Merge pull request #110968 from MicrosoftDocs/master

4/10 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -355,7 +355,7 @@
       "redirect_url": "/azure/machine-learning/data-science-virtual-machine/reference-deprecation",
       "redirect_document_id": true
     },
-    
+
     {
       "source_path": "articles/machine-learning/service/how-to-understand-accuracy-metrics.md",
       "redirect_url": "/azure/machine-learning/service/how-to-understand-automated-ml",
@@ -50644,11 +50644,6 @@
       "redirect_url": "/azure/developer/ansible/vm-scale-set-update-image",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/ansible/",
-      "redirect_url": "/azure/developer/ansible/",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/ansible/index.yml",
       "redirect_url": "/azure/developer/ansible/",
@@ -50683,6 +50678,16 @@
       "source_path": "articles/chef/index.yml",
       "redirect_url": "/azure/developer/chef/",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/database-security-overview.md",
+      "redirect_url": "/azure/sql-database/sql-database-security-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/database-best-practices.md",
+      "redirect_url": "/azure/sql-database/sql-database-security-best-practice",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/develop/quickstart-v2-netcore-daemon.md

@@ -193,7 +193,6 @@ app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
                                           .WithClientSecret(config.ClientSecret)
                                           .WithAuthority(new Uri(config.Authority))
                                           .Build();
-);
 ```
 
 > | Where: ||

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

@@ -86,23 +86,31 @@ Select an item in the list view to get more detailed information.
 
 ## Filter provisioning activities
 
-To narrow down the reported data to a level that works for you, you can filter the provisioning data using the following default fields. Note that the values in the filters are dynamically populated based on your tenant. If, for example, you don't have any create events in your tenant, there won't be a filter option for create.
+You can filter your provisioning data. Some filter values are dynamically populated based on your tenant. If, for example, you don't have any create events in your tenant, there won't be a filter option for create.
+In the default view, you can select the following filters:
 
 - Identity
-- Action
-- Source system
-- Target system
-- Status
 - Date
+- Status
+- Action
 
 
-![Filter](./media/concept-provisioning-logs/filter.png "Filter")
+![Filter](./media/concept-provisioning-logs/default-filter.png "Filter")
 
 The **Identity** filter enables you to specify the name or the identity that you care about. This identity could be a user, group, role, or other object. You can search by the name or ID of the object. The ID varies by scenario. For example, when provisioning an object from Azure AD to SalesForce, the Source ID is the object ID of the user in Azure AD while the TargetID is the ID of the user in Salesforce. When provisioning from Workday to Active Directory, the Source ID is the Workday worker employee ID. Note that the Name of the user may not always be present in the Identity column. There will always be one ID. 
 
-The **Source System** filter enables you to specify where the identity is getting provisioned from. For example, when provisioning an object from Azure AD to ServiceNow, the Source system is Azure AD. 
 
-The **Target System** filter enables you to specify where the identity is getting provisioned to. For example, when provisioning an object from Azure AD to ServiceNow, the Target System is ServiceNow. 
+The **Date** filter enables to you to define a timeframe for the returned data.  
+Possible values are:
+
+- 1 month
+- 7 days
+- 30 days
+- 24 hours
+- Custom time interval
+
+When you select a custom time frame, you can configure a start date and an end date.
+
 
 The **Status** filter enables you to select:
 
@@ -111,6 +119,8 @@ The **Status** filter enables you to select:
 - Failure
 - Skipped
 
+
+
 The **Action** filter enables you to filter the:
 
 - Create 
@@ -119,19 +129,18 @@ The **Action** filter enables you to filter the:
 - Disable
 - Other
 
-The **Date** filter enables to you to define a timeframe for the returned data.  
-Possible values are:
+In addition, to the filters of the default view, you can also set the following filters:
 
-- 1 month
-- 7 days
-- 30 days
-- 24 hours
-- Custom time interval
+- Job ID
+- Cycle ID
+- Change ID
+- Source ID
+- Target ID
+- Application
 
-When you select a custom time frame, you can configure a start date and an end date.
 
+![Pick a field](./media/concept-provisioning-logs/add-filter.png "Pick a field")
 
-In addition to the default fields, when selected, you can also include the following fields in your filter:
 
 - **Job ID** - A unique Job ID is associated with each application that you have enabled provisioning for.   
 
@@ -140,8 +149,13 @@ In addition to the default fields, when selected, you can also include the follo
 - **Change ID** - Unique identifier for the provisioning event. You can share this ID to support to look up the provisioning event.   
 
 
+- **Source System** - Enables you to specify where the identity is getting provisioned from. For example, when provisioning an object from Azure AD to ServiceNow, the Source system is Azure AD. 
+
+- **Target System** - Enables you to specify where the identity is getting provisioned to. For example, when provisioning an object from Azure AD to ServiceNow, the Target System is ServiceNow. 
+
+- **Application** - Enables you to show only records of applications with a display name that contains a specific string.
 
-  
+ 
 
 ## Provisioning details 
 

articles/active-directory/reports-monitoring/media/concept-provisioning-logs/add-filter.png

@@ -122,8 +122,10 @@
       items: 
       - name: Create a dynamic group    
         href: groups-create-rule.md
-      - name: Dynamic group rule syntax  
+      - name: Dynamic group rule syntax
         href: groups-dynamic-membership.md
+      - name: Validate a membership rule
+        href: groups-dynamic-rule-validation.md
       - name: Change group membership type  
         href: groups-change-type.md
   - name: Assign licenses

articles/active-directory/reports-monitoring/media/concept-provisioning-logs/default-filter.png

@@ -1,5 +1,5 @@
 ---
-title: Rules for dynamic group membership - Azure AD | Microsoft Docs
+title: Rules for dynamically populated groups membership - Azure AD | Microsoft Docs
 description: How to create membership rules to automatically populate groups, and a rule reference.
 services: active-directory
 documentationcenter: ''
@@ -321,7 +321,7 @@ user.objectId -ne null
 If you want your group to exclude guest users and include only members of your tenant, you can use the following syntax:
 
