Merge pull request #607 from MicrosoftDocs/main

11/29/2023 PM Publish

.openpublishing.redirection.json

@@ -16,7 +16,6 @@
       "redirect_url": "/entra/identity/hybrid/index",
       "redirect_document_id": false
     },
-
     {
       "source_path_from_root": "/docs/fundamentals/licensing-preview-terms.md",
       "redirect_url": "/entra/fundamentals/licensing-preview-info",

docs/architecture/context/architecture-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/docfx.json

@@ -53,16 +53,88 @@
       "feedback_help_link_type": "get-help-at-qna",
       "searchScope": "Microsoft Entra"
     },
-    "no-loc": {
-      "includes/policy/**/*.md": "[audit, deny, modify, disabled, auditifnotexists, deployifnotexists]"
-    },
     "fileMetadata": {
       "feedback_product_url": {
-        "/identity/**/*.md": "https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789",
+        "docs/identity/**/*.md": "https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789",
         "/external-id/*.md": "/entra/identity-platform/developer-support-help-options",
         "/identity-platform/*.md": "/entra/identity-platform/developer-support-help-options",
         "/workload-id/*.md": "https://aka.ms/microsoftentraexternalid"
       },
+      "learn_banner_products": {
+        "docs/**/*.md": [
+          "entra"
+        ]
+      },
+      "featureFlags": {
+        "docs/**/*.md": [
+          "show_learn_banner"
+        ]
+      },
+      "manager": {
+        "architecture/*.md": "martincoetzer",
+        "architecture/*.yml": "martincoetzer",
+        "external-id/**/*.md": "CelesteDG",
+        "external-id/**/*.yml": "CelesteDG",
+        "fundamentals/*.md": "amycolannino",
+        "fundamentals/*.yml": "amycolannino",
+        "global-secure-access/*.md": "amycolannino",
+        "global-secure-access/*.yml": "amycolannino",
+        "id-governance/**/*.md": "amycolannino",
+        "id-governance/**/*.yml": "amycolannino",
+        "id-protection/*.md": "amycolannino",
+        "id-protection/*.yml": "amycolannino",
+        "identity/**/*.md": "amycolannino",
+        "identity/**/*.yml": "amycolannino",
+        "identity/saas-apps/*.md": "CelesteDG",
+        "identity/saas-apps/*.yml": "CelesteDG",
+        "identity/enterprise-apps/*.md": "CelesteDG",
+        "identity/enterprise-apps/*.yml": "CelesteDG",
+        "identity-platform/**/*.md": "CelesteDG",
+        "identity-platform/**/*.yml": "CelesteDG",
+        "permissions-management/*.md": "amycolannino",
+        "permissions-management/*.yml": "amycolannino",
+        "standards/**/*.md": "martincoetzer",
+        "standards/**/*.yml": "martincoetzer",
+        "verified-id/*.md": "amycolannino",
+        "verified-id/*.yml": "amycolannino",
+        "workload-id/**/*.md": "CelesteDG",
+        "workload-id/**/*.yml": "CelesteDG"
+      },
+      "titleSuffix": {
+        "*.md": "Microsoft Entra",
+        "architecture/*.md": "Microsoft Entra",
+        "architecture/*.yml": "Microsoft Entra",
+        "external-id/*.md": "Microsoft Entra External ID",
+        "external-id/*.yml": "Microsoft Entra External ID",
+        "external-id/customers/*.md": "Microsoft Entra External ID",
+        "external-id/customers/*.yml": "Microsoft Entra External ID",
+        "fundamentals/*.md": "Microsoft Entra",
+        "fundamentals/*.yml": "Microsoft Entra",
+        "global-secure-access/*.md": "Global Secure Access",
+        "global-secure-access/*.yml": "Global Secure Access",
+        "id-governance/*.md": "Microsoft Entra ID Governance",
+        "id-governance/*.yml": "Microsoft Entra ID Governance",
+        "id-governance/privileged-identity-management/*.md": "Microsoft Entra ID Governance",
+        "id-governance/privileged-identity-management/*.yml": "Microsoft Entra ID Governance",
+        "id-protection/*.md": "Microsoft Entra ID Protection",
+        "id-protection/*.yml": "Microsoft Entra ID Protection",
+        "identity/*.yml": "Microsoft Entra ID",
+        "identity/**/*.md": "Microsoft Entra ID",
+        "identity/**/*.yml": "Microsoft Entra ID",
+        "identity-platform/*.md": "Microsoft identity platform",
+        "identity-platform/*.yml": "Microsoft identity platform",
+        "permissions-management/*.md": "Microsoft Entra Permissions Management",
+        "permissions-management/*.yml": "Microsoft Entra Permissions Management",
