Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory-domain-services | Troubleshoot Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-domain-services/troubleshoot-alerts.md | When the managed domain is enabled again, the managed domain's health automatica [Check the Azure AD DS health](check-health.md) for alerts that indicate problems in the configuration of the managed domain. If you're able to resolve alerts that indicate a configuration issue, wait two hours and check back to see if the synchronization has completed. When ready, [open an Azure support request][azure-support] to re-enable the managed domain. +## AADDS600: Unresolved health alerts for 30 days ++### Alert Message ++*Microsoft canΓÇÖt manage the domain controllers for this managed domain due to unresolved health alerts \[IDs\]. This is blocking critical security updates as well as a planned migration to Windows Server 2019 for these domain controllers. Follow steps in the alert to resolve the issue. Failure to resolve this issue within 30 days will result in suspension of the managed domain.* ++### Resolution ++> [!WARNING] +> If a managed domain is suspended for an extended period of time, there's a danger of it being deleted. Resolve the reason for suspension as quickly as possible. For more information, see [Understand the suspended states for Azure AD DS](suspension.md). ++[Check the Azure AD DS health](check-health.md) for alerts that indicate problems in the configuration of the managed domain. If you're able to resolve alerts that indicate a configuration issue, wait six hours and check back to see if the alert is removed. [Open an Azure support request][azure-support] if you need assistance. + ## Next steps If you still have issues, [open an Azure support request][azure-support] for additional troubleshooting assistance. |
active-directory | Application Provisioning Config Problem Scim Compatibility | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility.md | Title: Known issues with System for Cross-Domain Identity Management (SCIM) 2.0 protocol compliance - Azure AD + Title: Known issues with System for Cross-Domain Identity Management (SCIM) 2.0 protocol compliance description: How to solve common protocol compatibility issues faced when adding a non-gallery application that supports SCIM 2.0 to Azure AD |
active-directory | On Premises Application Provisioning Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/on-premises-application-provisioning-architecture.md | Title: 'Azure AD on-premises application provisioning architecture | Microsoft Docs' + Title: 'Azure AD on-premises application provisioning architecture' description: Presents an overview of on-premises application provisioning architecture. |
active-directory | Use Scim To Build Users And Groups Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md | Go to the [reference code](https://github.com/AzureAD/SCIMReferenceCode) from Gi 1. In the terminal, change the directory using the `cd Microsoft.SCIM.WebHostSample` command -1. To run your app locally, in the terminal, run the .NET CLI command below. The [dotnet run](/dotnet/core/tools/dotnet-run) runs the Microsoft.SCIM.WebHostSample project using the [development environment](/aspnet/core/fundamentals/environments#set-environment-on-the-command-line). +1. To run your app locally, in the terminal, run the .NET CLI command. The [dotnet run](/dotnet/core/tools/dotnet-run) runs the Microsoft.SCIM.WebHostSample project using the [development environment](/aspnet/core/fundamentals/environments#set-environment-on-the-command-line). ```dotnetcli dotnet run --environment Development Go to the [reference code](https://github.com/AzureAD/SCIMReferenceCode) from Gi 1. To deploy the Microsoft.SCIM.WebHostSample app to Azure App Services, [create a new App Services](../../app-service/quickstart-dotnetcore.md?tabs=net60&pivots=development-environment-vscode#publish-your-web-app). -1. In the Visual Studio Code terminal, run the .NET CLI command below. This command generates a deployable publish folder for the app in the bin/debug/publish directory. +1. In the Visual Studio Code terminal, run the .NET CLI command. This command generates a deployable publish folder for the app in the bin/debug/publish directory. ```dotnetcli dotnet publish -c Debug ``` 1. In the Visual Studio Code explorer, right-click on the generated **publish** folder, and select Deploy to Web App.-1. A new workflow will open in the command palette at the top of the screen. Select the **Subscription** you would like to publish your app to. +1. A new workflow opens in the command palette at the top of the screen. Select the **Subscription** you would like to publish your app to. 1. Select the **App Service** web app you created earlier. 1. If Visual Studio Code prompts you to confirm, select **Deploy**. The deployment process may take a few moments. When the process completes, a notification should appear in the bottom right corner prompting you to browse to the deployed app. To develop a SCIM-compliant user and group endpoint with interoperability for a - [Tutorial: Validate a SCIM endpoint](scim-validator-tutorial.md) - [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)-- [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)+- [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md) |
active-directory | Use Scim To Provision Users And Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md | |
active-directory | What Is Hr Driven Provisioning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/what-is-hr-driven-provisioning.md | Title: 'What is HR driven provisioning with Azure Active Directory? | Microsoft Docs' + Title: 'What is HR driven provisioning with Azure Active Directory?' description: Describes overview of HR driven provisioning. |
