Updates from: 03/17/2023 02:58:11
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-domain-services Troubleshoot Alerts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-domain-services/troubleshoot-alerts.md
Previously updated : 03/02/2023 Last updated : 03/15/2023
When the managed domain is enabled again, the managed domain's health automatica
[Check the Azure AD DS health](check-health.md) for alerts that indicate problems in the configuration of the managed domain. If you're able to resolve alerts that indicate a configuration issue, wait two hours and check back to see if the synchronization has completed. When ready, [open an Azure support request][azure-support] to re-enable the managed domain.
+## AADDS600: Unresolved health alerts for 30 days
+
+### Alert Message
+
+*Microsoft canΓÇÖt manage the domain controllers for this managed domain due to unresolved health alerts \[IDs\]. This is blocking critical security updates as well as a planned migration to Windows Server 2019 for these domain controllers. Follow steps in the alert to resolve the issue. Failure to resolve this issue within 30 days will result in suspension of the managed domain.*
+
+### Resolution
+
+> [!WARNING]
+> If a managed domain is suspended for an extended period of time, there's a danger of it being deleted. Resolve the reason for suspension as quickly as possible. For more information, see [Understand the suspended states for Azure AD DS](suspension.md).
+
+[Check the Azure AD DS health](check-health.md) for alerts that indicate problems in the configuration of the managed domain. If you're able to resolve alerts that indicate a configuration issue, wait six hours and check back to see if the alert is removed. [Open an Azure support request][azure-support] if you need assistance.
+ ## Next steps If you still have issues, [open an Azure support request][azure-support] for additional troubleshooting assistance.
active-directory Application Provisioning Config Problem Scim Compatibility https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility.md
Title: Known issues with System for Cross-Domain Identity Management (SCIM) 2.0 protocol compliance - Azure AD
+ Title: Known issues with System for Cross-Domain Identity Management (SCIM) 2.0 protocol compliance
description: How to solve common protocol compatibility issues faced when adding a non-gallery application that supports SCIM 2.0 to Azure AD
active-directory On Premises Application Provisioning Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/on-premises-application-provisioning-architecture.md
Title: 'Azure AD on-premises application provisioning architecture | Microsoft Docs'
+ Title: 'Azure AD on-premises application provisioning architecture'
description: Presents an overview of on-premises application provisioning architecture.
active-directory Use Scim To Build Users And Groups Endpoints https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md
Previously updated : 08/18/2022 Last updated : 03/16/2023
Go to the [reference code](https://github.com/AzureAD/SCIMReferenceCode) from Gi
1. In the terminal, change the directory using the `cd Microsoft.SCIM.WebHostSample` command
-1. To run your app locally, in the terminal, run the .NET CLI command below. The [dotnet run](/dotnet/core/tools/dotnet-run) runs the Microsoft.SCIM.WebHostSample project using the [development environment](/aspnet/core/fundamentals/environments#set-environment-on-the-command-line).
+1. To run your app locally, in the terminal, run the .NET CLI command. The [dotnet run](/dotnet/core/tools/dotnet-run) runs the Microsoft.SCIM.WebHostSample project using the [development environment](/aspnet/core/fundamentals/environments#set-environment-on-the-command-line).
```dotnetcli dotnet run --environment Development
Go to the [reference code](https://github.com/AzureAD/SCIMReferenceCode) from Gi
1. To deploy the Microsoft.SCIM.WebHostSample app to Azure App Services, [create a new App Services](../../app-service/quickstart-dotnetcore.md?tabs=net60&pivots=development-environment-vscode#publish-your-web-app).
-1. In the Visual Studio Code terminal, run the .NET CLI command below. This command generates a deployable publish folder for the app in the bin/debug/publish directory.
+1. In the Visual Studio Code terminal, run the .NET CLI command. This command generates a deployable publish folder for the app in the bin/debug/publish directory.
```dotnetcli dotnet publish -c Debug ``` 1. In the Visual Studio Code explorer, right-click on the generated **publish** folder, and select Deploy to Web App.
-1. A new workflow will open in the command palette at the top of the screen. Select the **Subscription** you would like to publish your app to.
+1. A new workflow opens in the command palette at the top of the screen. Select the **Subscription** you would like to publish your app to.
1. Select the **App Service** web app you created earlier. 1. If Visual Studio Code prompts you to confirm, select **Deploy**. The deployment process may take a few moments. When the process completes, a notification should appear in the bottom right corner prompting you to browse to the deployed app.
To develop a SCIM-compliant user and group endpoint with interoperability for a
- [Tutorial: Validate a SCIM endpoint](scim-validator-tutorial.md) - [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)-- [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)
+- [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)
active-directory Use Scim To Provision Users And Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
Previously updated : 03/15/2023 Last updated : 03/16/2023
active-directory What Is Hr Driven Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/what-is-hr-driven-provisioning.md
Title: 'What is HR driven provisioning with Azure Active Directory? | Microsoft Docs'
+ Title: 'What is HR driven provisioning with Azure Active Directory?'
description: Describes overview of HR driven provisioning.
active-directory Application Proxy Configure Cookie Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-configure-cookie-settings.md
Title: Application Proxy cookie settings - Azure Active Directory
+ Title: Application Proxy cookie settings
description: Azure Active Directory (Azure AD) has access and session cookies for accessing on-premises applications through Application Proxy. In this article, you'll find out how to use and configure the cookie settings.
active-directory Application Proxy Configure Native Client Application https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-configure-native-client-application.md
Title: Publish native client apps - Azure Active Directory
+ Title: Publish native client apps
description: Covers how to enable native client apps to communicate with Azure Active Directory Application Proxy Connector to provide secure remote access to your on-premises apps.
active-directory Application Proxy Connector Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-connector-groups.md
Title: Publish apps on separate networks via connector groups - Azure Active Directory
+ Title: Publish apps on separate networks via connector groups
description: Covers how to create and manage groups of connectors in Azure Active Directory Application Proxy.
active-directory Application Proxy Debug Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-debug-apps.md
Title: Debug Application Proxy applications - Azure Active Directory
+ Title: Debug Application Proxy applications
description: Debug issues with Azure Active Directory (Azure AD) Application Proxy applications.
active-directory Application Proxy Debug Connectors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-debug-connectors.md
Title: Debug Application Proxy connectors - Azure Active Directory
+ Title: Debug Application Proxy connectors
description: Debug issues with Azure Active Directory (Azure AD) Application Proxy connectors.
active-directory Application Proxy Integrate With Microsoft Cloud Application Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-integrate-with-microsoft-cloud-application-security.md
Title: Use Application Proxy to integrate on-premises apps with Defender for Cloud Apps - Azure Active Directory
+ Title: Use Application Proxy to integrate on-premises apps with Defender for Cloud Apps
description: Configure an on-premises application in Azure Active Directory to work with Microsoft Defender for Cloud Apps. Use the Defender for Cloud Apps Conditional Access App Control to monitor and control sessions in real-time based on Conditional Access policies. You can apply these policies to on-premises applications that use Application Proxy in Azure Active Directory (Azure AD).
active-directory Active Directory Certificate Based Authentication Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-android.md
Title: Android certificate-based authentication with federation - Azure Active Directory
+ Title: Android certificate-based authentication with federation
description: Learn about the supported scenarios and the requirements for configuring certificate-based authentication in solutions with Android devices
active-directory Active Directory Certificate Based Authentication Get Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md
Title: Certificate-based authentication with federation - Azure Active Directory
+ Title: Certificate-based authentication with federation
description: Learn how to configure certificate-based authentication with federation in your environment
active-directory Active Directory Certificate Based Authentication Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md
Title: Certificate-based authentication with federation on iOS - Azure Active Directory
+ Title: Certificate-based authentication with federation on iOS
description: Learn about the supported scenarios and the requirements for configuring certificate-based authentication for Azure Active Directory in solutions with iOS devices
active-directory Concept Authentication Authenticator App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-authenticator-app.md
Title: Microsoft Authenticator authentication method - Azure Active Directory
+ Title: Microsoft Authenticator authentication method
description: Learn about using the Microsoft Authenticator in Azure Active Directory to help secure your sign-ins
active-directory Concept Authentication Methods Manage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-methods-manage.md
Title: Manage authentication methods - Azure Active Directory
+ Title: Manage authentication methods
description: Learn about the authentication methods policy and different ways to manage authentication methods.
active-directory Concept Authentication Methods https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-methods.md
Title: Authentication methods and features - Azure Active Directory
+ Title: Authentication methods and features
description: Learn about the different authentication methods and features available in Azure Active Directory to help improve and secure sign-in events
active-directory Concept Authentication Oath Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-oath-tokens.md
Title: OATH tokens authentication method - Azure Active Directory
+ Title: OATH tokens authentication method
description: Learn about using OATH tokens in Azure Active Directory to help improve and secure sign-in events
active-directory Concept Authentication Phone Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-phone-options.md
Title: Phone authentication methods - Azure Active Directory
+ Title: Phone authentication methods
description: Learn about using phone authentication methods in Azure Active Directory to help improve and secure sign-in events
active-directory Concept Authentication Security Questions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-security-questions.md
Title: Security questions authentication method - Azure Active Directory
+ Title: Security questions authentication method
description: Learn about using security questions in Azure Active Directory to help improve and secure sign-in events
active-directory Concept Certificate Based Authentication Certificateuserids https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md
Title: Certificate user IDs for Azure AD certificate-based authentication - Azure Active Directory
+ Title: Certificate user IDs for Azure AD certificate-based authentication
description: Learn about certificate user IDs for Azure AD certificate-based authentication without federation
active-directory Concept Certificate Based Authentication Limitations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-limitations.md
Title: Limitations with Azure AD certificate-based authentication without federation - Azure Active Directory
+ Title: Limitations with Azure AD certificate-based authentication without federation
description: Learn supported and unsupported scenarios for Azure AD certificate-based authentication
active-directory Concept Certificate Based Authentication Mobile Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-mobile-android.md
Title: Azure Active Directory certificate-based authentication on Android devices - Azure Active Directory
+ Title: Azure Active Directory certificate-based authentication on Android devices
description: Learn about Azure Active Directory certificate-based authentication on Android devices
active-directory Concept Certificate Based Authentication Mobile Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-mobile-ios.md
Title: Azure Active Directory certificate-based authentication on Apple devices - Azure Active Directory
+ Title: Azure Active Directory certificate-based authentication on Apple devices
description: Learn about Azure Active Directory certificate-based authentication on Apple devices that run macOS or iOS
active-directory Concept Certificate Based Authentication Smartcard https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-smartcard.md
Title: Windows smart card sign-in using Azure Active Directory certificate-based authentication - Azure Active Directory
+ Title: Windows smart card sign-in using Azure Active Directory certificate-based authentication
description: Learn how to enable Windows smart card sign-in using Azure Active Directory certificate-based authentication
active-directory Concept Certificate Based Authentication Technical Deep Dive https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md
Title: Azure AD certificate-based authentication technical deep dive - Azure Active Directory
+ Title: Azure AD certificate-based authentication technical deep dive
description: Learn how Azure AD certificate-based authentication works
active-directory Concept Certificate Based Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication.md
Title: Overview of Azure AD certificate-based authentication - Azure Active Directory
+ Title: Overview of Azure AD certificate-based authentication
description: Learn about Azure AD certificate-based authentication without federation
active-directory Concept Mfa Authprovider https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-mfa-authprovider.md
Title: Azure AD Multi-Factor Auth Providers - Azure Active Directory
+ Title: Azure AD Multi-Factor Auth Providers
description: When should you use an Auth Provider with Azure MFA?
active-directory Concept Password Ban Bad On Premises https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-password-ban-bad-on-premises.md
Title: Azure AD Password Protection - Azure Active Directory
+ Title: Azure AD Password Protection
description: Ban weak passwords in on-premises Active Directory Domain Services environments by using Azure AD Password Protection
active-directory Concept Registration Mfa Sspr Combined https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
Title: Combined registration for SSPR and Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Combined registration for SSPR and Azure AD Multi-Factor Authentication
description: Learn about the combined registration experience for Azure Active Directory to let users register for both Azure AD Multi-Factor Authentication and self-service password reset
active-directory Concept Resilient Controls https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-resilient-controls.md
Title: Create a resilient access control management strategy - Azure AD
+ Title: Create a resilient access control management strategy
description: This document provides guidance on strategies an organization should adopt to provide resilience to reduce the risk of lockout during unforeseen disruptions
active-directory Concept Sspr Howitworks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-howitworks.md
Title: Self-service password reset deep dive - Azure Active Directory
+ Title: Self-service password reset deep dive
description: How does self-service password reset work
active-directory Concept Sspr Licensing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-licensing.md
Title: License self-service password reset - Azure Active Directory
+ Title: License self-service password reset
description: Learn about the difference Azure Active Directory self-service password reset licensing requirements
active-directory Concept Sspr Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-policy.md
Title: Self-service password reset policies - Azure Active Directory
+ Title: Self-service password reset policies
description: Learn about the different Azure Active Directory self-service password reset policy options
active-directory Concept Sspr Writeback https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-writeback.md
Title: On-premises password writeback with self-service password reset - Azure Active Directory
+ Title: On-premises password writeback with self-service password reset
description: Learn how password change or reset events in Azure Active Directory can be written back to an on-premises directory environment
active-directory Concept System Preferred Multifactor Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md
Title: System-preferred multifactor authentication (MFA) - Azure Active Directory
+ Title: System-preferred multifactor authentication (MFA)
description: Learn how to use system-preferred multifactor authentication Previously updated : 03/02/2023 Last updated : 03/16/2023
System-preferred MFA is a Microsoft managed setting, which is a [tristate policy
After system-preferred MFA is enabled, the authentication system does all the work. Users don't need to set any authentication method as their default because the system always determines and presents the most secure method they registered.
+>[!NOTE]
+>System-preferred MFA is a key security upgrade to traditional second factor notifications. We highly recommend enabling system-preferred MFA in the near term for improved sign-in security.
+ ## Enable system-preferred MFA To enable system-preferred MFA in advance, you need to choose a single target group for the schema configuration, as shown in the [Request](#request) example.
https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
### Request
-The following example excludes a sample target group and includes all users. For more information, see [Update authenticationMethodsPolicy](/graph/api/authenticationmethodspolicy-update?view=graph-rest-beta).
+The following example excludes a sample target group and includes all users. For more information, see [Update authenticationMethodsPolicy](/graph/api/authenticationmethodspolicy-update).
```http PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
active-directory How To Authentication Methods Manage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-methods-manage.md
Title: How to migrate to the Authentication methods policy - Azure Active Directory (preview)
+ Title: How to migrate to the Authentication methods policy (preview)
description: Learn about how to centrally manage multifactor authentication (MFA) and self-service password reset (SSPR) settings in the Authentication methods policy.
To check settings in the Authentication methods policy, sign in as an [Authentic
:::image type="content" source="media/concept-authentication-methods-manage/authentication-methods-policy.png" alt-text="Screenshot that shows the authentication methods." lightbox="media/concept-authentication-methods-manage/authentication-methods-policy.png":::
-The Authentication methods policy has other methods that aren't available in the legacy policies, such as FIDO2 security key, Temporary Access Pass, and Azure AD certificate-based authentication. These methods aren't in scope for migration and you won't need to make any changes to them if you've them configured already.
+The Authentication methods policy has other methods that aren't available in the legacy policies, such as FIDO2 security key, Temporary Access Pass, and Azure AD certificate-based authentication. These methods aren't in scope for migration and you won't need to make any changes to them if you've configured them already.
If you've enabled other methods in the Authentication methods policy, write down the users and groups who can or can't use those methods. Take a note of the configuration parameters that govern how the method can be used. For example, you can configure Microsoft Authenticator to provide location in push notifications. Make a record of which users and groups are enabled for similar configuration parameters associated with each method.
active-directory How To Authentication Sms Supported Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-sms-supported-apps.md
Previously updated : 01/29/2023 Last updated : 03/16/2023
For the same reason, Microsoft Office mobile apps (except Microsoft Teams, Compa
| | | | Native desktop Microsoft apps | Microsoft Teams, O365 apps, Word, Excel, etc.| | Native mobile Microsoft apps (except Microsoft Teams, Company Portal, and Microsoft Azure) | Outlook, Edge, Power BI, Stream, SharePoint, Power Apps, Word, etc.|
-| Microsoft 365 web apps (accessed directly on web) | [Outlook](https://outlook.live.com/owa/), [Word](https://office.live.com/start/Word.aspx), [Excel](https://office.live.com/start/Excel.aspx), [PowerPoint](https://office.live.com/start/PowerPoint.aspx), [OneDrive](https://onedrive.live.com/about/signin)|
+| Microsoft 365 web apps (accessed directly on web) | [Outlook](https://outlook.live.com/owa/), [Word](https://office.live.com/start/Word.aspx), [Excel](https://office.live.com/start/Excel.aspx), [PowerPoint](https://office.live.com/start/PowerPoint.aspx)|
## Support for Non-Microsoft apps
active-directory How To Authentication Two Way Sms Unsupported https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-two-way-sms-unsupported.md
Title: Two-way SMS no longer supported - Azure Active Directory
+ Title: Two-way SMS no longer supported
description: Explains how to enable another method for users who still use two-way SMS.
active-directory How To Certificate Based Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-certificate-based-authentication.md
Title: How to configure Azure AD certificate-based authentication - Azure Active Directory
+ Title: How to configure Azure AD certificate-based authentication
description: Topic that shows how to configure Azure AD certificate-based authentication in Azure Active Directory
active-directory How To Mfa Additional Context https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-additional-context.md
Title: Use additional context in Microsoft Authenticator notifications - Azure Active Directory
+ Title: Use additional context in Microsoft Authenticator notifications
description: Learn how to use additional context in MFA notifications
active-directory How To Mfa Authenticator Lite https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-authenticator-lite.md
Users receive a notification in Outlook mobile to approve or deny sign-in, or th
| Operating system | Outlook version | |:-:|::|
- |Android | 4.2308.0 |
+ |Android | 4.2309.1 |
|iOS | 4.2309.0 | ## Enable Authenticator Lite
active-directory How To Mfa Number Match https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-number-match.md
Title: Use number matching in multifactor authentication (MFA) notifications - Azure Active Directory
+ Title: Use number matching in multifactor authentication (MFA) notifications
description: Learn how to use number matching in MFA notifications
active-directory How To Mfa Registration Campaign https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-registration-campaign.md
Title: Nudge users to set up Microsoft Authenticator - Azure Active Directory
+ Title: Nudge users to set up Microsoft Authenticator
description: Learn how to move your organization away from less secure authentication methods to Microsoft Authenticator
active-directory How To Mfa Server Migration Utility https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-server-migration-utility.md
Title: How to use the MFA Server Migration Utility to migrate to Azure AD MFA - Azure Active Directory
+ Title: How to use the MFA Server Migration Utility to migrate to Azure AD MFA
description: Step-by-step guidance to migrate MFA server settings to Azure AD using the MFA Server Migration Utility.
active-directory How To Migrate Mfa Server To Azure Mfa User Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md
Title: Migrate to Azure AD MFA and Azure AD user authentication - Azure Active Directory
+ Title: Migrate to Azure AD MFA and Azure AD user authentication
description: Step-by-step guidance to move from MFA Server on-premises to Azure AD MFA and Azure AD user authentication
active-directory How To Migrate Mfa Server To Azure Mfa With Federation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-with-federation.md
Title: Migrate to Azure AD MFA with federations - Azure Active Directory
+ Title: Migrate to Azure AD MFA with federations
description: Step-by-step guidance to move from MFA Server on-premises to Azure AD MFA with federation
active-directory How To Migrate Mfa Server To Azure Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa.md
Title: Migrate from MFA Server to Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Migrate from MFA Server to Azure AD Multi-Factor Authentication
description: Step-by-step guidance to migrate from MFA Server on-premises to Azure AD Multi-Factor Authentication
active-directory Howto Authentication Methods Activity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-methods-activity.md
Title: Authentication Methods Activity - Azure Active Directory
+ Title: Authentication Methods Activity
description: Overview of the authentication methods that users register to sign in and reset passwords.
active-directory Howto Authentication Passwordless Faqs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-faqs.md
Title: FAQs for hybrid FIDO2 security key deployment - Azure Active Directory
+ Title: FAQs for hybrid FIDO2 security key deployment
description: Learn about some frequently asked questions for passwordless hybrid FIDO2 security key sign-in using Azure Active Directory
active-directory Howto Authentication Passwordless Phone https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-phone.md
Title: Passwordless sign-in with Microsoft Authenticator - Azure Active Directory
+ Title: Passwordless sign-in with Microsoft Authenticator
description: Enable passwordless sign-in to Azure AD using Microsoft Authenticator
active-directory Howto Authentication Passwordless Security Key On Premises https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md
Title: Passwordless security key sign-in to on-premises resources - Azure Active Directory
+ Title: Passwordless security key sign-in to on-premises resources
description: Learn how to enable passwordless security key sign-in to on-premises resources by using Azure Active Directory
active-directory Howto Authentication Passwordless Security Key Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md
Title: Passwordless security key sign-in Windows - Azure Active Directory
+ Title: Passwordless security key sign-in Windows
description: Learn how to enable passwordless security key sign-in to Azure Active Directory using FIDO2 security keys
active-directory Howto Authentication Passwordless Security Key https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key.md
Title: Passwordless security key sign-in - Azure Active Directory
+ Title: Passwordless security key sign-in
description: Enable passwordless security key sign-in to Azure AD using FIDO2 security keys
active-directory Howto Authentication Passwordless Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-troubleshoot.md
Title: Known issues and troubleshooting for hybrid FIDO2 security keys - Azure Active Directory
+ Title: Known issues and troubleshooting for hybrid FIDO2 security keys
description: Learn about some known issues and ways to troubleshoot passwordless hybrid FIDO2 security key sign-in using Azure Active Directory
active-directory Howto Mfa Adfs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-adfs.md
Title: Secure resources with Azure AD MFA and ADFS - Azure Active Directory
+ Title: Secure resources with Azure AD MFA and ADFS
description: This is the Azure AD Multi-Factor Authentication page that describes how to get started with Azure AD MFA and AD FS in the cloud.
active-directory Howto Mfa App Passwords https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-app-passwords.md
Title: Configure app passwords for Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Configure app passwords for Azure AD Multi-Factor Authentication
description: Learn how to configure and use app passwords for legacy applications in Azure AD Multi-Factor Authentication
active-directory Howto Mfa Mfasettings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-mfasettings.md
Title: Configure Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Configure Azure AD Multi-Factor Authentication
description: Learn how to configure settings for Azure AD Multi-Factor Authentication in the Azure portal
active-directory Howto Mfa Nps Extension Advanced https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-advanced.md
Title: Configure the Azure AD MFA NPS extension - Azure Active Directory
+ Title: Configure the Azure AD MFA NPS extension
description: After you install the NPS extension, use these steps for advanced configuration like allowed IP lists and UPN replacement.
active-directory Howto Mfa Nps Extension Errors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-errors.md
Title: Troubleshooting Azure AD MFA NPS extension - Azure Active Directory
+ Title: Troubleshooting Azure AD MFA NPS extension
description: Get help resolving issues with the NPS extension for Azure AD Multi-Factor Authentication
active-directory Howto Mfa Nps Extension Rdg https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md
Title: Integrate RDG with Azure AD MFA NPS extension - Azure Active Directory
+ Title: Integrate RDG with Azure AD MFA NPS extension
description: Integrate your Remote Desktop Gateway infrastructure with Azure AD MFA using the Network Policy Server extension for Microsoft Azure
active-directory Howto Mfa Nps Extension Vpn https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md
Title: VPN with Azure AD MFA using the NPS extension - Azure Active Directory
+ Title: VPN with Azure AD MFA using the NPS extension
description: Integrate your VPN infrastructure with Azure AD MFA by using the Network Policy Server extension for Microsoft Azure.
active-directory Howto Mfa Nps Extension https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension.md
Title: Use Azure AD Multi-Factor Authentication with NPS - Azure Active Directory
+ Title: Use Azure AD Multi-Factor Authentication with NPS
description: Learn how to use Azure AD Multi-Factor Authentication capabilities with your existing Network Policy Server (NPS) authentication infrastructure Previously updated : 01/29/2023 Last updated : 03/16/2023
When you install the extension, you need the *Tenant ID* and admin credentials f
The NPS server must be able to communicate with the following URLs over TCP port 443:
-* *https:\//strongauthenticationservice.auth.microsoft.com* (for Azure Public cloud customers).
-* *https:\//strongauthenticationservice.auth.microsoft.us* (for Azure Government customers).
-* *https:\//strongauthenticationservice.auth.microsoft.cn* (for Azure China 21Vianet customers).
-* *https:\//adnotifications.windowsazure.com*
-* *https:\//login.microsoftonline.com*
-* *https:\//credentials.azure.com*
+* `https:\//login.microsoftonline.com`
+* `https:\//credentials.azure.com`
Additionally, connectivity to the following URLs is required to complete the [setup of the adapter using the provided PowerShell script](#run-the-powershell-script):
-* *https:\//login.microsoftonline.com*
-* *https:\//provisioningapi.microsoftonline.com*
-* *https:\//aadcdn.msauth.net*
-* *https:\//www.powershellgallery.com*
-* *https:\//go.microsoft.com*
-* *https:\//aadcdn.msftauthimages.net*
+* `https:\//login.microsoftonline.com`
+* `https:\//provisioningapi.microsoftonline.com`
+* `https:\//aadcdn.msauth.net`
+* `https:\//www.powershellgallery.com`
+* `https:\//go.microsoft.com`
+* `https:\//aadcdn.msftauthimages.net`
## Prepare your environment
active-directory Howto Mfa Reporting Datacollection https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-reporting-datacollection.md
Title: Azure AD user data collection - Azure Active Directory
+ Title: Azure AD user data collection
description: What information is used to help authenticate users by self-service password reset and Azure AD Multi-Factor Authentication?
active-directory Howto Mfa Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-reporting.md
Title: Sign-in event details for Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Sign-in event details for Azure AD Multi-Factor Authentication
description: Learn how to view sign-in activity for Azure AD Multi-Factor Authentication events and status messages.
active-directory Howto Mfa Server Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-server-settings.md
Title: Configure MFA Server - Azure Active Directory
+ Title: Configure MFA Server
description: Learn how to configure settings for Azure MFA Server in the Azure portal
active-directory Howto Mfa Userdevicesettings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-userdevicesettings.md
Title: Manage authentication methods for Azure AD Multi-Factor Authentication - Azure Active Directory
+ Title: Manage authentication methods for Azure AD Multi-Factor Authentication
description: Learn how you can configure Azure Active Directory user settings for Azure AD Multi-Factor Authentication
active-directory Howto Mfa Userstates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-userstates.md
Title: Enable per-user Multi-Factor Authentication - Azure Active Directory
+ Title: Enable per-user Multi-Factor Authentication
description: Learn how to enable per-user Azure AD Multi-Factor Authentication by changing the user state
active-directory Howto Mfaserver Adfs 2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-adfs-2.md
Title: Use Azure MFA Server with AD FS 2.0 - Azure Active Directory
+ Title: Use Azure MFA Server with AD FS 2.0
description: Describes how to get started with Azure MFA and AD FS 2.0.
active-directory Howto Mfaserver Adfs Windows Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-adfs-windows-server.md
Title: Azure MFA Server with AD FS in Windows Server - Azure Active Directory
+ Title: Azure MFA Server with AD FS in Windows Server
description: This article describes how to get started with Azure Multi-Factor Authentication and AD FS in Windows Server 2016.
active-directory Howto Mfaserver Deploy Ha https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-ha.md
Title: High availability for Azure MFA Server - Azure Active Directory
+ Title: High availability for Azure MFA Server
description: Deploy multiple instances of Azure Multi-Factor Authentication Server in configurations that provide high availability.
active-directory Howto Mfaserver Deploy Mobileapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-mobileapp.md
Title: Azure MFA Server Mobile App Web Service - Azure Active Directory
+ Title: Azure MFA Server Mobile App Web Service
description: Configure MFA server to send push notifications to users with the Microsoft Authenticator App.
active-directory Howto Mfaserver Deploy Upgrade Pf https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-upgrade-pf.md
Title: Upgrade PhoneFactor to Azure AD Multi-Factor Authentication Server - Azure Active Directory
+ Title: Upgrade PhoneFactor to Azure AD Multi-Factor Authentication Server
description: Get started with Azure AD Multi-Factor Authentication Server when you upgrade from the older phonefactor agent.
active-directory Howto Mfaserver Deploy Upgrade https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-upgrade.md
Title: Upgrading Azure MFA Server - Azure Active Directory
+ Title: Upgrading Azure MFA Server
description: Steps and guidance to upgrade the Azure AD Multi-Factor Authentication Server to a newer version.
active-directory Howto Mfaserver Deploy Userportal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-userportal.md
Title: User portal for Azure MFA Server - Azure Active Directory
+ Title: User portal for Azure MFA Server
description: Get started with Azure MFA and the user portal.
active-directory Howto Mfaserver Deploy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy.md
Title: Getting started Azure MFA Server - Azure Active Directory
+ Title: Getting started Azure MFA Server
description: Step-by-step get started with Azure MFA Server on-premises
active-directory Howto Mfaserver Dir Ad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-ad.md
Title: Azure MFA Server and Active Directory - Azure Active Directory
+ Title: Azure MFA Server and Active Directory
description: How to integrate the Azure Multi-Factor Authentication Server with Active Directory so you can synchronize the directories.
active-directory Howto Mfaserver Dir Ldap https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-ldap.md
Title: LDAP Authentication and Azure Multi-Factor Authentication Server - Azure Active Directory
+ Title: LDAP Authentication and Azure Multi-Factor Authentication Server
description: Deploying LDAP Authentication and Azure Multi-Factor Authentication Server.
active-directory Howto Mfaserver Dir Radius https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-radius.md
Title: RADIUS and Azure MFA Server - Azure Active Directory
+ Title: RADIUS and Azure MFA Server
description: Deploying RADIUS Authentication and Azure Multi-Factor Authentication Server.
active-directory Howto Mfaserver Iis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-iis.md
Title: IIS Authentication and Azure Multi-Factor Authentication Server - Azure Active Directory
+ Title: IIS Authentication and Azure Multi-Factor Authentication Server
description: Deploying IIS Authentication and Azure Multi-Factor Authentication Server.
active-directory Howto Mfaserver Nps Rdg https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-nps-rdg.md
Title: RDG and Azure MFA Server using RADIUS - Azure Active Directory
+ Title: RDG and Azure MFA Server using RADIUS
description: This is the Azure Multi-factor authentication page that will assist in deploying Remote Desktop (RD) Gateway and Azure Multi-Factor Authentication Server using RADIUS.
active-directory Howto Mfaserver Nps Vpn https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-nps-vpn.md
Title: Azure MFA Server and third-party VPNs - Azure Active Directory
+ Title: Azure MFA Server and third-party VPNs
description: Step-by-step configuration guides for Azure MFA Server to integrate with Cisco, Citrix, and Juniper.
active-directory Howto Mfaserver Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-windows.md
Title: Windows authentication and Azure MFA Server - Azure Active Directory
+ Title: Windows authentication and Azure MFA Server
description: Deploying Windows Authentication and Azure Multi-Factor Authentication Server.
active-directory Howto Password Ban Bad On Premises Agent Versions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-password-ban-bad-on-premises-agent-versions.md
Title: Password protection agent release history - Azure Active Directory
+ Title: Password protection agent release history
description: Documents version release and behavior change history
active-directory Howto Password Smart Lockout https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-password-smart-lockout.md
Title: Prevent attacks using smart lockout - Azure Active Directory
+ Title: Prevent attacks using smart lockout
description: Learn how Azure Active Directory smart lockout helps protect your organization from brute-force attacks that try to guess user passwords.
active-directory Howto Registration Mfa Sspr Combined Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md
Title: Troubleshoot combined registration - Azure Active Directory
+ Title: Troubleshoot combined registration
description: Troubleshoot Azure AD Multi-Factor Authentication and self-service password reset combined registration
active-directory Howto Registration Mfa Sspr Combined https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md
Title: Enable combined security information registration - Azure Active Directory
+ Title: Enable combined security information registration
description: Learn how to simplify the end-user experience with combined Azure AD Multi-Factor Authentication and self-service password reset registration.
active-directory Howto Sspr Authenticationdata https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-authenticationdata.md
Title: Pre-populate contact information for self-service password reset - Azure Active Directory
+ Title: Pre-populate contact information for self-service password reset
description: Learn how to pre-populate contact information for users of Azure Active Directory self-service password reset (SSPR) so they can use the feature without completing a registration process.
active-directory Howto Sspr Customization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-customization.md
Title: Customize self-service password reset - Azure Active Directory
+ Title: Customize self-service password reset
description: Learn how to customize user display and experience options for Azure AD self-service password reset
active-directory Howto Sspr Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-reporting.md
Title: Self-service password reset reports - Azure Active Directory
+ Title: Self-service password reset reports
description: Reporting on Azure AD self-service password reset events
active-directory Howto Sspr Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-windows.md
Title: Self-service password reset for Windows devices - Azure Active Directory
+ Title: Self-service password reset for Windows devices
description: Learn how to enable Azure Active Directory self-service password reset at the Windows sign-in screen.
active-directory Multi Factor Authentication Get Started Adfs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/multi-factor-authentication-get-started-adfs.md
Title: Two-step verification Azure AD MFA and ADFS - Azure Active Directory
+ Title: Two-step verification Azure AD MFA and ADFS
description: This is the Azure AD Multi-Factor Authentication page that describes how to get started with Azure AD MFA and AD FS.
active-directory Troubleshoot Sspr Writeback https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/troubleshoot-sspr-writeback.md
Title: Troubleshoot self-service password reset writeback- Azure Active Directory
+ Title: Troubleshoot self-service password reset writeback
description: Learn how to troubleshoot common problems and resolution steps for self-service password reset writeback in Azure Active Directory
active-directory Troubleshoot Sspr https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/troubleshoot-sspr.md
Title: Troubleshoot self-service password reset - Azure Active Directory
+ Title: Troubleshoot self-service password reset
description: Learn how to troubleshoot common problems and resolution steps for self-service password reset in Azure Active Directory
active-directory Active Directory Acs Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/active-directory-acs-migration.md
Title: Migrate from the Azure Access Control Service | Microsoft Docs
+ Title: Migrate from the Azure Access Control Service
description: Learn about the options for moving apps and services from the Azure Access Control Service (ACS).
active-directory Azure Ad Federation Metadata https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/azure-ad-federation-metadata.md
Title: Azure AD Federation Metadata | Microsoft Docs
+ Title: Azure AD Federation Metadata
description: This article describes the federation metadata document that Azure Active Directory publishes for services that accept Azure Active Directory tokens.
active-directory Howto V1 Enable Sso Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/howto-v1-enable-sso-android.md
Title: How to enable cross-app SSO on Android using ADAL | Microsoft Docs
+ Title: How to enable cross-app SSO on Android using ADAL
description: How to use the features of the ADAL SDK to enable single sign-on across your applications.
active-directory Howto V1 Enable Sso Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/howto-v1-enable-sso-ios.md
Title: How to enable cross-app SSO on iOS using ADAL | Microsoft Docs
+ Title: How to enable cross-app SSO on iOS using ADAL
description: How to use the features of the ADAL SDK to enable Single Sign On across your applications.
active-directory Sample V1 Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/sample-v1-code.md
Title: Code samples for Azure Active Directory v1.0 | Microsoft Docs
+ Title: Code samples for Azure Active Directory v1.0
description: Provides an index of Azure Active Directory (v1.0 endpoint) code samples, organized by scenario. documentationcenter: dev-center-name
active-directory V1 Oauth2 Client Creds Grant Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-client-creds-grant-flow.md
Title: Azure AD Service to Service Auth using OAuth2.0 | Microsoft Docs
+ Title: Azure AD Service to Service Auth using OAuth2.0
description: This article describes how to use HTTP messages to implement service to service authentication using the OAuth2.0 client credentials grant flow.
active-directory V1 Oauth2 Implicit Grant Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-implicit-grant-flow.md
Title: Understanding the OAuth2 implicit grant flow in Azure AD | Microsoft Docs
+ Title: Understanding the OAuth2 implicit grant flow in Azure AD
description: Learn more about Azure Active Directory's implementation of the OAuth2 implicit grant flow, and whether it's right for your application. documentationcenter: dev-center-name
active-directory V1 Oauth2 On Behalf Of Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-on-behalf-of-flow.md
Title: Service-to-service authentication with OAuth2.0 on-behalf-of flow | Microsoft Docs
+ Title: Service-to-service authentication with OAuth2.0 on-behalf-of flow
description: This article describes how to use HTTP messages to implement service-to-service authentication with the OAuth2.0 On-Behalf-Of flow. documentationcenter: .net
active-directory V1 Permissions Consent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-permissions-consent.md
Title: Permissions in Azure Active Directory | Microsoft docs
+ Title: Permissions in Azure Active Directory
description: Learn about permissions in Azure Active Directory and how to use them. documentationcenter: ''
active-directory V1 Protocols Openid Connect Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-protocols-openid-connect-code.md
Title: Authorize web app access with OpenID Connect & Azure AD | Microsoft Docs
+ Title: Authorize web app access with OpenID Connect & Azure AD
description: This article describes how to use HTTP messages to authorize access to web applications and web APIs in your tenant using Azure Active Directory and OpenID Connect. documentationcenter: .net
active-directory How To Automatic Upgrade https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/how-to-automatic-upgrade.md
Title: 'Azure AD Connect cloud provisioning agent: Automatic upgrade | Microsoft Docs'
+ Title: 'Azure AD Connect cloud provisioning agent: Automatic upgrade'
description: This article describes the built-in automatic upgrade feature in the Azure AD Connect cloud provisioning agent. documentationcenter: ''
active-directory How To Manage Registry Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/how-to-manage-registry-options.md
Title: 'Azure AD Connect cloud provisioning agent: Manage registry options | Microsoft Docs'
+ Title: 'Azure AD Connect cloud provisioning agent: Manage registry options'
description: This article describes how to manage registry options in the Azure AD Connect cloud provisioning agent. documentationcenter: ''
active-directory Reference Version History https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/reference-version-history.md
Title: 'Azure AD Connect cloud provisioning agent: Version release history | Microsoft Docs'
+ Title: 'Azure AD Connect cloud provisioning agent: Version release history'
description: This article lists all releases of Azure AD Connect cloud provisioning agent and describes new features and fixed issues
active-directory What Is Cloud Sync https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/what-is-cloud-sync.md
Title: 'What is Azure AD Connect cloud sync? | Microsoft Docs'
+ Title: 'What is Azure AD Connect cloud sync?'
description: Describes Azure AD Connect cloud sync.
active-directory What Is Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/what-is-provisioning.md
Title: 'What is identity provisioning with Azure AD? | Microsoft Docs'
+ Title: 'What is identity provisioning with Azure AD?'
description: Describes overview of identity provisioning.
active-directory Block Legacy Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/block-legacy-authentication.md
Title: Block legacy authentication - Azure Active Directory
+ Title: Block legacy authentication
description: Block legacy authentication using Azure AD Conditional Access.
active-directory Concept Condition Filters For Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-condition-filters-for-devices.md
Title: Filter for devices as a condition in Conditional Access policy - Azure Active Directory
+ Title: Filter for devices as a condition in Conditional Access policy
description: Use filter for devices in Conditional Access to enhance security posture
active-directory Concept Conditional Access Cloud Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Title: Cloud apps, actions, and authentication context in Conditional Access policy - Azure Active Directory
+ Title: Cloud apps, actions, and authentication context in Conditional Access policy
description: What are cloud apps, actions, and authentication context in an Azure AD Conditional Access policy
active-directory Concept Conditional Access Conditions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-conditions.md
Title: Conditions in Conditional Access policy - Azure Active Directory
+ Title: Conditions in Conditional Access policy
description: What are conditions in an Azure AD Conditional Access policy
active-directory Concept Conditional Access Grant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-grant.md
Title: Grant controls in Conditional Access policy - Azure Active Directory
+ Title: Grant controls in Conditional Access policy
description: Grant controls in an Azure Active Directory Conditional Access policy.
active-directory Concept Conditional Access Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-policies.md
Title: Building a Conditional Access policy - Azure Active Directory
+ Title: Building a Conditional Access policy
description: What are all of the options available to build a Conditional Access policy and what do they mean?
active-directory Concept Conditional Access Policy Common https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-policy-common.md
Title: Conditional Access templates - Azure Active Directory
+ Title: Conditional Access templates
description: Deploy commonly used Conditional Access policies with templates
active-directory Concept Conditional Access Report Only https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-report-only.md
Title: What is Conditional Access report-only mode? - Azure Active Directory
+ Title: What is Conditional Access report-only mode?
description: How can report-only mode help with Conditional Access policy deployment
active-directory Concept Conditional Access Session https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-session.md
Title: Session controls in Conditional Access policy - Azure Active Directory
+ Title: Session controls in Conditional Access policy
description: What are session controls in an Azure AD Conditional Access policy
active-directory Concept Conditional Access Users Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-users-groups.md
Title: Users and groups in Conditional Access policy - Azure Active Directory
+ Title: Users and groups in Conditional Access policy
description: Who are users and groups in an Azure AD Conditional Access policy
active-directory Concept Continuous Access Evaluation Workload https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-continuous-access-evaluation-workload.md
description: Respond to changes to applications with continuous access evaluatio
-+ Last updated 07/22/2022
active-directory Concept Filter For Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-filter-for-applications.md
Title: Filter for applications in Conditional Access policy (Preview) - Azure Active Directory
+ Title: Filter for applications in Conditional Access policy (Preview)
description: Use filter for applications in Conditional Access to manage conditions.