+        "standards/*.md": "Microsoft Entra",
+        "standards/*.yml": "Microsoft Entra",
+        "verified-id/*.md": "Microsoft Entra Verified ID",
+        "verified-id/*.yml": "Microsoft Entra Verified ID",
+        "workload-id/*.md": "Microsoft Entra Workload ID",
+        "workload-id/*.yml": "Microsoft Entra Workload ID"
+      },
+      "no-loc": {
+        "includes/policy/**/*.md": "[audit, deny, modify, disabled, auditifnotexists, deployifnotexists]"
+      }
     }, 
     "template": [
       "docs.html",
@@ -71,7 +143,6 @@
     "dest": "entra",
     "recommendations": true,
     "recommendation_types": ["Training", "Certification"],
-    "uhfHeaderId": "entra",
     "contributors_to_exclude": [
       "alexbuckgit",
       "atookey",
@@ -132,78 +203,6 @@
       "v-shmck",
       "v-thepet"
     ],
-    "featureFlags": {
-      "docs/**/*.md": [
-        "show_learn_banner"
-        ]
-    },
-    "learn_banner_products": {
-      "docs/**/*.md": [
-        "entra"
-        ]
-      },
-    "manager": {
-      "architecture/*.md": "martincoetzer",
-      "architecture/*.yml": "martincoetzer",
-      "external-id/**/*.md": "CelesteDG",
-      "external-id/**/*.yml": "CelesteDG",
-      "fundamentals/*.md": "amycolannino",
-      "fundamentals/*.yml": "amycolannino",
-      "global-secure-access/*.md": "amycolannino",
-      "global-secure-access/*.yml": "amycolannino",
-      "id-governance/**/*.md": "amycolannino",
-      "id-governance/**/*.yml": "amycolannino",
-      "id-protection/*.md": "amycolannino",
-      "id-protection/*.yml": "amycolannino",
-      "identity/**/*.md": "amycolannino",
-      "identity/**/*.yml": "amycolannino",
-      "identity/saas-apps/*.md": "CelesteDG",
-      "identity/saas-apps/*.yml": "CelesteDG",
-      "identity/enterprise-apps/*.md": "CelesteDG",
-      "identity/enterprise-apps/*.yml": "CelesteDG",
-      "identity-platform/**/*.md": "CelesteDG",
-      "identity-platform/**/*.yml": "CelesteDG",
-      "permissions-management/*.md": "amycolannino",
-      "permissions-management/*.yml": "amycolannino",
-      "standards/**/*.md": "martincoetzer",
-      "standards/**/*.yml": "martincoetzer",
-      "verified-id/*.md": "amycolannino",
-      "verified-id/*.yml": "amycolannino",
-      "workload-id/**/*.md": "CelesteDG",
-      "workload-id/**/*.yml": "CelesteDG"
-    },
-    "titleSuffix": {
-      "*.md": "Microsoft Entra",
-      "architecture/*.md": "Microsoft Entra",
-      "architecture/*.yml": "Microsoft Entra",
-      "external-id/*.md": "Microsoft Entra External ID",
-      "external-id/*.yml": "Microsoft Entra External ID",
-      "external-id/customers/*.md": "Microsoft Entra External ID",
-      "external-id/customers/*.yml": "Microsoft Entra External ID",
-      "fundamentals/*.md": "Microsoft Entra",
-      "fundamentals/*.yml": "Microsoft Entra",
-      "global-secure-access/*.md": "Global Secure Access",
-      "global-secure-access/*.yml": "Global Secure Access",
-      "id-governance/*.md": "Microsoft Entra ID Governance",
-      "id-governance/*.yml": "Microsoft Entra ID Governance",
-      "id-governance/privileged-identity-management/*.md": "Microsoft Entra ID Governance",
-      "id-governance/privileged-identity-management/*.yml": "Microsoft Entra ID Governance",
-      "id-protection/*.md": "Microsoft Entra ID Protection",
-      "id-protection/*.yml": "Microsoft Entra ID Protection",
-      "entra/identity/*.yml": "Microsoft Entra ID",
-      "entra/identity/**/*.md": "Microsoft Entra ID",
-      "entra/identity/**/*.yml": "Microsoft Entra ID",
-      "identity-platform/*.md": "Microsoft identity platform",
-      "identity-platform/*.yml": "Microsoft identity platform",
-      "permissions-management/*.md": "Microsoft Entra Permissions Management",
-      "permissions-management/*.yml": "Microsoft Entra Permissions Management",
-      "standards/*.md": "Microsoft Entra",
-      "standards/*.yml": "Microsoft Entra",
-      "verified-id/*.md": "Microsoft Entra Verified ID",
-      "verified-id/*.yml": "Microsoft Entra Verified ID",
-      "workload-id/*.md": "Microsoft Entra Workload ID",
-      "workload-id/*.yml": "Microsoft Entra Workload ID"
-    },
     "rules": {
       "sensitive-language-wl": {
         "exclude": [
@@ -212,5 +211,5 @@
         ]
       }
     }
-  }
+  } 
 }

