Merge branch 'main' into alexbuckgit/docutune-autopr-20221026-161900-8055208

Author: alexbuckgit

articles/active-directory/app-proxy/application-proxy-register-connector-powershell.md

@@ -75,74 +75,73 @@ There are two methods you can use to register the connector:
 
    class Program
    {
-   #region constants
-   /// <summary>
-   /// The AAD authentication endpoint uri
-   /// </summary>
-   static readonly string AadAuthenticationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-
-   /// <summary>
-   /// The application ID of the connector in AAD
-   /// </summary>
-   static readonly string ConnectorAppId = "55747057-9b5d-4bd4-b387-abf52a8bd489";
- 
-   /// <summary>
-   /// The AppIdUri of the registration service in AAD
-   /// </summary>
-   static readonly string RegistrationServiceAppIdUri = "https://proxy.cloudwebappproxy.net/registerapp/user_impersonation";
-
-   #endregion
-
-   #region private members
-   private string token;
-   private string tenantID;
-   #endregion
-
-   public void GetAuthenticationToken()
-   {
-    
-   IPublicClientApplication clientApp = PublicClientApplicationBuilder
-      .Create(ConnectorAppId)
-      .WithDefaultRedirectUri() // will automatically use the default Uri for native app
-      .WithAuthority(AadAuthenticationEndpoint)
-      .Build();
-
-      AuthenticationResult authResult = null;
-            
-      IAccount account = null;
-
-      IEnumerable<string> scopes = new string[] { RegistrationServiceAppIdUri };
-
-      try
-      {
-       authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
-      }
-       catch (MsalUiRequiredException ex)
-      {
-       authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
-      }
-
-
-      if (authResult == null || string.IsNullOrEmpty(authResult.AccessToken) || string.IsNullOrEmpty(authResult.TenantId))
+      #region constants
+      /// <summary>
+      /// The AAD authentication endpoint uri
+      /// </summary>
+      static readonly string AadAuthenticationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+
+      /// <summary>
+      /// The application ID of the connector in AAD
+      /// </summary>
+      static readonly string ConnectorAppId = "55747057-9b5d-4bd4-b387-abf52a8bd489";
+   
+      /// <summary>
+      /// The AppIdUri of the registration service in AAD
+      /// </summary>
+      static readonly string RegistrationServiceAppIdUri = "https://proxy.cloudwebappproxy.net/registerapp/user_impersonation";
+
+      #endregion
+
+      #region private members
+      private string token;
+      private string tenantID;
+      #endregion
+
+      public void GetAuthenticationToken()
       {
-       Trace.TraceError("Authentication result, token or tenant id returned are null");
-       throw new InvalidOperationException("Authentication result, token or tenant id returned are null");
+         IPublicClientApplication clientApp = PublicClientApplicationBuilder
+            .Create(ConnectorAppId)
+            .WithDefaultRedirectUri() // will automatically use the default Uri for native app
+            .WithAuthority(AadAuthenticationEndpoint)
+            .Build();
+
+         AuthenticationResult authResult = null;
+
+         IAccount account = null;
+
+         IEnumerable<string> scopes = new string[] { RegistrationServiceAppIdUri };
+
+         try
+         {
+         authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
+         }
+         catch (MsalUiRequiredException ex)
+         {
+         authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
+         }
+
+         if (authResult == null || string.IsNullOrEmpty(authResult.AccessToken) || string.IsNullOrEmpty(authResult.TenantId))
+         {
+         Trace.TraceError("Authentication result, token or tenant id returned are null");
+         throw new InvalidOperationException("Authentication result, token or tenant id returned are null");
+         }
+
+         token = authResult.AccessToken;
+         tenantID = authResult.TenantId;
       }
-
-      token = authResult.AccessToken;
-      tenantID = authResult.TenantId;
-      }
-      ```
+   }
+   ```
 
    **Using PowerShell:**
 
    ```powershell
    # Load MSAL (Tested with version 4.7.1) 
 
-   Add-Type -Path "..\MSAL\Microsoft.Identity.Client.dll" 
-        
+   Add-Type -Path "..\MSAL\Microsoft.Identity.Client.dll"
+
    # The AAD authentication endpoint uri
-        
+
    $authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
 
    #The application ID of the connector in AAD
@@ -152,7 +151,7 @@ There are two methods you can use to register the connector:
    #The AppIdUri of the registration service in AAD
    $registrationServiceAppIdUri = "https://proxy.cloudwebappproxy.net/registerapp/user_impersonation"
 
-   # Define the resources and scopes you want to call 
+   # Define the resources and scopes you want to call
 
    $scopes = New-Object System.Collections.ObjectModel.Collection["string"] 
 
@@ -162,25 +161,24 @@ There are two methods you can use to register the connector:
 
    [Microsoft.Identity.Client.IAccount] $account = $null
 
-   # Acquiring the token 
+   # Acquiring the token
 
    $authResult = $null
 
    $authResult = $app.AcquireTokenInteractive($scopes).WithAccount($account).ExecuteAsync().ConfigureAwait($false).GetAwaiter().GetResult()
 