Application filters are a new feature for Conditional Access that allows organiz
In this document, you create a custom attribute set, assign a custom security attribute to your application, and create a Conditional Access policy to secure the application.
-> [!NOTE]
+> [!IMPORTANT]
> Filter for applications is currently in public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). ## Assign roles
active-directory Howto Conditional Access Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-apis.md
Title: Conditional Access APIs and PowerShell - Azure Active Directory
+ Title: Conditional Access APIs and PowerShell
description: Using the Azure AD Conditional Access APIs and PowerShell to manage policies like code
active-directory Howto Conditional Access Insights Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md
Title: Conditional Access insights and reporting workbook - Azure Active Directory
+ Title: Conditional Access insights and reporting workbook
description: Using the Azure AD Conditional Access insights and reporting workbook to troubleshoot policies
active-directory Howto Conditional Access Policy Admin Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md
Title: Require MFA for administrators with Conditional Access - Azure Active Directory
+ Title: Require MFA for administrators with Conditional Access
description: Create a custom Conditional Access policy to require administrators to perform multifactor authentication
active-directory Howto Conditional Access Policy All Users Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md
Title: Require MFA for all users with Conditional Access - Azure Active Directory
+ Title: Require MFA for all users with Conditional Access
description: Create a custom Conditional Access policy to require all users do multifactor authentication
active-directory Howto Conditional Access Policy Authentication Strength External https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-authentication-strength-external.md
Title: Conditional Access - Authentication strength for external users - Azure Active Directory
+ Title: Conditional Access - Authentication strength for external users
description: Create a custom Conditional Access policy with authentication strength to require specific multifactor authentication (MFA) methods for external users.
active-directory Howto Conditional Access Policy Azure Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md
Title: Require MFA for Azure management with Conditional Access - Azure Active Directory
+ Title: Require MFA for Azure management with Conditional Access
description: Create a custom Conditional Access policy to require multifactor authentication for Azure management tasks
active-directory Howto Conditional Access Policy Block Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-block-access.md
Title: Conditional Access - Block access - Azure Active Directory
+ Title: Conditional Access - Block access
description: Create a custom Conditional Access policy to Block access
active-directory Howto Conditional Access Policy Block Legacy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-block-legacy.md
Title: Block legacy authentication with Conditional Access - Azure Active Directory
+ Title: Block legacy authentication with Conditional Access
description: Create a custom Conditional Access policy to block legacy authentication protocols
active-directory Howto Conditional Access Policy Compliant Device Admin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device-admin.md
Title: Require administrators use compliant or hybrid joined devices - Azure Active Directory
+ Title: Require administrators use compliant or hybrid joined devices
description: Create a custom Conditional Access policy to require compliant or hybrid joined devices for admins
active-directory Howto Conditional Access Policy Compliant Device https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md
Title: Require compliant, hybrid joined devices, or MFA - Azure Active Directory
+ Title: Require compliant, hybrid joined devices, or MFA
description: Create a custom Conditional Access policy to require compliant, hybrid joined devices, or multifactor authentication
active-directory Howto Conditional Access Policy Location https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-location.md
Title: Conditional Access - Block access by location - Azure Active Directory
+ Title: Conditional Access - Block access by location
description: Create a custom Conditional Access policy to block access to resources by IP location
active-directory Howto Conditional Access Policy Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-registration.md
Title: Control security information registration with Conditional Access - Azure Active Directory
+ Title: Control security information registration with Conditional Access
description: Create a custom Conditional Access policy for security info registration
active-directory Howto Conditional Access Policy Risk User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-risk-user.md
Title: User risk-based password change - Azure Active Directory
+ Title: User risk-based password change
description: Create Conditional Access policies using Identity Protection user risk
active-directory Howto Conditional Access Policy Risk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-risk.md
Title: Sign-in risk-based multifactor authentication - Azure Active Directory
+ Title: Sign-in risk-based multifactor authentication
description: Create Conditional Access policies using Identity Protection sign-in risk
active-directory Howto Conditional Access Session Lifetime https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md
Title: Configure authentication session management - Azure Active Directory
+ Title: Configure authentication session management
description: Customize Azure AD authentication session configuration including user sign-in frequency and browser session persistence.
active-directory Howto Policy App Enforced Restriction https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-app-enforced-restriction.md
Title: Conditional Access - Use application enforced restrictions for unmanaged devices - Azure Active Directory
+ Title: Conditional Access - Use application enforced restrictions for unmanaged devices
description: Create a custom Conditional Access policy for unmanaged devices
active-directory Howto Policy Approved App Or App Protection https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-approved-app-or-app-protection.md
Title: Conditional Access - Require approved app or app protection policy - Azure Active Directory
+ Title: Conditional Access - Require approved app or app protection policy
description: Create a custom Conditional Access policy require approved app or app protection policy
active-directory Howto Policy Guest Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-guest-mfa.md
Title: Require MFA for guest users with Conditional Access - Azure Active Directory
+ Title: Require MFA for guest users with Conditional Access
description: Create a custom Conditional Access policy requiring guest users perform multifactor authentication
active-directory Howto Policy Persistent Browser Session https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-persistent-browser-session.md
Title: Require reauthentication with Conditional Access - Azure Active Directory
+ Title: Require reauthentication with Conditional Access
description: Create a custom Conditional Access policy requiring reauthentication
active-directory Howto Policy Unknown Unsupported Device https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-unknown-unsupported-device.md
Title: Block unsupported platforms with Conditional Access - Azure Active Directory
+ Title: Block unsupported platforms with Conditional Access
description: Create a custom Conditional Access policy to block unsupported platforms
active-directory Policy Migration Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/policy-migration-mfa.md
Title: Migrate a classic Conditional Access policy - Azure Active Directory
+ Title: Migrate a classic Conditional Access policy
description: This article shows how to migrate a classic Conditional Access policy in the Azure portal.
active-directory Policy Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/policy-migration.md
Title: Migrate Conditional Access policies - Azure Active Directory
+ Title: Migrate Conditional Access policies
description: Learn what you need to know to migrate classic policies in the Azure portal.
active-directory Reference Office 365 Application Contents https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/reference-office-365-application-contents.md
Title: Office 365 App in Conditional Access reference - Azure Active Directory
+ Title: Office 365 App in Conditional Access reference
description: What are all of the services included in the Office 365 app in Azure AD Conditional Access
active-directory Service Dependencies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/service-dependencies.md
Title: Conditional Access service dependencies - Azure Active Directory
+ Title: Conditional Access service dependencies
description: Learn how conditions are used in Azure Active Directory Conditional Access to trigger a policy.
active-directory Troubleshoot Conditional Access What If https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-conditional-access-what-if.md
Title: Troubleshoot Conditional Access using the What If tool - Azure Active Directory
+ Title: Troubleshoot Conditional Access using the What If tool
description: Where to find what Conditional Access policies were applied and why
active-directory Troubleshoot Conditional Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-conditional-access.md
Title: Troubleshooting sign-in problems with Conditional Access - Azure Active Directory
+ Title: Troubleshooting sign-in problems with Conditional Access
description: This article describes what to do when your Conditional Access policies result in unexpected outcomes
active-directory Troubleshoot Policy Changes Audit Log https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-policy-changes-audit-log.md
Title: Troubleshoot Conditional Access policy changes - Azure Active Directory
+ Title: Troubleshoot Conditional Access policy changes
description: Diagnose changes to Conditional Access policy with the Azure AD audit logs.
active-directory What If Tool https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/what-if-tool.md
Title: The Conditional Access What If tool - Azure Active Directory
+ Title: The Conditional Access What If tool
description: Learn how you can understand the impact of your Conditional Access policies on your environment.
active-directory Workload Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/workload-identity.md
description: Protecting workload identities with Conditional Access policies
-+ Last updated 01/05/2023
Conditional Access policies have historically applied only to users when they access apps and services like SharePoint online or the Azure portal. We're now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability Conditional Access for workload identities.
-A [workload identity](../develop/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
+A [workload identity](../workload-identities/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
- CanΓÇÖt perform multifactor authentication. - Often have no formal lifecycle process.
active-directory Console Quickstart Portal Nodejs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/console-quickstart-portal-nodejs.md
> ##### Global tenant administrator > > If you are a global administrator, go to **API Permissions** page select **Grant admin consent for > Enter_the_Tenant_Name_Here**
-> > > [!div id="apipermissionspage"]
-> > > [Go to the API Permissions page]()
+> > [!div id="apipermissionspage"]
+> > [Go to the API Permissions page]()
> > ##### Standard user >
active-directory Developer Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/developer-glossary.md
Previously updated : 05/28/2022 Last updated : 03/15/2023 -+ # Glossary: Microsoft identity platform
-You'll see these terms when you use our documentation, the Azure portal, our authentication libraries, and the Microsoft Graph API. Some terms are Microsoft-specific while others are related to protocols like OAuth or other technologies you use with the Microsoft identity platform.
+You see these terms when you use our documentation, the Azure portal, our authentication libraries, and the Microsoft Graph API. Some terms are Microsoft-specific while others are related to protocols like OAuth or other technologies you use with the Microsoft identity platform.
## Access token
For more information, see [Application and Service Principal Objects][AAD-App-SP
In order to allow an application to integrate with and delegate Identity and Access Management functions to Azure AD, it must be registered with an Azure AD [tenant](#tenant). When you register your application with Azure AD, you're providing an identity configuration for your application, allowing it to integrate with Azure AD and use features like: -- Robust management of Single Sign-On using Azure AD Identity Management and [OpenID Connect][OpenIDConnect] protocol implementation
+- Robust management of single sign-on using Azure AD Identity Management and [OpenID Connect][OpenIDConnect] protocol implementation
- Brokered access to [protected resources](#resource-server) by [client applications](#client-application), via OAuth 2.0 [authorization server](#authorization-server) - [Consent framework](#consent) for managing client access to protected resources, based on resource owner authorization.
One of the endpoints implemented by the [authorization server](#authorization-se
## User-agent-based client
-A type of [client application](#client-application) that downloads code from a web server and executes within a user-agent (for instance, a web browser), such as a single-page application (SPA). Since all code is executed on a device, it is considered a "public" client due to its inability to store credentials privately/confidentially. For more information, see [OAuth 2.0 client types and profiles][OAuth2-Client-Types].
+A type of [client application](#client-application) that downloads code from a web server and executes within a user-agent (for instance, a web browser), such as a single-page application (SPA). Since all code is executed on a device, it's considered a "public" client due to its inability to store credentials privately/confidentially. For more information, see [OAuth 2.0 client types and profiles][OAuth2-Client-Types].
## User principal
-Similar to the way a service principal object is used to represent an application instance, a user principal object is another type of security principal, which represents a user. The Microsoft Graph [User resource type][Graph-User-Resource] defines the schema for a user object, including user-related properties like first and last name, user principal name, directory role membership, etc. This provides the user identity configuration for Azure AD to establish a user principal at run-time. The user principal is used to represent an authenticated user for Single Sign-On, recording [consent](#consent) delegation, making access control decisions, etc.
+Similar to the way a service principal object is used to represent an application instance, a user principal object is another type of security principal, which represents a user. The Microsoft Graph [User resource type][Graph-User-Resource] defines the schema for a user object, including user-related properties like first and last name, user principal name, directory role membership, etc. This provides the user identity configuration for Azure AD to establish a user principal at run-time. The user principal is used to represent an authenticated user for single sign-on, recording [consent](#consent) delegation, making access control decisions, etc.
## Web client
active-directory Msal Compare Msal Js And Adal Js https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md
The snippets below demonstrates the minimal code required for a single-page appl
```html <head>
- <meta charset="UTF-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
- <script
- type="text/javascript"
- src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.18/js/adal.min.js">
- </script>
+ <meta charset="UTF-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <script type="text/javascript" src="https://alcdn.msauth.net/lib/1.0.18/js/adal.min.js"></script>
</head>
-<div>
- <button id="loginButton">Login</button>
- <button id="logoutButton" style="visibility: hidden;">Logout</button>
- <button id="tokenButton" style="visibility: hidden;">Get Token</button>
-</div>
- <body>
- <script>
-
- const loginButton = document.getElementById("loginButton");
- const logoutButton = document.getElementById("logoutButton");
- const tokenButton = document.getElementById("tokenButton");
-
- var authContext = new AuthenticationContext({
- instance: 'https://login.microsoftonline.com/',
- clientId: "ENTER_CLIENT_ID",
- tenant: "ENTER_TENANT_ID",
- cacheLocation: "sessionStorage",
- redirectUri: "http://localhost:3000",
- popUp: true,
- callback: function (errorDesc, token, error, tokenType) {
- console.log('Hello ' + authContext.getCachedUser().profile.upn)
+ <div>
+ <p id="welcomeMessage" style="visibility: hidden;"></p>
+ <button id="loginButton">Login</button>
+ <button id="logoutButton" style="visibility: hidden;">Logout</button>
+ <button id="tokenButton" style="visibility: hidden;">Get Token</button>
+ </div>
+ <script>
+ // DOM elements to work with
+ var welcomeMessage = document.getElementById("welcomeMessage");
+ var loginButton = document.getElementById("loginButton");
+ var logoutButton = document.getElementById("logoutButton");
+ var tokenButton = document.getElementById("tokenButton");
+
+ // if user is logged in, update the UI
+ function updateUI(user) {
+ if (!user) {
+ return;
+ }
- loginButton.style.visibility = "hidden";
+ welcomeMessage.innerHTML = 'Hello ' + user.profile.upn + '!';
+ welcomeMessage.style.visibility = "visible";
logoutButton.style.visibility = "visible"; tokenButton.style.visibility = "visible";
- }
- });
-
- authContext.log({
- level: 3,
- log: function (message) {
- console.log(message);
- },
- piiLoggingEnabled: false
- });
-
- loginButton.addEventListener('click', function () {
- authContext.login();
- });
-
- logoutButton.addEventListener('click', function () {
- authContext.logOut();
- });
-
- tokenButton.addEventListener('click', () => {
- authContext.acquireTokenPopup(
- "https://graph.microsoft.com",
- null, null,
- function (error, token) {
- console.log(error, token);
+ loginButton.style.visibility = "hidden";
+ };
+
+ // attach logger configuration to window
+ window.Logging = {
+ piiLoggingEnabled: false,
+ level: 3,
+ log: function (message) {
+ console.log(message);
}
- )
- });
- </script>
+ };
+
+ // ADAL configuration
+ var adalConfig = {
+ instance: 'https://login.microsoftonline.com/',
+ clientId: "ENTER_CLIENT_ID_HERE",
+ tenant: "ENTER_TENANT_ID_HERE",
+ redirectUri: "ENTER_REDIRECT_URI_HERE",
+ cacheLocation: "sessionStorage",
+ popUp: true,
+ callback: function (errorDesc, token, error, tokenType) {
+ if (error) {
+ console.log(error, errorDesc);
+ } else {
+ updateUI(authContext.getCachedUser());
+ }
+ }
+ };
+
+ // instantiate ADAL client object
+ var authContext = new AuthenticationContext(adalConfig);
+
+ // handle redirect response or check for cached user
+ if (authContext.isCallback(window.location.hash)) {
+ authContext.handleWindowCallback();
+ } else {
+ updateUI(authContext.getCachedUser());
+ }
+
+ // attach event handlers to button clicks
+ loginButton.addEventListener('click', function () {
+ authContext.login();
+ });
+
+ logoutButton.addEventListener('click', function () {
+ authContext.logOut();
+ });
+
+ tokenButton.addEventListener('click', () => {
+ authContext.acquireToken(
+ "https://graph.microsoft.com",
+ function (errorDesc, token, error) {
+ if (error) {
+ console.log(error, errorDesc);
+
+ authContext.acquireTokenPopup(
+ "https://graph.microsoft.com",
+ null, // extraQueryParameters
+ null, // claims
+ function (errorDesc, token, error) {
+ if (error) {
+ console.log(error, errorDesc);
+ } else {
+ console.log(token);
+ }
+ }
+ );
+ } else {
+ console.log(token);
+ }
+ }
+ );
+ });
+ </script>
</body> </html>
The snippets below demonstrates the minimal code required for a single-page appl
```html <head>
- <meta charset="UTF-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
- <script
- type="text/javascript"
- src="https://alcdn.msauth.net/browser/2.14.2/js/msal-browser.min.js">
- </script>
+ <meta charset="UTF-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <script type="text/javascript" src="https://alcdn.msauth.net/browser/2.34.0/js/msal-browser.min.js"></script>
</head>
-<div>
- <button id="loginButton">Login</button>
- <button id="logoutButton" style="visibility: hidden;">Logout</button>
- <button id="tokenButton" style="visibility: hidden;">Get Token</button>
-</div>
- <body>
- <script>
- const loginButton = document.getElementById("loginButton");
- const logoutButton = document.getElementById("logoutButton");
- const tokenButton = document.getElementById("tokenButton");
-
- const pca = new msal.PublicClientApplication({
- auth: {
- clientId: "ENTER_CLIENT_ID",
- authority: "https://login.microsoftonline.com/ENTER_TENANT_ID",
- redirectUri: "http://localhost:3000",
- },
- cache: {
- cacheLocation: "sessionStorage"
- },
- system: {
- loggerOptions: {
- loggerCallback(loglevel, message, containsPii) {
- console.log(message);
- },
- piiLoggingEnabled: false,
- logLevel: msal.LogLevel.Verbose,
+ <div>
+ <p id="welcomeMessage" style="visibility: hidden;"></p>
+ <button id="loginButton">Login</button>
+ <button id="logoutButton" style="visibility: hidden;">Logout</button>
+ <button id="tokenButton" style="visibility: hidden;">Get Token</button>
+ </div>
+ <script>
+ // DOM elements to work with
+ const welcomeMessage = document.getElementById("welcomeMessage");
+ const loginButton = document.getElementById("loginButton");
+ const logoutButton = document.getElementById("logoutButton");
+ const tokenButton = document.getElementById("tokenButton");
+
+ // if user is logged in, update the UI
+ const updateUI = (account) => {
+ if (!account) {
+ return;
}
- }
- });
-
- loginButton.addEventListener('click', () => {
- pca.loginPopup().then((response) => {
- console.log(`Hello ${response.account.username}!`);
- loginButton.style.visibility = "hidden";
+ welcomeMessage.innerHTML = `Hello ${account.username}!`;
+ welcomeMessage.style.visibility = "visible";
logoutButton.style.visibility = "visible"; tokenButton.style.visibility = "visible";
- })
- });
-
- logoutButton.addEventListener('click', () => {
- pca.logoutPopup().then((response) => {
- window.location.reload();
- })
- });
-
- tokenButton.addEventListener('click', () => {
- pca.acquireTokenPopup({
- scopes: ["User.Read"]
- }).then((response) => {
- console.log(response);
- })
- });
- </script>
+ loginButton.style.visibility = "hidden";
+ };
+
+ // MSAL configuration
+ const msalConfig = {
+ auth: {
+ clientId: "ENTER_CLIENT_ID_HERE",
+ authority: "https://login.microsoftonline.com/ENTER_TENANT_ID_HERE",
+ redirectUri: "ENTER_REDIRECT_URI_HERE",
+ },
+ cache: {
+ cacheLocation: "sessionStorage"
+ },
+ system: {
+ loggerOptions: {
+ loggerCallback(loglevel, message, containsPii) {
+ console.log(message);
+ },
+ piiLoggingEnabled: false,
+ logLevel: msal.LogLevel.Verbose,
+ }
+ }
+ };
+
+ // instantiate MSAL client object
+ const pca = new msal.PublicClientApplication(msalConfig);
+
+ // handle redirect response or check for cached user
+ pca.handleRedirectPromise().then((response) => {
+ if (response) {
+ pca.setActiveAccount(response.account);
+ updateUI(response.account);
+ } else {
+ const account = pca.getAllAccounts()[0];
+ updateUI(account);
+ }
+ }).catch((error) => {
+ console.log(error);
+ });
+
+ // attach event handlers to button clicks
+ loginButton.addEventListener('click', () => {
+ pca.loginPopup().then((response) => {
+ pca.setActiveAccount(response.account);
+ updateUI(response.account);
+ })
+ });
+
+ logoutButton.addEventListener('click', () => {
+ pca.logoutPopup().then((response) => {
+ window.location.reload();
+ });
+ });
+
+ tokenButton.addEventListener('click', () => {
+ const account = pca.getActiveAccount();
+
+ pca.acquireTokenSilent({
+ account: account,
+ scopes: ["User.Read"]
+ }).then((response) => {
+ console.log(response);
+ }).catch((error) => {
+ if (error instanceof msal.InteractionRequiredAuthError) {
+ pca.acquireTokenPopup({
+ scopes: ["User.Read"]
+ }).then((response) => {
+ console.log(response);
+ });
+ }
+
+ console.log(error);
+ });
+ });
+ </script>
</body> </html>
active-directory Msal Net Token Cache Serialization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-token-cache-serialization.md
var app = ConfidentialClientApplicationBuilder
### Samples - The following sample showcases using the token cache serializers in .NET Framework and .NET Core applications: [ConfidentialClientTokenCache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). -- The following sample is an ASP.NET web app that uses the same technics: [Use OpenID Connect to sign in users to Microsoft identity platform](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect). For the full code, see [WebApp/Utils/MsalAppBuilder.cs](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/Utils/MsalAppBuilder.cs).
+- The following sample is an ASP.NET web app that uses the same technics: [Use OpenID Connect to sign in users to Microsoft identity platform](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect).
## [Desktop apps](#tab/desktop)
The following samples illustrate token cache serialization.
| | -- | -- | |[active-directory-dotnet-desktop-msgraph-v2](https://github.com/azure-samples/active-directory-dotnet-desktop-msgraph-v2) | Desktop (WPF) | Windows Desktop .NET (WPF) application that calls the Microsoft Graph API. ![Diagram that shows a topology with a desktop app client flowing to Azure Active Directory by acquiring a token interactively and to Microsoft Graph.](media/msal-net-token-cache-serialization/topology.png)| |[active-directory-dotnet-v1-to-v2](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2) | Desktop (console) | Set of Visual Studio solutions that illustrate the migration of Azure AD v1.0 applications (using ADAL.NET) to Microsoft identity platform applications (using MSAL.NET). In particular, see [Token cache migration](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/blob/master/TokenCacheMigration/README.md) and [Confidential client token cache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). |
-[ms-identity-aspnet-webapp-openidconnect](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect) | ASP.NET (net472) | Example of token cache serialization in an ASP.NET MVC application (using MSAL.NET). In particular, see [MsalAppBuilder](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/Utils/MsalAppBuilder.cs).
+[ms-identity-aspnet-webapp-openidconnect](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect) | ASP.NET (net472) | Example of token cache serialization in an ASP.NET MVC application (using MSAL.NET).
active-directory Workload Identities Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identities-overview.md
- Title: Workload identities
-description: Understand the concepts and supported scenarios for using workload identity in Azure Active Directory.
------ Previously updated : 12/15/2022---
-#Customer intent: As a developer, I want workload identities so I can authenticate with Azure AD and access Azure AD protected resources.
--
-# What are workload identities?
-
-A workload identity is an identity used by a software workload (such as an application, service, script, or container) to authenticate and access other services and resources. The terminology is inconsistent across the industry, but generally a workload identity is something you need for your software entity to authenticate with some system. For example, a workload identity could be a user account that your client authenticates as to access a MongoDB database. A workload identity could also be an AWS service role attached to an EC2 instance with read-only access to an Amazon S3 bucket.
-
-In Azure Active Directory (Azure AD), workload identities are applications, service principals, and managed identities.
-
-An [application](app-objects-and-service-principals.md#application-object) is an abstract entity, or template, defined by its application object. The application object is the *global* representation of your application for use across all tenants. The application object describes how tokens are issued, the resources the application needs to access, and the actions that the application can take.
-
-A [service principal](app-objects-and-service-principals.md#service-principal-object) is the *local* representation, or application instance, of a global application object in a specific tenant. An application object is used as a template to create a service principal object in every tenant where the application is used. The service principal object defines what the app can actually do in a specific tenant, who can access the app, and what resources the app can access.
-
-A [managed identity](../managed-identities-azure-resources/overview.md) is a special type of service principal that eliminates the need for developers to manage credentials.
-
-Here are some ways that workload identities in Azure AD are used:
--- An app that enables a web app to access Microsoft Graph based on admin or user consent. This access could be either on behalf of the user or on behalf of the application.-- A managed identity used by a developer to provision their service with access to an Azure resource such as Azure Key Vault or Azure Storage.-- A service principal used by a developer to enable a CI/CD pipeline to deploy a web app from GitHub to Azure App Service.-
-## Workload identities, other machine identities, and human identities
-
-At a high level, there are two types of identities: human and machine/non-human identities. Workload identities and device identities together make up a group called machine (or non-human) identities. Workload identities represent software workloads while device identities represent devices such as desktop computers, mobile, IoT sensors, and IoT managed devices. Machine identities are distinct from human identities, which represent people such as employees (internal workers and front line workers) and external users (customers, consultants, vendors, and partners).
--
-## Supported scenarios
--
-Here are some ways you can use workload identities:
--- Access Azure AD protected resources without needing to manage secrets for workloads that run on Azure using [managed identity](../managed-identities-azure-resources/overview.md).-- Access Azure AD protected resources without needing to manage secrets for supported scenarios such as GitHub Actions, workloads running on Kubernetes, or workloads running in compute platforms outside of Azure using [workload identity federation](workload-identity-federation.md).-- Review service principals and applications that are assigned to privileged directory roles in Azure AD using [access reviews for service principals](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md).-- Apply Conditional Access policies to service principals owned by your organization using [Conditional Access for workload identities](../conditional-access/workload-identity.md), and [Continuous access evaluation for workload identities](../conditional-access/concept-continuous-access-evaluation-workload.md).-- Secure workload identities with [Identity Protection](../identity-protection/concept-workload-identity-risk.md).--
-## Next steps
--- Learn how to [secure access of workload identities](../conditional-access/workload-identity.md) with adaptive policies.-- Get answers to [frequently asked questions about workload identities](workload-identities-faqs.md).
active-directory Enterprise State Roaming Group Policy Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/enterprise-state-roaming-group-policy-settings.md
Title: Group Policy and MDM settings for ESR - Azure Active Directory
+ Title: Group Policy and MDM settings for ESR
description: Management settings for Enterprise State Roaming
active-directory Enterprise State Roaming Windows Settings Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/enterprise-state-roaming-windows-settings-reference.md
Title: Windows roaming settings reference - Azure Active Directory
+ Title: Windows roaming settings reference
description: Settings that will be roamed or backed up in Windows with ESR
active-directory Howto Device Identity Virtual Desktop Infrastructure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure.md
Title: Device identity and desktop virtualization - Azure Active Directory
+ Title: Device identity and desktop virtualization
description: Learn how VDI and Azure AD device identities can be used together
active-directory Howto Vm Sign In Azure Ad Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
Share your feedback about this feature or report problems with using it on the [
### Missing application
-If the Azure Windows VM Sign-In application is missing from Conditional Access, make sure that the application isn't in the tenant:
+If the Azure Windows VM Sign-In application is missing from Conditional Access, make sure that the application is in the tenant:
1. Sign in to the Azure portal. 1. Browse to **Azure Active Directory** > **Enterprise applications**.
active-directory Manage Stale Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/manage-stale-devices.md
Title: How to manage stale devices in Azure AD | Microsoft Docs
+ Title: How to manage stale devices in Azure AD
description: Learn how to remove stale devices from your database of registered devices in Azure Active Directory.
active-directory Troubleshoot Device Dsregcmd https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/troubleshoot-device-dsregcmd.md
Title: Troubleshoot devices by using the dsregcmd command - Azure Active Directory
+ Title: Troubleshoot devices by using the dsregcmd command
description: This article covers how to use the output from the dsregcmd command to understand the state of devices in Azure AD.
active-directory Clean Up Stale Guest Accounts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/clean-up-stale-guest-accounts.md
Title: Clean up stale guest accounts - Azure Active Directory | Microsoft Docs
+ Title: Clean up stale guest accounts
description: Clean up stale guest accounts using access reviews
active-directory Clean Up Unmanaged Azure Ad Accounts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md
Title: Clean up unmanaged Azure AD accounts - Azure Active Directory | Microsoft Docs
+ Title: Clean up unmanaged Azure AD accounts
description: Clean up unmanaged accounts using email OTP and PowerShell modules in Azure Active Directory
active-directory Directory Self Service Signup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/directory-self-service-signup.md
Title: Self-service sign up for email-verified users - Azure AD | Microsoft Docs
+ Title: Self-service sign up for email-verified users
description: Use self-service sign-up in an Azure Active Directory (Azure AD) organization documentationcenter: ''
active-directory Directory Service Limits Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/directory-service-limits-restrictions.md
Title: Service limits and restrictions - Azure Active Directory | Microsoft Docs
+ Title: Service limits and restrictions
description: Usage constraints and other service limits for the Azure Active Directory service documentationcenter: ''
active-directory Domains Admin Takeover https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-admin-takeover.md
Title: Admin takeover of an unmanaged directory - Azure AD | Microsoft Docs
+ Title: Admin takeover of an unmanaged directory
description: How to take over a DNS domain name in an unmanaged Azure AD organization (shadow tenant). documentationcenter: ''
active-directory Domains Manage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-manage.md
Title: Add and verify custom domain names - Azure Active Directory | Microsoft Docs
+ Title: Add and verify custom domain names
description: Management concepts and how-tos for managing a domain name in Azure Active Directory documentationcenter: ''
active-directory Domains Verify Custom Subdomain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-verify-custom-subdomain.md
Title: Change subdomain authentication type using PowerShell and Graph - Azure Active Directory | Microsoft Docs
+ Title: Change subdomain authentication type using PowerShell and Graph
description: Change default subdomain authentication settings inherited from root domain settings in Azure Active Directory. documentationcenter: ''
active-directory Groups Assign Sensitivity Labels https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-assign-sensitivity-labels.md
Title: Assign sensitivity labels to groups - Azure AD | Microsoft Docs
+ Title: Assign sensitivity labels to groups
description: Learn how to assign sensitivity labels to groups. See troubleshooting information and view additional available resources. documentationcenter: ''
active-directory Groups Bulk Download Members https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-download-members.md
Title: Bulk download group membership list - Azure portal | Microsoft Docs
+ Title: Bulk download group membership list - Azure portal
description: Add users in bulk in the Azure admin center.
active-directory Groups Bulk Download https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-download.md
Title: Download a list of groups in the Azure portal | Microsoft Docs
+ Title: Download a list of groups in the Azure portal
description: Download group properties in bulk in the Azure admin center in Azure Active Directory.
active-directory Groups Bulk Import Members https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-import-members.md
Title: Bulk upload to add or create members of a group - Azure Active Directory | Microsoft Docs
+ Title: Bulk upload to add or create members of a group
description: Add group members in bulk in the Azure portal.
active-directory Groups Bulk Remove Members https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-remove-members.md
Title: Bulk remove group members by uploading a CSV file - Azure Active Directory | Microsoft Docs
+ Title: Bulk remove group members by uploading a CSV file
description: Remove group members in bulk operations in the Azure admin center.