docs/external-id/context/external-id-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/identity/app-provisioning/context/app-provisioning-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/identity/app-proxy/context/app-proxy-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
-brand: azure
-uhfHeaderId: azure
+brand: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../bread/toc.yml
 toc_rel: ../toc.yml

docs/identity/authentication/concept-certificate-based-authentication-certificateuserids.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 11/15/2023
+ms.date: 11/29/2023
 
 ms.author: justinha
 author: vimrang
@@ -27,14 +27,14 @@ The values stored in **certificateUserIds** should be in the format described in
 
 |Certificate mapping Field | Examples of values in CertificateUserIds |
 |--------------------------|--------------------------------------|
-|PrincipalName | `X509:\<PN>bob@woodgrove.com` |
-|PrincipalName | `X509:\<PN>bob@woodgrove`   | 
-|RFC822Name	| `X509:\<RFC822>user@woodgrove.com` |
-|IssuerAndSubject | `X509:\<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA\<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` |
-|Subject | `X509:\<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest`  |
-|SKI | `X509:\<SKI>123456789abcdef` |
-|SHA1PublicKey |`X509:\<SHA1-PUKEY>123456789abcdef` |
-|IssuerAndSerialNumber | `X509:\<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA\<SR>b24134139f069b49997212a86ba0ef48` <br> To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:<br> **Syntax**:<br> `Certutil –dump –v [~certificate path~] >> [~dumpFile path~]` <br> **Example**: <br> `certutil -dump -v firstusercert.cer >> firstCertDump.txt` |
+|PrincipalName | `X509:<PN>bob@woodgrove.com` |
+|PrincipalName | `X509:<PN>bob@woodgrove`   | 
+|RFC822Name	| `X509:<RFC822>user@woodgrove.com` |
+|IssuerAndSubject | `X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` |
+|Subject | `X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest`  |
+|SKI | `X509:<SKI>123456789abcdef` |
+|SHA1PublicKey |`X509:<SHA1-PUKEY>123456789abcdef` |
+|IssuerAndSerialNumber | `X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<SR>b24134139f069b49997212a86ba0ef48` <br> To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:<br> **Syntax**:<br> `Certutil –dump –v [~certificate path~] >> [~dumpFile path~]` <br> **Example**: <br> `certutil -dump -v firstusercert.cer >> firstCertDump.txt` |
 
