, at intervals defined in the [tutorial specific to each application](../saas-apps/tutorial-list.md). Incremental cycles continue until one of the following events occurs:
 
-- The service is manually stopped using the Azure portal, or using the appropriate Graph API command 
-- A new initial cycle is triggered using the **Clear state and restart** option in the Azure portal, or using the appropriate Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
+- The service is manually stopped using the Azure portal, or using the appropriate Microsoft Graph API command.
+- A new initial cycle is triggered using the **Clear state and restart** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
 - A new initial cycle is triggered because of a change in attribute mappings or scoping filters. This action also clears any stored watermark and causes all source objects to be evaluated again.
 - The provisioning process goes into quarantine (see below) because of a high error rate, and stays in quarantine for more than four weeks. In this event, the service will be automatically disabled.