active-directory Groups Change Type https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-change-type.md
Title: Change static group membership to dynamic - Azure AD | Microsoft Docs
+ Title: Change static group membership to dynamic
description: Learn how to convert existing groups from static to dynamic membership using either Azure portal or PowerShell cmdlets. documentationcenter: ''
active-directory Groups Create Rule https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-create-rule.md
Title: Create or edit a dynamic group and get status - Azure AD | Microsoft Docs
+ Title: Create or edit a dynamic group and get status
description: How to create or update a group membership rule in the Azure portal, and check its processing status. documentationcenter: ''
active-directory Groups Dynamic Membership https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-membership.md
Title: Rules for dynamically populated groups membership - Azure AD | Microsoft Docs
+ Title: Rules for dynamically populated groups membership
description: How to create membership rules to automatically populate groups, and a rule reference. documentationcenter: ''
active-directory Groups Dynamic Rule Member Of https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-member-of.md
Title: Group membership for Azure AD dynamic groups with memberOf - Azure AD | Microsoft Docs
+ Title: Group membership for Azure AD dynamic groups with memberOf
description: How to create a dynamic membership group that can contain members of other groups in Azure Active Directory. documentationcenter: ''
active-directory Groups Dynamic Rule More Efficient https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-more-efficient.md
Title: Create simpler and faster rules for dynamic groups - Azure AD | Microsoft Docs
+ Title: Create simpler and faster rules for dynamic groups
description: How to optimize your membership rules to automatically populate groups. documentationcenter: ''
active-directory Groups Dynamic Rule Validation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-validation.md
Title: Validate rules for dynamic group membership (preview) - Azure AD | Microsoft Docs
+ Title: Validate rules for dynamic group membership (preview)
description: How to test members against a membership rule for a dynamic group in Azure Active Directory. documentationcenter: ''
active-directory Groups Dynamic Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-tutorial.md
Title: Add users to a dynamic group - tutorial - Azure AD | Microsoft Docs
+ Title: Add users to a dynamic group - tutorial
description: In this tutorial, you use groups with user membership rules to add or remove users automatically documentationcenter: ''
active-directory Groups Lifecycle https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-lifecycle.md
Title: Set expiration for Microsoft 365 groups - Azure Active Directory | Microsoft Docs
+ Title: Set expiration for Microsoft 365 groups
description: How to set up expiration for Microsoft 365 groups in Azure Active Directory documentationcenter: ''
active-directory Groups Members Owners Search https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-members-owners-search.md
Title: Search and filter groups members and owners (preview) - Azure Active Directory | Microsoft Docs
+ Title: Search and filter groups members and owners (preview)
description: Search and filter groups members and owners in the Azure portal. documentationcenter: ''
active-directory Groups Naming Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-naming-policy.md
Title: Enforce group naming policy in Azure Active Directory | Microsoft Docs
+ Title: Enforce group naming policy in Azure Active Directory
description: How to set up naming policy for Microsoft 365 groups in Azure Active Directory documentationcenter: ''
active-directory Groups Quickstart Expiration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-quickstart-expiration.md
Title: Group expiration policy quickstart - Azure AD | Microsoft Docs
-description: Expiration for Microsoft 365 groups - Azure Active Directory
+ Title: Group expiration policy quickstart
+description: Expiration for Microsoft 365 groups
documentationcenter: ''
active-directory Groups Quickstart Naming Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-quickstart-naming-policy.md
Title: Group naming policy quickstart - Azure Active Directory | Microsoft Docs
+ Title: Group naming policy quickstart
description: Explains how to add new users or delete existing users in Azure Active Directory documentationcenter: ''
active-directory Groups Restore Deleted https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-restore-deleted.md
Title: Restore a deleted Microsoft 365 group - Azure AD | Microsoft Docs
+ Title: Restore a deleted Microsoft 365 group
description: How to restore a deleted group, view restorable groups, and permanently delete a group in Azure Active Directory
active-directory Groups Saasapps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-saasapps.md
Title: Use a group to manage access to SaaS apps - Azure AD | Microsoft Docs
+ Title: Use a group to manage access to SaaS apps
description: How to use groups in Azure Active Directory to assign access to SaaS applications that are integrated with Azure Active Directory. documentationcenter: ''
active-directory Groups Self Service Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-self-service-management.md
Title: Set up self-service group management - Azure Active Directory | Microsoft Docs
+ Title: Set up self-service group management
description: Create and manage security groups or Microsoft 365 groups in Azure Active Directory and request security group or Microsoft 365 group memberships documentationcenter: ''
active-directory Groups Settings Cmdlets https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-settings-cmdlets.md
Title: Configure group settings using PowerShell - Azure AD | Microsoft Docs
+ Title: Configure group settings using PowerShell
description: How manage the settings for groups using Azure Active Directory cmdlets documentationcenter: ''
active-directory Groups Settings V2 Cmdlets https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-settings-v2-cmdlets.md
Title: PowerShell V2 examples for managing groups - Azure AD | Microsoft Docs
+ Title: PowerShell V2 examples for managing groups
description: This page provides PowerShell examples to help you manage your groups in Azure Active Directory keywords: Azure AD, Azure Active Directory, PowerShell, Groups, Group management
active-directory Groups Troubleshooting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-troubleshooting.md
Title: Fix problems with dynamic group memberships - Azure AD | Microsoft Docs
+ Title: Fix problems with dynamic group memberships
description: Troubleshooting tips for dynamic group membership in Azure Active Directory
active-directory Licensing Directory Independence https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-directory-independence.md
Title: Characteristics of multi-tenant interaction - Azure AD | Microsoft Docs
+ Title: Characteristics of multi-tenant interaction
description: Understanding the data independence of your Azure Active Directory organizations documentationcenter: ''
active-directory Licensing Group Advanced https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-group-advanced.md
Title: Group-based licensing additional scenarios - Azure AD | Microsoft Docs
+ Title: Group-based licensing additional scenarios
description: More scenarios for Azure Active Directory group-based licensing keywords: Azure AD licensing
active-directory Licensing Groups Assign https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-assign.md
Title: Assign licenses to a group - Azure Active Directory | Microsoft Docs
+ Title: Assign licenses to a group
description: How to assign licenses to users by means of Azure Active Directory group licensing keywords: Azure AD licensing
active-directory Licensing Groups Change Licenses https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-change-licenses.md
Title: Change license plans for users and groups - Azure AD | Microsoft Docs
+ Title: Change license plans for users and groups
description: How to migrate users within a group to different service plans using group licensing in Azure Active Directory keywords: Azure AD licensing
active-directory Licensing Groups Migrate Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-migrate-users.md
Title: Add users with direct licenses to group licensing - Azure AD | Microsoft Docs
+ Title: Add users with direct licenses to group licensing
description: How to migrate from individual user licenses to group-based licensing using Azure Active Directory keywords: Azure AD licensing
active-directory Licensing Groups Resolve Problems https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-resolve-problems.md
Title: Resolve group license assignment problems - Azure Active Directory | Microsoft Docs
+ Title: Resolve group license assignment problems
description: How to identify and resolve license assignment problems when you're using Azure Active Directory group-based licensing keywords: Azure AD licensing
active-directory Licensing Ps Examples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-ps-examples.md
Title: PowerShell and Microsoft Graph examples for group licensing - Azure AD | Microsoft Docs
+ Title: PowerShell and Microsoft Graph examples for group licensing
description: PowerShell + Graph examples and scenarios for Azure Active Directory group-based licensing keywords: Azure AD licensing
active-directory Licensing Service Plan Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-service-plan-reference.md
Title: Product names and service plan identifiers for licensing - Azure AD | Microsoft Docs
+ Title: Product names and service plan identifiers for licensing
description: Identifier map to manage Azure Active Directory licensing in the Azure portal, the Microsoft 365 admin center, PowerShell, or Microsoft Graph keywords: Azure Active Directory licensing service plans
active-directory Linkedin Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/linkedin-integration.md
Title: Admin consent for LinkedIn account connections - Azure AD | Microsoft Docs
+ Title: Admin consent for LinkedIn account connections
description: Explains how to enable or disable LinkedIn integration account connections in Microsoft apps in Azure Active Directory
active-directory Linkedin User Consent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/linkedin-user-consent.md
Title: LinkedIn data sharing and consent - Azure Active Directory | Microsoft Docs
+ Title: LinkedIn data sharing and consent
description: Explains how LinkedIn integration shares data via Microsoft apps in Azure Active Directory
active-directory Signin Account Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/signin-account-support.md
Title: Does my Azure AD sign-in page accept Microsoft accounts | Microsoft Docs
+ Title: Does my Azure AD sign-in page accept Microsoft accounts
description: How on-screen messaging reflects username lookup during sign-in
active-directory Signin Realm Discovery https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/signin-realm-discovery.md
Title: Username lookup during sign-in - Azure Active Directory | Microsoft Docs
+ Title: Username lookup during sign-in
description: How on-screen messaging reflects username lookup during sign-in in Azure Active Directory
active-directory Users Bulk Add https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-add.md
Title: Bulk create users in the Azure portal | Microsoft Docs
+ Title: Bulk create users in the Azure portal
description: Add users in bulk in the Azure portal in Azure Active Directory
active-directory Users Bulk Delete https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-delete.md
Title: Bulk delete users in the Azure portal | Microsoft Docs
+ Title: Bulk delete users in the Azure portal
description: Delete users in bulk in the Azure admin center in Azure Active Directory
active-directory Users Bulk Download https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-download.md
Title: Download a list of users in the Azure portal | Microsoft Docs
+ Title: Download a list of users in the Azure portal
description: Download user records in bulk in the Azure admin center in Azure Active Directory.
active-directory Users Bulk Restore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-restore.md
Title: Bulk restore deleted users in the Azure portal | Microsoft Docs
+ Title: Bulk restore deleted users in the Azure portal
description: Restore deleted users in bulk in the Azure portal in Azure Active Directory
active-directory Users Custom Security Attributes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-custom-security-attributes.md
Title: Assign, update, list, or remove custom security attributes for a user (Preview) - Azure Active Directory
+ Title: Assign, update, list, or remove custom security attributes for a user (Preview)
description: Assign, update, list, or remove custom security attributes for a user in Azure Active Directory.
active-directory Users Restrict Guest Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-restrict-guest-permissions.md
Title: Restrict guest user access permissions - Azure Active Directory | Microsoft Docs
+ Title: Restrict guest user access permissions
description: Restrict guest user access permissions using the Azure portal, PowerShell, or Microsoft Graph in Azure Active Directory
active-directory Users Revoke Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-revoke-access.md
Title: Revoke user access in an emergency in Azure Active Directory | Microsoft Docs
+ Title: Revoke user access in an emergency in Azure Active Directory
description: How to revoke all access for a user in Azure Active Directory
active-directory Users Search Enhanced https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-search-enhanced.md
Title: User management enhancements - Azure Active Directory | Microsoft Docs
+ Title: User management enhancements
description: Describes how Azure Active Directory enables user search, filtering, and more information about your users. documentationcenter: ''
active-directory Users Sharing Accounts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-sharing-accounts.md
Title: Sharing accounts and credentials - Azure Active Directory | Microsoft Docs
+ Title: Sharing accounts and credentials
description: Describes how Azure Active Directory enables organizations to securely share accounts for on-premises apps and consumer cloud services. documentationcenter: ''
active-directory Add Users Administrator https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/add-users-administrator.md
Title: Add B2B collaboration users in the Azure portal - Azure AD
+ Title: Add B2B collaboration users in the Azure portal
description: Shows how an admin can add guest users to their directory from a partner organization using Azure Active Directory (Azure AD) B2B collaboration.
active-directory Add Users Information Worker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/add-users-information-worker.md
Title: Add B2B collaboration users as an information worker - Azure AD
-description: B2B collaboration allows information workers and app owners to add guest users to Azure AD for access | Microsoft Docs
+ Title: Add B2B collaboration users as an information worker
+description: B2B collaboration allows information workers and app owners to add guest users to Azure AD for access
active-directory Allow Deny List https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/allow-deny-list.md
Title: Allow or block invites to specific organizations - Azure AD
+ Title: Allow or block invites to specific organizations
description: Shows how an administrator can use the Azure portal or PowerShell to set an access or blocklist to allow or block B2B users from certain domains.
active-directory Api Connectors Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/api-connectors-overview.md
Title: About API connectors in self-service sign-up flows - Azure AD
+ Title: About API connectors in self-service sign-up flows
description: Use Azure Active Directory (Azure AD) API connectors to customize and extend your self-service sign-up user flows by using web APIs.
active-directory Auditing And Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/auditing-and-reporting.md
Title: Auditing and reporting a B2B collaboration user - Azure AD
+ Title: Auditing and reporting a B2B collaboration user
description: Guest user properties are configurable in Azure Active Directory B2B collaboration
active-directory Authentication Conditional Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/authentication-conditional-access.md
Title: Authentication and Conditional Access for B2B users - Azure AD
+ Title: Authentication and Conditional Access for B2B users
description: Learn how to enforce multi-factor authentication policies for Azure Active Directory B2B users.
active-directory B2b Government National Clouds https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-government-national-clouds.md
Title: Azure AD B2B in government and national clouds - Azure Active Directory
+ Title: Azure AD B2B in government and national clouds
description: Learn what features are available in Azure Active Directory B2B collaboration in US Government and national clouds
active-directory B2b Quickstart Add Guest Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-quickstart-add-guest-users-portal.md
Title: 'Quickstart: Add a guest user and send an invitation - Azure AD'
+ Title: 'Quickstart: Add a guest user and send an invitation'
description: Use this quickstart to learn how Azure AD admins can add B2B guest users in the Azure portal and walk through the B2B invitation workflow.
active-directory B2b Quickstart Invite Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-quickstart-invite-powershell.md
Title: 'Quickstart: Add a guest user with PowerShell - Azure AD'
+ Title: 'Quickstart: Add a guest user with PowerShell'
description: In this quickstart, you learn how to use PowerShell to send an invitation to an external Azure AD B2B collaboration user. You'll use the Microsoft Graph Identity Sign-ins and the Microsoft Graph Users PowerShell modules.
active-directory B2b Tutorial Require Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-tutorial-require-mfa.md
Title: 'Tutorial - Multi-factor authentication for B2B - Azure AD'
+ Title: 'Tutorial - Multi-factor authentication for B2B'
description: In this tutorial, learn how to require multi-factor authentication (MFA) when you use Azure AD B2B to collaborate with external users and partner organizations.
active-directory Bulk Invite Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/bulk-invite-powershell.md
Title: Tutorial for bulk inviting B2B collaboration users - Azure Active Directory | Microsoft Docs
+ Title: Tutorial for bulk inviting B2B collaboration users
description: In this tutorial, you learn how to use PowerShell and a CSV file to send bulk invitations to external Azure AD B2B collaboration guest users.
active-directory Claims Mapping https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/claims-mapping.md
Title: B2B collaboration user claims mapping - Azure Active Directory
+ Title: B2B collaboration user claims mapping
description: Customize the user claims that are issued in the SAML token for Azure Active Directory (Azure AD) B2B users.
active-directory Code Samples Self Service Sign Up https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/code-samples-self-service-sign-up.md
Title: API connector code samples for user flows - Azure AD
+ Title: API connector code samples for user flows
description: Code samples for API connectors in self-service sign-up flows for Azure Active Directory External Identities.
active-directory Code Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/code-samples.md
Title: B2B collaboration code and PowerShell samples - Azure AD
+ Title: B2B collaboration code and PowerShell samples
description: Code and PowerShell samples for Azure Active Directory B2B collaboration
active-directory Configure Saas Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/configure-saas-apps.md
Title: Configure SaaS apps for B2B collaboration - Azure AD
+ Title: Configure SaaS apps for B2B collaboration
description: Learn how to configure SaaS apps for Azure Active Directory B2B collaboration and view additional available resources.
active-directory Cross Cloud Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-cloud-settings.md
Title: Configure B2B collaboration Microsoft cloud settings - Azure AD
+ Title: Configure B2B collaboration Microsoft cloud settings
description: Use Microsoft cloud settings to enable cross-cloud B2B collaboration between sovereign (national) Microsoft Azure clouds.
active-directory Cross Tenant Access Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-overview.md
Title: Cross-tenant access overview - Azure AD
+ Title: Cross-tenant access overview
description: Get an overview of cross-tenant access in Azure AD External Identities. Learn how to manage your B2B collaboration with other Azure AD organizations through this overview of cross-tenant access settings.
active-directory Cross Tenant Access Settings B2b Collaboration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md
Title: Configure B2B collaboration cross-tenant access - Azure AD
+ Title: Configure B2B collaboration cross-tenant access
description: Use cross-tenant collaboration settings to manage how you collaborate with other Azure AD organizations. Learn how to configure outbound access to external organizations and inbound access from external Azure AD for B2B collaboration.
active-directory Cross Tenant Access Settings B2b Direct Connect https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect.md
Title: Configure B2B direct connect cross-tenant access - Azure AD
+ Title: Configure B2B direct connect cross-tenant access
description: Use cross-tenant access settings to manage how you collaborate with other Azure AD organizations. Learn how to configure outbound access to external organizations and inbound access from external Azure AD for B2B direct connect.
active-directory Current Limitations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/current-limitations.md
Title: Limitations of B2B collaboration - Azure Active Directory | Microsoft Docs
+ Title: Limitations of B2B collaboration
description: Current limitations for Azure Active Directory B2B collaboration
active-directory Customize Invitation Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customize-invitation-api.md
Title: B2B collaboration API and customization - Azure Active Directory
+ Title: B2B collaboration API and customization
description: Azure Active Directory B2B collaboration supports your cross-company relationships by enabling business partners to selectively access your corporate applications.
active-directory Direct Federation Adfs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/direct-federation-adfs.md
Title: Set up SAML/WS-Fed IdP federation with an AD FS for B2B - Azure AD
+ Title: Set up SAML/WS-Fed IdP federation with an AD FS for B2B
description: Learn how to set up AD FS as an identity provider (IdP) for SAML/WS-Fed IdP federation so guests can sign in to your Azure AD apps
active-directory Direct Federation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/direct-federation.md
Title: Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD
+ Title: Federation with a SAML/WS-Fed identity provider (IdP) for B2B
description: Directly federate with a SAML or WS-Fed identity provider so guests can sign in to your Azure AD apps
active-directory External Collaboration Settings Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/external-collaboration-settings-configure.md
Title: Enable B2B external collaboration settings - Azure AD
+ Title: Enable B2B external collaboration settings
description: Learn how to enable Active Directory B2B external collaboration and manage who can invite guest users. Use the Guest Inviter role to delegate invitations.
active-directory External Identities Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/external-identities-overview.md
Title: External Identities in Azure Active Directory | Microsoft Docs
+ Title: External Identities in Azure Active Directory
description: Azure AD External Identities allow you to collaborate with or publish apps to people outside your organization. Compare solutions for External Identities, including Azure Active Directory B2B collaboration, Azure AD B2B collaboration, and Azure AD B2C.
active-directory Facebook Federation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/facebook-federation.md
Title: Add Facebook as an identity provider - Azure AD
+ Title: Add Facebook as an identity provider
description: Federate with Facebook to enable external users (guests) to sign in to your Azure AD apps with their own Facebook accounts.
active-directory Google Federation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/google-federation.md
Title: Add Google as an identity provider for B2B - Azure AD
+ Title: Add Google as an identity provider for B2B
description: Federate with Google to enable guest users to sign in to your Azure AD apps with their own Gmail accounts.
active-directory Hybrid Cloud To On Premises https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md
Title: Grant B2B users access to your on-premises apps - Azure AD
+ Title: Grant B2B users access to your on-premises apps
description: Shows how to give cloud B2B users access to on premises apps with Azure AD B2B collaboration.
active-directory Hybrid On Premises To Cloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-on-premises-to-cloud.md
Title: Sync local partner accounts to cloud as B2B users - Azure AD
+ Title: Sync local partner accounts to cloud as B2B users
description: Give locally managed external partners access to both local and cloud resources using the same credentials with Azure AD B2B collaboration.
active-directory Hybrid Organizations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-organizations.md
Title: B2B collaboration for hybrid organizations - Azure AD
+ Title: B2B collaboration for hybrid organizations
description: Give partners access to both on-premises and cloud resources with Azure AD B2B collaboration.
active-directory Identity Providers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/identity-providers.md
Title: Identity providers for External Identities - Azure AD
+ Title: Identity providers for External Identities
description: Learn how to use Azure AD as your default identity provider for sharing with external users.
active-directory Invitation Email Elements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/invitation-email-elements.md
Title: Elements of the B2B invitation email - Azure Active Directory | Microsoft Docs
+ Title: Elements of the B2B invitation email
description: Azure Active Directory B2B collaboration invitation email template
-# The elements of the B2B collaboration invitation email - Azure Active Directory
+# The elements of the B2B collaboration invitation email
Invitation emails are a critical component to bring partners on board as B2B collaboration users in Azure AD. ItΓÇÖs [not required that you send an email to invite someone using B2B collaboration](redemption-experience.md#redemption-through-a-direct-link), but it gives the user all the information they need to decide if they accept your invite or not. It also gives them a link they can always refer to in the future when they need to return to your resources.
active-directory Invite Internal Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/invite-internal-users.md
Title: Invite internal users to B2B collaboration - Azure AD
+ Title: Invite internal users to B2B collaboration
description: If you have internal user accounts for partners, distributors, suppliers, vendors, and other guests, you can change to Azure AD B2B collaboration by inviting them to sign in with their own external credentials or login. Use either PowerShell or the Microsoft Graph invitation API.
active-directory Microsoft Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/microsoft-account.md
Title: Add Microsoft account (MSA) as an identity provider - Azure AD
+ Title: Add Microsoft account (MSA) as an identity provider
description: Use Azure AD to enable an external user (guest) to sign in to your Azure AD apps with their Microsoft account (MSA).
active-directory One Time Passcode https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/one-time-passcode.md
Title: One-time passcode authentication for B2B guest users - Azure AD
+ Title: One-time passcode authentication for B2B guest users
description: How to use Email one-time passcode to authenticate B2B guest users without the need for a Microsoft account.
active-directory Redemption Experience https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/redemption-experience.md
Title: Invitation redemption in B2B collaboration - Azure AD
+ Title: Invitation redemption in B2B collaboration
description: Describes the Azure AD B2B collaboration invitation redemption experience for end users, including the agreement to privacy terms.
active-directory Reset Redemption Status https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/reset-redemption-status.md
Title: Reset a guest user's redemption status - Azure AD
+ Title: Reset a guest user's redemption status
description: Learn how to reset the invitation redemption status for an Azure Active Directory B2B guest users in Azure AD External Identities.
active-directory Self Service Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-portal.md
Title: Self-service sign-up portal for B2B collaboration - Azure AD
+ Title: Self-service sign-up portal for B2B collaboration
description: Learn how to customize the onboarding workflow for Azure Active Directory B2B users to fit your organizationΓÇÖs needs.
active-directory Self Service Sign Up Add Api Connector https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-add-api-connector.md
Title: Add API connectors to self-service sign-up flows - Azure AD
+ Title: Add API connectors to self-service sign-up flows
description: Configure a web API to be used in a user flow.
active-directory Self Service Sign Up Add Approvals https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-add-approvals.md
Title: Add custom approvals to self-service sign-up flows - Azure AD
-description: Add API connectors for custom approval workflows in External Identities self-service sign-up - Azure Active Directory (Azure AD)
+ Title: Add custom approvals to self-service sign-up flows
+description: Add API connectors for custom approval workflows in External Identities self-service sign-up
active-directory Self Service Sign Up Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-overview.md
Title: Self-service sign-up for External Identities - Azure AD
+ Title: Self-service sign-up for External Identities
description: Learn how to allow external users to sign up for your applications themselves by enabling self-service sign-up. Create a personalized sign-up experience by customizing the self-service sign-up user flow.
active-directory Self Service Sign Up User Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-user-flow.md
Title: Add a self-service sign-up user flow - Azure AD
+ Title: Add a self-service sign-up user flow
description: Create user flows for apps that are built by your organization. Then, users who visit that app can gain a guest account using the options configured in the user flow.
active-directory Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/troubleshoot.md
Title: Troubleshooting B2B collaboration - Azure Active Directory | Microsoft Docs
+ Title: Troubleshooting B2B collaboration
description: Remedies for common problems with Azure Active Directory B2B collaboration
active-directory Tutorial Bulk Invite https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/tutorial-bulk-invite.md
Title: Bulk invite guest users for B2B collaboration tutorial - Azure AD
+ Title: Bulk invite guest users for B2B collaboration tutorial
description: In this tutorial, you learn how to send bulk invitations using a CSV file to external Azure AD B2B collaboration users.
active-directory Use Dynamic Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/use-dynamic-groups.md
Title: Dynamic groups and B2B collaboration - Azure Active Directory | Microsoft Docs
+ Title: Dynamic groups and B2B collaboration
description: Shows how to use Azure AD dynamic groups with Azure Active Directory B2B collaboration
active-directory User Flow Add Custom Attributes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-flow-add-custom-attributes.md
Title: Add custom attributes to self-service sign-up flows - Azure AD
+ Title: Add custom attributes to self-service sign-up flows
description: Learn about customizing the attributes for your self-service sign-up user flows.
active-directory User Properties https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-properties.md
Title: Properties of a B2B guest user - Azure Active Directory | Microsoft Docs
+ Title: Properties of a B2B guest user
description: Azure Active Directory B2B invited guest user properties and states before and after invitation redemption
active-directory User Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-token.md
Title: Understand user tokens in B2B collaboration - Azure AD
+ Title: Understand user tokens in B2B collaboration
description: User token reference for Azure Active Directory B2B collaboration.
active-directory Active Directory Access Create New Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md
Title: Quickstart - Access & create new tenant - Azure AD
+ Title: Quickstart - Access & create new tenant
description: Instructions about how to find Azure Active Directory and how to create a new tenant for your organization.
active-directory Active Directory Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-architecture.md
Title: Architecture overview - Azure Active Directory | Microsoft Docs
+ Title: Architecture overview
description: Learn what an Azure Active Directory tenant is and how to manage Azure using Azure Active Directory.
active-directory Active Directory Data Storage Australia Newzealand https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-australia-newzealand.md
Title: Customer data storage for Australian and New Zealand customers - Azure AD
+ Title: Customer data storage for Australian and New Zealand customers
description: Learn about where Azure Active Directory stores customer-related data for its Australian and New Zealand customers.
active-directory Active Directory Data Storage Australia https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-australia.md
Title: Identity data storage for Australian and New Zealand customers - Azure AD
+ Title: Identity data storage for Australian and New Zealand customers
description: Learn about where Azure Active Directory stores identity-related data for its Australian and New Zealand customers.
active-directory Active Directory Data Storage Japan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-japan.md
Title: Customer data storage for Japan customers - Azure AD
+ Title: Customer data storage for Japan customers
description: Learn about where Azure Active Directory stores customer-related data for its Japan customers.
active-directory Active Directory Get Started Premium https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-get-started-premium.md
Title: Sign up for premium editions - Azure Active Directory| Microsoft Docs
+ Title: Sign up for premium editions
description: Instructions about how to sign up for Azure Active Directory Premium editions.
active-directory Active Directory Groups View Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-groups-view-azure-portal.md
Title: Quickstart - View groups & members - Azure AD
+ Title: Quickstart - View groups & members
description: Instructions about how to search for and view your organization's groups and their assigned members.
active-directory Active Directory How Subscriptions Associated Directory https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md
Title: Add an existing Azure subscription to your tenant - Azure AD
+ Title: Add an existing Azure subscription to your tenant
description: Instructions about how to add an existing Azure subscription to your Azure Active Directory (Azure AD) tenant.
active-directory Active Directory How To Find Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-how-to-find-tenant.md
Title: How to find your tenant ID - Azure Active Directory
+ Title: How to find your tenant ID
description: Instructions about how to find and Azure Active Directory tenant ID to an existing Azure subscription.
active-directory Active Directory Licensing Whatis Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal.md
Title: What is group-based licensing - Azure Active Directory | Microsoft Docs
+ Title: What is group-based licensing
description: Learn about Azure Active Directory group-based licensing, including how it works and best practices. keywords: Azure AD licensing
active-directory Active Directory Ops Guide Ops https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-ops-guide-ops.md
Some identity and access management services require on-premises agents to enabl
#### On-premises agents logs recommended reading - [Troubleshoot Application Proxy](../app-proxy/application-proxy-troubleshoot.md)-- [Self-service password reset troubleshooting- Azure Active Directory](../authentication/troubleshoot-sspr.md)
+- [Self-service password reset troubleshooting](../authentication/troubleshoot-sspr.md)
- [Understand Azure AD Application Proxy connectors](../app-proxy/application-proxy-connectors.md) - [Azure AD Connect: Troubleshoot Pass-through Authentication](../hybrid/tshoot-connect-pass-through-authentication.md#collecting-pass-through-authentication-agent-logs) - [Troubleshoot error codes for the Azure AD MFA NPS extension](../authentication/howto-mfa-nps-extension-errors.md)
active-directory Active Directory Properties Area https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-properties-area.md
Title: Add your organization's privacy info - Azure Active Directory | Microsoft Docs
+ Title: Add your organization's privacy info
description: Instructions about how to add your organization's privacy info to the Azure Active Directory Properties area.
active-directory Active Directory Users Assign Role Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-assign-role-azure-portal.md
Title: Manage Azure AD user roles - Azure Active Directory | Microsoft Docs
+ Title: Manage Azure AD user roles
description: Instructions about how to assign and update user roles with Azure Active Directory.
active-directory Active Directory Users Profile Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-profile-azure-portal.md
Title: Add or update user profile information - Azure AD
+ Title: Add or update user profile information
description: Instructions about how to manage a user's profile and settings in Azure Active Directory.
active-directory Active Directory Users Reset Password Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-reset-password-azure-portal.md
Title: Reset a user's password - Azure Active Directory | Microsoft Docs
+ Title: Reset a user's password
description: Instructions about how to reset a user's password using Azure Active Directory.
active-directory Active Directory Users Restore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-restore.md
Title: Restore or permanently remove recently deleted user - Azure AD
+ Title: Restore or permanently remove recently deleted user
description: How to view restorable users, restore a deleted user, or permanently delete a user with Azure Active Directory.
active-directory Add Custom Domain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/add-custom-domain.md
Title: Add your custom domain - Azure Active Directory | Microsoft Docs
+ Title: Add your custom domain
description: Instructions about how to add a custom domain using Azure Active Directory.
active-directory Add Users Azure Active Directory https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/add-users-azure-active-directory.md
Title: Add or delete users - Azure Active Directory | Microsoft Docs
+ Title: Add or delete users
description: Instructions about how to add new users or delete existing users using Azure Active Directory.
active-directory Concept Fundamentals Mfa Get Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md
Title: Azure AD Multi-Factor Authentication for your organization - Azure Active Directory
+ Title: Azure AD Multi-Factor Authentication for your organization
description: Learn about the available features of Azure AD Multi-Factor Authentication for your organization based on your license model
active-directory Concept Learn About Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/concept-learn-about-groups.md
Title: Learn about groups and group membership - Azure Active Directory | Microsoft Docs
+ Title: Learn about groups and group membership
description: Information about Azure Active Directory groups and access rights
active-directory Custom Security Attributes Add https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-add.md
Title: Add or deactivate custom security attributes in Azure AD (Preview) - Azure Active Directory
+ Title: Add or deactivate custom security attributes in Azure AD (Preview)
description: Learn how to add new custom security attributes or deactivate custom security attributes in Azure Active Directory.
active-directory Custom Security Attributes Manage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-manage.md
Title: Manage access to custom security attributes in Azure AD (Preview) - Azure Active Directory
+ Title: Manage access to custom security attributes in Azure AD (Preview)
description: Learn how to manage access to custom security attributes in Azure Active Directory.
active-directory Custom Security Attributes Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-overview.md
Title: What are custom security attributes in Azure AD? (Preview) - Azure Active Directory
+ Title: What are custom security attributes in Azure AD? (Preview)
description: Learn about custom security attributes in Azure Active Directory.
active-directory Custom Security Attributes Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-troubleshoot.md
Title: Troubleshoot custom security attributes in Azure AD (Preview) - Azure Active Directory
+ Title: Troubleshoot custom security attributes in Azure AD (Preview)
description: Learn how to troubleshoot custom security attributes in Azure Active Directory.
active-directory Customize Branding https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/customize-branding.md
Title: Add branding to your organization's sign-in page - Azure AD
+ Title: Add branding to your organization's sign-in page
description: Instructions about how to add your organization's branding to the Azure Active Directory sign-in page.
active-directory How To Customize Branding https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-customize-branding.md
Title: Add company branding to your organization's sign-in page (preview) - Azure AD
+ Title: Add company branding to your organization's sign-in page (preview)
description: Instructions about how to add your organization's branding to the sign-in experience.
active-directory How To Get Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-get-support.md
Title: Find help and get support for Azure Active Directory - Azure Active Directory | Microsoft Docs
+ Title: Find help and get support for Azure Active Directory
description: Instructions about how to get help and open a support request for Azure Active Directory.
active-directory How To Manage Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-manage-groups.md
Title: How to manage groups - Azure Active Directory | Microsoft Docs
+ Title: How to manage groups
description: Instructions about how to manage Azure AD groups and group membership.
active-directory Identity Secure Score https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/identity-secure-score.md
Title: What is identity secure score? - Azure Active Directory
+ Title: What is identity secure score?
description: Learn how to use the identity secure score to improve the security posture of your directory.
active-directory License Users Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/license-users-groups.md
Title: Assign or remove licenses - Azure Active Directory | Microsoft Docs
+ Title: Assign or remove licenses
description: Instructions about how to assign or remove Azure Active Directory licenses from your users or groups.
active-directory Resilience B2c Developer Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-b2c-developer-best-practices.md
Title: Resilience through developer best practices using Azure AD B2C | Microsoft Docs
+ Title: Resilience through developer best practices using Azure AD B2C
description: Resilience through developer best practices in Customer Identity and Access Management using Azure AD B2C
active-directory Resilience B2c https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-b2c.md
Title: Build resilience in Customer Identity and Access Management using Azure AD B2C | Microsoft Docs
+ Title: Build resilience in Customer Identity and Access Management using Azure AD B2C
description: Methods to build resilience in Customer Identity and Access Management using Azure AD B2C
active-directory Resilience With Monitoring Alerting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-with-monitoring-alerting.md
Title: Resilience through monitoring and analytics using Azure AD B2C | Microsoft Docs
+ Title: Resilience through monitoring and analytics using Azure AD B2C
description: Resilience through monitoring and analytics using Azure AD B2C
active-directory Resilient End User Experience https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilient-end-user-experience.md
Title: Resilient end-user experience using Azure AD B2C | Microsoft Docs
+ Title: Resilient end-user experience using Azure AD B2C
description: Methods to build resilience in end-user experience using Azure AD B2C
active-directory Resilient External Processes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilient-external-processes.md
Title: Resilient interfaces with external processes using Azure AD B2C | Microsoft Docs
+ Title: Resilient interfaces with external processes using Azure AD B2C
description: Methods to build resilient interfaces with external processes
active-directory Service Accounts Principal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/service-accounts-principal.md
# Securing service principals in Azure Active Directory
-An Azure Active Directory (Azure AD) service principals are the local representation of an application object in a tenant or directory. It's the identity of the application instance. Service principals define application access, and resources the application accesses. A service principal is created in each tenant where the application is used, and references the globally unique application object. The tenant secures the service principal sign-in and access to resources.
+An Azure Active Directory (Azure AD) service principal is the local representation of an application object in a tenant or directory. It's the identity of the application instance. Service principals define application access and resources the application accesses. A service principal is created in each tenant where the application is used and references the globally unique application object. The tenant secures the service principal sign-in and access to resources.
Learn more: [Application and service principal objects in Azure AD](../develop/app-objects-and-service-principals.md)
active-directory Sign Up Organization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/sign-up-organization.md
Title: Sign up your organization - Azure Active Directory | Microsoft Docs
+ Title: Sign up your organization
description: Instructions about how to sign up your organization to use Azure and Azure Active Directory.
active-directory Users Default Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/users-default-permissions.md
Title: Default user permissions - Azure Active Directory | Microsoft Docs
+ Title: Default user permissions
description: Learn about the user permissions available in Azure Active Directory.
active-directory Whats New Archive https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new-archive.md
Title: Archive for What's new in Azure Active Directory? | Microsoft Docs
+ Title: Archive for What's new in Azure Active Directory?
description: The What's new release notes in the Overview section of this content set contain six months of activity. After six months, the items are removed from the main article and put into this archive article.
In Azure AD entitlement management, a new form of access package assignment poli
Users can now configure multiple instances of the same application within an Azure AD tenant. It's now supported for both IdP, and Service Provider (SP), initiated single sign-on requests. Multiple application accounts can now have a separate service principal to handle instance-specific claims mapping and roles assignment. For more information, see: -- [Configure SAML app multi-instancing for an application - Microsoft Entra | Microsoft Docs](../develop/reference-app-multi-instancing.md)-- [Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md)
+- [Configure SAML app multi-instancing for an application - Microsoft Entra](../develop/reference-app-multi-instancing.md)
+- [Customize app SAML token claims - Microsoft Entra](../develop/active-directory-saml-claims-customization.md)
Users can now configure multiple instances of the same application within an Azu
Administrators up until recently has the capability to transform claims using many transformations, however using regular expression for claims transformation wasn't exposed to customers. With this public preview release, administrators can now configure and use regular expressions for claims transformation using portal UX.
-For more information, see:[Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md).
+For more information, see:[Customize app SAML token claims - Microsoft Entra](../develop/active-directory-saml-claims-customization.md).
Previously to set up and administer your AAD-DS instance you needed top level pe
Check out these resources to learn more: -- [Tutorial - Create an Azure Active Directory Domain Services managed domain | Microsoft Docs](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites)-- [Least privileged roles by task - Azure Active Directory | Microsoft Docs](../roles/delegate-by-task.md#domain-services)-- [Azure built-in roles - Azure RBAC | Microsoft Docs](../../role-based-access-control/built-in-roles.md#domain-services-contributor)
+- [Tutorial - Create an Azure Active Directory Domain Services managed domain](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites)
+- [Least privileged roles by task](../roles/delegate-by-task.md#domain-services)
+- [Azure built-in roles - Azure RBAC](../../role-based-access-control/built-in-roles.md#domain-services-contributor)
For more information, see: [Manage devices in Azure AD using the Azure portal](.
Previously the only way to have persistent NameID value was to ΓÇïconfigure user attribute with an empty value. Admins can now explicitly configure the NameID value to be persistent ΓÇïalong with the corresponding format.
-For more information, see: [Customize app SAML token claims - Microsoft identity platform | Microsoft Docs](../develop/active-directory-saml-claims-customization.md#attributes).
+For more information, see: [Customize app SAML token claims - Microsoft identity platform](../develop/active-directory-saml-claims-customization.md#attributes).
For more information, see: [Customize app SAML token claims - Microsoft identity
With this new parity update, customers can now integrate non-gallery applications such as Socure DevHub with Azure AD to have SSO via SAML.
-For more information, see [Claims mapping policy - Microsoft Entra | Microsoft Docs](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements).
+For more information, see [Claims mapping policy - Microsoft Entra](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements).
For more information about how to better secure your organization by using autom
**Product capability:** Identity Security & Protection
-The sign-ins Microsoft Graph API now supports confirming safe and compromised on risky sign-ins. This public preview functionality is available at the beta endpoint. For more information, please check out the Microsoft Graph documentation: [signIn: confirmSafe - Microsoft Graph beta | Microsoft Docs](/graph/api/signin-confirmsafe?view=graph-rest-beta&preserve-view=true)
+The sign-ins Microsoft Graph API now supports confirming safe and compromised on risky sign-ins. This public preview functionality is available at the beta endpoint. For more information, please check out the Microsoft Graph documentation: [signIn: confirmSafe - Microsoft Graph beta](/graph/api/signin-confirmsafe?view=graph-rest-beta&preserve-view=true)
Microsoft cloud settings let you collaborate with organizations from different M
-Microsoft Azure global cloud and Microsoft Azure Government -Microsoft Azure global cloud and Microsoft Azure China 21Vianet
-To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross-tenant access overview - Azure AD | Microsoft Docs](../external-identities/cross-tenant-access-overview.md#microsoft-cloud-settings).
+To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross-tenant access overview - Azure AD](../external-identities/cross-tenant-access-overview.md#microsoft-cloud-settings).
To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross-
-When setting up federation with a partner's IdP, new guest users from that domain can use their own IdP-managed organizational account to sign in to your Azure AD tenant and start collaborating with you. There's no need for the guest user to create a separate Azure AD account. To learn more about federating with SAML or WS-Fed identity providers in External Identities, see: [Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD | Microsoft Docs](../external-identities/direct-federation.md).
+When setting up federation with a partner's IdP, new guest users from that domain can use their own IdP-managed organizational account to sign in to your Azure AD tenant and start collaborating with you. There's no need for the guest user to create a separate Azure AD account. To learn more about federating with SAML or WS-Fed identity providers in External Identities, see: [Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD](../external-identities/direct-federation.md).
In Azure AD entitlement management, an administrator can now configure the incom
**Product capability:** Identity Security & Protection
-Identity Protection now integrates a signal from Microsoft Defender for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection | Microsoft Docs](../identity-protection/concept-identity-protection-risks.md).
+Identity Protection now integrates a signal from Microsoft Defender for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection](../identity-protection/concept-identity-protection-risks.md).
We're announcing the public preview of following MS Graph APIs and PowerShell cm
If using older MSOnline cmdlets ([Get-MsolDomainFederationSettings](/powershell/module/msonline/get-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true) and [Set-MsolDomainFederationSettings](/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true)), we highly recommend transitioning to the latest MS Graph APIs and PowerShell cmdlets.
-For more information, see [internalDomainFederation resource type - Microsoft Graph beta | Microsoft Docs](/graph/api/resources/internaldomainfederation?view=graph-rest-beta&preserve-view=true).
+For more information, see [internalDomainFederation resource type - Microsoft Graph beta](/graph/api/resources/internaldomainfederation?view=graph-rest-beta&preserve-view=true).
For listing your application in the Azure AD app gallery, please read the detail
1. **transitiveRoleAssignments** - Last year the ability to assign Azure AD roles to groups was created. Originally it took four calls to fetch all direct, and transitive, role assignments of a user. This new API call allows it all to be done via one API call. For more information, see:
-[List transitiveRoleAssignment - Microsoft Graph beta | Microsoft Docs](/graph/api/rbacapplication-list-transitiveroleassignments).
+[List transitiveRoleAssignment - Microsoft Graph beta](/graph/api/rbacapplication-list-transitiveroleassignments).
2. **unifiedRbacResourceAction** - Developers can use this API to list all role permissions and their descriptions in Azure AD. This API can be thought of as a dictionary that can help build custom roles without relying on UX. For more information, see:
-[List resourceActions - Microsoft Graph beta | Microsoft Docs](/graph/api/unifiedrbacresourcenamespace-list-resourceactions).
+[List resourceActions - Microsoft Graph beta](/graph/api/unifiedrbacresourcenamespace-list-resourceactions).
active-directory Whats New Sovereign Clouds https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new-sovereign-clouds.md
Title: What's new in Sovereign Clouds? Release notes - Azure Active Directory | Microsoft Docs
+ Title: What's new in Sovereign Clouds? Release notes
description: Learn what is new with Azure Active Directory Sovereign Cloud.