 ## Roles to update certificateUserIds
 

docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -199,13 +199,13 @@ Mapping types based on user names and email addresses are considered low-affinit
 
 | Certificate mapping field | Examples of values in certificateUserIds | User object attributes | Type | 
 |:--------------------------|:----------------------------------------:|:----------------------:|:----:|
-|PrincipalName | `X509:\<PN>bob@woodgrove.com` | userPrincipalName <br> onPremisesUserPrincipalName <br> certificateUserIds | low-affinity |
-|RFC822Name	| `X509:\<RFC822>user@woodgrove.com` | userPrincipalName <br> onPremisesUserPrincipalName <br> certificateUserIds | low-affinity |
-|IssuerAndSubject | `X509:\<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA\<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity |
-|Subject | `X509:\<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest`  | certificateUserIds | low-affinity |
-|SKI | `X509:\<SKI>123456789abcdef` | certificateUserIds | high-affinity |
-|SHA1PublicKey | `X509:\<SHA1-PUKEY>123456789abcdef` | certificateUserIds | high-affinity |
-|IssuerAndSerialNumber | `X509:\<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA\<SR>b24134139f069b49997212a86ba0ef48` <br> To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:<br> **Syntax**:<br> `Certutil –dump –v [~certificate path~] >> [~dumpFile path~]` <br> **Example**: <br> `certutil -dump -v firstusercert.cer >> firstCertDump.txt` | certificateUserIds | high-affinity |
+|PrincipalName | `X509:<PN>bob@woodgrove.com` | userPrincipalName <br> onPremisesUserPrincipalName <br> certificateUserIds | low-affinity |
+|RFC822Name	| `X509:<RFC822>user@woodgrove.com` | userPrincipalName <br> onPremisesUserPrincipalName <br> certificateUserIds | low-affinity |
+|IssuerAndSubject | `X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity |
+|Subject | `X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest`  | certificateUserIds | low-affinity |
+|SKI | `X509:<SKI>123456789abcdef` | certificateUserIds | high-affinity |
+|SHA1PublicKey | `X509:<SHA1-PUKEY>123456789abcdef` | certificateUserIds | high-affinity |
+|IssuerAndSerialNumber | `X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<SR>b24134139f069b49997212a86ba0ef48` <br> To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:<br> **Syntax**:<br> `Certutil –dump –v [~certificate path~] >> [~dumpFile path~]` <br> **Example**: <br> `certutil -dump -v firstusercert.cer >> firstCertDump.txt` | certificateUserIds | high-affinity |
 
 ### Define Affinity binding at the tenant level and override with custom rules
 

docs/identity/authentication/how-to-certificate-based-authentication.md

@@ -398,7 +398,7 @@ The SerialNumber value to be added in CertificateUserId is:
 CertificateUserId: 
 
 ```
-X509:<I> C=US,O=U.SGovernment,OU=DoD,OU=PKI,OU=CONTRACTOR,CN=CRL.BALA.SelfSignedCertificate<SR> b24134139f069b49997212a86ba0ef48 
+X509:<I>C=US,O=U.SGovernment,OU=DoD,OU=PKI,OU=CONTRACTOR,CN=CRL.BALA.SelfSignedCertificate<SR> b24134139f069b49997212a86ba0ef48 
 ```
 
 #### Issue and Subject manual mapping

docs/identity/conditional-access/context/conditional-access-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/identity/conditional-access/managed-policies.md

@@ -39,7 +39,7 @@ Microsoft will enable these policies after no less than 90 days after they're in
 
 ## Policies
 
-These Microsoft-managed policies allow administrators to make simple modifications like excluding users or turning them from report-only mode to on or off. As Administrators get more comfortable with Conditional Access policy, they might choose to clone the policy and make custom versions.
+These Microsoft-managed policies allow administrators to make simple modifications like excluding users or turning them from report-only mode to on or off, however they won't be able to rename or delete the Microsoft-managed policies. As Administrators get more comfortable with Conditional Access policy, they might choose to clone the policy and make custom versions.
 