    # Check AuthN result
    If (($authResult) -and ($authResult.AccessToken) -and ($authResult.TenantId)) {
-        
-   $token = $authResult.AccessToken
-   $tenantId = $authResult.TenantId
 
-   Write-Output "Success: Authentication result returned."
-        
+      $token = $authResult.AccessToken
+      $tenantId = $authResult.TenantId
+
+      Write-Output "Success: Authentication result returned."
    }
    Else {
-         
-   Write-Output "Error: Authentication result, token or tenant id returned with null."
-        
+
+      Write-Output "Error: Authentication result, token or tenant id returned with null."
+
    } 
    ```
 
@@ -199,4 +197,4 @@ There are two methods you can use to register the connector:
 ## Next steps
 * [Publish applications using your own domain name](application-proxy-configure-custom-domain.md)
 * [Enable single-sign on](application-proxy-configure-single-sign-on-with-kcd.md)
-* [Troubleshoot issues you're having with Application Proxy](application-proxy-troubleshoot.md)
+* [Troubleshoot issues you're having with Application Proxy](application-proxy-troubleshoot.md)

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -318,8 +318,7 @@ To enable CBA and configure username bindings using Graph API, complete the foll
 
     #### Request body:
 
-
-   ```http
+    ```http
     PATCH https: //graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
     Content-Type: application/json
     
@@ -367,6 +366,7 @@ To enable CBA and configure username bindings using Graph API, complete the foll
             }
         ]
     }
+    ```
 
 1. You'll get a `204 No content` response code. Re-run the GET request to make sure the policies are updated correctly.
 1. Test the configuration by signing in with a certificate that satisfies the policy.

articles/active-directory/governance/identity-governance-automation.md

@@ -57,6 +57,7 @@ To generate a self-signed certificate,
 
    ```powershell
     $cert | ft Thumbprint
+   ```
 
 1. After you have exported the files, you can remove the certificate and key pair from your local user certificate store.  In subsequent steps you will remove the `.pfx` and `.crt` files as well, once the certificate and private key have been uploaded to the Azure Automation and Azure AD services.
 
@@ -110,12 +111,12 @@ Next, you will create an app registration in Azure AD, so that Azure AD will rec
 
 1. Select each of the permissions that your Azure Automation account will require, then select **Add permissions**.
 
- * If your runbook is only performing queries or updates within a single catalog, then you do not need to assign it tenant-wide application permissions; instead you can assign the service principal to the catalog's **Catalog owner** or **Catalog reader** role.
- * If your runbook is only performing queries for entitlement management, then it can use the **EntitlementManagement.Read.All** permission.
- * If your runbook is making changes to entitlement management, for example to create assignments across multiple catalogs, then use the **EntitlementManagement.ReadWrite.All** permission.
- * For other APIs, ensure that the necessary permission is added.  For example, for identity protection, the **IdentityRiskyUser.Read.All** permission should be added.
+   * If your runbook is only performing queries or updates within a single catalog, then you do not need to assign it tenant-wide application permissions; instead you can assign the service principal to the catalog's **Catalog owner** or **Catalog reader** role.
+   * If your runbook is only performing queries for entitlement management, then it can use the **EntitlementManagement.Read.All** permission.
+   * If your runbook is making changes to entitlement management, for example to create assignments across multiple catalogs, then use the **EntitlementManagement.ReadWrite.All** permission.
+   * For other APIs, ensure that the necessary permission is added.  For example, for identity protection, the **IdentityRiskyUser.Read.All** permission should be added.
 
-10. Select **Grant admin permissions** to give your app those permissions.
+1. Select **Grant admin permissions** to give your app those permissions.
 