 ```
-(user.objectId -ne null) -and (user.userType -eq “Member”)
+(user.objectId -ne null) -and (user.userType -eq "Member")
 ```
 
 ### Create an "All devices" rule

articles/active-directory/reports-monitoring/media/concept-provisioning-logs/steps.png

@@ -0,0 +1,45 @@
+---
+title: Validate rules for dynamic group membership (preview) - Azure AD | Microsoft Docs
+description: How to test members against a membership rule for a dynamic groups in Azure Active Directory.
+services: active-directory
+documentationcenter: ''
+author: curtand
+manager: daveba
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: users-groups-roles
+ms.topic: article
+ms.date: 04/10/2020
+ms.author: curtand
+ms.reviewer: yukarppa
+ms.custom: it-pro
+ms.collection: M365-identity-device-management
+---
+
+# Validate a dynamic group membership rule (preview) in Azure Active Directory
+
+Azure Active Directory (Azure AD) now provides the means to validate dynamic group rules (in public preview). On the **Validate rules** tab, you can validate your dynamic rule against sample group members to confirm the rule is working as expected. When creating or updating dynamic group rules, administrators want to know whether a user or a device will be a member of the group. This helps evaluate whether user or device meets the rule criteria and aid in troubleshooting when membership is not expected.
+
+## Step-by-step walk-through
+
+To get started, go to **Azure Active Directory** > **Groups**. Select an existing dynamic group or create a new dynamic group and click on Dynamic membership rules. You can then see the **Validate Rules** tab.
+
+![Find the Validate rules tab and start with an existing rule](./media/groups-dynamic-rule-validation/validate-tab.png)
+
+On **Validate rules** tab, you can select users to validate their memberships. 20 users or devices can be selected at one time.
+
+![Add users to validate the existing rule against](./media/groups-dynamic-rule-validation/validate-tab-add-users.png)
+
+After choosing the users or devices from the picker, and **Select**, validation will automatically start and validation results will appear.
+
+![View the results of the rule validation](./media/groups-dynamic-rule-validation/validate-tab-results.png)
+
+The results tell whether a user is a member of the group or not. If the rule is not valid or there is a network issue, the result will show as **Unknown**. In case of **Unknown**, the detailed error message will describe the issue and actions needed.
+
+![View the details of the results of the rule validation](./media/groups-dynamic-rule-validation/validate-tab-view-details.png)
+
+You can modify the rule and validation of memberships will be triggered. To see why user is not a member of the group, click on "View details" and verification details will show the result of each expression composing the rule. Click **OK** to exit.
+
+## Next steps
+
+- [Dynamic membership rules for groups](groups-dynamic-membership.md)