Temporary Access Pass (TAP) is now generally available. TAP can be used to secur
In some scenarios customers may want to require a fresh authentication, every time before a user performs specific actions. Sign-in frequency Every time support requiring a user to reauthenticate during Intune device enrollment, password change for risky users and risky sign-ins.
-More information: [Configure authentication session management - Azure Active Directory - Microsoft Entra | Microsoft Docs](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time).
+More information: [Configure authentication session management](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time).
active-directory Whats New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new.md
Title: What's new? Release notes - Azure Active Directory | Microsoft Docs
+ Title: What's new? Release notes
description: Learn what is new with Azure Active Directory; such as the latest release notes, known issues, bug fixes, deprecated functionality, and upcoming changes.
active-directory Access Reviews Application Preparation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/access-reviews-application-preparation.md
Title: Preparing for an access review of users' access to an application - Azure AD
+ Title: Preparing for an access review of users' access to an application
description: Planning for a successful access reviews campaign for a particular application starts with understanding how to model access for that application in Azure AD. documentationCenter: ''
active-directory Access Reviews Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/access-reviews-overview.md
Title: What are access reviews? - Microsoft Entra | Microsoft Docs
+ Title: What are access reviews? - Microsoft Entra
description: Using access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization. documentationcenter: ''
active-directory Create Access Review Pim For Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/create-access-review-pim-for-groups.md
Title: Create an access review of PIM for Groups - Azure AD (preview)
+ Title: Create an access review of PIM for Groups (preview)
description: Learn how to create an access review of PIM for Groups in Azure Active Directory.
active-directory Create Access Review https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/create-access-review.md
Title: Create an access review of groups and applications - Azure AD
+ Title: Create an access review of groups and applications
description: Learn how to create an access review of group members or application access in Azure Active Directory.
active-directory Customize Workflow Schedule https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/customize-workflow-schedule.md
Title: 'Customize workflow schedule - Azure Active Directory'
+ Title: 'Customize workflow schedule'
description: Describes how to customize the schedule of a Lifecycle Workflow.
active-directory Delete Lifecycle Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/delete-lifecycle-workflow.md
Title: 'Delete a Lifecycle workflow - Azure Active Directory'
+ Title: 'Delete a Lifecycle workflow'
description: Describes how to delete a Lifecycle Workflow using.
active-directory Entitlement Management Access Package Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-access-package-resources.md
Title: Change resource roles for an access package in entitlement management - Azure AD
+ Title: Change resource roles for an access package in entitlement management
description: Learn how to change the resource roles for an existing access package in entitlement management. documentationCenter: ''
active-directory Entitlement Management Access Package Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-access-package-settings.md
Title: Share link to request an access package in entitlement management - Azure AD
+ Title: Share link to request an access package in entitlement management
description: Learn how to share link to request an access package in entitlement management. documentationCenter: ''
active-directory Entitlement Management Catalog Create https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-catalog-create.md
Title: Create and manage a catalog of resources in entitlement management - Azure AD
+ Title: Create and manage a catalog of resources in entitlement management
description: Learn how to create a new container of resources and access packages in entitlement management. documentationCenter: ''
active-directory Entitlement Management Delegate Catalog https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate-catalog.md
Title: Delegate access governance to catalog creators in entitlement management - Azure AD
+ Title: Delegate access governance to catalog creators in entitlement management
description: Learn how to delegate access governance from IT administrators to catalog creators and project managers so that they can manage access themselves. documentationCenter: ''
active-directory Entitlement Management Delegate Managers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate-managers.md
Title: Delegate access governance to access package managers in entitlement management - Azure AD
+ Title: Delegate access governance to access package managers in entitlement management
description: Learn how to delegate access governance from IT administrators to access package managers and project managers so that they can manage access themselves. documentationCenter: ''
active-directory Entitlement Management Delegate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate.md
Title: Delegation and roles in entitlement management - Azure AD
+ Title: Delegation and roles in entitlement management
description: Learn how to delegate access governance from IT administrators to department managers and project managers so that they can manage access themselves. documentationCenter: ''
active-directory Entitlement Management External Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-external-users.md
Title: Govern access for external users in entitlement management - Azure AD
+ Title: Govern access for external users in entitlement management
description: Learn about the settings you can specify to govern access for external users in entitlement management. documentationCenter: ''
active-directory Entitlement Management Logic Apps Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-logic-apps-integration.md
Title: Trigger custom Logic Apps with entitlement management
-description: Learn how to configure and use custom Logic Apps in entitlement management.
+ Title: Trigger custom logic apps with entitlement management
+description: Learn how to configure and use custom logic app workflows in entitlement management.
documentationCenter: ''
-#Customer intent: As an administrator, I want detailed information about how I can configure and add custom Logic Apps to my catalogs and access packages in entitlement management.
+#Customer intent: As an administrator, I want detailed information about how I can configure and add custom logic apps to my catalogs and access packages in entitlement management.
-# Trigger custom Logic Apps with entitlement management
+# Trigger custom logic apps with entitlement management
-[Azure Logic Apps](../../logic-apps/logic-apps-overview.md) can be used to automate custom workflows and connect apps and services in one place. Users can integrate Logic Apps with entitlement management to broaden their governance workflows beyond the core entitlement management use cases.
+[Azure Logic Apps](../../logic-apps/logic-apps-overview.md) can be used to automate custom workflows and connect apps and services in one place. Users can integrate Azure Logic Apps with entitlement management to broaden their governance workflows beyond the core entitlement management use cases.
-These Logic Apps can then be triggered to run in accordance with entitlement management use cases such as when an access package is granted or requested. For example, an admin could create and link a custom Logic App to entitlement management so that when a user requests an access package, a Logic App is triggered that ensures the user is also assigned certain characteristics in a 3rd party SAAS app (like Salesforce) or is sent a custom email.
+These logic app workflows can then be triggered to run in accordance with entitlement management use cases such as when an access package is granted or requested. For example, an admin could create and link a custom logic app workflow to entitlement management so that when a user requests an access package, the logic app workflow is triggered to ensure that the user is also assigned certain characteristics in a 3rd party SAAS app (like Salesforce) or is sent a custom email.
-Entitlement management use cases that can be integrated with Logic Apps include:
+Entitlement management use cases that can be integrated with Azure Logic Apps include:
- when an access package is requested
Entitlement management use cases that can be integrated with Logic Apps include:
- when an access package assignment expires
-These triggers to Logic Apps are controlled in a new tab within access package policies called **Rules**. Additionally, a **Custom Extensions** tab on the Catalog page will show all added Logic Apps for a given Catalog. This article describes how to create and add logic apps to catalogs and access packages in entitlement management.
+These triggers in logic app workflows are controlled in a new tab within access package policies called **Rules**. Additionally, a **Custom Extensions** tab on the Catalog page will show all added logic app resources for a given Catalog. This article describes how to create and add logic apps to catalogs and access packages in entitlement management.
-## Create and add a Logic App to a catalog for use in entitlement management
+## Create and add a logic app workflow to a catalog for use in entitlement management
**Prerequisite roles:** Global administrator, Identity Governance administrator, Catalog owner or Resource Group Owner
These triggers to Logic Apps are controlled in a new tab within access package p
1. In the header navigation bar, select **Add a Custom Extension**.
-1. In the **Basics** tab, enter the name of the custom extension (linked Logic App you are adding) and description of the workflow. These fields will show up in the **Custom Extensions** tab of the Catalog going forward.
+1. In the **Basics** tab, enter the name of the custom extension (linked logic app that you are adding) and description of the workflow. These fields will show up in the **Custom Extensions** tab of the Catalog going forward.
![Pane to create a custom extension](./media/entitlement-management-logic-apps/create-custom-extension.png) - 1. Then go on to the **Details** tab.
-1. Select **Yes** in the field ΓÇ£Create new logic appΓÇ¥. Otherwise, select **No** and move on to step 9 if you are going to use an existing Logic App. If you selected yes, select one of the options below and move on to step 9:
+1. In the **Create new logic app** field, select **Yes**. Otherwise, select **No** and move on to step 9 if you are going to use an existing logic app. If you selected yes, select one of the options below and move on to step 9:
- 1. Select **create new Azure AD application** if you want to use a new application as the basis for the new Logic App, or
+ 1. Select **create new Azure AD application** if you want to use a new application as the basis for the new logic app, or
![Pane to select new app for logic app](./media/entitlement-management-logic-apps/new-app-selection.png)
- 1. select **an existing Azure AD Application** if you want to use an existing application as the basis for the new Logic App.
+ 1. select **an existing Azure AD Application** if you want to use an existing application as the basis for the new logic app.
![Pane to select existing app for logic app](./media/entitlement-management-logic-apps/existing-app-selection.png)
- > [!Note]
- > Later, you can edit what your Logic App does in Logic App designer. To do so, select on the Logic App you created in the **Custom Extensions** tab of **Catalogs**.
+ > [!NOTE]
+ > Later, you can edit what your logic app workflow does in workflow designer. To do so, in the **Custom Extensions** tab of **Catalogs**, select the logic app you created.
1. Next, enter the **Subscription ID**, **Resource group**, **Logic app name**. 1. Then, select **Validate and Create**.
-1. Review the summary of your custom extension and make sure the details for your Logic App callout are correct. Then select **Create**.
+1. Review the summary of your custom extension and make sure the details for your logic app callout are correct. Then select **Create**.
![Example of custom extension summary](./media/entitlement-management-logic-apps/custom-extension-summary.png)
-1. This custom extension to the linked Logic App will now appear in your Custom Extensions tab under Catalogs. You will be able to call on this in access package policies.
-
+This custom extension to the linked logic app will now appear in your Custom Extensions tab under Catalogs. You will be able to call on this in access package policies.
-## Edit a linked Logic App
+## Edit a linked logic app
**Prerequisite roles:** Global administrator, Identity Governance administrator, or Catalog owner
These triggers to Logic Apps are controlled in a new tab within access package p
1. In the left menu, select **Custom Extensions**.
-1. Here, you can view all custom extensions (Logic Apps) that you have added to this Catalog. To edit a Logic App workflow, or to create a workflow for a newly-added Logic App, select the Logic App custom extension under **Endpoint**. This will open Logic App Designer and allow you to create your workflow.
+1. Here, you can view all custom extensions (logic apps) that you have added to this Catalog. To edit a logic app workflow, or to create a workflow for a newly-added logic app, select the Azure Logic Apps custom extension under **Endpoint**. This will open the workflow designer and allow you to create your workflow.
- For more information on creating Logic App workflows, see [Create automated workflows with Azure Logic Apps in the Azure portal](../../logic-apps/quickstart-create-first-logic-app-workflow.md).
+For more information on creating logic app workflows, see [Create an example Consumption workflow with Azure Logic Apps in the Azure portal](../../logic-apps/quickstart-create-example-consumption-workflow.md).
## Add custom extension to a policy in an access package
These triggers to Logic Apps are controlled in a new tab within access package p
1. In the left menu, select **Access packages**.
-1. Select the access package you want to add a custom extension (Logic App) to from the list of access packages that have already been created.
+1. Select the access package you want to add a custom extension (logic app) to from the list of access packages that have already been created.
> [!NOTE] > Select **New access package** if you want to create a new access package.
These triggers to Logic Apps are controlled in a new tab within access package p
1. In the policy settings, go to the **Custom Extensions (Preview)** tab.
-1. In the menu below **Stage**, select the access package event you wish to use as trigger for this custom extension (Logic App). For example, if you only want to trigger the custom extension Logic App workflow when a user requests the access package, select **Request is created**.
+1. In the menu below **Stage**, select the access package event you wish to use as trigger for this custom extension (logic app). For example, if you only want to trigger the custom extension logic app workflow when a user requests the access package, select **Request is created**.
-1. In the menu below **Custom Extension**, select the custom extension (Logic App) you want to add to the access package. The do action you select will execute when the event selected in the when field occurs.
+1. In the menu below **Custom Extension**, select the custom extension (logic app) you want to add to the access package. The do action you select will execute when the event selected in the when field occurs.
1. Select **Update** to add it to an existing access package's policy.
These triggers to Logic Apps are controlled in a new tab within access package p
## Troubleshooting and Validation
-To verify that your custom extension has correctly triggered the associated Logic App when called upon by the access package **Do** option, you can view the Logic App logs.
+To verify that your custom extension has correctly triggered the associated logic app when called upon by the access package **Do** option, you can view the Azure Logic Apps logs.
-The overview page for a specific Logic App will show timestamps of when the Logic App was last executed. Also, the Resource Group overview for a resource group with a linked custom extension will show the name of that custom extension in the overview if it has been configured correctly.
+The overview page for a specific logic app will show timestamps of when the logic app was last executed. Also, the Resource Group overview for a resource group with a linked custom extension will show the name of that custom extension in the overview if it has been configured correctly.
## Next steps
active-directory Entitlement Management Onboard External User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-onboard-external-user.md
Title: Tutorial - Onboard external users to Azure AD through an approval process - Azure Active Directory
+ Title: Tutorial - Onboard external users to Azure AD through an approval process
description: Step-by-step tutorial for how to create an access package for external users requiring approvals in entitlement management. documentationCenter: ''
active-directory Entitlement Management Organization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-organization.md
Title: Add a connected organization in entitlement management - Azure Active Directory
+ Title: Add a connected organization in entitlement management
description: Learn how to allow people outside your organization to request access packages so that you can collaborate on projects. documentationCenter: ''
active-directory Entitlement Management Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-overview.md
Title: What is entitlement management? - Azure AD
+ Title: What is entitlement management?
description: Get an overview of entitlement management and how you can use it to manage access to groups, applications, and SharePoint Online sites for internal and external users. documentationCenter: ''
active-directory Entitlement Management Reprocess Access Package Assignments https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-reprocess-access-package-assignments.md
Title: Reprocess assignments for an access package in entitlement management - Azure AD
+ Title: Reprocess assignments for an access package in entitlement management
description: Learn how to reprocess assignments for an access package in entitlement management. documentationCenter: ''
active-directory Entitlement Management Reprocess Access Package Requests https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-reprocess-access-package-requests.md
Title: Reprocess requests for an access package in entitlement management - Azure Active Directory
+ Title: Reprocess requests for an access package in entitlement management
description: Learn how to reprocess a request for an access package in entitlement management. documentationCenter: ''
active-directory Entitlement Management Verified Id Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-verified-id-settings.md
Title: Configure verified ID settings for an access package in entitlement management (Preview) - Azure AD
+ Title: Configure verified ID settings for an access package in entitlement management (Preview)
description: Learn how to configure verified ID settings for an access package in entitlement management. documentationCenter: ''
active-directory Identity Governance Applications Prepare https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-applications-prepare.md
Title: Govern access for applications in your environment - Azure AD
+ Title: Govern access for applications in your environment
description: Microsoft Entra Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. These features can be used for your existing business critical third party on-premises and cloud-based applications. documentationcenter: ''
active-directory Identity Governance Organizational Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-organizational-roles.md
Title: Govern access with an organizational role model - Azure AD
+ Title: Govern access with an organizational role model
description: Microsoft Entra Identity Governance allows you to model organizational roles using access packages, so you can migrate your existing role definitions to entitlement management. documentationcenter: ''
active-directory Identity Governance Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-overview.md
Title: Identity Governance - Microsoft Entra | Microsoft Docs
+ Title: Identity Governance - Microsoft Entra
description: Microsoft Entra Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. documentationcenter: ''
active-directory Lifecycle Workflow Extensibility https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/lifecycle-workflow-extensibility.md
Title: Workflow Extensibility - Azure Active Directory
+ Title: Workflow Extensibility
description: Conceptual article discussing workflow extensibility with Lifecycle Workflows
active-directory What Are Lifecycle Workflows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-are-lifecycle-workflows.md
Title: 'What are lifecycle workflows? - Azure Active Directory'
+ Title: 'What are lifecycle workflows?'
description: Describes overview of Lifecycle workflow feature.
active-directory What Is Identity Lifecycle Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-is-identity-lifecycle-management.md
Title: 'What is identity lifecycle management with Azure Active Directory? | Microsoft Docs'
+ Title: 'What is identity lifecycle management with Azure Active Directory?'
description: Describes overview of identity lifecycle management.
active-directory What Is Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-is-provisioning.md
Title: 'What is provisioning with Azure Active Directory? | Microsoft Docs'
+ Title: 'What is provisioning with Azure Active Directory?'
description: Describes overview of identity provisioning and the ILM scenarios.
active-directory Workflows Faqs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/workflows-faqs.md
Title: 'Lifecycle workflows FAQs - Azure AD (preview)'
+ Title: 'Lifecycle workflows FAQs (preview)'
description: Frequently asked questions about Lifecycle workflows (preview).
active-directory Concept Adsync Service Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-adsync-service-account.md
Title: 'Azure AD Connect: ADSync service account | Microsoft Docs'
+ Title: 'Azure AD Connect: ADSync service account'
description: This topic describes the ADSync service account and provides best practices regarding the account. documentationcenter: ''
active-directory Concept Azure Ad Connect Sync Declarative Provisioning Expressions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-declarative-provisioning-expressions.md
Title: 'Azure AD Connect: Declarative Provisioning Expressions | Microsoft Docs'
+ Title: 'Azure AD Connect: Declarative Provisioning Expressions'
description: Explains the declarative provisioning expressions. documentationcenter: ''
active-directory Concept Azure Ad Connect Sync Declarative Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-declarative-provisioning.md
Title: 'Azure AD Connect: Understanding Declarative Provisioning | Microsoft Docs'
+ Title: 'Azure AD Connect: Understanding Declarative Provisioning'
description: Explains the declarative provisioning configuration model in Azure AD Connect. documentationcenter: ''
active-directory Concept Azure Ad Connect Sync Default Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-default-configuration.md
Title: 'Azure AD Connect sync: Understanding the default configuration | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Understanding the default configuration'
description: This article describes the default configuration in Azure AD Connect sync. documentationcenter: ''
active-directory Concept Azure Ad Connect Sync User And Contacts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts.md
Title: 'Azure AD Connect sync: Understanding Users, Groups, and Contacts | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Understanding Users, Groups, and Contacts'
description: Explains users, groups, and contacts in Azure AD Connect sync. documentationcenter: ''
active-directory Four Steps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/four-steps.md
Title: Four steps to a strong identity foundation - Azure AD
+ Title: Four steps to a strong identity foundation
description: This article describes four steps hybrid identity customers can take to build a strong identity foundation.
active-directory How To Connect Adconnectivitytools https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-adconnectivitytools.md
Title: 'Azure AD Connect: What is the ADConnectivityTool PowerShell Module | Microsoft Docs'
+ Title: 'Azure AD Connect: What is the ADConnectivityTool PowerShell Module'
description: This document introduces the new ADConnectivity PowerShell module and how it can be used to help troubleshoot.
active-directory How To Connect Azure Ad Trust https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-azure-ad-trust.md
Title: Azure AD Connect - Manage AD FS trust with Azure AD using Azure AD Connect | Microsoft Docs
+ Title: Azure AD Connect - Manage AD FS trust with Azure AD using Azure AD Connect
description: Operational details of Azure AD trust handling by Azure AD connect. documentationcenter: ''
active-directory How To Connect Azureadaccount https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-azureadaccount.md
Title: 'Change the Azure AD Connector account password | Microsoft Docs'
+ Title: 'Change the Azure AD Connector account password'
description: This topic documents how to restore the Azure AD Connector account. documentationcenter: ''
active-directory How To Connect Configure Ad Ds Connector Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account.md
Title: 'Azure AD Connect: Configure AD DS Connector Account Permissions | Microsoft Docs'
+ Title: 'Azure AD Connect: Configure AD DS Connector Account Permissions '
description: This document details how to configure the AD DS Connector account with the new ADSyncConfig PowerShell module
active-directory How To Connect Create Custom Sync Rule https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-create-custom-sync-rule.md
Title: How to customize a synchronization rule in Azure AD Connect | Microsoft Docs'
+ Title: How to customize a synchronization rule in Azure AD Connect'
description: Learn how to use the synchronization rule editor to edit or create a new synchronization rule. documentationcenter: ''
active-directory How To Connect Device Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-device-options.md
Title: 'Azure AD Connect: Device options | Microsoft Docs'
+ Title: 'Azure AD Connect: Device options'
description: This document details device options available in Azure AD Connect documentationcenter: ''
active-directory How To Connect Device Writeback https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-device-writeback.md
Title: 'Azure AD Connect: Enabling device writeback | Microsoft Docs'
+ Title: 'Azure AD Connect: Enabling device writeback'
description: This document details how to enable device writeback using Azure AD Connect documentationcenter: ''
active-directory How To Connect Emergency Ad Fs Certificate Rotation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-emergency-ad-fs-certificate-rotation.md
Title: Emergency rotation of the AD FS certificates | Microsoft Docs
+ Title: Emergency rotation of the AD FS certificates
description: This article explains how to revoke and update AD FS certificates immediately.
active-directory How To Connect Fed Group Claims https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-group-claims.md
Title: Configure group claims for applications by using Azure Active Directory | Microsoft Docs
+ Title: Configure group claims for applications by using Azure Active Directory
description: Get information on how to configure group claims for use with Azure AD. documentationcenter: ''
active-directory How To Connect Fed Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-management.md
Title: Azure AD Connect - AD FS management and customization | Microsoft Docs
+ Title: Azure AD Connect - AD FS management and customization
description: This article discusses how to manage AD FS with Azure AD Connect and customize the AD FS user sign-in experience with Azure AD Connect and PowerShell. keywords: AD FS, ADFS, AD FS management, AAD Connect, Connect, sign-in, AD FS customization, repair trust, M365, federation, relying party
active-directory How To Connect Fed O365 Certs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-o365-certs.md
Title: Certificate renewal for Microsoft 365 and Azure AD users | Microsoft Docs
+ Title: Certificate renewal for Microsoft 365 and Azure AD users
description: This article explains to Microsoft 365 users how to resolve issues with emails that notify them about renewing a certificate. documentationcenter: ''
active-directory How To Connect Fed Ssl Update https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-ssl-update.md
Title: Azure AD Connect - Update the TLS/SSL certificate for an AD FS farm | Microsoft Docs
+ Title: Azure AD Connect - Update the TLS/SSL certificate for an AD FS farm
description: This document details the steps to update the TLS/SSL certificate of an AD FS farm by using Azure AD Connect.
active-directory How To Connect Fed Whatis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-whatis.md
Title: Azure AD Connect and federation | Microsoft Docs
+ Title: Azure AD Connect and federation
description: This page is the central location for all documentation regarding AD FS operations that use Azure AD Connect. documentationcenter: ''
active-directory How To Connect Fix Default Rules https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fix-default-rules.md
Title: 'How to fix modified default rules - Azure AD Connect | Microsoft Docs'
+ Title: 'How to fix modified default rules - Azure AD Connect'
description: Learn how to fix modified default rules that come with Azure AD Connect.
active-directory How To Connect Health Ad Fs Sign In https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-ad-fs-sign-in.md
Title: AD FS sign-ins in Azure AD with Connect Health | Microsoft Docs
+ Title: AD FS sign-ins in Azure AD with Connect Health
description: This document describes how to integrate AD FS sign-ins with the Azure AD Connect Health sign-ins report. documentationcenter: ''
active-directory How To Connect Health Adds https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adds.md
Title: Using Azure AD Connect Health with AD DS | Microsoft Docs
+ Title: Using Azure AD Connect Health with AD DS
description: This is the Azure AD Connect Health page that will discuss how to monitor AD DS. documentationcenter: ''
active-directory How To Connect Health Adfs Risky Ip Workbook https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs-risky-ip-workbook.md
Title: Azure AD Connect Health with AD FS risky IP report workbook | Microsoft Docs
+ Title: Azure AD Connect Health with AD FS risky IP report workbook
description: Describes the Azure AD Connect Health AD FS risky IP report with Azure Monitor Workbooks. documentationcenter: ''
active-directory How To Connect Health Adfs Risky Ip https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs-risky-ip.md
Title: Azure AD Connect Health with the AD FS Risky IP report | Microsoft Docs
+ Title: Azure AD Connect Health with the AD FS Risky IP report
description: This article describes the Azure AD Connect Health AD FS Risky IP report. documentationcenter: ''
active-directory How To Connect Health Adfs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs.md
Title: Using Azure AD Connect Health with AD FS | Microsoft Docs
+ Title: Using Azure AD Connect Health with AD FS
description: This is the Azure AD Connect Health page how to monitor your on-premises AD FS infrastructure. documentationcenter: ''
active-directory How To Connect Health Alert Catalog https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-alert-catalog.md
Title: Azure AD Connect Health - Alert Catalog | Microsoft Docs
+ Title: Azure AD Connect Health - Alert Catalog
description: This document shows the catalog of all alerts in Azure AD Connect Health. documentationcenter: ''
active-directory How To Connect Health Data Freshness https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-data-freshness.md
Title: Azure AD Connect Health - Health service data is not up to date alert | Microsoft Docs
+ Title: Azure AD Connect Health - Health service data is not up to date alert
description: This document describes the cause of "Health service data is not up to date" alert and how to troubleshoot it. documentationcenter: ''
active-directory How To Connect Health Data Retrieval https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-data-retrieval.md
Title: Azure AD Connect Health instructions data retrieval | Microsoft Docs
+ Title: Azure AD Connect Health instructions data retrieval
description: This page describes how to retrieve data from Azure AD Connect Health. documentationcenter: ''
active-directory How To Connect Health Diagnose Sync Errors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors.md
Title: Azure AD Connect Health - Diagnose duplicated attribute synchronization errors | Microsoft Docs
+ Title: Azure AD Connect Health - Diagnose duplicated attribute synchronization errors
description: This document describes the diagnosis process of duplicated attribute synchronization errors and a potential fix of the orphaned object scenarios directly from the Azure portal. documentationcenter: ''
active-directory How To Connect Health Sync https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-sync.md
Title: Using Azure AD Connect Health with sync | Microsoft Docs
+ Title: Using Azure AD Connect Health with sync
description: This is the Azure AD Connect Health page that will discuss how to monitor Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Install Automatic Upgrade https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-automatic-upgrade.md
Title: 'Azure AD Connect: Automatic upgrade | Microsoft Docs'
+ Title: 'Azure AD Connect: Automatic upgrade'
description: This topic describes the built-in automatic upgrade feature in Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Install Existing Database https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-existing-database.md
Title: 'Install Azure AD Connect by using an existing ADSync database | Microsoft Docs'
+ Title: 'Install Azure AD Connect by using an existing ADSync database'
description: This topic describes how to use an existing ADSync database. documentationcenter: ''
active-directory How To Connect Install Existing Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-existing-tenant.md
Title: 'Azure AD Connect: When you already have Azure AD | Microsoft Docs'
+ Title: 'Azure AD Connect: When you already have Azure AD'
description: This topic describes how to use Connect when you have an existing Azure AD tenant.
active-directory How To Connect Install Prerequisites https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-prerequisites.md
Title: 'Azure AD Connect: Prerequisites and hardware | Microsoft Docs'
+ Title: 'Azure AD Connect: Prerequisites and hardware'
description: This article describes the prerequisites and the hardware requirements for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Install Roadmap https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-roadmap.md
Title: 'Azure AD Connect and Azure AD Connect Health installation roadmap. | Microsoft Docs'
+ Title: 'Azure AD Connect and Azure AD Connect Health installation roadmap.'
description: This document provides an overview of the installation options and paths available for installing Azure AD Connect and Connect Health.
active-directory How To Connect Install Select Installation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-select-installation.md
Title: 'Azure AD Connect: Select your installation type | Microsoft Docs'
+ Title: 'Azure AD Connect: Select your installation type'
description: This topic walks you through how to select the installation type to use for Azure AD Connect documentationcenter: ''
active-directory How To Connect Install Sql Delegation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-sql-delegation.md
Title: 'Install Azure AD Connect using SQL delegated administrator permissions | Microsoft Docs'
+ Title: 'Install Azure AD Connect using SQL delegated administrator permissions'
description: This topic describes an update to Azure AD Connect that allows for installation using an account that only has SQL dbo permissions. documentationcenter: ''
active-directory How To Connect Installation Wizard https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-installation-wizard.md
Title: 'Re-running the Azure AD Connect install wizard | Microsoft Docs'
+ Title: 'Re-running the Azure AD Connect install wizard'
description: Explains how the installation wizard works the second time you run it. keywords: The Azure AD Connect installation wizard lets you configure maintenance settings the second time you run it
active-directory How To Connect Modify Group Writeback https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-modify-group-writeback.md
If the original version of group writeback is already enabled and in use in your
To configure directory settings to disable automatic writeback of newly created Microsoft 365 groups, use one of these methods: -- Azure portal: Update the `NewUnifiedGroupWritebackDefault` setting to `false`. - PowerShell: Use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true). For example: ```PowerShell
active-directory How To Connect Monitor Federation Changes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-monitor-federation-changes.md
Title: Monitor changes to federation configuration in Azure AD | Microsoft Docs
+ Title: Monitor changes to federation configuration in Azure AD
description: This article explains how to monitor changes to your federation configuration with Azure AD. documentationcenter: ''
active-directory How To Connect Password Hash Synchronization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md
Title: Implement password hash synchronization with Azure AD Connect sync | Microsoft Docs
+ Title: Implement password hash synchronization with Azure AD Connect sync
description: Provides information about how password hash synchronization works and how to set up. documentationcenter: ''
active-directory How To Connect Post Installation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-post-installation.md
Title: 'Azure AD Connect: Next steps and how to manage Azure AD Connect | Microsoft Docs'
+ Title: 'Azure AD Connect: Next steps and how to manage Azure AD Connect'
description: Learn how to extend the default configuration and operational tasks for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Preview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-preview.md
Title: 'Azure AD Connect: Features in preview | Microsoft Docs'
+ Title: 'Azure AD Connect: Features in preview'
description: This topic describes in more detail features which are in preview in Azure AD Connect. documentationcenter: ''
active-directory How To Connect Pta Current Limitations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-current-limitations.md
Title: 'Azure AD Connect: Pass-through Authentication - Current limitations | Microsoft Docs'
+ Title: 'Azure AD Connect: Pass-through Authentication - Current limitations'
description: This article describes the current limitations of Azure Active Directory (Azure AD) Pass-through Authentication keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Pta Disable Do Not Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-disable-do-not-configure.md
Title: 'Disable pass-through authentication by using Azure AD Connect or PowerShell | Microsoft Docs'
+ Title: 'Disable pass-through authentication by using Azure AD Connect or PowerShell'
description: This article describes how to disable pass-through authentication by using the Azure AD Connect Do Not Configure feature or by using PowerShell.
active-directory How To Connect Pta How It Works https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-how-it-works.md
Title: 'Azure AD Connect: Pass-through Authentication - How it works | Microsoft Docs'
+ Title: 'Azure AD Connect: Pass-through Authentication - How it works'
description: This article describes how Azure Active Directory Pass-through Authentication works keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Pta Quick Start https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-quick-start.md
Title: 'Azure AD Pass-through Authentication - Quickstart | Microsoft Docs'
+ Title: 'Azure AD Pass-through Authentication - Quickstart'
description: This article describes how to get started with Azure Active Directory (Azure AD) Pass-through Authentication. keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Pta Upgrade Preview Authentication Agents https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-upgrade-preview-authentication-agents.md
Title: Azure AD Connect - Pass-through Authentication - Upgrade auth agents | Microsoft Docs
+ Title: Azure AD Connect - Pass-through Authentication - Upgrade auth agents
description: This article describes how to upgrade your Azure Active Directory (Azure AD) Pass-through Authentication configuration. keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Pta User Privacy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-user-privacy.md
Title: User Privacy and Azure Active Directory Pass-through Authentication | Microsoft Docs
+ Title: User Privacy and Azure Active Directory Pass-through Authentication
description: This article deals with Azure Active Directory (Azure AD) Pass-through Authentication and GDPR compliance. keywords: Azure AD Connect Pass-through Authentication, GDPR, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Pta https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta.md
Title: 'Azure AD Connect: Pass-through Authentication | Microsoft Docs'
+ Title: 'Azure AD Connect: Pass-through Authentication'
description: This article describes Azure Active Directory (Azure AD) Pass-through Authentication and how it allows Azure AD sign-ins by validating users' passwords against on-premises Active Directory. keywords: what is Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Sso How It Works https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso-how-it-works.md
Title: 'Azure AD Connect: Seamless Single Sign-On - How it works | Microsoft Docs'
+ Title: 'Azure AD Connect: Seamless Single Sign-On - How it works'
description: This article describes how the Azure Active Directory Seamless Single Sign-On feature works. keywords: what is Azure AD Connect, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Sso User Privacy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso-user-privacy.md
Title: 'User Privacy and Azure AD Seamless Single Sign-On | Microsoft Docs'
+ Title: 'User Privacy and Azure AD Seamless Single Sign-On'
description: This article deals with Azure Active Directory (Azure AD) Seamless SSO and GDPR compliance. keywords: what is Azure AD Connect, GDPR, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso.md
Title: 'Azure AD Connect: Seamless single sign-on | Microsoft Docs'
+ Title: 'Azure AD Connect: Seamless single sign-on'
description: This topic describes Azure Active Directory (Azure AD) Seamless single sign-on and how it allows you to provide true single sign-on for corporate desktop users inside your corporate network. keywords: what is Azure AD Connect, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory How To Connect Staged Rollout https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-staged-rollout.md
Title: 'Azure AD Connect: Cloud authentication via Staged Rollout | Microsoft Docs'
+ Title: 'Azure AD Connect: Cloud authentication via Staged Rollout'
description: This article explains how to migrate from federated authentication, to cloud authentication, by using a Staged Rollout.
active-directory How To Connect Sync Best Practices Changing Default Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-best-practices-changing-default-configuration.md
Title: 'Azure AD Connect sync: Changing the default configuration | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Changing the default configuration'
description: Provides best practices for changing the default configuration of Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Sync Change Addsacct Pass https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-change-addsacct-pass.md
Title: 'Azure AD Connect sync: Changing the AD DS account password | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Changing the AD DS account password'
description: This topic document describes how to update Azure AD Connect after the password of the AD DS account is changed. keywords: AD DS account, Active Directory account, password
active-directory How To Connect Sync Change Serviceacct Pass https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-change-serviceacct-pass.md
Title: 'Azure AD Connect sync: Changing the ADSync service account | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Changing the ADSync service account'
description: This topic document describes the encryption key and how to abandon it after the password is changed. keywords: Azure AD sync service account, password
active-directory How To Connect Sync Configure Filtering https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md
Title: 'Azure AD Connect sync: Configure filtering | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Configure filtering'
description: Explains how to configure filtering in Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Sync Endpoint Api V2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-endpoint-api-v2.md
Title: 'Azure AD Connect sync V2 endpoint | Microsoft Docs'
+ Title: 'Azure AD Connect sync V2 endpoint'
description: This document covers updates to the Azure AD connect sync v2 endpoints API.
active-directory How To Connect Sync Feature Directory Extensions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions.md
Title: 'Azure AD Connect sync: Directory extensions | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Directory extensions'
description: This topic describes the directory extensions feature in Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Feature Prevent Accidental Deletes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-prevent-accidental-deletes.md
Title: 'Azure AD Connect sync: Prevent accidental deletes | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Prevent accidental deletes'
description: This topic describes how to prevent accidental deletes in Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Feature Scheduler https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-scheduler.md
Title: 'Azure AD Connect sync: Scheduler | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Scheduler'
description: This topic describes the built-in scheduler feature in Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Sync Recycle Bin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-recycle-bin.md
Title: 'Azure AD Connect sync: Enable AD recycle bin | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Enable AD recycle bin'
description: This topic recommends the use of AD Recycle Bin feature with Azure AD Connect. keywords: AD Recycle Bin, accidental deletion, source anchor
active-directory How To Connect Sync Service Manager Ui Connectors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-connectors.md
Title: Connectors in the Azure AD Synchronization Service Manager UI | Microsoft Docs'
+ Title: Connectors in the Azure AD Synchronization Service Manager UI'
description: Understand the Connectors tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Service Manager Ui Mvdesigner https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-mvdesigner.md
Title: Azure AD Connect MV Designer | Microsoft Docs'
+ Title: Azure AD Connect MV Designer'
description: Understand the Metaverse Designer tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Service Manager Ui Operations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-operations.md
Title: 'Azure AD Connect Synchronization Service Manager Operations | Microsoft Docs'
+ Title: 'Azure AD Connect Synchronization Service Manager Operations'
description: Understand the Operations tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Service Manager Ui https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui.md
Title: 'Azure AD Connect sync: Synchronization Service Manager UI | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Synchronization Service Manager UI'
description: Understand Synchronization Service Manager for Azure AD Connect. documentationcenter: ''
active-directory How To Connect Sync Staging Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-staging-server.md
Title: 'Azure AD Connect sync: Operational tasks and considerations | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Operational tasks and considerations'
description: This topic describes operational tasks for Azure AD Connect sync and how to prepare for operating this component. documentationcenter: ''
active-directory How To Connect Sync Technical Concepts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-technical-concepts.md
Title: 'Azure AD Connect sync: Technical concepts | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Technical concepts'
description: Explains the technical concepts of Azure AD Connect sync. documentationcenter: ''
active-directory How To Connect Sync Whatis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-whatis.md
Title: 'Azure AD Connect sync: Understand and customize synchronization | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Understand and customize synchronization'
description: Explains how Azure AD Connect sync works and how to customize. documentationcenter: ''
active-directory How To Connect Syncservice Duplicate Attribute Resiliency https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency.md
Title: Identity synchronization and duplicate attribute resiliency | Microsoft Docs
+ Title: Identity synchronization and duplicate attribute resiliency
description: New behavior of how to handle objects with UPN or ProxyAddress conflicts during directory sync using Azure AD Connect. documentationcenter: ''
active-directory How To Connect Syncservice Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-features.md
Title: Azure AD Connect sync service features and configuration | Microsoft Docs
+ Title: Azure AD Connect sync service features and configuration
description: Describes service side features for Azure AD Connect sync service. documentationcenter: ''
active-directory How To Connect Syncservice Shadow Attributes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-shadow-attributes.md
Title: Azure AD Connect sync service shadow attributes | Microsoft Docs
+ Title: Azure AD Connect sync service shadow attributes
description: Describes how shadow attributes work in Azure AD Connect sync service.