 As threats evolve over time, Microsoft might change these policies in the future to take advantage of new features and functionality to improve their function.
 
@@ -59,7 +59,7 @@ This policy targets Microsoft Entra ID P1 and P2 tenants where security defaults
 
 This policy covers all users and requires MFA and reauthentication when we detect high-risk sign-ins. High-risk in this case means something about the way the user signed in is out of the ordinary. These high-risk sign-ins might include: travel that is highly abnormal, password spray attacks, or token replay attacks. For more information about these risk definitions, see the article [What are risk detections](/entra/id-protection/concept-identity-protection-risks#sign-in-risk-detections).
 
-This policy targets Microsoft Entra ID P2 tenants where there are enough licenses for each user. Microsoft Entra ID doesn't allow risky users to register for MFA, so to avoid locking them out of the system this policy is only available to organizations where every user is already registered for MFA. 
+This policy targets Microsoft Entra ID P2 tenants where security defaults aren't enabled and there are enough licenses for each user. Microsoft Entra ID doesn't allow risky users to register for MFA, so to avoid locking them out of the system this policy is only available to organizations where every user is already registered for MFA. 
 
 ## How do I see the effects?
 

docs/identity/devices/context/devices-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/identity/domain-services/TOC.yml

@@ -104,7 +104,7 @@
         - name: Secure remote access to VMs
           href: secure-remote-vm-access.md
         - name: Security baseline
-          href: /security/benchmark/azure/baselines/azure-active-directory-domain-services-security-baseline?toc=/entra/identity/domain-services/toc.json&bc=/entra/identity/domain-services/breadcrumb/toc.json          
+          href: /security/benchmark/azure/baselines/azure-active-directory-domain-services-security-baseline?context=/domain-services/context/domain-services-context.json    
     - name: Domain-join VMs
       items:
         - name: Windows Server VM from template

docs/identity/domain-services/context/azure-ad-ds-context.yml → docs/identity/domain-services/context/domain-services-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
-brand: azure
-uhfHeaderId: azure
+brand: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/TOC.yml
 toc_rel: ../TOC.yml

docs/identity/enterprise-apps/context/manage-apps-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../toc.yml

docs/identity/managed-identities-azure-resources/context/msi-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../TOC.yml

docs/identity/role-based-access-control/context/ugr-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../TOC.yml

docs/identity/users/context/ugr-context.yml

@@ -1,5 +1,5 @@
 ### YamlMime:ContextObject
 brand: entra
-uhfHeaderId: entra
+uhfHeaderId: MSDocsHeader-Entra
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../TOC.yml

docs/permissions-management/permissions-management-quickstart-guide.md

@@ -42,6 +42,7 @@ If the above points are met, continue with:
 
 Ensure you're a Global Administrator. Learn more about [Permissions Management roles and permissions](product-roles-permissions.md). 
 
+:::image type="content" source="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png" alt-text="A diagram showing where Entra ID intersect with Azure roles in the Entra ID tenant." lightbox="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png":::
 
 ## Step 2: Onboard your multicloud environment
 
@@ -122,8 +123,6 @@ When you enabled Permissions Management in the Microsoft Entra tenant, an enterp
 
 2. Assign the *Reader* role to the CIEM application to allow Permissions management to read the Microsoft Entra subscriptions in your environment. 
 
-:::image type="content" source="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png" alt-text="A diagram showing where Entra ID intersect with Azure roles in the Entra ID tenant." lightbox="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png":::
-
 :::image type="content" source="media/permissions-management-quickstart-guide/entra-id-tenant-role-connection-azure-subscriptions.png" alt-text="A diagram showing the connection between the Entra ID role connections to an Azure subscription." lightbox="media/permissions-management-quickstart-guide/entra-id-tenant-role-connection-azure-subscriptions.png":::
 
 ### Prerequisites