 ## Create Azure Automation variables
 
@@ -148,7 +149,7 @@ Import-Module Microsoft.Graph.Authentication
 $ClientId = Get-AutomationVariable -Name 'ClientId'
 $TenantId = Get-AutomationVariable -Name 'TenantId'
 $Thumbprint = Get-AutomationVariable -Name 'Thumbprint'
-Connect-MgGraph -clientId $ClientId -tenantid $TenantId -certificatethumbprint $Thumbprint
+Connect-MgGraph -clientId $ClientId -tenantId $TenantId -certificatethumbprint $Thumbprint
 ```
 
 5. Select **Test pane**, and select **Start**.  Wait a few seconds for the Azure Automation processing of your runbook script to complete.
@@ -186,7 +187,7 @@ You can also add input parameters to your runbook, by adding a `Param` section a
 ```powershell
 Param
 (
-   [String]$AccessPackageAssignmentId
+    [String] $AccessPackageAssignmentId
 )
 ```
 
@@ -223,4 +224,4 @@ There are two places where you can see the expiration date in the Azure portal.
 
 ## Next steps
 
-- [Create an Automation account using the Azure portal](../../automation/quickstarts/create-azure-automation-account-portal.md)
+- [Create an Automation account using the Azure portal](../../automation/quickstarts/create-azure-automation-account-portal.md)

articles/active-directory/hybrid/reference-connect-adsync.md

@@ -24,15 +24,16 @@ The following documentation provides reference information for the ADSync.psm1 P
  This cmdlet resets the password for the service account and updates it both in Azure AD and in the sync engine.
 
  ### SYNTAX
+
   #### byIdentifier
-   ```powershell
+  ```powershell
      Add-ADSyncADDSConnectorAccount [-Identifier] <Guid> [-EACredential <PSCredential>] [<CommonParameters>]
-   ```
+  ```
 
  #### byName
-   ```powershell
+ ```powershell
      Add-ADSyncADDSConnectorAccount [-Name] <String> [-EACredential <PSCredential>] [<CommonParameters>]
-   ```
+ ```
 
  ### DESCRIPTION
  This cmdlet resets the password for the service account and updates it both in Azure AD and in the sync engine.
@@ -115,20 +116,20 @@ The following documentation provides reference information for the ADSync.psm1 P
 
  ### SYNTAX
    
-   ```powershell
-     Disable-ADSyncExportDeletionThreshold [[-AADCredential] <PSCredential>] [-WhatIf] [-Confirm]
+ ```powershell
+    Disable-ADSyncExportDeletionThreshold [[-AADCredential] <PSCredential>] [-WhatIf] [-Confirm]
      [<CommonParameters>]
-   ```
+ ```
 
  ### DESCRIPTION
  Disables feature for deletion threshold at Export stage.
 
  ### EXAMPLES
 
  #### Example 1
-   ```powershell
+ ```powershell
      PS C:\> Disable-ADSyncExportDeletionThreshold -AADCredential $aadCreds
-   ```
+ ```
 
  Uses the provided AAD Credentials to disable the feature for export deletion threshold.
 
@@ -137,7 +138,7 @@ The following documentation provides reference information for the ADSync.psm1 P
   #### -AADCredential
   The AAD credential.
 
-   ```yaml
+  ```yaml
      Type: PSCredential
      Parameter Sets: (All)
      Aliases:

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -53,6 +53,7 @@ To assign users to an app using PowerShell, you need:
 
     # Assign the user to the app role
     New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
+    ```
 
 To assign a group to an enterprise app, you must replace `Get-AzureADUser` with `Get-AzureADGroup` and replace `New-AzureADUserAppRoleAssignment` with `New-AzureADGroupAppRoleAssignment`.
 
@@ -68,13 +69,15 @@ This example assigns the user Britta Simon to the Microsoft Workplace Analytics
     # Assign the values to the variables
     $username = "[email protected]"
     $app_name = "Workplace Analytics"
+    ```
 
 1. In this example, we don't know what is the exact name of the application role we want to assign to Britta Simon. Run the following commands to get the user ($user) and the service principal ($sp) using the user UPN and the service principal display names.
 
     ```powershell
     # Get the user to assign, and the service principal for the app to assign to
     $user = Get-AzureADUser -ObjectId "$username"
     $sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
+    ```
 
 1. Run the command `$sp.AppRoles` to display the roles available for the Workplace Analytics application. In this example, we want to assign Britta Simon the Analyst (Limited access) Role.
    ![Shows the roles available to a user using Workplace Analytics Role](./media/assign-user-or-group-access-portal/workplace-analytics-role.png)
@@ -84,6 +87,7 @@ This example assigns the user Britta Simon to the Microsoft Workplace Analytics
     # Assign the values to the variables
     $app_role_name = "Analyst (Limited access)"
     $appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }
+    ```
 
 1. Run the following command to assign the user to the app role:
 
@@ -114,12 +118,11 @@ This example assigns the user Britta Simon to the Microsoft Workplace Analytics
 
 ## Remove all users who are assigned to the application
 
-   ```powershell
-
-   #Retrieve the service principal object ID.
-   $app_name = "<Your App's display name>"
-   $sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
-   $sp.ObjectId
+```powershell
+#Retrieve the service principal object ID.
+$app_name = "<Your App's display name>"
+$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
+$sp.ObjectId
 
 # Get Service Principal using objectId
 $sp = Get-AzureADServicePrincipal -ObjectId "<ServicePrincipal objectID>"

articles/active-directory/manage-apps/delete-application-portal.md

@@ -84,17 +84,19 @@ To delete an enterprise application, you need:
 1. Get the list of enterprise applications in your tenant.
 
    ```powershell
-   Get-MgServicePrincipal   
+   Get-MgServicePrincipal
    ```
+
 1. Record the object ID of the enterprise app you want to delete.
+
 1. Delete the enterprise application.
 
    ```powershell
    Remove-MgServicePrincipal -ServicePrincipalId 'd4142c52-179b-4d31-b5b9-08940873507b'
+   ```
 
 :::zone-end
 
-
 :::zone pivot="ms-graph"
 
 Delete an enterprise application using [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).