active-directory How To Upgrade Previous Version https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-upgrade-previous-version.md
Title: 'Azure AD Connect: Upgrade from a previous version | Microsoft Docs'
+ Title: 'Azure AD Connect: Upgrade from a previous version'
description: Explains the different methods to upgrade to the latest release of Azure Active Directory Connect, including an in-place upgrade and a swing migration. documentationcenter: ''
active-directory Plan Connect Design Concepts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-design-concepts.md
Title: 'Azure AD Connect: Design concepts | Microsoft Docs'
+ Title: 'Azure AD Connect: Design concepts'
description: This topic details certain implementation design areas documentationcenter: ''
active-directory Plan Connect Topologies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-topologies.md
Title: 'Azure AD Connect: Supported topologies | Microsoft Docs'
+ Title: 'Azure AD Connect: Supported topologies'
description: This topic details supported and unsupported topologies for Azure AD Connect documentationcenter: ''
active-directory Plan Connect User Signin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-user-signin.md
Title: 'Azure AD Connect: User sign-in | Microsoft Docs'
+ Title: 'Azure AD Connect: User sign-in'
description: Azure AD Connect user sign-in for custom settings. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Accesscontrol Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-accesscontrol-requirements.md
Title: Hybrid identity design access control requirements Azure | Microsoft Docs
+ Title: Hybrid identity design access control requirements Azure
description: Covers the pillars of identity, and identifying access requirements for resources for users in a hybrid environment. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Business Needs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-business-needs.md
Title: Identity requirements for hybrid cloud identity design Azure | Microsoft Docs
+ Title: Identity requirements for hybrid cloud identity design Azure
description: Identify the companyΓÇÖs business needs that will lead you to define the requirements for the hybrid identity design. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Contentmgt Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-contentmgt-requirements.md
Title: Hybrid identity design - content management requirements Azure | Microsoft Docs
+ Title: Hybrid identity design - content management requirements Azure
description: Provides insight into how to determine the content management requirements of your business. Usually when a user has their own device, they might also have multiple credentials that will be alternating according to the application that they use. It is important to differentiate what content was created using personal credentials versus the ones created using corporate credentials. Your identity solution should be able to interact with cloud services to provide a seamless experience to the end user while ensure their privacy and increase the protection against data leakage. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Data Protection Strategy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-data-protection-strategy.md
Title: Hybrid identity design - data protection strategy Azure | Microsoft Docs
+ Title: Hybrid identity design - data protection strategy Azure
description: You define the data protection strategy for your hybrid identity solution to meet the business requirements that you defined. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Dataprotection Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-dataprotection-requirements.md
Title: Hybrid identity design - data protection requirements Azure | Microsoft Docs
+ Title: Hybrid identity design - data protection requirements Azure
description: When planning your hybrid identity solution, identify the data protection requirements for your business and which options are available to best fulfill these requirements. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Directory Sync Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-directory-sync-requirements.md
Title: Hybrid identity design - directory sync requirements Azure | Microsoft Docs
+ Title: Hybrid identity design - directory sync requirements Azure
description: Identify what requirements are needed for synchronizing all the users between on=premises and cloud for the enterprise. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Hybrid Id Management Tasks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-hybrid-id-management-tasks.md
Title: Hybrid identity design - management tasks Azure | Microsoft Docs
+ Title: Hybrid identity design - management tasks Azure
description: Azure AD checks the specific conditions you pick when authenticating the user and before allowing access to the application with Conditional Access control. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Identity Adoption Strategy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-identity-adoption-strategy.md
Title: Hybrid identity design - adoption strategy Azure | Microsoft Docs
+ Title: Hybrid identity design - adoption strategy Azure
description: With Conditional Access control, Azure AD checks the specific conditions you pick when authenticating the user and before allowing access to the application. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Incident Response Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-incident-response-requirements.md
Title: Hybrid identity design - incident response requirements Azure | Microsoft Docs
+ Title: Hybrid identity design - incident response requirements Azure
description: Determine monitoring and reporting capabilities for the hybrid identity solution that can be leveraged by IT to take actions to identify and mitigate a potential threat. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Lifecycle Adoption Strategy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-lifecycle-adoption-strategy.md
Title: Hybrid identity design - lifecycle adoption strategy Azure | Microsoft Docs
+ Title: Hybrid identity design - lifecycle adoption strategy Azure
description: Helps define the hybrid identity management tasks according to the options available for each lifecycle phase. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Multifactor Auth Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-multifactor-auth-requirements.md
Title: Hybrid identity design - multi-factor authentication requirements Azure | Microsoft Docs
+ Title: Hybrid identity design - multi-factor authentication requirements Azure
description: With Conditional Access control, Azure AD verifies the specific conditions you pick when authenticating the user and before allowing access to the application. documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-overview.md
Title: Azure Active Directory hybrid identity design considerations - overview | Microsoft Docs
+ Title: Azure Active Directory hybrid identity design considerations - overview
description: Overview and content map of Hybrid Identity design considerations guide documentationcenter: ''
active-directory Plan Hybrid Identity Design Considerations Tools Comparison https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-tools-comparison.md
Title: 'Hybrid Identity: Directory integration tools comparison | Microsoft Docs'
+ Title: 'Hybrid Identity: Directory integration tools comparison'
description: This is page provides a comprehensive table that compares the various directory integration tools that can be used for directory integration. documentationcenter: ''
active-directory Reference Connect Adconnectivitytools https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adconnectivitytools.md
Title: 'Azure AD Connect: ADConnectivityTools PowerShell Reference | Microsoft Docs'
+ Title: 'Azure AD Connect: ADConnectivityTools PowerShell Reference'
description: This document provides reference information for the ADConnectivityTools.psm1 PowerShell module.
active-directory Reference Connect Adsync https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsync.md
Title: 'Azure AD Connect: ADSync PowerShell Reference | Microsoft Docs'
+ Title: 'Azure AD Connect: ADSync PowerShell Reference'
description: This document provides reference information for the ADSync.psm1 PowerShell module.
active-directory Reference Connect Adsyncconfig https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsyncconfig.md
Title: 'Azure AD Connect: ADSyncConfig PowerShell Reference | Microsoft Docs'
+ Title: 'Azure AD Connect: ADSyncConfig PowerShell Reference'
description: This document provides reference information for the ADSyncConfig.psm1 PowerShell module.
active-directory Reference Connect Adsynctools https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsynctools.md
Title: 'Azure AD Connect: ADSyncTools PowerShell Reference | Microsoft Docs'
+ Title: 'Azure AD Connect: ADSyncTools PowerShell Reference'
description: This document provides reference information for the ADSyncTools.psm1 PowerShell module.
active-directory Reference Connect Dirsync Deprecated https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-dirsync-deprecated.md
Title: Upgrade from DirSync and Azure AD Sync | Microsoft Docs
+ Title: Upgrade from DirSync and Azure AD Sync
description: Describes how to upgrade from DirSync and Azure AD Sync to Azure AD Connect. documentationcenter: ''
active-directory Reference Connect Instances https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-instances.md
Title: 'Azure AD Connect: Sync service instances | Microsoft Docs'
+ Title: 'Azure AD Connect: Sync service instances'
description: This page documents special considerations for Azure AD instances. documentationcenter: ''
active-directory Reference Connect Msexchuserholdpolicies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-msexchuserholdpolicies.md
Title: 'Azure AD Connect: msExchUserHoldPolicies and cloudMsExchUserHoldPolicies | Microsoft Docs'
+ Title: 'Azure AD Connect: msExchUserHoldPolicies and cloudMsExchUserHoldPolicies'
description: This topic describes attribute behavior of the msExchUserHoldPolicies and cloudMsExchUserHoldPolicies attributes documentationcenter: ''
active-directory Reference Connect Ports https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-ports.md
Title: 'Hybrid Identity required ports and protocols - Azure | Microsoft Docs'
+ Title: 'Hybrid Identity required ports and protocols - Azure'
description: This page is a technical reference page for ports that are required to be open for Azure AD Connect documentationcenter: ''
active-directory Reference Connect Pta Version History https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-pta-version-history.md
Title: 'Azure AD Pass-through Authentication: Version release history | Microsoft Docs'
+ Title: 'Azure AD Pass-through Authentication: Version release history'
description: This article lists all releases of the Azure AD Pass-through Authentication agent
active-directory Reference Connect Sync Attributes Synchronized https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-sync-attributes-synchronized.md
Title: 'Attributes synchronized by Azure AD Connect | Microsoft Docs'
+ Title: 'Attributes synchronized by Azure AD Connect'
description: Lists the attributes that are synchronized to Azure Active Directory. documentationcenter: ''
active-directory Reference Connect Sync Functions Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-sync-functions-reference.md
Title: 'Azure AD Connect sync: Functions Reference | Microsoft Docs'
+ Title: 'Azure AD Connect sync: Functions Reference'
description: Reference of declarative provisioning expressions in Azure AD Connect sync. documentationcenter: ''
active-directory Reference Connect User Privacy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-user-privacy.md
Title: 'Azure AD Connect and user privacy | Microsoft Docs'
+ Title: 'Azure AD Connect and user privacy'
description: This document describes how to obtain GDPR compliancy with Azure AD Connect. documentationcenter: ''
active-directory Reference Connect Version History Archive https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-version-history-archive.md
Title: 'Azure AD Connect: Version release history archive | Microsoft Docs'
+ Title: 'Azure AD Connect: Version release history archive'
description: This article lists all archived releases of Azure AD Connect and Azure AD Sync
active-directory Reference Connect Version History https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-version-history.md
Title: 'Azure AD Connect: Version release history | Microsoft Docs'
+ Title: 'Azure AD Connect: Version release history'
description: This article lists all releases of Azure AD Connect and Azure AD Sync. ms.assetid: ef2797d7-d440-4a9a-a648-db32ad137494
active-directory Tshoot Connect Attribute Not Syncing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-attribute-not-syncing.md
Title: Troubleshoot an attribute not synchronizing in Azure AD Connect | Microsoft Docs'
+ Title: Troubleshoot an attribute not synchronizing in Azure AD Connect'
description: This topic provides steps for how to troubleshoot issues with attribute synchronization using the troubleshooting task. documentationcenter: ''
active-directory Tshoot Connect Install Issues https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-install-issues.md
Title: Troubleshoot Azure AD Connect install issues | Microsoft Docs'
+ Title: Troubleshoot Azure AD Connect install issues'
description: This topic provides steps for how to troubleshoot issues with installing Azure AD Connect. documentationcenter: ''
active-directory Tshoot Connect Largeobjecterror Usercertificate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-largeobjecterror-usercertificate.md
Title: Azure AD Connect - LargeObject errors caused by userCertificate attribute | Microsoft Docs
+ Title: Azure AD Connect - LargeObject errors caused by userCertificate attribute
description: This topic provides the remediation steps for LargeObject errors caused by userCertificate attribute. documentationcenter: ''
active-directory Tshoot Connect Object Not Syncing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-object-not-syncing.md
Title: Troubleshoot an object that is not syncing with Azure Active Directory | Microsoft Docs'
+ Title: Troubleshoot an object that is not syncing with Azure Active Directory'
description: Troubleshoot an object that is not syncing with Azure Active Directory. documentationcenter: ''
active-directory Tshoot Connect Pass Through Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-pass-through-authentication.md
Title: 'Azure AD Connect: Troubleshoot Pass-through Authentication | Microsoft Docs'
+ Title: 'Azure AD Connect: Troubleshoot Pass-through Authentication'
description: This article describes how to troubleshoot Azure Active Directory (Azure AD) Pass-through Authentication. keywords: Troubleshoot Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on
active-directory Tshoot Connect Password Hash Synchronization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-password-hash-synchronization.md
Title: Troubleshoot password hash synchronization with Azure AD Connect sync | Microsoft Docs
+ Title: Troubleshoot password hash synchronization with Azure AD Connect sync
description: This article provides information about how to troubleshoot password hash synchronization problems. documentationcenter: ''
active-directory Tshoot Connect Recover From Localdb 10Gb Limit https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-recover-from-localdb-10gb-limit.md
Title: 'Azure AD Connect: How to recover from LocalDB 10GB limit issue | Microsoft Docs'
+ Title: 'Azure AD Connect: How to recover from LocalDB 10GB limit issue'
description: This topic describes how to recover Azure AD Connect Synchronization Service when it encounters LocalDB 10GB limit issue. documentationcenter: ''
active-directory Tshoot Connect Source Anchor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-source-anchor.md
Title: 'Azure AD Connect: Troubleshoot Source Anchor Issues during Installation | Microsoft Docs'
+ Title: 'Azure AD Connect: Troubleshoot Source Anchor Issues during Installation'
description: This topic provides steps for how to troubleshoot issues with the source anchor during installation.
active-directory Tshoot Connect Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-sso.md
Title: 'Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On | Microsoft Docs'
+ Title: 'Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On'
description: This topic describes how to troubleshoot Azure Active Directory Seamless Single Sign-On
active-directory Tshoot Connect Sync Errors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-sync-errors.md
Title: 'Azure AD Connect: Troubleshoot errors during synchronization | Microsoft Docs'
+ Title: 'Azure AD Connect: Troubleshoot errors during synchronization'
description: This article explains how to troubleshoot errors that occur during synchronization with Azure AD Connect. documentationcenter: ''
active-directory Tshoot Connect Tshoot Sql Connectivity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-tshoot-sql-connectivity.md
Title: 'Azure AD Connect: Troubleshoot SQL connectivity issues | Microsoft Docs'
+ Title: 'Azure AD Connect: Troubleshoot SQL connectivity issues'
description: Explains how to troubleshoot SQL connectivity issues that occur with Azure AD Connect. documentationcenter: ''
active-directory What Is Inter Directory Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/what-is-inter-directory-provisioning.md
Title: 'What is inter-directory provisioning with Azure Active Directory? | Microsoft Docs'
+ Title: 'What is inter-directory provisioning with Azure Active Directory?'
description: Describes overview of identity inter-directory provisioning.
active-directory Whatis Azure Ad Connect V2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-azure-ad-connect-v2.md
Title: 'What is Azure AD Connect v2.0? | Microsoft Docs'
+ Title: 'What is Azure AD Connect v2.0?'
description: Learn about the next version of Azure AD Connect.
active-directory Whatis Azure Ad Connect https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-azure-ad-connect.md
Title: 'What is Azure AD Connect and Connect Health. | Microsoft Docs'
+ Title: 'What is Azure AD Connect and Connect Health.'
description: Learn about the tools used to synchronize and monitor your on-premises environment with Azure AD.
active-directory Whatis Fed https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-fed.md
Title: 'What is federation with Azure AD? | Microsoft Docs'
+ Title: 'What is federation with Azure AD?'
description: Describes federation with Azure AD.
active-directory Whatis Phs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-phs.md
Title: 'What is password hash synchronization with Azure AD? | Microsoft Docs'
+ Title: 'What is password hash synchronization with Azure AD?'
description: Describes password hash synchronization.
active-directory Concept Identity Protection B2b https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/concept-identity-protection-b2b.md
Title: Identity Protection and B2B users - Azure Active Directory
+ Title: Identity Protection and B2B users
description: Using Identity Protection with B2B users
active-directory Concept Workload Identity Risk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/concept-workload-identity-risk.md
description: Workload identity risk in Azure Active Directory Identity Protectio
-+ Last updated 11/10/2022
-# Securing workload identities with Identity Protection
+# Securing workload identities
Azure AD Identity Protection has historically protected users in detecting, investigating, and remediating identity-based risks. We're now extending these capabilities to workload identities to protect applications and service principals.
active-directory Configure Authentication For Federated Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md
Previously updated : 01/02/2023 Last updated : 03/16/2023
For federated users with cloud-enabled credentials, such as SMS sign-in or FIDO
To configure HRD policy for an application in Azure AD, you need: - An Azure account with an active subscription. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+- One of the following roles: Global Administrator, or owner of the service principal.
+ ::: zone pivot="powershell-hrd" - The latest Azure AD PowerShell cmdlet preview. ::: zone-end
The following policy auto-accelerates users to a federated identity provider sig
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true}}") -DisplayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true}}") -DisplayName BasicAutoAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
``` ::: zone-end ::: zone pivot="graph-hrd"
-```json
+```http
+POST /policies/homeRealmDiscoveryPolicies
+ "HomeRealmDiscoveryPolicy": { "AccelerateToFederatedDomain": true }
The following policy auto-accelerates users to a federated identity provider sig
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true, `"PreferredDomain`":`"federated.example.edu`"}}") -DisplayName MultiDomainAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true, `"PreferredDomain`":`"federated.example.edu`"}}")
+ -DisplayName MultiDomainAutoAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
``` ::: zone-end ::: zone pivot="graph-hrd"
-```json
+```http
+POST /policies/homeRealmDiscoveryPolicies
+ "HomeRealmDiscoveryPolicy": { "AccelerateToFederatedDomain": true, "PreferredDomain": [
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFe
The following policy enables username/password authentication for federated users directly with Azure AD for specific applications: ++
+```powershell
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}")
+ -DisplayName EnableDirectAuthPolicy
+ -Type HomeRealmDiscoveryPolicy
+```
++ ::: zone pivot="graph-hrd"
-```json
+```http
+POST /policies/homeRealmDiscoveryPolicies
"EnableDirectAuthPolicy": { "AllowCloudPasswordValidation": true
The following policy enables username/password authentication for federated user
::: zone pivot="powershell-hrd"
-```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuthPolicy -Type HomeRealmDiscoveryPolicy
-```
- To see your new policy and get its **ObjectID**, run the following command: ```powershell
Get-AzureADServicePrincipal
After you have the **ObjectID** of the service principal of the application for which you want to configure auto-acceleration, run the following command. This command associates the HRD policy that you created in step 1 with the service principal that you located in step 2. ```powershell
-Add-AzureADServicePrincipalPolicy -Id <ObjectID of the Service Principal> -RefObjectId <ObjectId of the Policy>
+Add-AzureADServicePrincipalPolicy
+ -Id <ObjectID of the Service Principal>
+ -RefObjectId <ObjectId of the Policy>
``` You can repeat this command for each service principal to which you want to add the policy.
Use the previous example to get the **ObjectID** of the policy, and that of the
## Configuring policy through Graph Explorer
-Set the HRD policy using Microsoft Graph. See [homeRealmDiscoveryPolicy](/graph/api/resources/homeRealmDiscoveryPolicy?view=graph-rest-1.0&preserve-view=true) resource type for information on how to create the policy.
- From the Microsoft Graph explorer window:
-1. Grant consent to the *Policy.ReadWrite.ApplicationConfiguration* permission.
-1. Use the URL https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies
-1. POST the new policy to this URL, or PATCH to https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies/{policyID} if overwriting an existing one.
-1. POST or PATCH contents:
-
- ```json
- {
- "definition": [
- "{\"HomeRealmDiscoveryPolicy\":
- {\"AccelerateToFederatedDomain\":true,
- \"PreferredDomain\":\"federated.example.edu\",
- \"AlternateIdLogin\":{\"Enabled\":true}}}"
- ],
- "displayName": "Home Realm Discovery auto acceleration",
- "isOrganizationDefault": true
- }
+1. Sign in with one of the roles listed in the prerequisites section.
+1. Grant consent to the `Policy.ReadWrite.ApplicationConfiguration` permission.
+1. Use the [Home realm discovery policy](/graph/api/resources/homerealmdiscoverypolicy) to create a new policy.
+1. POST the new policy, or PATCH to update an existing policy.
+
+ ```http
+ PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ {
+ "definition": [
+ "{\"HomeRealmDiscoveryPolicy\":
+ {\"AccelerateToFederatedDomain\":true,
+ \"PreferredDomain\":\"federated.example.edu\",
+ \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ ],
+ "displayName": "Home Realm Discovery auto acceleration",
+ "isOrganizationDefault": true
+ }
```
-1. To see your new policy and get its ObjectID, run the following query:
+1. To view your new policy, run the following query:
```http
- GET https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies
+ GET /policies/homeRealmDiscoveryPolicies/{id}
``` 1. To delete the HRD policy you created, run the query: ```http
- DELETE https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies/{policy objectID}
+ DELETE /policies/homeRealmDiscoveryPolicies/{id}
``` ::: zone-end
active-directory Configure Permission Classifications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-permission-classifications.md
DELETE https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0
## Next steps - [Manage app consent policies](manage-app-consent-policies.md)-- [Permissions and consent in the Microsoft identity platform](../develop/v2-permissions-and-consent.md)
+- [Permissions and consent in the Microsoft identity platform](../develop/v2-permissions-and-consent.md)
active-directory Custom Security Attributes Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/custom-security-attributes-apps.md
Title: Manage custom security attributes for an application (Preview) - Azure Active Directory
+ Title: Manage custom security attributes for an application (Preview)
description: Assign, update, list, or remove custom security attributes for an application that has been registered with your Azure Active Directory (Azure AD) tenant.
active-directory Manage Application Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-application-permissions.md
Title: Review permissions granted to applications
-description: Learn how to review and manage permissions for an application in Azure Active Directory.
+description: Learn how to review and revoke permissions, and invalidate refresh tokens for an application in Azure Active Directory.
Previously updated : 11/22/2022 Last updated : 03/16/2023 zone_pivot_groups: enterprise-apps-all
# Review permissions granted to enterprise applications
-In this article, you'll learn how to review permissions granted to applications in your Azure Active Directory (Azure AD) tenant. You may need to review permissions when you've detected a malicious application or the application has been granted more permissions than is necessary.
+In this article, you learn how to review permissions granted to applications in your Azure Active Directory (Azure AD) tenant. You may need to review permissions when you've detected a malicious application or the application has been granted more permissions than is necessary. You learn how to revoke permissions granted to the application using Microsoft Graph API and existing versions of PowerShell.
-The steps in this article apply to all applications that were added to your Azure Active Directory (Azure AD) tenant via user or admin consent. For more information on consenting to applications, see [User and admin consent](user-admin-consent-overview.md).
+The steps in this article apply to all applications that were added to your Azure AD tenant via user or admin consent. For more information on consenting to applications, see [User and admin consent](user-admin-consent-overview.md).
## Prerequisites
Each option generates PowerShell scripts that enable you to control user access
:::zone pivot="aad-powershell"
-Using the following Azure AD PowerShell script revokes all permissions granted to an application.
+## Review and revoke permissions
+
+Use the following Azure AD PowerShell script to revoke all permissions granted to an application.
```powershell Connect-AzureAD -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All" "AppRoleAssignment.ReadWrite.All",
$assignments | ForEach-Object {
:::zone pivot="ms-powershell"
-Using the following Microsoft Graph PowerShell script revokes all permissions granted to an application.
+## Review and revoke permissions
+
+Use the following Microsoft Graph PowerShell script to revoke all permissions granted to an application.
```powershell Connect-MgGraph -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All", "AppRoleAssignment.ReadWrite.All"
$spApplicationPermissions = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrin
:::zone pivot = "ms-graph"
+## Review and revoke permissions
+ To review permissions, Sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section.
-You'll need to consent to the following permissions:
+You need to consent to the following permissions:
`Application.ReadWrite.All`, `Directory.ReadWrite.All`, `DelegatedPermissionGrant.ReadWrite.All`, `AppRoleAssignment.ReadWrite.All`.
active-directory Migrate Application Authentication To Azure Active Directory https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/migrate-application-authentication-to-azure-active-directory.md
Previously updated : 01/06/2023 Last updated : 03/15/2023
# Migrate application authentication to Azure Active Directory
-This article describes the benefits and how to plan for migrating your application authentication to Azure AD. It's intended for Azure administrators and identity professionals.
+This article describes the benefits and how to plan for migrating your application authentication to Azure AD. It's intended for technical project managers and identity professionals.
The process is broken into four phases, each with detailed planning and exit criteria, and designed to help you plan your migration strategy and understand how Azure AD authentication supports your organizational goals.
Your applications are likely using the following types of authentication:
- On-premises federation solutions (such as Active Directory Federation Services (ADFS) and Ping) - Active Directory (such as Kerberos Auth and Windows-Integrated Auth) - Other cloud-based identity and access management (IAM) solutions (such as Okta or Oracle)-- On-premises web infrastructure (such as IIS and Apache)-- Cloud-hosted infrastructure (such as Azure and AWS)
+- Header based authentication
To ensure that the users can easily and securely access applications, your goal is to have a single set of access controls and policies across your on-premises and cloud environments.
-[Azure Active Directory (Azure AD)](../fundamentals/active-directory-whatis.md) offers a universal identity platform that provides your people, partners, and customers a single identity to access the applications they want and collaborate from any platform and device.
+[Azure Active Directory (Azure AD)](../fundamentals/active-directory-whatis.md) offers a universal identity platform that provides your employees, partners, and customers a single identity to access the applications they want and collaborate from any platform and device.
-![A diagram of Azure AD connectivity.](media/migrating-application-authentication-to-azure-active-directory-1.jpg)
+![A diagram of Azure AD connectivity.](media/migrate-apps-to-azure-ad/azure-ad-connectivity.png)
Azure AD has a [full suite of identity management capabilities](../fundamentals/active-directory-whatis.md#which-features-work-in-azure-ad). Standardizing your app authentication and authorization to Azure AD gets you the benefits that these capabilities provide.
You can find more migration resources at [https://aka.ms/migrateapps](./migratio
## Benefits of migrating app authentication to Azure AD
-Moving app authentication to Azure AD will help you manage risk and cost, increase productivity, and address compliance and governance requirements.
+Moving app authentication to Azure AD helps you manage risk and cost, increase productivity, and address compliance and governance requirements.
### Manage risk
Safeguarding your apps requires that you have a full view of all the risk factor
Your organization may have multiple Identity Access Management (IAM) solutions in place. Migrating to one Azure AD infrastructure is an opportunity to reduce dependencies on IAM licenses (on-premises or in the cloud) and infrastructure costs. In cases where you may have already paid for Azure AD via Microsoft 365 licenses, there's no reason to pay the added cost of another IAM solution.
-With Azure AD, you can reduce infrastructure costs by:
--- Providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md).-- Decoupling apps from the on-premises credential approach in your tenant by [setting up Azure AD as the trusted universal identity provider](../hybrid/plan-connect-user-signin.md#choosing-the-user-sign-in-method-for-your-organization).
+With Azure AD, you can reduce infrastructure costs by providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md).
### Increase productivity
Economics and security benefits drive organizations to adopt Azure AD, but full
- Use self-service IAM capabilities, such as [Self-Service Password Resets](../authentication/concept-sspr-howitworks.md) and [SelfService Group Management](../enterprise-users/groups-self-service-management.md). - Reduce administrative overhead by managing only a single identity for each user across cloud and on-premises environments:
+ - Faster onboarding of new applications from the Azure AD app gallery.
+ - [Automate provisioning](../app-provisioning/user-provisioning.md) of user accounts (in [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps))based on Azure AD identities+ - Access all your apps from MyApps panel in the [Azure portal](https://portal.azure.com/) -- Enable developers to secure access to their apps and improve the end-user experience by using the [Microsoft Identity Platform](../develop/v2-overview.md) with the Microsoft Authentication Library (MSAL).
+ - Using Azure AD Lifecycle workflows automate onboarding or offboarding, which was previously done with scripts.
+ - Empower your partners with access to cloud resources using [Azure AD B2B collaboration](../external-identities/what-is-b2b.md). Cloud resources remove the overhead of configuring point-to-point federation with your partners. ### Address compliance and governance
When technology projects fail, it's often due to mismatched expectations, the ri
Before we get into the tools, you should understand how to think through the migration process. Through several direct-to-customer workshops, we recommend the following four phases:
-![A diagram of the phases of migration](media/migrating-application-authentication-to-azure-active-directory-2.jpg)
+![A diagram of the phases of migration](media/migrate-apps-to-azure-ad/phases-of-migration.png)
### Assemble the project team
The following table includes the key roles and their contributions:
| **Identity Architect / Azure AD App Administrator** | They're responsible for the following:<br /> - design the solution in cooperation with stakeholders<br /> - document the solution design and operational procedures for handoff to the operations team<br /> - manage the pre-production and production environments | | **On premises AD operations team** | The organization that manages the different on-premises identity sources such as AD forests, LDAP directories, HR systems etc.<br /> - perform any remediation tasks needed before synchronizing<br /> - Provide the service accounts required for synchronization<br /> - provide access to configure federation to Azure AD | | **IT Support Manager** | A representative from the IT support organization who can provide input on the supportability of this change from a helpdesk perspective. |
-| **Security Owner** | A representative from the security team that can ensure that the plan will meet the security requirements of your organization. |
-| **Application technical owners** | Includes technical owners of the apps and services that will integrate with Azure AD. They provide the applicationsΓÇÖ identity attributes that should include in the synchronization process. They usually have a relationship with CSV representatives. |
+| **Security Owner** | A representative from the security team that can ensure that the plan meets the security requirements of your organization. |
+| **Application technical owners** | Includes technical owners of the apps and services that integrate with Azure AD. They provide the applicationsΓÇÖ identity attributes that should include in the synchronization process. They usually have a relationship with CSV representatives. |
| **Application business Owners** | Representative colleagues who can provide input on the user experience and usefulness of this change from a userΓÇÖs perspective and owns the overall business aspect of the application, which may include managing access. |
-| **Pilot group of users** | Users who will test as a part of their daily work, the pilot experience, and provide feedback to guide the rest of the deployments. |
+| **Pilot group of users** | Users who test as a part of their daily work, the pilot experience, and provide feedback to guide the rest of the deployments. |
### Plan communications
Effective business engagement and communication are the keys to success. It's im
Based on the communication strategy that you have chosen for the app you may want to remind users of the pending downtime. You should also verify that there are no recent changes or business impacts that would require to postpone the deployment.
-In the following table you'll find the minimum suggested communication to keep your stakeholders informed:
+In the following table you find the minimum suggested communication to keep your stakeholders informed:
#### Plan phases and project strategy
In the following table you'll find the minimum suggested communication to keep y
| Communication | Audience | | | - | | - Outcome of application migration testing | - App technical owners<br />- App business owners |
-| - Notification that migration is coming and explanation of resultant end-user experiences.<br />- Downtime coming and complete communications, including what they should now do, feedback, and how to get help | - End users (and all others) |
+| - Notification that migration is coming and explanation of resultant <br/>end-user experiences.<br />- Downtime coming and complete communications, including what<br/> they should now do, feedback, and how to get help | - End users (and all others) |
**Phase 4 ΓÇô Manage and gain insights**:
In the following table you'll find the minimum suggested communication to keep y
| | - | | Available analytics and how to access | - App technical owners<br />- App business owners |
+There are two main categories of users of your apps and resources that Azure AD supports.
+ ### Migration states communication dashboard Communicating the overall state of the migration project is crucial, as it shows progress, and helps app owners whose apps are coming up for migration to prepare for the move. You can put together a simple dashboard using Power BI or other reporting tools to provide visibility into the status of applications during the migration.
The migration states you might consider using are as follows:
| **Production Configuration Successful** | Change the configurations to work against the production AD tenant and assess the app authentication in the test environment | | **Complete / Sign Off** | Deploy the changes for the app to the production environment and execute against the production Azure AD tenant |
-This will ensure app owners know what the app migration and testing schedule are when their apps are up for migration, and what the results are from other apps that have already been migrated. You might also consider providing links to your bug tracker database for owners to be able to file and view issues for apps that are being migrated.
+This ensures app owners know what the app migration and testing schedule are when their apps are up for migration, and what the results are from other apps that have already been migrated. You might also consider providing links to your bug tracker database for owners to be able to file and view issues for apps that are being migrated.
### Best practices
The following are our customer and partnerΓÇÖs success stories, and suggested be
### Find your apps
-The first decision point in an application migration is which apps to migrate, which if any should remain, and which apps to deprecate. There is always an opportunity to deprecate the apps that you will not use in your organization. There are several ways to find apps in your organization. While discovering apps, ensure you are including in-development and planned apps. Use Azure AD for authentication in all future apps.
+The first decision point in an application migration is which apps to migrate, which if any should remain, and which apps to deprecate. There is always an opportunity to deprecate the apps that you won't use in your organization. There are several ways to find apps in your organization. While discovering apps, ensure you include in-development and planned apps. Use Azure AD for authentication in all future apps.
-Using Active Directory Federation Services (AD FS) To gather a correct app inventory:
+Using Active Directory Federation Services (AD FS) to gather a correct app inventory:
-- **Use Azure AD Connect Health.** If you have an Azure AD Premium license, we recommend deploying [Azure AD Connect Health](../hybrid/how-to-connect-health-adfs.md) to analyze the app usage in your on premises environment. You can use the [ADFS application report](./migrate-adfs-application-activity.md) (preview) to discover ADFS applications that can be migrated and evaluate the readiness of the application to be migrated. After completing your migration, deploy [Cloud Discovery](/cloud-app-security/set-up-cloud-discovery) that allows you to continuously monitor Shadow IT in your organization once youΓÇÖre in the cloud.
+- **Use Azure AD Connect Health.** If you have an Azure AD Premium license, we recommend deploying [Azure AD Connect Health](../hybrid/how-to-connect-health-adfs.md) to analyze the app usage in your on-premises environment. You can use the [ADFS application report](./migrate-adfs-application-activity.md) to discover ADFS applications that can be migrated and evaluate the readiness of the application to be migrated. After completing your migration, deploy [Cloud Discovery](/cloud-app-security/set-up-cloud-discovery) that allows you to continuously monitor Shadow IT in your organization once youΓÇÖre in the cloud.
-- **AD FS log parsing**. If you donΓÇÖt have Azure AD Premium licenses, we recommend using the ADFS to Azure AD app migration tools based on [PowerShell.](https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration). Refer to [Solution guide](./migrate-adfs-apps-to-azure.md):
+- **Use ADFS to Azure AD app migration tool**: If you donΓÇÖt have Azure AD Premium licenses, we recommend using the ADFS to Azure AD app migration tools based on [PowerShell](https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration). Refer to [solution guide](./migrate-adfs-apps-to-azure.md):
-[Migrating apps from Active Directory Federation Services (AD FS) to Azure AD.](./migrate-adfs-apps-to-azure.md)
+- **AD FS log parsing**. Parse the log files from your authentication servers to identify which apps are being used in your environment, and what their typical access patterns and access volumes are.
### Using other identity providers (IdPs)
-For other identity providers (such as Okta or Ping), you can use their tools to export the application inventory. You may consider looking at service principles registered on Active Directory that correspond to the web apps in your organization.
+For other identity providers (such as Okta or Ping), you can use their tools to export the application inventory.
### Using cloud discovery tools
In the cloud environment, you need rich visibility, control over data travel, an
- Use the [Get-AzureWebsite](/powershell/module/servicemanagement/azure.service/get-azurewebsite) cmdlet to get information about Azure websites. - Use the [Get-AzureRMWebApp](/powershell/module/azurerm.websites/get-azurermwebapp) cmdlet to get information about your Azure Web Apps.D - You can find all the apps running on Microsoft IIS from the Windows command line using [AppCmd.exe](/iis/get-started/getting-started-with-iis/getting-started-with-appcmdexe#working-with-sites-applications-virtual-directories-and-application-pools).
- - Use [Applications](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#application-entity) and [Service Principals](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#serviceprincipal-entity) to get you information on an app and app instance in a directory in Azure AD.
+ - Use [Applications](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#application-entity) and [Service Principals](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#serviceprincipal-entity) to get your information on web apps and app instance in a directory in Azure AD.
### Using manual processes
-Once you have taken the automated approaches described above, you will have a good handle on your applications. However, you might consider doing the following to ensure you have good coverage across all user access areas:
+Once you have taken the automated approaches described in this article, you have a good handle on your applications. However, you might consider doing the following to ensure you have good coverage across all user access areas:
- Contact the various business owners in your organization to find the applications in use in your organization. - Run an HTTP inspection tool on your proxy server, or analyze proxy logs, to see where traffic is commonly routed.
Once you have taken the automated approaches described above, you will have a go
### Type of apps to migrate
-Once you find your apps, you will identify these types of apps in your organization:
+Once you find your apps, you identify these types of apps in your organization:
-- Apps that use modern authentication protocols already-- Apps that use legacy authentication protocols that you choose to modernize-- Apps that use legacy authentication protocols that you choose NOT to modernize-- New Line of Business (LoB) apps
+- Apps that use modern authentication protocols such as [Security Assertion Markup Language (SAML)](../fundamentals/auth-saml.md) and [OpenID Connect (OIDC)](../fundamentals/auth-oidc.md) already
+- Apps that use legacy authentication such as [Kerberos](https://techcommunity.microsoft.com/t5/itops-talk-blog/deep-dive-how-azure-ad-kerberos-works/ba-p/3070889), [Header-based](application-proxy-configure-single-sign-on-with-headers.md), or NT LAN Manager (NTLM) protocols that you choose to modernize
+- Apps that use legacy authentication protocols that you choose NOT to modernize
### Apps that use modern authentication already
-The already modernized apps are the most likely to be moved to Azure AD. These apps already use modern authentication protocols (such as SAML or OpenID Connect) and can be reconfigured to authenticate with Azure AD.
+The already modernized apps are the most likely to be moved to Azure AD. These apps already use modern authentication protocols such as SAML or OIDC and can be reconfigured to authenticate with Azure AD.
-In addition to the choices in the [Azure AD app gallery,](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) these could be apps that already exist in your organization or any third-party apps from a vendor who is not a part of the Azure AD gallery ([non-gallery applications)](./add-application-portal.md).
+We recommend you search and add applications from the [Azure AD app gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps). If you donΓÇÖt find them in the gallery, you can still add custom SAML or OIDC apps to Azure AD.
### Legacy apps that you choose to modernize For legacy apps that you want to modernize, moving to Azure AD for core authentication and authorization unlocks all the power and data-richness that the [Microsoft Graph](https://developer.microsoft.com/graph/gallery/?filterBy=Samples,SDKs) and [Intelligent Security Graph](https://www.microsoft.com/security/operations/intelligence?rtc=1) have to offer.
-We recommend updating the authentication stack code for these applications from the legacy protocol (such as Windows-Integrated Authentication, Kerberos Constrained Delegation, HTTP Headers-based authentication) to a modern protocol (such as SAML or OpenID Connect).
+We recommend updating the authentication stack code for these applications from the legacy protocol (such as Windows-Integrated Authentication, Kerberos, HTTP Headers-based authentication) to a modern protocol (such as SAML or OpenID Connect).
### Legacy apps that you choose NOT to modernize
For certain apps using legacy authentication protocols, sometimes modernizing th
Azure AD can bring great benefits to these legacy apps, as you can enable modern Azure AD security and governance features like [Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md), [Conditional Access](../conditional-access/overview.md), [Identity Protection](../identity-protection/index.yml), [Delegated Application Access](./access-panel-manage-self-service-access.md), and [Access Reviews](../governance/manage-user-access-with-access-reviews.md#create-and-perform-an-access-review) against these apps without touching the app at all!
-Start by **extending these apps into the cloud** with Azure AD [Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-password-vaulting.md) using simple means of authentication (like Password Vaulting) to get your users migrated quickly, or via our [partner integrations](https://azure.microsoft.com/services/active-directory/sso/secure-hybrid-access/) with application delivery controllers you might have deployed already.
+Start by extending these apps into the cloud through our [Secure Hybrid Access (SHA) partner integrations](secure-hybrid-access.md) with application delivery controllers that you might have deployed already.
### New Line of Business (LoB) apps
You are successful in this phase with:
- What systems those apps connect to - From where and on what devices users access them
- - Whether they will be migrated, deprecated, or connected with [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md).
+ - Whether they'll be migrated, deprecated, or connected with [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md).
> [!NOTE]
-> You can download the [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) to record the applications that you want to migrate to Azure AD authentication, and those you want to leave but manage by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md).
+> You can download the [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) to record the applications that you want to migrate to Azure AD authentication.
## Phase 2: Classify apps and plan pilot
One way to think about this is along the axes of business criticality, usage, an
### Business criticality
-Business criticality will take on different dimensions for each business, but the two measures that you should consider are **features and functionality** and **user profiles**. Assign apps with unique functionality a higher point value than those with redundant or obsolete functionality.
+Business criticality takes on different dimensions for each business, but the two measures that you should consider are **features and functionality** and **user profiles**. Assign apps with unique functionality a higher point value than those with redundant or obsolete functionality.
-![A diagram of the spectrums of Features & Functionality and User Profiles](media/migrating-application-authentication-to-azure-active-directory-3.jpg)
+![A diagram of the spectrums of features & functionality and user profiles](media/migrate-apps-to-azure-ad/functionality-user-profile.png)
### Usage Applications with **high usage numbers** should receive a higher value than apps with low usage. Assign a higher value to apps with external, executive, or security team users. For each app in your migration portfolio, complete these assessments.
-![A diagram of the spectrums of User Volume and User Breadth](media/migrating-application-authentication-to-azure-active-directory-4.jpg)
+![A diagram of the spectrums of User Volume and User Breadth](media/migrate-apps-to-azure-ad/user-volume-breadth.png)
Once you have determined values for business criticality and usage, you can then determine the **application lifespan**, and create a matrix of priority. See one such matrix below:
-![A triangle diagram showing the relationships between Usage, Expected Lifespan, and Business Criticality](media/migrating-application-authentication-to-azure-active-directory5.jpg)
-
+![A triangle diagram showing the relationships between Usage, Expected Lifespan, and Business Criticality](media/migrate-apps-to-azure-ad/triangular-diagram-showing-relationship.png)
### Prioritize apps for migration You can choose to begin the app migration with either the lowest priority apps or the highest priority apps based on your organizationΓÇÖs needs.
-In a scenario where you may not have experience using Azure AD and Identity services, consider moving your **lowest priority apps** to Azure AD first. This will minimize your business impact, and you can build momentum. Once you have successfully moved these apps and have gained the stakeholderΓÇÖs confidence, you can continue to migrate the other apps.
+In a scenario where you may not have experience using Azure AD and Identity services, consider moving your **lowest priority apps** to Azure AD first. This minimizes your business impact, and you can build momentum. Once you have successfully moved these apps and have gained the stakeholderΓÇÖs confidence, you can continue to migrate the other apps.
-If there is no clear priority, you should consider moving the apps that are in the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) first and support multiple identity providers (ADFS or Okta) because they are easier to integrate. It is likely that these apps are the **highest-priority apps** in your organization. To help integrate your SaaS applications with Azure AD, we have developed a collection of [tutorials](../saas-apps/tutorial-list.md) that walk you through configuration.
+If there is no clear priority, you should consider moving the apps that are in the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) first and support multiple identity providers because they are easier to integrate. It is likely that these apps are the **highest-priority apps** in your organization. To help integrate your SaaS applications with Azure AD, we have developed a collection of [tutorials](../saas-apps/tutorial-list.md) that walk you through configuration.
-When you have a deadline to migrate the apps, these highest priority apps bucket will take the major workload. You can eventually select the lower priority apps as they will not change the cost even though you have moved the deadline. Even if you must renew the license, it will be for a small amount.
+When you have a deadline to migrate the apps, these highest priority apps bucket takes the major workload. You can eventually select the lower priority apps as they won't change the cost even though you have moved the deadline.
-In addition to this classification and depending on the urgency of your migration, you may also consider putting up a **migration schedule** within which app owners must engage to have their apps migrated. At the end of this process, you should have a list of all applications in prioritized buckets for migration.
+In addition to this classification and depending on the urgency of your migration, you should publish a **migration schedule** within which app owners must engage to have their apps migrated. At the end of this process, you should have a list of all applications in prioritized buckets for migration.
### Document your apps
-First, start by gathering key details about your applications. The [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx)will help you to make your migration decisions quickly and get a recommendation out to your business group in no time at all.
+First, start by gathering key details about your applications. The [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) helps you to make your migration decisions quickly and get a recommendation out to your business group in no time at all.
Information that is important to making your migration decision includes:
Information that is important to making your migration decision includes:
- **Business criticality** ΓÇô is its high criticality? Low? Or somewhere in between? - **User access volume** ΓÇô does everyone access this app or just a few people? - **Planned lifespan** ΓÇô how long will this app be around? Less than six months? More than two years?-- **Current identity provider** ΓÇô what is the primary IdP for this app? Or does it rely on local storage?
+- **Current identity provider** ΓÇô what is the primary IdP for this app?
- **Method of authentication** ΓÇô does the app authenticate using open standards?
+- **Security requirements** - must it be on a corporate network? Requires MFA or registered device?
+- **User audience** ΓÇô employees, partners or internal or external customers?
- **Whether you plan to update the app code** ΓÇô is the app under planned or active development? - **Whether you plan to keep the app on-premises** ΓÇô do you want to keep the app in your datacenter long term? - **Whether the app depends on other apps or APIs** ΓÇô does the app currently call into other apps or APIs? - **Whether the app is in the Azure AD gallery** ΓÇô is the app currently already integrated with the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps)?
-Other data that will help you later, but that you do not need to make an immediate migration decision includes:
+Other data that helps you later, but that you do not need to make an immediate migration decision includes:
- **App URL** ΓÇô where do users go to access the app? - **App description** ΓÇô what is a brief description of what the app does?
Once you have classified your application and documented the details, then be su
### Plan a pilot
-The app(s) you select for the pilot should represent the key identity and security requirements of your organization, and you must have clear buy-in from the application owners. Pilots typically run in a separate test environment. See [best practices for pilots](../fundamentals/active-directory-deployment-plans.md#best-practices-for-a-pilot) on the deployment plans page.
+The app(s) you select for the pilot should represent the key identity and security requirements of your organization, and you must have clear buy-in from the application owners. Pilots typically run in a separate test environment.
DonΓÇÖt forget about your external partners. Make sure that they participate in migration schedules and testing. Finally, ensure they have a way to access your helpdesk if there were breaking issues.
While some apps are easy to migrate, others may take longer due to multiple serv
Many SaaS app vendors charge for changing the SSO connection. Check with them and plan for this.
-Azure AD also has [service limits and restrictions](../enterprise-users/directory-service-limits-restrictions.md) you should be aware of.
- ### App owner sign-off Business critical and universally used applications may need a group of pilot users to test the app in the pilot stage. Once you have tested an app in the pre-production or pilot environment, ensure that app business owners sign off on performance prior to the migration of the app and all users to production use of Azure AD for authentication.
You can use this information to protect access to all services integrated with A
- Plan identity security improvements - Review the success of your improvements
-This will also help you implement the [five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md). Use the guidance as a starting point for your organization and adjust the policies to meet your organization's specific requirements.
+This also helps you implement the [five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md). Use the guidance as a starting point for your organization and adjust the policies to meet your organization's specific requirements.
### Who is accessing your data?
There are two main categories of users of your apps and resources that Azure AD
- **External:** Vendors, suppliers, distributors, or other business partners that interact with your organization in the regular course of business with [Azure AD B2B collaboration.](../external-identities/what-is-b2b.md)
-You can define groups for these users and populate these groups in diverse ways. You may choose that an administrator must manually add members into a group, or you can enable selfservice group membership. Rules can be established that automatically add members into groups based on the specified criteria using [dynamic groups](../enterprise-users/groups-dynamic-membership.md).
+You can define groups for these users and populate these groups in diverse ways. You may choose that an administrator must manually add members into a group, or you can enable self-service group membership. Rules can be established that automatically add members into groups based on the specified criteria using [dynamic groups](../enterprise-users/groups-dynamic-membership.md).
External users may also refer to customers. [Azure AD B2C](../../active-directory-b2c/overview.md), a separate product supports customer authentication. However, it is outside the scope of this paper.
External users may also refer to customers. [Azure AD B2C](../../active-director
The device and location that a user uses to access an app are also important. Devices physically connected to your corporate network are more secure. Connections from outside the network over VPN may need scrutiny.
-![A diagram showing the relationship between User Location and Data Access](media/migrating-application-authentication-to-azure-active-directory-6.jpg)
+![A diagram showing the relationship between User Location and Data Access.](media/migrate-apps-to-azure-ad/user-location-data-access.png)
With these aspects of resource, user, and device in mind, you may choose to use [Azure AD Conditional Access](../conditional-access/overview.md) capabilities. Conditional access goes beyond user permissions: it is based on a combination of factors, such as the identity of a user or group, the network that the user is connected to, the device and application they are using, and the type of data they are trying to access. The access granted to the user adapts to this broader set of conditions.
Once you have gained business buy-in, the next step is to start migrating these
Use the tools and guidance below to follow the precise steps needed to migrate your applications to Azure AD: - **General migration guidance** ΓÇô Use the whitepaper, tools, email templates, and applications questionnaire in the [Azure AD apps migration toolkit](./migration-resources.md) to discover, classify, and migrate your apps.-- **SaaS applications** ΓÇô See our list of [hundreds of SaaS app tutorials](../saas-apps/tutorial-list.md) and the complete [Azure AD SSO deployment plan](https://aka.ms/ssodeploymentplan) to walk through the end-to-end process.
+- **SaaS applications** ΓÇô See our list of [SaaS app tutorials](../saas-apps/tutorial-list.md) and the [Azure AD SSO deployment plan](plan-sso-deployment.md) to walk through the end-to-end process.
- **Applications running on-premises** ΓÇô Learn all [about the Azure AD Application Proxy](../app-proxy/application-proxy.md) and use the complete [Azure AD Application Proxy deployment plan](https://aka.ms/AppProxyDPDownload) to get going quickly. - **Apps youΓÇÖre developing** ΓÇô Read our step-by-step [integration](../develop/quickstart-register-app.md) and [registration](../develop/quickstart-register-app.md) guidance.
After migration, you may choose to send communication informing the users of the
### Plan testing
-During the process of the migration, your app may already have a test environment used during regular deployments. You can continue to use this environment for migration testing. If a test environment is not currently available, you may be able to set one up using Azure App Service or Azure Virtual Machines, depending on the architecture of the application. You may choose to set up a separate test Azure AD tenant to use as you develop your app configurations. This tenant will start in a clean state and will not configured to sync with any system.
-
-You can test each app by logging in with a test user and make sure all functionality is the same as prior to the migration. If you determine during testing that users will need to update their [MFA](../authentication/howto-mfa-userstates.md) or [SSPR](../authentication/tutorial-enable-sspr.md)settings, or you are adding this functionality during the migration, be sure to add that to your end-user communication plan. See [MFA](https://aka.ms/mfatemplates) and [SSPR](https://aka.ms/ssprtemplates) end-user communication templates.
+During the process of the migration, your app may already have a test environment used during regular deployments. You can continue to use this environment for migration testing. If a test environment is not currently available, you may be able to set one up using Azure App Service or Azure Virtual Machines, depending on the architecture of the application. You may choose to set up a separate test Azure AD tenant to use as you develop your app configurations. This tenant will start in a clean state and won't be configured to sync with any system.
Once you have migrated the apps, go to the [Azure portal](https://portal.azure.com/) to test if the migration was a success. Follow the instructions below:
Depending on how you configure your app, verify that SSO works properly.
| **OAuth / OpenID Connect** | Select **Enterprise applications &gt; Permissions** and ensure you have consented to the application to be used in your organization in the user settings for your app. | | **SAML-based SSO** | Use the [Test SAML Settings](./debug-saml-sso-issues.md) button found under **Single Sign-On.** | | **Password-Based SSO** | Download and install the [MyApps Secure Sign-in Extension](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension). This extension helps you start any of your organization's cloud apps that require you to use an SSO process. |- | **[Application Proxy](../app-proxy/application-proxy.md)** | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](../app-proxy/application-proxy-troubleshoot.md) for further assistance. |
+You can test each app by logging in with a test user and make sure all functionality is the same as prior to the migration. If you determine during testing that users will need to update their [MFA](../authentication/howto-mfa-userstates.md) or [SSPR](../authentication/tutorial-enable-sspr.md)settings, or you are adding this functionality during the migration, be sure to add that to your end-user communication plan. See [MFA](https://aka.ms/mfatemplates) and [SSPR](https://aka.ms/ssprtemplates) end-user communication templates.
+ ### Troubleshoot
-If you run into problems, check out our [apps troubleshooting guide](../app-provisioning/isv-automatic-provisioning-multi-tenant-apps.md) to get help. You can also check out our troubleshooting articles, see [Problems signing in to SAML-based single sign-on configured apps](/troubleshoot/azure/active-directory/troubleshoot-sign-in-saml-based-apps).
+If you run into problems, check out our [apps troubleshooting guide](../app-provisioning/isv-automatic-provisioning-multi-tenant-apps.md) and [Secure Hybrid Access partner integration article](secure-hybrid-access-integrations.md) to get help. You can also check out our troubleshooting articles, see [Problems signing in to SAML-based single sign-on configured apps](/troubleshoot/azure/active-directory/troubleshoot-sign-in-saml-based-apps).
### Plan rollback If your migration fails, the best strategy is to roll back and test. Here are the steps that you can take to mitigate migration issues: - **Take screenshots** of the existing configuration of your app. You can look back if you must reconfigure the app once again.-- You might also consider **providing links to the legacy authentication**, if there was issues with cloud authentication.-- Before you complete your migration, **do not change your existing configuration** with the earlier identity provider.-- Begin by migrating **the apps that support multiple IdPs**. If something goes wrong, you can always change to the preferred IdPΓÇÖs configuration.
+- You might also consider **providing links for the application to use legacy authentication**, if there were issues with cloud authentication.
+- Before you complete your migration, **do not change your existing configuration** with the existing identity provider.
+- Consider migrating **the apps that support multiple IdPs**. If something goes wrong, you can always change to the preferred IdPΓÇÖs configuration.
- Ensure that your app experience has a **Feedback button** or pointers to your **helpdesk** issues. ### Exit criteria
We recommend taking the following actions as appropriate to your organization.
Once you have migrated the apps, you can enrich your userΓÇÖs experience in many ways - Make apps discoverable-- Point your user to the [MyApps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension)portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](../app-proxy/application-proxy.md) provided they have permissions to access those apps.
+- Point your user to the [MyApps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension) portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](../app-proxy/application-proxy.md) provided they have permissions to access those apps.
You can guide your users on how to discover their apps: - Use the [Existing Single Sign-on](./view-applications-portal.md) feature to **link your users to any app**-- Enable [Self-Service Application Access](./manage-self-service-access.md)to an app and **let users add apps that you curate**
+- Enable [Self-Service Application Access](./manage-self-service-access.md) to an app and **let users add apps that you curate**
- [Hide applications from end-users](./hide-application-from-user-portal.md) (default Microsoft apps or other apps) to make the apps they do need more discoverable ### Make apps accessible
active-directory Prevent Domain Hints With Home Realm Discovery https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/prevent-domain-hints-with-home-realm-discovery.md
Previously updated : 02/09/2022 Last updated : 03/16/2023 zone_pivot_groups: home-realm-discovery
zone_pivot_groups: home-realm-discovery
Home Realm Discovery Policy (HRD) offers administrators multiple ways to control how and where their users authenticate. The `domainHintPolicy` section of the HRD policy is used to help migrate federated users to cloud managed credentials like [FIDO](../authentication/howto-authentication-passwordless-security-key.md), by ensuring that they always visit the Azure AD sign-in page and aren't auto-accelerated to a federated IDP because of domain hints. To learn more about HRD policy, see [Home Realm Discovery](home-realm-discovery-policy.md).
-This policy is needed in situations where and admins can't control or update domain hints during sign-in. For example, `outlook.com/contoso.com` sends the user to a login page with the `&domain_hint=contoso.com` parameter appended, to auto-accelerate the user directly to the federated IDP for the `contoso.com` domain. Users with managed credentials sent to a federated IDP can't sign in using their managed credentials, reducing security, and frustrating users with randomized sign-in experiences. Admins rolling out managed credentials [should also set up this policy](#suggested-use-within-a-tenant) to ensure that users can always use their managed credentials.
+This policy is needed in situations where and admins can't control or update domain hints during sign-in. For example, `outlook.com/contoso.com` sends the user to a sign-in page with the `&domain_hint=contoso.com` parameter appended, to auto-accelerate the user directly to the federated IDP for the `contoso.com` domain. Users with managed credentials sent to a federated IDP can't sign in using their managed credentials, reducing security, and frustrating users with randomized sign-in experiences. Admins rolling out managed credentials [should also set up this policy](#suggested-use-within-a-tenant) to ensure that users can always use their managed credentials.
## DomainHintPolicy details
-The DomainHintPolicy section of the HRD policy is a JSON object, that allows an admin to opt out certain domains and applications from domain hint usage. Functionally, this tells the Azure AD sign-in page to behave as if a `domain_hint` parameter on the login request wasn't present.
+The DomainHintPolicy section of the HRD policy is a JSON object that allows an admin to opt out certain domains and applications from domain hint usage. Functionally, this tells the Azure AD sign-in page to behave as if a `domain_hint` parameter on the sign-in request wasn't present.
### The Respect and Ignore policy sections
The DomainHintPolicy section of the HRD policy is a JSON object, that allows an
The DomainHintPolicy logic runs on each incoming request that contains a domain hint and accelerates based on two pieces of data in the request ΓÇô the domain in the domain hint, and the client ID (the app). In short - "Respect" for a domain or app takes precedence over an instruction to "Ignore" a domain hint for a given domain or application. -- In the absence of any domain hint policy, or if none of the 4 sections reference the app or domain hint mentioned, [the rest of the HRD policy will be evaluated](home-realm-discovery-policy.md#priority-and-evaluation-of-hrd-policies).-- If either one (or both) of `RespectDomainHintForApps` or `RespectDomainHintForDomains` section includes the app or domain hint in the request, then the user will be auto-accelerated to the federated IDP as requested.-- If either one (or both) of `IgnoreDomainHintsForApps` or `IgnoreDomainHintsForDomains` references the app or the domain hint in the request, and theyΓÇÖre not referenced by the ΓÇ£RespectΓÇ¥ sections, then the request won't be auto-accelerated, and the user will remain at the Azure AD login page to provide a username.
+- In the absence of any domain hint policy, or if none of the four sections reference the app or domain hint mentioned, [the rest of the HRD policy will be evaluated](home-realm-discovery-policy.md#priority-and-evaluation-of-hrd-policies).
+- If either one (or both) of `RespectDomainHintForApps` or `RespectDomainHintForDomains` section includes the app or domain hint in the request, then the user is auto-accelerated to the federated IDP as requested.
+- If either one (or both) of `IgnoreDomainHintsForApps` or `IgnoreDomainHintsForDomains` references the app or the domain hint in the request, and theyΓÇÖre not referenced by the ΓÇ£RespectΓÇ¥ sections, then the request won't be auto-accelerated, and the user remains at the Azure AD sign-in page to provide a username.
-Once a user has entered a username at the login page, they can use their managed credentials. If they choose not to use a managed credential, or they have none registered, they'll be taken to their federated IDP for credential entry as usual.
+Once a user has entered a username at the sign-in page, they can use their managed credentials. If they choose not to use a managed credential, or they have none registered, they are taken to their federated IDP for credential entry as usual.
## Prerequisites To disable auto-acceleration sign-in for an application in Azure AD, you need: - An Azure account with an active subscription. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+- One of the following roles: Global Administrator, or owner of the service principal.
::: zone pivot="powershell-hrd" - The latest Azure AD PowerShell cmdlet preview. ::: zone-end
To disable auto-acceleration sign-in for an application in Azure AD, you need:
Admins of federated domains should set up this section of the HRD policy in a four-phase plan. The goal of this plan is to eventually get all users in a tenant to use their managed credentials regardless of domain or application, save those apps that have hard dependencies on `domain_hint` usage. This plan helps admins find those apps, exempt them from the new policy, and continue rolling out the change to the rest of the tenant.
-1. Pick a domain to initially roll this change out to. This will be your test domain, so pick one that may be more receptive to changes in UX (For example, seeing a different login page). This will ignore all domain hints from all applications that use this domain name. Set this policy in your tenant-default HRD policy:
+1. Pick a domain to initially roll this change out to. This is your test domain, so pick one that may be more receptive to changes in UX (For example, seeing a different sign-in page). This ignores all domain hints from all applications that use this domain name. Set this policy in your tenant-default HRD policy:
::: zone pivot="graph-hrd"
-```json
+```http
+PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com" ], "RespectDomainHintForDomains": [],
Admins of federated domains should set up this section of the HRD policy in a fo
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": [] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": [] } } }")
+ -DisplayName BasicBlockAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
``` ::: zone-end
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli
::: zone pivot="graph-hrd"
-```json
+```http
+PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com" ], "RespectDomainHintForDomains": [],
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }")
+ -DisplayName BasicBlockAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
```+ ::: zone-end 3. Continue expanding rollout of the policy to new domains, collecting more feedback. ::: zone pivot="graph-hrd"
-```json
+```http
+PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com", "otherDomain.com", "anotherDomain.com"], "RespectDomainHintForDomains": [],
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`", "otherDomain.com", "anotherDomain.com"], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`", "otherDomain.com", "anotherDomain.com"], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }")
+ -DisplayName BasicBlockAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
``` ::: zone-end
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli
::: zone pivot="graph-hrd"
-```json
+```http
+PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "*" ], "RespectDomainHintForDomains": ["guestHandlingDomain.com"],
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli
::: zone pivot="powershell-hrd" ```powershell
-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"*`" ], `"RespectDomainHintForDomains`": [guestHandlingDomain.com], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy
+New-AzureADPolicy
+ -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"*`" ], `"RespectDomainHintForDomains`": [guestHandlingDomain.com], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }")
+ -DisplayName BasicBlockAccelerationPolicy
+ -Type HomeRealmDiscoveryPolicy
``` ::: zone-end
-After step 4 is complete all users, except those in `guestHandlingDomain.com`, can sign-in at the Azure AD sign-in page even when domain hints would otherwise cause an auto-acceleration to a federated IDP. The exception to this is if the app requesting sign-in is one of the exempted ones - for those apps, all domain hints will still be accepted.
+After step 4 is complete all users, except those in `guestHandlingDomain.com`, can sign-in at the Azure AD sign-in page even when domain hints would otherwise cause an auto-acceleration to a federated IDP. The exception to this is if the app requesting sign-in is one of the exempted ones - for those apps, all domain hints are still accepted.
::: zone pivot="graph-hrd" ## Configuring policy through Graph Explorer
-Set the [Home Realm Discovery policy](/graph/api/resources/homeRealmDiscoveryPolicy) as usual, using Microsoft Graph.
-
-1. Grant the Policy.ReadWrite.ApplicationConfiguration permission in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
-1. Use the URL `https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies`
-1. POST the new policy to this URL, or PATCH to `/policies/homerealmdiscoveryPolicies/{policyID}` if overwriting an existing one.
-
-POST or PATCH contents:
-
-```json
-{
- "displayName":"Home Realm Discovery Domain Hint Exclusion Policy",
- "definition":[
- "{\"HomeRealmDiscoveryPolicy\" : {\"DomainHintPolicy\": { \"IgnoreDomainHintForDomains\": [ \"Contoso.com\" ], \"RespectDomainHintForDomains\": [], \"IgnoreDomainHintForApps\": [\"sample-guid-483c-9dea-7de4b5d0a54a\"], \"RespectDomainHintForApps\": [] } } }"
- ],
- "isOrganizationDefault":true
-}
-```
+Manage the [Home Realm Discovery policy](/graph/api/resources/homeRealmDiscoveryPolicy) using [Microsoft Graph](https://developer.microsoft.com/graph/graph-explorer).
+
+1. Sign in to Microsoft Graph explorer with one of the roles listed in the prerequisite section.
+1. Grant the `Policy.ReadWrite.ApplicationConfiguration` permission.
+1. Use the [Home realm discovery policy](/graph/api/resources/homerealmdiscoverypolicy) to create a new policy.
+1. POST the new policy, or PATCH to update an existing policy.
+
+ ```http
+ PATCH /policies/homeRealmDiscoveryPolicies/{id}
+ {
+ "displayName":"Home Realm Discovery Domain Hint Exclusion Policy",
+ "definition":[
+ "{\"HomeRealmDiscoveryPolicy\" : {\"DomainHintPolicy\": { \"IgnoreDomainHintForDomains\": [\"Contoso.com\"], \"RespectDomainHintForDomains\": [], \"IgnoreDomainHintForApps\": [\"sample-guid-483c-9dea-7de4b5d0a54a\"], \"RespectDomainHintForApps\": [] } } }"
+ ],
+ "isOrganizationDefault":true
+ }
+ ```
Be sure to use slashes to escape the `Definition` JSON section when using Graph.
active-directory Tenant Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tenant-restrictions.md
Previously updated : 12/6/2021 Last updated : 3/16/2023
# Restrict access to a tenant
-Large organizations that emphasize security want to move to cloud services like Microsoft 365, but need to know that their users only can access approved resources. Traditionally, companies restrict domain names or IP addresses when they want to manage access. This approach fails in a world where software as a service (or SaaS) apps are hosted in a public cloud, running on shared domain names like outlook.office.com and login.microsoftonline.com. Blocking these addresses would keep users from accessing Outlook on the web entirely, instead of merely restricting them to approved identities and resources.
+Large organizations that emphasize security want to move to cloud services like Microsoft 365, but need to know that their users only can access approved resources. Traditionally, companies restrict domain names or IP addresses when they want to manage access. This approach fails in a world where software as a service (or SaaS) apps are hosted in a public cloud, running on shared domain names like `outlook.office.com` and `login.microsoftonline.com`. Blocking these addresses would keep users from accessing Outlook on the web entirely, instead of merely restricting them to approved identities and resources.
The Azure Active Directory (Azure AD) solution to this challenge is a feature called tenant restrictions. With tenant restrictions, organizations can control access to SaaS cloud applications, based on the Azure AD tenant the applications use for [single sign-on](what-is-single-sign-on.md). For example, you may want to allow access to your organization's Microsoft 365 applications, while preventing access to other organizations' instances of these same applications. With tenant restrictions, organizations can specify the list of tenants that users on their network are permitted to access. Azure AD then only grants access to these permitted tenants - all other tenants are blocked, even ones that your users may be guests in.
-This article focuses on tenant restrictions for Microsoft 365, but the feature protects all apps that send the user to Azure AD for single sign-on. If you use SaaS apps with a different Azure AD tenant from the tenant used by your Microsoft 365, make sure that all required tenants are permitted (e.g. in B2B collaboration scenarios). For more information about SaaS cloud apps, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps).
+This article focuses on tenant restrictions for Microsoft 365, but the feature protects all apps that send the user to Azure AD for single sign-on. If you use SaaS apps with a different Azure AD tenant from the tenant used by your Microsoft 365, make sure that all required tenants are permitted (For example, in B2B collaboration scenarios). For more information about SaaS cloud apps, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps).
-Additionally, the tenant restrictions feature now supports [blocking the use of all Microsoft consumer applications](#blocking-consumer-applications) (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the `login.live.com` endpoint, and is detailed at the end of the document.
+The tenant restrictions feature also supports [blocking the use of all Microsoft consumer applications](#blocking-consumer-applications) (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the `login.live.com` endpoint, and is detailed at the end of this article.
## How it works
The overall solution comprises the following components:
The following diagram illustrates the high-level traffic flow. Tenant restrictions requires TLS inspection only on traffic to Azure AD, not to the Microsoft 365 cloud services. This distinction is important, because the traffic volume for authentication to Azure AD is typically much lower than traffic volume to SaaS applications like Exchange Online and SharePoint Online.
-![Tenant restrictions traffic flow - diagram](./media/tenant-restrictions/traffic-flow.png)
- ## Set up tenant restrictions There are two steps to get started with tenant restrictions. First, make sure that your clients can connect to the right addresses. Second, configure your proxy infrastructure.
The following configuration is required to enable tenant restrictions through yo
- Clients must trust the certificate chain presented by the proxy for TLS communications. For example, if certificates from an internal public key infrastructure (PKI) are used, the internal issuing root certificate authority certificate must be trusted. -- Azure AD Premium 1 licenses are required for use of Tenant Restrictions.
+- Azure AD Premium 1 licenses are required for use of tenant restrictions.
#### Configuration
-For each outgoing request to login.microsoftonline.com, login.microsoft.com, and login.windows.net, insert two HTTP headers: *Restrict-Access-To-Tenants* and *Restrict-Access-Context*.
+For each outgoing request to `login.microsoftonline.com`, `login.microsoft.com`, and `login.windows.net`, insert two HTTP headers: *Restrict-Access-To-Tenants* and *Restrict-Access-Context*.
> [!NOTE]
-> Do not include subdomains under `*.login.microsoftonline.com` in your proxy configuration. Doing so will include device.login.microsoftonline.com and will interfere with Client Certificate authentication, which is used in Device Registration and Device-based Conditional Access scenarios. Configure your proxy server to exclude device.login.microsoftonline.com and enterpriseregistration.windows.net from TLS break-and-inspect and header injection.
+> Do not include subdomains under `*.login.microsoftonline.com` in your proxy configuration. Doing so will include `device.login.microsoftonline.com` and will interfere with Client Certificate authentication, which is used in Device Registration and Device-based Conditional Access scenarios. Configure your proxy server to exclude `device.login.microsoftonline.com` and `enterpriseregistration.windows.net` from TLS break-and-inspect and header injection.
The headers should include the following elements: -- For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, as well as the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`
+- For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, and the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`
- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`. You *must* use your own directory ID here to get logs for these authentications. If you use any directory ID other than your own, those sign-in logs *will* appear in someone else's tenant, with all personal information removed. For more information, see [Admin experience](#admin-experience).
The headers should include the following elements:
> > To validate that a directory ID or domain name refer to the same tenant, use that ID or domain in place of \<tenant\> in this URL: `https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration`. If the results with the domain and the ID are the same, they refer to the same tenant.
-To prevent users from inserting their own HTTP header with non-approved tenants, the proxy needs to replace the *Restrict-Access-To-Tenants* header if it is already present in the incoming request.
+To prevent users from inserting their own HTTP header with non-approved tenants, the proxy needs to replace the *Restrict-Access-To-Tenants* header if it's already present in the incoming request.
-Clients must be forced to use the proxy for all requests to login.microsoftonline.com, login.microsoft.com, and login.windows.net. For example, if PAC files are used to direct clients to use the proxy, end users shouldn't be able to edit or disable the PAC files.
+Clients must be forced to use the proxy for all requests to `login.microsoftonline.com`, `login.microsoft.com`, and `login.windows.net`. For example, if PAC files are used to direct clients to use the proxy, end users shouldn't be able to edit or disable the PAC files.
## The user experience
This section describes the experience for both end users and admins.
An example user is on the Contoso network, but is trying to access the Fabrikam instance of a shared SaaS application like Outlook online. If Fabrikam is a non-permitted tenant for the Contoso instance, the user sees an access denial message, which says you're trying to access a resource that belongs to an organization unapproved by your IT department.
-![Tenant restrictions error message, from April 2021](./media/tenant-restrictions/error-message.png)
- ### Admin experience While configuration of tenant restrictions is done on the corporate proxy infrastructure, admins can access the tenant restrictions reports in the Azure portal directly. To view the reports:
While configuration of tenant restrictions is done on the corporate proxy infras
The admin for the tenant specified as the Restricted-Access-Context tenant can use this report to see sign-ins blocked because of the tenant restrictions policy, including the identity used and the target directory ID. Sign-ins are included if the tenant setting the restriction is either the user tenant or resource tenant for the sign-in.
-The report may contain limited information, such as target directory ID, when a user who is in a tenant other than the Restricted-Access-Context tenant signs in. In this case, user identifiable information, such as name and user principal name, is masked to protect user data in other tenants ("{PII Removed}@domain.com" or 00000000-0000-0000-0000-000000000000 in place of usernames and object IDs as appropriate).
+The report may contain limited information, such as target directory ID, when a user who is in a tenant other than the Restricted-Access-Context tenant signs in. In this case, user identifiable information, such as name and user principal name, is masked to protect user data in other tenants (For example, `"{PII Removed}@domain.com" or 00000000-0000-0000-0000-000000000000` in place of usernames and object IDs as appropriate).
Like other reports in the Azure portal, you can use filters to specify the scope of your report. You can filter on a specific time interval, user, application, client, or status. If you select the **Columns** button, you can choose to display data with any combination of the following fields: -- **User** - this field can have personal data removed, where it will be set to `00000000-0000-0000-0000-000000000000`.
+- **User** - this field can have personal data removed, where it is set to `00000000-0000-0000-0000-000000000000`.
- **Application** - **Status** - **Date** - **Date (UTC)** - where UTC is Coordinated Universal Time - **IP Address** - **Client**-- **Username** - this field can have personal data removed, where it will be set to `{PII Removed}@domain.com`
+- **Username** - this field can have personal data removed, where it is set to `{PII Removed}@domain.com`
- **Location** - **Target tenant ID**
Microsoft 365 applications must meet two criteria to fully support tenant restri
1. The client used supports modern authentication. 2. Modern authentication is enabled as the default authentication protocol for the cloud service.
-Refer to [Updated Office 365 modern authentication](https://www.microsoft.com/en-us/microsoft-365/blog/2015/03/23/office-2013-modern-authentication-public-preview-announced/) for the latest information on which Office clients currently support modern authentication. That page also includes links to instructions for enabling modern authentication on specific Exchange Online and Skype for Business Online tenants. SharePoint Online already enables Modern authentication by default. Teams only supports modern auth, and does not support legacy auth, so this bypass concern does not apply to Teams.
+For the latest information on which Office clients currently support modern authentication, see [Updated Office 365 modern authentication](https://www.microsoft.com/microsoft-365/blog/2015/03/23/office-2013-modern-authentication-public-preview-announced/). That page also includes links to instructions for enabling modern authentication on specific Exchange Online and Skype for Business Online tenants. SharePoint Online already enables Modern authentication by default. Teams only supports modern auth, and doesn't support legacy auth, so this bypass concern doesn't apply to Teams.
-Microsoft 365 browser-based applications (the Office Portal, Yammer, SharePoint sites, Outlook on the Web, and more) currently support tenant restrictions. Thick clients (Outlook, Skype for Business, Word, Excel, PowerPoint, and more) can enforce tenant restrictions only when using modern authentication.
+Microsoft 365 browser-based applications (such as the Office Portal, Yammer, SharePoint sites, and Outlook on the Web.) currently support tenant restrictions. Thick clients (Outlook, Skype for Business, Word, Excel, PowerPoint, and more) can enforce tenant restrictions only when using modern authentication.
-Outlook and Skype for Business clients that support modern authentication may still able to use legacy protocols against tenants where modern authentication isn't enabled, effectively bypassing tenant restrictions. Tenant restrictions may block applications that use legacy protocols if they contact login.microsoftonline.com, login.microsoft.com, or login.windows.net during authentication.
+Outlook and Skype for Business clients that support modern authentication may still be able to use legacy protocols against tenants where modern authentication isn't enabled, effectively bypassing tenant restrictions. Tenant restrictions may block applications that use legacy protocols if they contact `login.microsoftonline.com`, `login.microsoft.com`, or `login.windows.net` during authentication.
For Outlook on Windows, customers may choose to implement restrictions preventing end users from adding non-approved mail accounts to their profiles. For example, see the [Prevent adding non-default Exchange accounts](https://gpsearch.azurewebsites.net/default.aspx?ref=1) group policy setting. ### Azure RMS and Office Message Encryption incompatibility
-The [Azure Rights Management Service](/azure/information-protection/what-is-azure-rms) (RMS) and [Office Message Encryption](/microsoft-365/compliance/ome) features are not compatible with tenant restrictions. These features rely on signing your users into other tenants in order to get decryption keys for the encrypted documents. Because tenant restrictions blocks access to other tenants, encrypted mail and documents sent to your users from untrusted tenants will not be accessible.
+The [Azure Rights Management Service](/azure/information-protection/what-is-azure-rms) (RMS) and [Office Message Encryption](/microsoft-365/compliance/ome) features aren't compatible with tenant restrictions. These features rely on signing your users into other tenants in order to get decryption keys for the encrypted documents. Because tenant restrictions blocks access to other tenants, encrypted mail and documents sent to your users from untrusted tenants won't be accessible.
## Testing
If you want to try out tenant restrictions before implementing it for your whole
### Fiddler for a host-based approach
-Fiddler is a free web debugging proxy that can be used to capture and modify HTTP/HTTPS traffic, including inserting HTTP headers. To configure Fiddler to test tenant restrictions, perform the following steps:
+Fiddler is a free web debugging proxy that can be used to capture and modify HTTP/HTTPS traffic, it includes inserting HTTP headers. To configure Fiddler to test tenant restrictions, perform the following steps:
1. [Download and install Fiddler](https://www.telerik.com/fiddler).
After you configure Fiddler, you can capture traffic by going to the **File** me
### Staged rollout of proxy settings
-Depending on the capabilities of your proxy infrastructure, you may be able to stage the rollout of settings to your users. Here are a couple high-level options for consideration:
+Depending on the capabilities of your proxy infrastructure, you may be able to stage the rollout of settings to your users. See the following high-level options for consideration:
1. Use PAC files to point test users to a test proxy infrastructure, while normal users continue to use the production proxy infrastructure. 2. Some proxy servers may support different configurations using groups.
Some organizations attempt to fix this by blocking `login.live.com` in order to
1. Blocking `login.live.com` blocks the use of personal accounts in B2B guest scenarios, which can intrude on visitors and collaboration. 1. [Autopilot requires the use of `login.live.com`](/mem/autopilot/networking-requirements) in order to deploy. Intune and Autopilot scenarios can fail when `login.live.com` is blocked.
-1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [will cease to work](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [cease to work](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
### Configuration for consumer apps While the `Restrict-Access-To-Tenants` header functions as an allowlist, the Microsoft account (MSA) block works as a deny signal, telling the Microsoft account platform to not allow users to sign in to consumer applications. To send this signal, the `sec-Restrict-Tenant-Access-Policy` header is injected to traffic visiting `login.live.com` using the same corporate proxy or firewall as [above](#proxy-configuration-and-requirements). The value of the header must be `restrict-msa`. When the header is present and a consumer app is attempting to sign in a user directly, that sign in will be blocked.
-At this time, authentication to consumer applications does not appear in the [admin logs](#admin-experience), as login.live.com is hosted separately from Azure AD.
+At this time, authentication to consumer applications doesn't appear in the [admin logs](#admin-experience), as login.live.com is hosted separately from Azure AD.
-### What the header does and does not block
+### What the header does and doesn't block
The `restrict-msa` policy blocks the use of consumer applications, but allows through several other types of traffic and authentication: 1. User-less traffic for devices. This includes traffic for Autopilot, Windows Update, and organizational telemetry. 1. B2B authentication of consumer accounts. Users with Microsoft accounts that are [invited to collaborate with a tenant](../external-identities/redemption-experience.md#invitation-redemption-flow) authenticate to login.live.com in order to access a resource tenant. 1. This access is controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to that resource tenant.
-1. "Passthrough" authentication, used by many Azure apps as well as Office.com, where apps use Azure AD to sign in consumer users in a consumer context.
- 1. This access is also controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to the special "passthrough" tenant (`f8cdef31-a31e-4b4a-93e4-5f571e91255a`). If this tenant does not appear in your `Restrict-Access-To-Tenants` list of allowed domains, consumer accounts will be blocked by Azure AD from signing into these apps.
+1. "Passthrough" authentication, used by many Azure apps and Office.com, where apps use Azure AD to sign in consumer users in a consumer context.
+ 1. This access is also controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to the special "passthrough" tenant (`f8cdef31-a31e-4b4a-93e4-5f571e91255a`). If this tenant doesn't appear in your `Restrict-Access-To-Tenants` list of allowed domains, consumer accounts will be blocked by Azure AD from signing into these apps.
+
+## Platforms that don't support TLS break and inspect
+
+Tenant restrictions depends on injection of a list of allowed tenants in the HTTPS header, which requires Transport Layer Security Inspection (TLSI) to break and inspect traffic. For environments where the client's side isn't able to break and inspect the traffic to add headers, tenant restrictions won't work.
+
+Take the example of Android 7.0 and onwards. Android changed how it handles trusted certificate authorities (CAs) to provide safer defaults for secure app traffic. For more information, see [Changes to Trusted Certificate Authorities in Android Nougat](https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html).
+
+Following the recommendation from Google, Microsoft client apps ignore user certificates by default thus making such apps unable to work with tenant restrictions, since the certificates used by the network proxy are installed in the user certificate store, which isn't trusted by client apps.
+
+For such environments that can't break and inspect traffic to add the tenant restrictions parameters onto the header, other features of Azure AD can provide protection. The following list provides more information on such Azure AD features.
+
+- [Conditional Access: Only allow use of managed/compliant devices](/mem/intune/protect/conditional-access-intune-common-ways-use#device-based-conditional-access)
+- [Conditional Access: Manage access for guest/external users](/microsoft-365/security/office-365-security/identity-access-policies-guest-access)
+- [B2B Collaboration: Restrict outbound rules by Cross-tenant access for the same tenants listed in the parameter "Restrict-Access-To-Tenants"](../external-identities/cross-tenant-access-settings-b2b-collaboration.md)
+- [B2B Collaboration: Restrict invitations to B2B users to the same domains listed in the "Restrict-Access-To-Tenants" parameter](../external-identities/allow-deny-list.md)
+- [Application management: Restrict how users consent to applications](configure-user-consent.md)
+- [Intune: Apply App Policy through Intune to restrict usage of managed apps to only the UPN of the account that enrolled the device](/mem/intune/apps/app-configuration-policies-use-android) - Check the section under, **Allow only configured organization accounts in apps** subheading.
+However, some specific scenarios can only be covered using tenant restrictions.
## Next steps - Read about [Updated Office 365 modern authentication](https://www.microsoft.com/microsoft-365/blog/2015/11/19/updated-office-365-modern-authentication-public-preview/)
active-directory How Manage User Assigned Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md
Title: Manage user-assigned managed identities - Azure AD
+ Title: Manage user-assigned managed identities
description: Create user-assigned managed identities.
active-directory How To Assign App Role Managed Identity Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-cli.md
Title: Assign a managed identity to an application role using Azure CLI - Azure AD
+ Title: Assign a managed identity to an application role using Azure CLI
description: Step-by-step instructions for assigning a managed identity access to another application's role, using Azure CLI.
active-directory How To Assign App Role Managed Identity Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-powershell.md
Title: Assign a managed identity to an application role using PowerShell - Azure AD
+ Title: Assign a managed identity to an application role using PowerShell
description: Step-by-step instructions for assigning a managed identity access to another application's role, using PowerShell. documentationcenter:
active-directory How To Managed Identity Regional Move https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-managed-identity-regional-move.md
Title: Move managed identities to another region - Azure AD
+ Title: Move managed identities to another region
description: Steps involved in getting a managed identity recreated in another region
active-directory How To Use Vm Sdk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-sdk.md
Title: Use managed identities on an Azure VM with Azure SDKs - Azure AD
+ Title: Use managed identities on an Azure VM with Azure SDKs
description: Code samples for using Azure SDKs with an Azure VM that has managed identities for Azure resources. documentationcenter:
active-directory How To Use Vm Sign In https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-sign-in.md
Title: Use managed identities on an Azure VM for sign-in - Azure ADV
+ Title: Use managed identities on an Azure VM for sign-inV
description: Step-by-step instructions and examples for using an Azure VM-managed identities for Azure resources service principal for script client sign-in and resource access. documentationcenter:
active-directory How To Use Vm Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-token.md
Title: Use managed identities on a virtual machine to acquire access token - Azure AD
+ Title: Use managed identities on a virtual machine to acquire access token
description: Step-by-step instructions and examples for using managed identities for Azure resources on virtual machines to acquire an OAuth access token. documentationcenter:
active-directory How To View Managed Identity Service Principal Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-cli.md
Title: View service principal of a managed identity - Azure CLI - Azure AD
+ Title: View service principal of a managed identity - Azure CLI
description: Step-by-step instructions for viewing the service principal of a managed identity using Azure CLI. documentationcenter: ''
active-directory How To View Managed Identity Service Principal Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-portal.md
Title: View service principal of a managed identity in the Azure portal - Azure AD
+ Title: View service principal of a managed identity in the Azure portal
description: Step-by-step instructions for viewing the service principal of a managed identity in the Azure portal. documentationcenter: ''
active-directory How To View Managed Identity Service Principal Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-powershell.md
Title: View the service principal of a managed identity using PowerShell - Azure AD
+ Title: View the service principal of a managed identity using PowerShell
description: Step-by-step instructions for viewing the service principal of a managed identity using PowerShell. documentationcenter: ''
active-directory Howto Assign Access Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-cli.md
Title: Assign a managed identity access to a resource using Azure CLI - Azure AD
+ Title: Assign a managed identity access to a resource using Azure CLI
description: Step-by-step instructions for assigning a managed identity on one resource, access to another resource, using Azure CLI. documentationcenter:
active-directory Howto Assign Access Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-portal.md
Title: Assign a managed identity access to a resource using the Azure portal - Azure AD
+ Title: Assign a managed identity access to a resource using the Azure portal
description: Step-by-step instructions for assigning a managed identity on one resource access to another resource, by using the Azure portal. documentationcenter:
active-directory Howto Assign Access Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-powershell.md
Title: Assign a managed identity access to a resource using PowerShell - Azure AD
+ Title: Assign a managed identity access to a resource using PowerShell
description: Step-by-step instructions for assigning a managed identity on one resource, access to another resource, using PowerShell. documentationcenter:
active-directory Known Issues https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/known-issues.md
Title: Known issues with managed identities - Azure Active Directory
+ Title: Known issues with managed identities
description: Known issues with managed identities for Azure resources. documentationcenter:
active-directory Managed Identities Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/managed-identities-faq.md
Title: Managed identities for Azure resources frequently asked questions - Azure AD"
+ Title: Managed identities for Azure resources frequently asked questions"
description: Frequently asked questions about managed identities documentationcenter:
Last updated 07/27/2022
-# Managed identities for Azure resources frequently asked questions - Azure AD
+# Managed identities for Azure resources frequently asked questions
[!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
active-directory Managed Identities Status https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/managed-identities-status.md
Title: Azure Services with managed identities support - Azure AD
+ Title: Azure Services with managed identities support
description: List of services supporting managed identities
active-directory Qs Configure Cli Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md
Title: Configure managed identities on Azure VM using Azure CLI - Azure AD
+ Title: Configure managed identities on Azure VM using Azure CLI
description: Step-by-step instructions for configuring system and user-assigned managed identities on an Azure VM using Azure CLI.
active-directory Qs Configure Cli Windows Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vmss.md
Title: Configure managed identities on virtual machine scale set - Azure CLI - Azure AD
+ Title: Configure managed identities on virtual machine scale set - Azure CLI
description: Step-by-step instructions for configuring system and user-assigned managed identities on an Azure virtual machine scale set, using Azure CLI. documentationcenter:
active-directory Qs Configure Portal Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md
Title: Configure managed identities using the Azure portal - Azure AD
+ Title: Configure managed identities using the Azure portal
description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM using the Azure portal. documentationcenter: ''
active-directory Qs Configure Portal Windows Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vmss.md
Title: Configure managed identities on virtual machine scale set - Azure AD
+ Title: Configure managed identities on virtual machine scale set
description: Step-by-step instructions for configuring managed identities for Azure resources on a virtual machine scale set using the Azure portal. documentationcenter: ''
active-directory Qs Configure Powershell Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md
Title: Configure managed identities on an Azure VM using PowerShell - Azure AD
+ Title: Configure managed identities on an Azure VM using PowerShell
description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM using PowerShell.
active-directory Qs Configure Powershell Windows Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vmss.md
Title: Configure managed identities on virtual machine scale sets using PowerShell - Azure AD
+ Title: Configure managed identities on virtual machine scale sets using PowerShell
description: Step-by-step instructions for configuring a system and user-assigned managed identities on a virtual machine scale set using PowerShell. documentationcenter:
active-directory Qs Configure Rest Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vm.md
Title: Configure managed identities on Azure VM using REST - Azure AD
+ Title: Configure managed identities on Azure VM using REST
description: Step-by-step instructions for configuring a system and user-assigned managed identities on an Azure VM using CURL to make REST API calls. documentationcenter:
active-directory Qs Configure Rest Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vmss.md
Title: Configure managed identities on Azure virtual machine scale set using REST - Azure AD
+ Title: Configure managed identities on Azure virtual machine scale set using REST
description: Step-by-step instructions for configuring a system and user-assigned managed identities on an Azure virtual machine scale set using CURL to make REST API calls. documentationcenter:
active-directory Qs Configure Sdk Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-sdk-windows-vm.md
Title: Use a SDK to configure managed identities on a VM - Azure AD
+ Title: Use a SDK to configure managed identities on a VM
description: Step-by-step instructions for configuring and using managed identities for Azure resources on an Azure VM, using an Azure SDK. documentationcenter: ''
active-directory Qs Configure Template Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm.md
Title: Configure managed identities on Azure VM using template - Azure AD
+ Title: Configure managed identities on Azure VM using template
description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM, using an Azure Resource Manager template. documentationcenter: ''
active-directory Qs Configure Template Windows Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-template-windows-vmss.md
Title: Configure template to use managed identities on virtual machine scale sets - Azure AD
+ Title: Configure template to use managed identities on virtual machine scale sets
description: Step-by-step instructions for configuring managed identities for Azure resources on a virtual machine scale set, using an Azure Resource Manager template. documentationcenter: ''
active-directory Services Azure Active Directory Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/services-azure-active-directory-support.md
Title: Azure services that support Azure AD authentication - Azure AD
+ Title: Azure services that support Azure AD authentication
description: List of services that support Azure AD authentication
active-directory Tutorial Linux Vm Access Arm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-arm.md
Title: "Quickstart`:` Use a managed identity to access Azure Resource Manager - Azure AD"
+ Title: "Quickstart`:` Use a managed identity to access Azure Resource Manager"
description: A quickstart that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Resource Manager. documentationcenter: ''
active-directory Tutorial Linux Vm Access Cosmos Db https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-cosmos-db.md
Title: Tutorial`:`Use a managed identity to access Azure Cosmos DB - Linux - Azure AD
+ Title: Tutorial`:`Use a managed identity to access Azure Cosmos DB - Linux
description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Cosmos DB. documentationcenter:
active-directory Tutorial Linux Vm Access Datalake https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-datalake.md
Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Linux - Azure AD
+ Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Linux
description: A tutorial that shows you how to use a Linux VM system-assigned managed identity to access Azure Data Lake Store. documentationcenter:
active-directory Tutorial Linux Vm Access Storage Access Key https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage-access-key.md
Title: Tutorial`:` Use a managed identity to access Azure Storage via access key - Linux - Azure AD
+ Title: Tutorial`:` Use a managed identity to access Azure Storage via access key - Linux
description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Storage via an access key. documentationcenter: ''
active-directory Tutorial Linux Vm Access Storage Sas https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage-sas.md
Title: 'Tutorial: Access Azure Storage using a SAS credential - Linux - Azure AD'
+ Title: 'Tutorial: Access Azure Storage using a SAS credential - Linux'
description: Tutorial showing how to use a Linux VM system-assigned managed identity to access Azure Storage using a SAS credential instead of a storage account access key. documentationcenter: ''
active-directory Tutorial Linux Vm Access Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage.md
Title: Tutorial`:` Use a managed identity to access Azure Storage - Linux - Azure AD
+ Title: Tutorial`:` Use a managed identity to access Azure Storage - Linux
description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Storage. documentationcenter:
active-directory Tutorial Vm Windows Access Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md
Title: Access Azure Storage using a Windows VM system-assigned managed identity | Microsoft Docs
+ Title: Access Azure Storage using a Windows VM system-assigned managed identity
description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Storage. documentationcenter: ''
active-directory Tutorial Windows Vm Access Arm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm.md
Title: "Tutorial: Use managed identity to access Azure Resource Manager - Windows - Azure AD"
+ Title: "Tutorial: Use managed identity to access Azure Resource Manager - Windows"
description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Resource Manager. documentationcenter: ''
active-directory Tutorial Windows Vm Access Cosmos Db https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md
Title: 'Tutorial: Use a managed identity to access Azure Cosmos DB - Windows - Azure AD'
+ Title: 'Tutorial: Use a managed identity to access Azure Cosmos DB - Windows'
description: A tutorial that walks you through the process of using a system-assigned managed identity on a Windows VM, to access Azure Cosmos DB. documentationcenter: ''
active-directory Tutorial Windows Vm Access Datalake https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake.md
Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Windows - Azure AD
+ Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Windows
description: A tutorial that shows you how to use a Windows VM system-assigned managed identity to access Azure Data Lake Store. documentationcenter:
active-directory Tutorial Windows Vm Access Nonaad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad.md
Title: "Tutorial: Use a managed identity to access Azure Key Vault - Windows - Azure AD"
+ Title: "Tutorial: Use a managed identity to access Azure Key Vault - Windows"
description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Key Vault. documentationcenter: ''
active-directory Tutorial Windows Vm Access Sql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md
Title: 'Tutorial: Use a managed identity to access Azure SQL Database - Windows - Azure AD'
+ Title: 'Tutorial: Use a managed identity to access Azure SQL Database - Windows'
description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure SQL Database. documentationcenter: ''
active-directory Tutorial Windows Vm Access Storage Sas https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-storage-sas.md
Title: Tutorial`:` Use managed identity to access Azure Storage using SAS credential - Azure AD
+ Title: Tutorial`:` Use managed identity to access Azure Storage using SAS credential
description: A tutorial that shows you how to use a Windows VM system-assigned managed identity to access Azure Storage, using a SAS credential instead of a storage account access key. documentationcenter: ''
active-directory Tutorial Windows Vm Ua Arm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-ua-arm.md
Title: "Tutorial: Use a managed identity to access Azure Resource Manager - Windows - Azure AD"
+ Title: "Tutorial: Use a managed identity to access Azure Resource Manager - Windows"
description: A tutorial that walks you through the process of using a user-assigned managed identity on a Windows VM, to access Azure Resource Manager. documentationcenter: ''
active-directory Azure Ad Pim Approval Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md
Title: Approve or deny requests for Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: Approve or deny requests for Azure AD roles in PIM
description: Learn how to approve or deny requests for Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Azure Pim Resource Rbac https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/azure-pim-resource-rbac.md
Title: View audit report for Azure resource roles in Privileged Identity Management (PIM) - Azure AD | Microsoft Docs
+ Title: View audit report for Azure resource roles in Privileged Identity Management (PIM)
description: View activity and audit history for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Concept Pim For Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/concept-pim-for-groups.md
Title: Privileged Identity Management (PIM) for Groups (preview) - Azure Active Directory
+ Title: Privileged Identity Management (PIM) for Groups (preview)
description: How to manage Azure AD Privileged Identity Management (PIM) for Groups. documentationcenter: ''
active-directory Groups Activate Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-activate-roles.md
Title: Activate your group membership or ownership in Privileged Identity Management - Azure Active Directory
+ Title: Activate your group membership or ownership in Privileged Identity Management
description: Learn how to activate your group membership or ownership in Privileged Identity Management (PIM). documentationcenter: ''
active-directory Groups Approval Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-approval-workflow.md
Title: Approve activation requests for group members and owners (preview) - Azure Active Directory
+ Title: Approve activation requests for group members and owners (preview)
description: Learn how to approve activation requests for group members and owners (preview) in Azure AD Privileged Identity Management (PIM).
active-directory Groups Assign Member Owner https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-assign-member-owner.md
Title: Assign eligibility for a group (preview) in Privileged Identity Management - Azure Active Directory
+ Title: Assign eligibility for a group (preview) in Privileged Identity Management
description: Learn how to assign eligibility for a group (preview) in Privileged Identity Management. documentationcenter: ''
active-directory Groups Audit https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-audit.md
Title: Audit activity history for group assignments (preview) in Privileged Identity Management - Azure Active Directory
+ Title: Audit activity history for group assignments (preview) in Privileged Identity Management
description: View activity and audit activity history for group assignments (preview) in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Groups Discover Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-discover-groups.md
Title: Bring groups into Privileged Identity Management (preview) - Azure Active Directory
+ Title: Bring groups into Privileged Identity Management (preview)
description: Learn how to bring groups into Privileged Identity Management (preview). documentationcenter: ''
active-directory Groups Renew Extend https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-renew-extend.md
Title: Extend or renew PIM for groups assignments (preview) - Azure Active Directory
+ Title: Extend or renew PIM for groups assignments (preview)
description: Learn how to extend or renew PIM for groups assignments (preview). documentationcenter: ''
active-directory Groups Role Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-role-settings.md
Title: Configure PIM for Groups settings (preview) - Azure Active Directory
+ Title: Configure PIM for Groups settings (preview)
description: Learn how to configure PIM for Groups settings (preview). documentationcenter: ''
active-directory Pim Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-apis.md
Title: API concepts in Privileged Identity management - Azure AD | Microsoft Docs
+ Title: API concepts in Privileged Identity management
description: Information for understanding the APIs in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Complete Azure Ad Roles And Resource Roles Review https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-complete-azure-ad-roles-and-resource-roles-review.md
Title: Complete an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: Complete an access review of Azure resource and Azure AD roles in PIM
description: Learn how to complete an access review of Azure resource and Azure AD roles Privileged Identity Management in Azure Active Directory. documentationcenter: ''
active-directory Pim Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-configure.md
Title: What is Privileged Identity Management? - Azure AD | Microsoft Docs
+ Title: What is Privileged Identity Management?
description: Provides an overview of Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Create Azure Ad Roles And Resource Roles Review https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md
Title: Create an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: Create an access review of Azure resource and Azure AD roles in PIM
description: Learn how to create an access review of Azure resource and Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Deployment Plan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-deployment-plan.md
Title: Plan a Privileged Identity Management deployment - Azure AD | Microsoft Docs
+ Title: Plan a Privileged Identity Management deployment
description: Learn how to deploy Privileged Identity Management (PIM) in your Azure AD organization. documentationcenter: ''
active-directory Pim Email Notifications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-email-notifications.md
Title: Email notifications in Privileged Identity Management (PIM) - Azure Active Directory | Microsoft Docs
+ Title: Email notifications in Privileged Identity Management (PIM)
description: Describes email notifications in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Getting Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-getting-started.md
Title: Start using PIM - Azure Active Directory | Microsoft Docs
+ Title: Start using PIM
description: Learn how to enable and get started using Azure AD Privileged Identity Management (PIM) in the Azure portal. documentationcenter: ''
active-directory Pim How To Activate Role https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-activate-role.md
Title: Activate Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
+ Title: Activate Azure AD roles in PIM
description: Learn how to activate Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim How To Add Role To User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md
Title: Assign Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
+ Title: Assign Azure AD roles in PIM
description: Learn how to assign Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim How To Change Default Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md
Title: Configure Azure AD role settings in PIM - Azure Active Directory
+ Title: Configure Azure AD role settings in PIM
description: Learn how to configure Azure AD role settings in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim How To Configure Security Alerts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts.md
Title: Security alerts for Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: Security alerts for Azure AD roles in PIM
description: Configure security alerts for Azure AD roles Privileged Identity Management in Azure Active Directory. documentationcenter: ''
active-directory Pim How To Renew Extend https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-renew-extend.md
Title: Renew Azure AD role assignments in PIM - Azure Active Directory | Microsoft Docs
+ Title: Renew Azure AD role assignments in PIM
description: Learn how to extend or renew Azure Active Directory role assignments in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim How To Require Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-require-mfa.md
Title: MFA or 2FA and Privileged Identity Management - Azure AD | Microsoft Docs
+ Title: MFA or 2FA and Privileged Identity Management
description: Learn how Azure AD Privileged Identity Management (PIM) validates multifactor authentication (MFA). documentationcenter: ''
active-directory Pim How To Use Audit Log https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-use-audit-log.md
Title: View audit log report for Azure AD roles in Azure AD PIM | Microsoft Docs
+ Title: View audit log report for Azure AD roles in Azure AD PIM
description: Learn how to view the audit log history for Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Perform Azure Ad Roles And Resource Roles Review https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md
Title: Perform an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: Perform an access review of Azure resource and Azure AD roles in PIM
description: Learn how to review access of Azure resource and Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Activate Your Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-activate-your-roles.md
Title: Activate Azure resource roles in PIM - Azure AD | Microsoft Docs
+ Title: Activate Azure resource roles in PIM
description: Learn how to activate your Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Approval Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-approval-workflow.md
Title: Approve requests for Azure resource roles in PIM - Azure AD | Microsoft Docs
+ Title: Approve requests for Azure resource roles in PIM
description: Learn how to approve or deny requests for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Assign Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md
Title: Assign Azure resource roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+ Title: Assign Azure resource roles in Privileged Identity Management
description: Learn how to assign Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Configure Alerts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-alerts.md
Title: Configure security alerts for Azure roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+ Title: Configure security alerts for Azure roles in Privileged Identity Management
description: Learn how to configure security alerts for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Configure Role Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings.md
Title: Configure Azure resource role settings in PIM - Azure Active Directory
+ Title: Configure Azure resource role settings in PIM
description: Learn how to configure Azure resource role settings in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Custom Role Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-custom-role-policy.md
Title: Use Azure custom roles in PIM - Azure AD | Microsoft Docs
+ Title: Use Azure custom roles in PIM
description: Learn how to use Azure custom roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Discover Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-discover-resources.md
Title: Discover Azure resources to manage in PIM - Azure AD | Microsoft Docs
+ Title: Discover Azure resources to manage in PIM
description: Learn how to discover Azure resources to manage in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Overview Dashboards https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-overview-dashboards.md
Title: Resource dashboards for access reviews in PIM - Azure AD | Microsoft Docs
+ Title: Resource dashboards for access reviews in PIM
description: Describes how to use a resource dashboard to perform an access review in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Resource Roles Renew Extend https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-renew-extend.md
Title: Renew Azure resource role assignments in PIM - Azure AD | Microsoft Docs
+ Title: Renew Azure resource role assignments in PIM
description: Learn how to extend or renew Azure resource role assignments in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-roles.md
Title: Roles you cannot manage in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+ Title: Roles you cannot manage in Privileged Identity Management
description: Describes the roles you cannot manage in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Pim Security Wizard https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-security-wizard.md
Title: Azure AD roles Discovery and insights (preview) in Privileged Identity Management former Security Wizard - Azure Active Directory
+ Title: Azure AD roles Discovery and insights (preview) in Privileged Identity Management former Security Wizard
description: Discovery and insights (formerly Security Wizard) help you convert permanent Azure AD role assignments to just-in-time assignments with Privileged Identity Management. documentationcenter: ''
active-directory Pim Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-troubleshoot.md
Title: Troubleshoot resource access denied in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+ Title: Troubleshoot resource access denied in Privileged Identity Management
description: Learn how to troubleshoot system errors with roles in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Powershell For Azure Ad Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/powershell-for-azure-ad-roles.md
Title: PowerShell for Azure AD roles in PIM - Azure AD | Microsoft Docs
+ Title: PowerShell for Azure AD roles in PIM
description: Manage Azure AD roles using PowerShell cmdlets in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Subscription Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/subscription-requirements.md
Title: License requirements to use Privileged Identity Management - Azure Active Directory | Microsoft Docs
+ Title: License requirements to use Privileged Identity Management
description: Describes the licensing requirements to use Azure AD Privileged Identity Management (PIM). documentationcenter: ''
active-directory Concept Activity Logs Azure Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md
Title: Azure Active Directory activity logs in Azure Monitor | Microsoft Docs
+ Title: Azure Active Directory activity logs in Azure Monitor
description: Introduction to Azure Active Directory activity logs in Azure Monitor
active-directory Concept All Sign Ins https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-all-sign-ins.md
Title: Sign-in logs (preview) in Azure Active Directory | Microsoft Docs
+ Title: Sign-in logs (preview) in Azure Active Directory
description: Conceptual information about Azure AD sign-in logs, including new features in preview.
active-directory Concept Audit Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-audit-logs.md
Title: Audit logs in Azure Active Directory | Microsoft Docs
+ Title: Audit logs in Azure Active Directory
description: Overview of the audit logs in Azure Active Directory.
active-directory Concept Provisioning Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-provisioning-logs.md
Title: Provisioning logs in Azure Active Directory | Microsoft Docs
+ Title: Provisioning logs in Azure Active Directory
description: Overview of the provisioning logs in Azure Active Directory.
active-directory Concept Sign Ins https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-sign-ins.md
Title: Sign-in logs in Azure Active Directory | Microsoft Docs
+ Title: Sign-in logs in Azure Active Directory
description: Conceptual information about Azure AD sign-in logs.
active-directory Concept Usage Insights Report https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-usage-insights-report.md
Title: Usage and insights report | Microsoft Docs
+ Title: Usage and insights report
description: Introduction to usage and insights report in the Azure portal
active-directory Howto Access Activity Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-access-activity-logs.md
Title: Access activity logs in Azure AD | Microsoft Docs
+ Title: Access activity logs in Azure AD
description: Learn how to choose the right method for accessing the activity logs in Azure AD.
active-directory Howto Analyze Activity Logs Log Analytics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics.md
Title: Analyze activity logs using Azure Monitor logs | Microsoft Docs
+ Title: Analyze activity logs using Azure Monitor logs
description: Learn how to analyze Azure Active Directory activity logs using Azure Monitor logs
active-directory Howto Configure Prerequisites For Reporting Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api.md
Title: Prerequisites for Azure Active Directory reporting API | Microsoft Docs
+ Title: Prerequisites for Azure Active Directory reporting API
description: Learn about the prerequisites to access the Azure AD reporting API
active-directory Howto Download Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-download-logs.md
Title: How to download logs in Azure Active Directory | Microsoft Docs
+ Title: How to download logs in Azure Active Directory
description: Learn how to download activity logs in Azure Active Directory.
active-directory Howto Integrate Activity Logs With Arcsight https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight.md
Title: Integrate logs with ArcSight using Azure Monitor | Microsoft Docs
+ Title: Integrate logs with ArcSight using Azure Monitor
description: Learn how to integrate Azure Active Directory logs with ArcSight using Azure Monitor
active-directory Howto Integrate Activity Logs With Log Analytics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md
Title: Stream Azure Active Directory logs to Azure Monitor logs | Microsoft Docs
+ Title: Stream Azure Active Directory logs to Azure Monitor logs
description: Learn how to integrate Azure Active Directory logs with Azure Monitor logs
active-directory Howto Integrate Activity Logs With Splunk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk.md
Title: Integrate Splunk using Azure Monitor | Microsoft Docs
+ Title: Integrate Splunk using Azure Monitor
description: Learn how to integrate Azure Active Directory logs with Splunk using Azure Monitor.
active-directory Howto Integrate Activity Logs With Sumologic https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic.md
Title: Stream logs to SumoLogic using Azure Monitor | Microsoft Docs
+ Title: Stream logs to SumoLogic using Azure Monitor
description: Learn how to integrate Azure Active Directory logs with SumoLogic using Azure Monitor.
active-directory Howto Manage Inactive User Accounts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-manage-inactive-user-accounts.md
Title: How to manage inactive user accounts in Azure AD | Microsoft Docs
+ Title: How to manage inactive user accounts in Azure AD
description: Learn about how to detect and handle user accounts in Azure AD that have become obsolete
active-directory Howto Troubleshoot Sign In Errors https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-troubleshoot-sign-in-errors.md
Title: How to troubleshoot sign-in errors reports | Microsoft Docs
+ Title: How to troubleshoot sign-in errors reports
description: Learn how to troubleshoot sign-in errors using Azure Active Directory reports in the Azure portal
active-directory Howto Use Azure Monitor Workbooks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md
Title: Azure Monitor workbooks for Azure Active Directory | Microsoft Docs
+ Title: Azure Monitor workbooks for Azure Active Directory
description: Learn how to use Azure Monitor workbooks for Azure Active Directory reports.
active-directory Howto Use Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-use-recommendations.md
Title: How to use Azure Active Directory recommendations | Microsoft Docs
+ Title: How to use Azure Active Directory recommendations
description: Learn how to use Azure Active Directory recommendations.
active-directory Overview Monitoring https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-monitoring.md
Title: What is Azure Active Directory monitoring? | Microsoft Docs
+ Title: What is Azure Active Directory monitoring?
description: Provides a general overview of Azure Active Directory monitoring.
active-directory Overview Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-recommendations.md
Title: What are Azure Active Directory recommendations? | Microsoft Docs
+ Title: What are Azure Active Directory recommendations?
description: Provides a general overview of Azure Active Directory recommendations.
active-directory Overview Reports https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-reports.md
Title: What are Azure Active Directory reports? | Microsoft Docs
+ Title: What are Azure Active Directory reports?
description: Provides a general overview of Azure Active Directory reports.
active-directory Overview Service Health Notifications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-service-health-notifications.md
Title: What are Service Health notifications in Azure Active Directory? | Microsoft Docs
+ Title: What are Service Health notifications in Azure Active Directory?
description: Learn how Service Health notifications provide you with a customizable dashboard that tracks the health of your Azure services in the regions where you use them.
active-directory Plan Monitoring And Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/plan-monitoring-and-reporting.md
Title: Plan reports & monitoring deployment - Azure AD
+ Title: Plan reports & monitoring deployment
description: Describes how to plan and execute implementation of reporting and monitoring.
active-directory Quickstart Access Log With Graph Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/quickstart-access-log-with-graph-api.md
Title: Access Azure AD logs with the Microsoft Graph API | Microsoft Docs
+ Title: Access Azure AD logs with the Microsoft Graph API
description: In this quickstart, you learn how you can access the sign-ins log using the Graph API.
active-directory Quickstart Azure Monitor Route Logs To Storage Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md
Title: Tutorial - Archive directory logs to a storage account | Microsoft Docs
+ Title: Tutorial - Archive directory logs to a storage account
description: Learn how to set up Azure Diagnostics to push Azure Active Directory logs to a storage account
active-directory Recommendation Mfa From Known Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-mfa-from-known-devices.md
Title: Azure Active Directory recommendation - Minimize MFA prompts from known devices in Azure AD | Microsoft Docs
+ Title: Azure Active Directory recommendation - Minimize MFA prompts from known devices in Azure AD
description: Learn why you should minimize MFA prompts from known devices in Azure AD.
active-directory Recommendation Migrate Apps From Adfs To Azure Ad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-migrate-apps-from-adfs-to-azure-ad.md
Title: Azure Active Directory recommendation - Migrate apps from ADFS to Azure AD in Azure AD | Microsoft Docs
+ Title: Azure Active Directory recommendation - Migrate apps from ADFS to Azure AD in Azure AD
description: Learn why you should migrate apps from ADFS to Azure AD in Azure AD
active-directory Recommendation Migrate To Authenticator https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md
Title: Azure Active Directory recommendation - Migrate to Microsoft authenticator | Microsoft Docs
+ Title: Azure Active Directory recommendation - Migrate to Microsoft authenticator
description: Learn why you should migrate your users to the Microsoft authenticator app in Azure AD.
active-directory Recommendation Remove Unused Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-remove-unused-apps.md
Title: Azure Active Directory recommendation - Remove unused apps (preview) | Microsoft Docs
+ Title: Azure Active Directory recommendation - Remove unused apps (preview)
description: Learn why you should remove unused apps.
active-directory Recommendation Remove Unused Credential From Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-remove-unused-credential-from-apps.md
Title: Azure Active Directory recommendation - Remove unused credentials from apps (preview) | Microsoft Docs
+ Title: Azure Active Directory recommendation - Remove unused credentials from apps (preview)
description: Learn why you should remove unused credentials from apps.
active-directory Recommendation Renew Expiring Application Credential https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-renew-expiring-application-credential.md
Title: Azure Active Directory recommendation - Renew expiring application credentials (preview) | Microsoft Docs
+ Title: Azure Active Directory recommendation - Renew expiring application credentials (preview)
description: Learn why you should renew expiring application credentials.
active-directory Recommendation Renew Expiring Service Principal Credential https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-renew-expiring-service-principal-credential.md
Title: Azure Active Directory recommendation - Renew expiring service principal credentials (preview) | Microsoft Docs
+ Title: Azure Active Directory recommendation - Renew expiring service principal credentials (preview)
description: Learn why you should renew expiring service principal credentials.
active-directory Recommendation Turn Off Per User Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-turn-off-per-user-mfa.md
Title: Azure Active Directory recommendation - Turn off per user MFA in Azure AD | Microsoft Docs
+ Title: Azure Active Directory recommendation - Turn off per user MFA in Azure AD
description: Learn why you should turn off per user MFA in Azure AD
active-directory Reference Audit Activities https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-audit-activities.md
Title: Azure Active Directory (Azure AD) audit activity reference | Microsoft Docs
+ Title: Azure Active Directory (Azure AD) audit activity reference
description: Get an overview of the audit activities that can be logged in your audit logs in Azure Active Directory (Azure AD).
active-directory Reference Azure Ad Sla Performance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-azure-ad-sla-performance.md
Title: Azure Active Directory SLA performance | Microsoft Docs
+ Title: Azure Active Directory SLA performance
description: Learn about the Azure AD SLA performance
active-directory Reference Azure Monitor Sign Ins Log Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-azure-monitor-sign-ins-log-schema.md
Title: Sign-in log schema in Azure Monitor | Microsoft Docs
+ Title: Sign-in log schema in Azure Monitor
description: Describe the Azure AD sign-in log schema for use in Azure Monitor
active-directory Reference Basic Info Sign In Logs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-basic-info-sign-in-logs.md
Title: Basic info in the Azure AD sign-in logs | Microsoft Docs
+ Title: Basic info in the Azure AD sign-in logs
description: Learn what the basic info in the sign-in logs is about.
active-directory Reference Powershell Reporting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-powershell-reporting.md
Title: Azure AD PowerShell cmdlets for reporting | Microsoft Docs
+ Title: Azure AD PowerShell cmdlets for reporting
description: Reference of the Azure AD PowerShell cmdlets for reporting.
active-directory Reference Reports Data Retention https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-reports-data-retention.md
Title: Azure Active Directory data retention | Microsoft Docs
+ Title: Azure Active Directory data retention
description: Learn how long Azure Active Directory stores the various types of reporting data.
active-directory Troubleshoot Audit Data Verified Domain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/troubleshoot-audit-data-verified-domain.md
Title: 'Troubleshoot audit data of verified domain change | Microsoft Docs'
+ Title: 'Troubleshoot audit data of verified domain change '
description: Provides you with information that will appear in the Azure Active Directory activity logs when you change a users verified domain.
active-directory Tutorial Azure Monitor Stream Logs To Event Hub https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md
Title: Tutorial - Stream logs to an Azure event hub | Microsoft Docs
+ Title: Tutorial - Stream logs to an Azure event hub
description: Learn how to set up Azure Diagnostics to push Azure Active Directory logs to an event hub
active-directory Tutorial Log Analytics Wizard https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/tutorial-log-analytics-wizard.md
Title: Configure a log analytics workspace in Azure AD | Microsoft Docs
+ Title: Configure a log analytics workspace in Azure AD
description: Learn how to configure log analytics.
active-directory Workbook Authentication Prompts Analysis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-authentication-prompts-analysis.md
Title: Authentication prompts analysis workbook in Azure AD | Microsoft Docs
+ Title: Authentication prompts analysis workbook in Azure AD
description: Learn how to use the authentication prompts analysis workbook.
active-directory Workbook Conditional Access Gap Analyzer https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer.md
Title: Conditional access gap analyzer workbook in Azure AD | Microsoft Docs
+ Title: Conditional access gap analyzer workbook in Azure AD
description: Learn how to use the conditional access gap analyzer workbook.
active-directory Workbook Cross Tenant Access Activity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-cross-tenant-access-activity.md
Title: Cross-tenant access activity workbook in Azure AD | Microsoft Docs
+ Title: Cross-tenant access activity workbook in Azure AD
description: Learn how to use the cross-tenant access activity workbook.
active-directory Workbook Legacy Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-legacy-authentication.md
Title: Sign-ins using legacy authentication workbook in Azure AD | Microsoft Docs
+ Title: Sign-ins using legacy authentication workbook in Azure AD
description: Learn how to use the sign-ins using legacy authentication workbook.
active-directory Workbook Mfa Gaps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-mfa-gaps.md
Title: Multifactor Authentication Gaps workbook in Azure AD | Microsoft Docs
+ Title: Multifactor Authentication Gaps workbook in Azure AD
description: Learn how to use the MFA Gaps workbook.
active-directory Workbook Risk Analysis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-risk-analysis.md
Title: Identity protection risk analysis workbook in Azure AD | Microsoft Docs
+ Title: Identity protection risk analysis workbook in Azure AD
description: Learn how to use the identity protection risk analysis workbook.
active-directory Workbook Sensitive Operations Report https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-sensitive-operations-report.md
Title: Sensitive operations report workbook in Azure AD | Microsoft Docs
+ Title: Sensitive operations report workbook in Azure AD
description: Learn how to use the sensitive operations report workbook.
active-directory Admin Units Assign Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-assign-roles.md
Title: Assign or list Azure AD roles with administrative unit scope - Azure Active Directory | Microsoft Docs
+ Title: Assign or list Azure AD roles with administrative unit scope
description: Use administrative units to restrict the scope of role assignments in Azure Active Directory. documentationcenter: ''
active-directory Admin Units Manage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-manage.md
Title: Create or delete administrative units - Azure Active Directory
+ Title: Create or delete administrative units
description: Create administrative units to restrict the scope of role permissions in Azure Active Directory. documentationcenter: ''
active-directory Admin Units Members Add https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-add.md
Title: Add users, groups, or devices to an administrative unit - Azure Active Directory
+ Title: Add users, groups, or devices to an administrative unit
description: Add users, groups, or devices to an administrative unit in Azure Active Directory documentationcenter: ''
active-directory Admin Units Members Dynamic https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-dynamic.md
Title: Manage users or devices for an administrative unit with dynamic membership rules (Preview) - Azure Active Directory
+ Title: Manage users or devices for an administrative unit with dynamic membership rules (Preview)
description: Manage users or devices for an administrative unit with dynamic membership rules (Preview) in Azure Active Directory documentationcenter: ''
active-directory Admin Units Members List https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-list.md
Title: List users, groups, or devices in an administrative unit - Azure Active Directory
+ Title: List users, groups, or devices in an administrative unit
description: List users, groups, or devices in an administrative unit in Azure Active Directory. documentationcenter: ''
active-directory Admin Units Members Remove https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-remove.md
Title: Remove users, groups, or devices from an administrative unit - Azure Active Directory
+ Title: Remove users, groups, or devices from an administrative unit
description: Remove users, groups, or devices from an administrative unit in Azure Active Directory documentationcenter: ''
active-directory Administrative Units https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/administrative-units.md
Title: Administrative units in Azure Active Directory | Microsoft Docs
+ Title: Administrative units in Azure Active Directory
description: Use administrative units for more granular delegation of permissions in Azure Active Directory. documentationcenter: ''
active-directory Assign Roles Different Scopes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/assign-roles-different-scopes.md
Title: Assign Azure AD roles at different scopes - Azure Active Directory
+ Title: Assign Azure AD roles at different scopes
description: Learn how to assign roles at different scopes in Azure Active Directory
active-directory Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/best-practices.md
Title: Best practices for Azure AD roles - Azure Active Directory
+ Title: Best practices for Azure AD roles
description: Best practices for using Azure Active Directory roles.
active-directory Custom Assign Graph https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-assign-graph.md
Title: Assign Azure AD admin roles with Microsoft Graph API | Microsoft Docs
+ Title: Assign Azure AD admin roles with Microsoft Graph API
description: Assign and remove Azure AD administrator roles with Graph API in Azure Active Directory
active-directory Custom Assign Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-assign-powershell.md
Title: Assign custom roles using Azure AD PowerShell - Azure AD | Microsoft Docs
+ Title: Assign custom roles using Azure AD PowerShell
description: Manage members of an Azure AD administrator custom role with Azure AD PowerShell.
active-directory Custom Available Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-available-permissions.md
Title: Custom role permissions for app registration - Azure AD | Microsoft Docs
+ Title: Custom role permissions for app registration
description: Delegate custom administrator role permissions for managing app registrations.
active-directory Custom Consent Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-consent-permissions.md
Title: App consent permissions for custom roles in Azure Active Directory | Microsoft Docs
+ Title: App consent permissions for custom roles in Azure Active Directory
description: Preview app consent permissions for custom Azure AD roles in the Azure portal, PowerShell, or Graph API.
active-directory Custom Create https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-create.md
Title: Create custom roles in Azure AD role-based access control | Microsoft Docs
+ Title: Create custom roles in Azure AD role-based access control
description: Create and assign custom Azure AD roles with resource scope on Azure Active Directory resources.
active-directory Custom Device Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-device-permissions.md
Title: Device management permissions for Azure AD custom roles - Azure Active Directory
+ Title: Device management permissions for Azure AD custom roles
description: Device management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API.
active-directory Custom Enterprise App Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-enterprise-app-permissions.md
Title: App permissions for custom roles in Azure Active Directory | Microsoft Docs
+ Title: App permissions for custom roles in Azure Active Directory
description: Preview enterprise app permissions for custom Azure AD roles in the Azure portal, PowerShell, or Graph API.
active-directory Custom Group Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-group-permissions.md
Title: Group management permissions for Azure AD custom roles - Azure Active Directory
+ Title: Group management permissions for Azure AD custom roles
description: Group management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API.
active-directory Custom User Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-user-permissions.md
Title: User management permissions for Azure AD custom roles (preview) - Azure Active Directory
+ Title: User management permissions for Azure AD custom roles (preview)
description: User management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API.
active-directory Delegate App Roles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/delegate-app-roles.md
Title: Delegate application management administrator permissions - Azure AD | Microsoft Docs
+ Title: Delegate application management administrator permissions
description: Grant permissions for application access management in Azure Active Directory documentationcenter: ''
active-directory Delegate By Task https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/delegate-by-task.md
Title: Least privileged roles by task - Azure Active Directory | Microsoft Docs
+ Title: Least privileged roles by task
description: Least privileged roles to delegate for tasks in Azure Active Directory documentationcenter: ''
active-directory Groups Assign Role https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-assign-role.md
Title: Assign Azure AD roles to groups - Azure Active Directory
+ Title: Assign Azure AD roles to groups
description: Assign Azure AD roles to role-assignable groups in the Azure portal, PowerShell, or Graph API.
active-directory Groups Concept https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-concept.md
Title: Use Azure AD groups to manage role assignments - Azure Active Directory
+ Title: Use Azure AD groups to manage role assignments
description: Use Azure AD groups to simplify role assignment management in Azure Active Directory.
active-directory Groups Create Eligible https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-create-eligible.md
Title: Create a group for assigning roles in Azure Active Directory | Microsoft Docs
+ Title: Create a group for assigning roles in Azure Active Directory
description: Learn how to create a role-assignable group in Azure AD. Manage Azure roles in the Azure portal, PowerShell, or Graph API.
active-directory Groups Pim Eligible https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-pim-eligible.md
Title: Assign a role to a group using Privileged Identity Management in Azure AD | Microsoft Docs
+ Title: Assign a role to a group using Privileged Identity Management in Azure AD
description: Learn how you can assign an Azure Active Directory (Azure AD) role to a group using Azure AD Privileged Identity Management (PIM).
active-directory Groups View Assignments https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-view-assignments.md
Title: View roles assigned to a group in Azure Active Directory | Microsoft Docs
+ Title: View roles assigned to a group in Azure Active Directory
description: Learn how the roles assigned to a group can be viewed using the Azure portal. Viewing groups and assigned roles are default user permissions.
active-directory List Role Assignments Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/list-role-assignments-users.md
Title: List Azure AD role assignments for a user - Azure Active Directory
+ Title: List Azure AD role assignments for a user
description: Learn how to list Azure AD roles assignments of a user
active-directory M365 Workload Docs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/m365-workload-docs.md
Title: Admin role docs across Microsoft 365 services - Azure AD | Microsoft Docs
+ Title: Admin role docs across Microsoft 365 services
description: Find content and API references for administrator roles for Microsoft 365 services in Azure Active Directory documentationcenter: ''
active-directory Manage Roles Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/manage-roles-portal.md
Title: Assign Azure AD roles to users - Azure Active Directory
+ Title: Assign Azure AD roles to users
description: Learn how to grant access to users in Azure Active Directory by assigning Azure AD roles.
active-directory My Staff Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/my-staff-configure.md
Title: Use My Staff to delegate user management - Azure AD | Microsoft Docs
+ Title: Use My Staff to delegate user management
description: Delegate user management using My Staff and administrative units documentationcenter: ''
active-directory Permissions Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/permissions-reference.md
Title: Azure AD built-in roles - Azure Active Directory
+ Title: Azure AD built-in roles
description: Describes the Azure Active Directory built-in roles and permissions.
active-directory Prerequisites https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/prerequisites.md
Title: Prerequisites to use PowerShell or Graph Explorer for Azure AD roles - Azure Active Directory
+ Title: Prerequisites to use PowerShell or Graph Explorer for Azure AD roles
description: Prerequisites to use PowerShell or Graph Explorer for Azure Active Directory roles. documentationcenter: ''
active-directory Quickstart App Registration Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/quickstart-app-registration-limits.md
Title: Remove limits on creating app registrations - Azure AD | Microsoft Docs
+ Title: Remove limits on creating app registrations
description: Assign a custom role to grant unrestricted app registrations in the Azure AD Active Directory
active-directory Role Definitions List https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/role-definitions-list.md
Title: List Azure AD role definitions - Azure AD
+ Title: List Azure AD role definitions
description: Learn how to list Azure built-in and custom roles.
active-directory Security Emergency Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/security-emergency-access.md
Title: Manage emergency access admin accounts - Azure AD
+ Title: Manage emergency access admin accounts
description: This article describes how to use emergency access accounts to help prevent being inadvertently locked out of your Azure Active Directory (Azure AD) organization.
active-directory Security Planning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/security-planning.md
Title: Secure access practices for administrators in Azure AD | Microsoft Docs
+ Title: Secure access practices for administrators in Azure AD
description: Ensure that your organization's administrative access and administrator accounts are secure. For system architects and IT pros who configure Azure AD, Azure, and Microsoft Online Services. keywords:
active-directory 123Formbuilder Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/123formbuilder-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with 123FormBuilder SSO | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with 123FormBuilder SSO'
description: Learn how to configure single sign-on between Azure Active Directory and 123FormBuilder SSO.
active-directory 15Five Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/15five-provisioning-tutorial.md
Title: 'Tutorial: Configure 15Five for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure 15Five for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to 15Five.
active-directory 15Five Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/15five-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with 15Five | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with 15Five'
description: Learn how to configure single sign-on between Azure Active Directory and 15Five.
active-directory 360Online Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/360online-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with 360 Online | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with 360 Online'
description: Learn how to configure single sign-on between Azure Active Directory and 360 Online.
active-directory 4Me Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/4me-provisioning-tutorial.md
Title: 'Tutorial: Configure 4me for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure 4me for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to 4me.
active-directory 4Me Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/4me-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 4me | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 4me'
description: Learn how to configure single sign-on between Azure Active Directory and 4me.
active-directory 8X8 Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/8x8-provisioning-tutorial.md
Title: 'Tutorial: Configure 8x8 for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure 8x8 for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to 8x8.
active-directory 8X8virtualoffice Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/8x8virtualoffice-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 8x8 | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 8x8'
description: Learn how to configure single sign-on between Azure Active Directory and 8x8.
active-directory A Cloud Guru Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/a-cloud-guru-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with A Cloud Guru | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with A Cloud Guru'
description: Learn how to configure single sign-on between Azure Active Directory and A Cloud Guru.
active-directory Abbyy Flexicapture Cloud Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abbyy-flexicapture-cloud-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ABBYY FlexiCapture Cloud | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ABBYY FlexiCapture Cloud'
description: Learn how to configure single sign-on between Azure Active Directory and ABBYY FlexiCapture Cloud.
active-directory Abintegro Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abintegro-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Abintegro | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Abintegro'
description: Learn how to configure single sign-on between Azure Active Directory and Abintegro.
active-directory Absorblms Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/absorblms-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Absorb LMS | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Absorb LMS'
description: Learn how to configure single sign-on between Azure Active Directory and Absorb LMS.
active-directory Abstract Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abstract-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Abstract | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Abstract'
description: Learn how to configure single sign-on between Azure Active Directory and Abstract.
active-directory Academy Attendance Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/academy-attendance-tutorial.md
Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Academy Attendance | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Academy Attendance"
description: Learn how to configure single sign-on between Azure Active Directory and Academy Attendance.
active-directory Acadia Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acadia-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Acadia | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Acadia'
description: Learn how to configure single sign-on between Azure Active Directory and Acadia.
active-directory Accenture Academy Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/accenture-academy-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Accenture Academy | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Accenture Academy'
description: Learn how to configure single sign-on between Azure Active Directory and Accenture Academy.
active-directory Accredible Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/accredible-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Accredible | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Accredible'
description: Learn how to configure single sign-on between Azure Active Directory and Accredible.
active-directory Acquireio Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acquireio-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AcquireIO | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AcquireIO'
description: Learn how to configure single sign-on between Azure Active Directory and AcquireIO.
active-directory Active And Thriving Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/active-and-thriving-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Active and Thriving | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Active and Thriving'
description: Learn how to configure single sign-on between Azure Active Directory and Active and Thriving.
active-directory Acunetix 360 Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acunetix-360-provisioning-tutorial.md
Title: 'Tutorial: Configure Acunetix 360 for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Acunetix 360 for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Acunetix 360.
active-directory Acunetix 360 Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acunetix-360-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Acunetix 360 | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Acunetix 360'
description: Learn how to configure single sign-on between Azure Active Directory and Acunetix 360.
active-directory Adaptivesuite Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adaptivesuite-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Adaptive Insights | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Adaptive Insights'
description: Learn how to configure single sign-on between Azure Active Directory and Adaptive Insights.
active-directory Adglobalview Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adglobalview-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated) | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated)'
description: Learn how to configure single sign-on between Azure Active Directory and ADP Globalview (Deprecated).
active-directory Adobe Creative Cloud Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-creative-cloud-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Adobe Creative Cloud | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Adobe Creative Cloud'
description: Learn how to configure single sign-on between Azure Active Directory and Adobe Creative Cloud.
active-directory Adobe Echosign Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-echosign-tutorial.md
Title: 'Tutorial: Azure AD SSO integration with Adobe Sign | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with Adobe Sign'
description: Learn how to configure single sign-on between Azure Active Directory and Adobe Sign.
active-directory Adobe Identity Management Provisioning Oidc Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md
Title: 'Tutorial: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Adobe Identity Management (OIDC). documentationcenter: ''
active-directory Adobe Identity Management Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial.md
Title: 'Tutorial: Configure Adobe Identity Management for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Adobe Identity Management for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Adobe Identity Management. documentationcenter: ''
active-directory Adobecaptivateprime Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobecaptivateprime-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Adobe Captivate Prime | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Adobe Captivate Prime'
description: Learn how to configure single sign-on between Azure Active Directory and Adobe Captivate Prime.
active-directory Adobeexperiencemanager Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobeexperiencemanager-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Adobe Experience Manager | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Adobe Experience Manager'
description: Learn how to configure single sign-on between Azure Active Directory and Adobe Experience Manager.
active-directory Adpfederatedsso Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adpfederatedsso-tutorial.md
Upon receipt of confirmation from your ADP representative, configure your ADP se
### Configure ADP to support multiple instances in the same tenant
-1. Go to **Basic SAML Configuration** section and configure another test value in **Identifier (Entity ID)** textbox.
+1. Go to **Basic SAML Configuration** section and enter any instance specific URL in the **Identifier (Entity ID)** textbox.
+
+ > [!NOTE]
+ > Please note that this can be any random value which you feel relevant for your instance.
![Screenshot shows how to configure another test instance value.](./media/adpfederatedsso-tutorial/append.png "Test")
Upon receipt of confirmation from your ADP representative, configure your ADP se
1. Enable **Override audience claim** checkbox.
- 1. In the **Audience claim value** textbox, enter **Identifier (Entity ID)** value, which you've copied from **Basic SAML Configuration** section and click **Save**.
+ 1. In the **Audience claim value** textbox, enter `https://fed.adp.com` and click **Save**.
1. Navigate to **Properties** tab under Manage section and copy **Application ID** from the Azure portal.
active-directory Advance Kerbf5 Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/advance-kerbf5-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on integration with F5 | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on integration with F5'
description: In this article, learn the steps you need to perform to integrate F5 with Azure Active Directory (Azure AD).
active-directory Agiloft Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/agiloft-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Agiloft Contract Management Suite | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Agiloft Contract Management Suite'
description: Learn how to configure single sign-on between Azure Active Directory and Agiloft Contract Management Suite.
active-directory Aha Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aha-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Aha! | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Aha!'
description: Learn how to configure single sign-on between Azure Active Directory and Aha!.
active-directory Airstack Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airstack-provisioning-tutorial.md
Title: 'Tutorial: Configure Airstack for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Airstack for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Airstack.
active-directory Airstack Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airstack-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Airstack | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Airstack'
description: Learn how to configure single sign-on between Azure Active Directory and Airstack.
active-directory Airtable Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airtable-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Airtable | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Airtable'
description: Learn how to configure single sign-on between Azure Active Directory and Airtable.
active-directory Akamai Enterprise Application Access Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/akamai-enterprise-application-access-provisioning-tutorial.md
Title: 'Tutorial: Configure Akamai Enterprise Application Access for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Akamai Enterprise Application Access for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Akamai Enterprise Application Access.
active-directory Akashi Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/akashi-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AKASHI | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AKASHI'
description: Learn how to configure single sign-on between Azure Active Directory and AKASHI.
active-directory Alacritylaw Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alacritylaw-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlacrityLaw | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlacrityLaw'
description: Learn how to configure single sign-on between Azure Active Directory and AlacrityLaw.
active-directory Alcumus Info Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alcumus-info-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Alcumus Info Exchange | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Alcumus Info Exchange'
description: Learn how to configure single sign-on between Azure Active Directory and Alcumus Info Exchange.
active-directory Alertmedia Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alertmedia-provisioning-tutorial.md
Title: 'Tutorial: Configure AlertMedia for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure AlertMedia for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to AlertMedia. documentationcenter: ''
active-directory Alertmedia Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alertmedia-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlertMedia | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlertMedia'
description: Learn how to configure single sign-on between Azure Active Directory and AlertMedia.
active-directory Alexishr Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alexishr-provisioning-tutorial.md
Title: 'Tutorial: Configure AlexisHR for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure AlexisHR for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to AlexisHR.
active-directory Alibaba Cloud Service Role Based Sso Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alibaba-cloud-service-role-based-sso-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Alibaba Cloud Service (Role-based SSO) | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Alibaba Cloud Service (Role-based SSO)'
description: Learn how to configure single sign-on between Azure Active Directory and Alibaba Cloud Service (Role-based SSO).
active-directory Alinto Protect Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alinto-protect-provisioning-tutorial.md
Title: 'Tutorial: Configure Alinto Protect for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Alinto Protect for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Alinto Protect.
active-directory Ally Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ally-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ally.io | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ally.io'
description: Learn how to configure single sign-on between Azure Active Directory and Ally.io.
active-directory Amazon Business Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amazon-business-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Amazon Business | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Amazon Business'
description: Learn how to configure single sign-on between Azure Active Directory and Amazon Business.
active-directory Amazon Managed Grafana Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amazon-managed-grafana-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amazon Managed Grafana | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amazon Managed Grafana'
description: Learn how to configure single sign-on between Azure Active Directory and Amazon Managed Grafana.
active-directory Amplitude Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amplitude-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amplitude | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amplitude'
description: Learn how to configure single sign-on between Azure Active Directory and Amplitude.
active-directory Anaqua Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/anaqua-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with ANAQUA | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with ANAQUA'
description: Learn how to configure single sign-on between Azure Active Directory and ANAQUA.
active-directory Andfrankly Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/andfrankly-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with &frankly | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with &frankly'
description: Learn how to configure single sign-on between Azure Active Directory and &frankly.
active-directory Andromedascm Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/andromedascm-tutorial.md
Title: "Tutorial: Azure Active Directory integration with Andromeda | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory integration with Andromeda"
description: Learn how to configure single sign-on between Azure Active Directory and Andromeda.
active-directory Animaker Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/animaker-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Animaker | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Animaker'
description: Learn how to configure single sign-on between Azure Active Directory and Animaker.
active-directory Apexportal Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apexportal-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Apex Portal | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Apex Portal'
description: Learn how to configure single sign-on between Azure Active Directory and Apex Portal.
active-directory Appaegis Isolation Access Cloud Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appaegis-isolation-access-cloud-provisioning-tutorial.md
Title: 'Tutorial: Configure Appaegis Isolation Access Cloud for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Appaegis Isolation Access Cloud for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Appaegis Isolation Access Cloud.
active-directory Appblade Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appblade-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with AppBlade | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with AppBlade'
description: Learn how to configure single sign-on between Azure Active Directory and AppBlade.
active-directory Appdynamics Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appdynamics-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with AppDynamics | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with AppDynamics'
description: Learn how to configure single sign-on between Azure Active Directory and AppDynamics.
active-directory Appian Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appian-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Appian | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Appian'
description: Learn how to configure single sign-on between Azure Active Directory and Appian.
active-directory Appinux Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appinux-tutorial.md
Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Appinux | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Appinux"
description: Learn how to configure single sign-on between Azure Active Directory and Appinux.
active-directory Apple Business Manager Provision Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apple-business-manager-provision-tutorial.md
Title: 'Tutorial: Configure Apple Business Manager for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Apple Business Manager for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Apple Business Manager. documentationcenter: ''
active-directory Apple School Manager Provision Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apple-school-manager-provision-tutorial.md
Title: 'Tutorial: Configure Apple School Manager for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Apple School Manager for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Apple School Manager. documentationcenter: ''
active-directory Applied Mental Health Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/applied-mental-health-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Applied Mental Health | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Applied Mental Health'
description: Learn how to configure single sign-on between Azure Active Directory and Applied Mental Health.
active-directory Appraisd Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appraisd-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Appraisd | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Appraisd'
description: Learn how to configure single sign-on between Azure Active Directory and Appraisd.
active-directory Apptio Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apptio-tutorial.md
Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Apptio | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Apptio"
description: Learn how to configure single sign-on between Azure Active Directory and Apptio.
active-directory Aravo Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aravo-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Aravo | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Aravo'
description: Learn how to configure single sign-on between Azure Active Directory and Aravo.
active-directory Arc Facilities Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arc-facilities-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ARC Facilities | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ARC Facilities'
description: Learn how to configure single sign-on between Azure Active Directory and ARC Facilities.
active-directory Arc Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arc-tutorial.md
Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Arc Publishing - SSO | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Arc Publishing - SSO"
description: Learn how to configure single sign-on between Azure Active Directory and Arc Publishing - SSO.
active-directory Arcgis Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arcgis-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with ArcGIS Online | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with ArcGIS Online'
description: Learn how to configure single sign-on between Azure Active Directory and ArcGIS Online.
active-directory Ardoq Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ardoq-provisioning-tutorial.md
Title: 'Tutorial: Configure Ardoq for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Ardoq for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Ardoq.
active-directory Ardoq Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ardoq-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ardoq | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ardoq'
description: Learn how to configure single sign-on between Azure Active Directory and Ardoq.
active-directory Ares For Enterprise Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ares-for-enterprise-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with ARES for Enterprise | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with ARES for Enterprise'
description: Learn how to configure single sign-on between Azure Active Directory and ARES for Enterprise.
active-directory Ariba Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ariba-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Ariba | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Ariba'
description: Learn how to configure single sign-on between Azure Active Directory and Ariba.
active-directory Aruba User Experience Insight Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aruba-user-experience-insight-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Aruba User Experience Insight | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Aruba User Experience Insight'
description: Learn how to configure single sign-on between Azure Active Directory and Aruba User Experience Insight.
active-directory Asana Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/asana-provisioning-tutorial.md
Title: 'Tutorial: Configure Asana for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Asana for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Asana.
active-directory Ascentis Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ascentis-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Ascentis | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Ascentis'
description: Learn how to configure single sign-on between Azure Active Directory and Ascentis.
active-directory Askspoke Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askspoke-provisioning-tutorial.md
Title: "Tutorial: Configure askSpoke for automatic user provisioning with Azure Active Directory | Microsoft Docs"
+ Title: "Tutorial: Configure askSpoke for automatic user provisioning with Azure Active Directory"
description: Learn how to automatically provision and de-provision user accounts from Azure AD to askSpoke. documentationcenter: ""
active-directory Askspoke Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askspoke-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with askSpoke | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with askSpoke'
description: Learn how to configure single sign-on between Azure Active Directory and askSpoke.
active-directory Askyourteam Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askyourteam-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AskYourTeam | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AskYourTeam'
description: Learn how to configure single sign-on between Azure Active Directory and AskYourTeam.
active-directory Assetbank Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/assetbank-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Asset Bank | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Asset Bank'
description: Learn how to configure single sign-on between Azure Active Directory and Asset Bank.
active-directory Assetsonar Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/assetsonar-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AssetSonar | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AssetSonar'
description: Learn how to configure single sign-on between Azure Active Directory and AssetSonar.
active-directory Astra Schedule Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/astra-schedule-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Astra Schedule | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Astra Schedule'
description: Learn how to configure single sign-on between Azure Active Directory and Astra Schedule.
active-directory Atea Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atea-provisioning-tutorial.md
Title: 'Tutorial: Configure Atea for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Atea for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atea.
active-directory Atlassian Cloud Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial.md
Title: 'Tutorial: Configure Atlassian Cloud for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Atlassian Cloud for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atlassian Cloud. documentationcenter: ''
active-directory Atmos Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atmos-provisioning-tutorial.md
Title: 'Tutorial: Configure Atmos for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Atmos for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atmos.
active-directory Attendancemanagementservices Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/attendancemanagementservices-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Attendance Management Services | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Attendance Management Services'
description: Learn how to configure single sign-on between Azure Active Directory and Attendance Management Services.
active-directory Auditboard Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/auditboard-provisioning-tutorial.md
Title: 'Tutorial: Configure AuditBoard for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure AuditBoard for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to AuditBoard. documentationcenter: ''
active-directory Auditboard Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/auditboard-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with AuditBoard | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with AuditBoard'
description: Learn how to configure single sign-on between Azure Active Directory and AuditBoard.
active-directory Autodesk Sso Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autodesk-sso-provisioning-tutorial.md
Title: 'Tutorial: Configure Autodesk SSO for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Autodesk SSO for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Autodesk SSO.
active-directory Autodesk Sso Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autodesk-sso-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Autodesk SSO | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Autodesk SSO'
description: Learn how to configure single sign-on between Azure Active Directory and Autodesk SSO.
active-directory Autotaskendpointbackup Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autotaskendpointbackup-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Autotask Endpoint Backup | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Autotask Endpoint Backup'
description: Learn how to configure single sign-on between Azure Active Directory and Autotask Endpoint Backup.
active-directory Autotaskworkplace Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autotaskworkplace-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Autotask Workplace | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Autotask Workplace'
description: Learn how to configure single sign-on between Azure Active Directory and Autotask Workplace.
active-directory Awarego Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/awarego-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AwareGo | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AwareGo'
description: Learn how to configure single sign-on between Azure Active Directory and AwareGo.
active-directory Aws Clientvpn Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-clientvpn-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AWS ClientVPN | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AWS ClientVPN'
description: Learn how to configure single sign-on between Azure Active Directory and AWS ClientVPN.
active-directory Aws Multi Accounts Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-multi-accounts-tutorial.md
Title: "Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts | Microsoft Docs"
+ Title: "Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts"
description: Learn how to configure single sign-on between Azure AD and Amazon Web Services (legacy tutorial).
active-directory Aws Single Sign On Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md
Title: 'Tutorial: Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to AWS IAM Identity Center. documentationcenter: ''
active-directory Baldwin Safety & Compliance Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/baldwin-safety-&-compliance-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Baldwin Safety and Compliance | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Baldwin Safety and Compliance'
description: Learn how to configure single sign-on between Azure Active Directory and Baldwin Safety and Compliance.
active-directory Bamboo Hr Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bamboo-hr-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with BambooHR | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with BambooHR'
description: Learn how to configure single sign-on between Azure Active Directory and BambooHR.
active-directory Bamboo Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bamboo-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bamboo by resolution GmbH | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bamboo by resolution GmbH'
description: Learn how to configure single sign-on between Azure Active Directory and SAML SSO for Bamboo by resolution GmbH.
active-directory Banyan Command Center Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/banyan-command-center-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform'
description: Learn how to configure single sign-on between Azure Active Directory and Banyan Security Zero Trust Remote Access Platform.
active-directory Beautiful.Ai Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beautiful.ai-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beautiful.ai | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beautiful.ai'
description: Learn how to configure single sign-on between Azure Active Directory and Beautiful.ai.
active-directory Beekeeper Azure Ad Data Connector Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beekeeper-azure-ad-data-connector-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beekeeper Azure AD SSO | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beekeeper Azure AD SSO'
description: Learn how to configure single sign-on between Azure Active Directory and Beekeeper Azure AD SSO.
active-directory Beeline Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beeline-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Beeline | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Beeline'
description: Learn how to configure single sign-on between Azure Active Directory and Beeline.
active-directory Benchling Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/benchling-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Benchling | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Benchling'
description: Learn how to configure single sign-on between Azure Active Directory and Benchling.
active-directory Benq Iam Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/benq-iam-provisioning-tutorial.md
Title: 'Tutorial: Configure BenQ IAM for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BenQ IAM for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BenQ IAM.
active-directory Bentley Automatic User Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bentley-automatic-user-provisioning-tutorial.md
Title: 'Tutorial: Configure Bentley - Automatic User Provisioning for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Bentley - Automatic User Provisioning for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Bentley - Automatic User Provisioning. documentationcenter: ''
active-directory Bersin Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bersin-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Bersin | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Bersin'
description: Learn how to configure single sign-on between Azure Active Directory and Bersin.
active-directory Beyond Identity Admin Console Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beyond-identity-admin-console-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beyond Identity Admin Console | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beyond Identity Admin Console'
description: Learn how to configure single sign-on between Azure Active Directory and Beyond Identity Admin Console.
active-directory Bgsonline Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bgsonline-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with BGS Online | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with BGS Online'
description: Learn how to configure single sign-on between Azure Active Directory and BGS Online.
active-directory Bic Cloud Design Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bic-cloud-design-provisioning-tutorial.md
Title: 'Tutorial: Configure BIC Cloud Design for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BIC Cloud Design for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BIC Cloud Design. documentationcenter: ''
active-directory Bis Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bis-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BIS | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BIS'
description: Learn how to configure single sign-on between Azure Active Directory and BIS.
active-directory Bitabiz Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitabiz-provisioning-tutorial.md
Title: 'Tutorial: Configure BitaBIZ for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BitaBIZ for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to BitaBIZ.
active-directory Bitabiz Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitabiz-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with BitaBIZ | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with BitaBIZ'
description: Learn how to configure single sign-on between Azure Active Directory and BitaBIZ.
active-directory Bitbucket Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitbucket-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bitbucket by resolution GmbH | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bitbucket by resolution GmbH'
description: Learn how to configure single sign-on between Azure Active Directory and SAML SSO for Bitbucket by resolution GmbH.
active-directory Bizagi Studio For Digital Process Automation Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-provisioning-tutorial.md
Title: 'Tutorial: Configure Bizagi Studio for Digital Process Automation for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Bizagi Studio for Digital Process Automation for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and deprovision user accounts from Azure AD to Bizagi Studio for Digital Process Automation. documentationcenter: ''
active-directory Bizagi Studio For Digital Process Automation Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation'
description: Learn how to configure single sign-on between Azure Active Directory and Bizagi for Digital Process Automation.
active-directory Bldng App Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bldng-app-provisioning-tutorial.md
Title: 'Tutorial: Configure BLDNG APP for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BLDNG APP for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BLDNG APP.
active-directory Blink Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blink-provisioning-tutorial.md
Title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Blink.
active-directory Blink Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blink-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Blink | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Blink'
description: Learn how to configure single sign-on between Azure Active Directory and Blink.
active-directory Blinq Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blinq-provisioning-tutorial.md
Title: 'Tutorial: Configure Blinq for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Blinq for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Blinq.
active-directory Blogin Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blogin-provisioning-tutorial.md
Title: 'Tutorial: Configure BlogIn for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BlogIn for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BlogIn. documentationcenter: ''
active-directory Blogin Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blogin-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlogIn | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlogIn'
description: Learn how to configure single sign-on between Azure Active Directory and BlogIn.
active-directory Bluejeans Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bluejeans-provisioning-tutorial.md
Title: 'Tutorial: Configure BlueJeans for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BlueJeans for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to BlueJeans.
active-directory Bluejeans Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bluejeans-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlueJeans for Azure AD | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlueJeans for Azure AD'
description: Learn how to configure single sign-on between Azure Active Directory and BlueJeans for Azure AD.
active-directory Bomgarremotesupport Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bomgarremotesupport-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BeyondTrust Remote Support | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BeyondTrust Remote Support'
description: Learn how to configure single sign-on between Azure Active Directory and BeyondTrust Remote Support.
active-directory Bonos Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonos-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bonos | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bonos'
description: Learn how to configure single sign-on between Azure Active Directory and Bonos.
active-directory Bonus Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonus-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Bonusly | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Bonusly'
description: Learn how to configure single sign-on between Azure Active Directory and Bonusly.
active-directory Bonusly Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonusly-provisioning-tutorial.md
Title: 'Tutorial: Configure Bonusly for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Bonusly for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Bonusly.
active-directory Boomi Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boomi-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Boomi | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Boomi'
description: Learn how to configure single sign-on between Azure Active Directory and Boomi.
active-directory Box Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/box-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Box | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Box'
description: Learn how to configure single sign-on between Azure Active Directory and Box.
active-directory Box Userprovisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/box-userprovisioning-tutorial.md
Title: 'Tutorial: Configure Box for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Box for automatic user provisioning with Azure Active Directory'
description: Learn how to configure single sign-on between Azure Active Directory and Box .
active-directory Boxcryptor Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boxcryptor-provisioning-tutorial.md
Title: 'Tutorial: Configure Boxcryptor for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Boxcryptor for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Boxcryptor. documentationcenter: ''
active-directory Boxcryptor Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boxcryptor-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Boxcryptor | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Boxcryptor'
description: Learn how to configure single sign-on between Azure Active Directory and Boxcryptor.
active-directory Bpanda Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bpanda-provisioning-tutorial.md
Title: 'Tutorial: Configure Bpanda for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Bpanda for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Bpanda. documentationcenter: ''
active-directory Bpmonline Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bpmonline-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Creatio | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Creatio'
description: Learn how to configure single sign-on between Azure Active Directory and Creatio.
active-directory Brandfolder Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brandfolder-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Brandfolder | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Brandfolder'
description: Learn how to configure single sign-on between Azure Active Directory and Brandfolder.
active-directory Bridge Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bridge-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Bridge | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Bridge'
description: Learn how to configure single sign-on between Azure Active Directory and Bridge.
active-directory Bright Pattern Omnichannel Contact Center Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bright-pattern-omnichannel-contact-center-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bright Pattern Omnichannel Contact Center | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bright Pattern Omnichannel Contact Center'
description: Learn how to configure single sign-on between Azure Active Directory and Bright Pattern Omnichannel Contact Center.
active-directory Brightidea Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brightidea-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Brightidea | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Brightidea'
description: Learn how to configure single sign-on between Azure Active Directory and Brightidea.
active-directory Brightspace Desire2learn Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brightspace-desire2learn-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Brightspace by Desire2Learn | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Brightspace by Desire2Learn'
description: Learn how to configure single sign-on between Azure Active Directory and Brightspace by Desire2Learn.
active-directory Britive Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/britive-provisioning-tutorial.md
Title: 'Tutorial: Configure Britive for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Britive for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Britive.
active-directory Britive Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/britive-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Britive | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Britive'
description: Learn how to configure single sign-on between Azure Active Directory and Britive.
active-directory Brivo Onair Identity Connector Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brivo-onair-identity-connector-provisioning-tutorial.md
Title: 'Tutorial: Configure Brivo Onair Identity Connector for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Brivo Onair Identity Connector for automatic user provisioning with Azure Active Directory'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Brivo Onair Identity Connector.
active-directory Broadcom Dx Saas Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/broadcom-dx-saas-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Broadcom DX SaaS | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Broadcom DX SaaS'
description: Learn how to configure single sign-on between Azure Active Directory and Broadcom DX SaaS.
active-directory Browserstack Single Sign On Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/browserstack-single-sign-on-provisioning-tutorial.md
Title: 'Tutorial: Configure BrowserStack Single Sign-on for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BrowserStack Single Sign-on for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BrowserStack Single Sign-on. documentationcenter: ''
active-directory Browserstack Single Sign On Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/browserstack-single-sign-on-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BrowserStack Single Sign-on | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BrowserStack Single Sign-on'
description: Learn how to configure single sign-on between Azure Active Directory and BrowserStack Single Sign-on.
active-directory Brushup Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brushup-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Brushup | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Brushup'
description: Learn how to configure single sign-on between Azure Active Directory and Brushup.
active-directory Bugsnag Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bugsnag-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Bugsnag | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Bugsnag'
description: Learn how to configure single sign-on between Azure Active Directory and Bugsnag.
active-directory Bullseyetdp Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bullseyetdp-provisioning-tutorial.md
Title: 'Tutorial: Configure BullseyeTDP for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure BullseyeTDP for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to BullseyeTDP. documentationcenter: ''
active-directory Bynder Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bynder-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Bynder | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Bynder'
description: Learn how to configure single sign-on between Azure Active Directory and Bynder.
active-directory C3m Cloud Control Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/c3m-cloud-control-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with C3M Cloud Control | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with C3M Cloud Control'
description: Learn how to configure single sign-on between Azure Active Directory and C3M Cloud Control.
active-directory Cakehr Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cakehr-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CakeHR | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CakeHR'
description: Learn how to configure single sign-on between Azure Active Directory and CakeHR.
active-directory Carbonite Endpoint Backup Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/carbonite-endpoint-backup-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Carbonite Endpoint Backup | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Carbonite Endpoint Backup'
description: Learn how to configure single sign-on between Azure Active Directory and Carbonite Endpoint Backup.
active-directory Cato Networks Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cato-networks-provisioning-tutorial.md
Title: 'Tutorial: Configure Cato Networks for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Cato Networks for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Cato Networks. writer: twimmers
active-directory Central Desktop Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/central-desktop-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Central Desktop | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory integration with Central Desktop'
description: Learn how to configure single sign-on between Azure Active Directory and Central Desktop.
active-directory Cequence Application Security Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cequence-application-security-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Cequence Application Security Platform | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Cequence Application Security Platform'
description: Learn how to configure single sign-on between Azure Active Directory and Cequence Application Security Platform.
active-directory Cerby Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cerby-provisioning-tutorial.md
Title: 'Tutorial: Configure Cerby for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+ Title: 'Tutorial: Configure Cerby for automatic user provisioning with Azure Active Directory'
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Cerby.
active-directory Cerby Tutorial