active-directory | Application Proxy Configure Cookie Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-configure-cookie-settings.md | Title: Application Proxy cookie settings - Azure Active Directory + Title: Application Proxy cookie settings description: Azure Active Directory (Azure AD) has access and session cookies for accessing on-premises applications through Application Proxy. In this article, you'll find out how to use and configure the cookie settings. |
active-directory | Application Proxy Configure Native Client Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-configure-native-client-application.md | Title: Publish native client apps - Azure Active Directory + Title: Publish native client apps description: Covers how to enable native client apps to communicate with Azure Active Directory Application Proxy Connector to provide secure remote access to your on-premises apps. |
active-directory | Application Proxy Connector Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-connector-groups.md | Title: Publish apps on separate networks via connector groups - Azure Active Directory + Title: Publish apps on separate networks via connector groups description: Covers how to create and manage groups of connectors in Azure Active Directory Application Proxy. |
active-directory | Application Proxy Debug Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-debug-apps.md | Title: Debug Application Proxy applications - Azure Active Directory + Title: Debug Application Proxy applications description: Debug issues with Azure Active Directory (Azure AD) Application Proxy applications. |
active-directory | Application Proxy Debug Connectors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-debug-connectors.md | Title: Debug Application Proxy connectors - Azure Active Directory + Title: Debug Application Proxy connectors description: Debug issues with Azure Active Directory (Azure AD) Application Proxy connectors. |
active-directory | Application Proxy Integrate With Microsoft Cloud Application Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-integrate-with-microsoft-cloud-application-security.md | Title: Use Application Proxy to integrate on-premises apps with Defender for Cloud Apps - Azure Active Directory + Title: Use Application Proxy to integrate on-premises apps with Defender for Cloud Apps description: Configure an on-premises application in Azure Active Directory to work with Microsoft Defender for Cloud Apps. Use the Defender for Cloud Apps Conditional Access App Control to monitor and control sessions in real-time based on Conditional Access policies. You can apply these policies to on-premises applications that use Application Proxy in Azure Active Directory (Azure AD). |
active-directory | Active Directory Certificate Based Authentication Android | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-android.md | Title: Android certificate-based authentication with federation - Azure Active Directory + Title: Android certificate-based authentication with federation description: Learn about the supported scenarios and the requirements for configuring certificate-based authentication in solutions with Android devices |
active-directory | Active Directory Certificate Based Authentication Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md | Title: Certificate-based authentication with federation - Azure Active Directory + Title: Certificate-based authentication with federation description: Learn how to configure certificate-based authentication with federation in your environment |
active-directory | Active Directory Certificate Based Authentication Ios | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md | Title: Certificate-based authentication with federation on iOS - Azure Active Directory + Title: Certificate-based authentication with federation on iOS description: Learn about the supported scenarios and the requirements for configuring certificate-based authentication for Azure Active Directory in solutions with iOS devices |
active-directory | Concept Authentication Authenticator App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-authenticator-app.md | Title: Microsoft Authenticator authentication method - Azure Active Directory + Title: Microsoft Authenticator authentication method description: Learn about using the Microsoft Authenticator in Azure Active Directory to help secure your sign-ins |
active-directory | Concept Authentication Methods Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-methods-manage.md | Title: Manage authentication methods - Azure Active Directory + Title: Manage authentication methods description: Learn about the authentication methods policy and different ways to manage authentication methods. |
active-directory | Concept Authentication Methods | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-methods.md | Title: Authentication methods and features - Azure Active Directory + Title: Authentication methods and features description: Learn about the different authentication methods and features available in Azure Active Directory to help improve and secure sign-in events |
active-directory | Concept Authentication Oath Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-oath-tokens.md | Title: OATH tokens authentication method - Azure Active Directory + Title: OATH tokens authentication method description: Learn about using OATH tokens in Azure Active Directory to help improve and secure sign-in events |
active-directory | Concept Authentication Phone Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-phone-options.md | Title: Phone authentication methods - Azure Active Directory + Title: Phone authentication methods description: Learn about using phone authentication methods in Azure Active Directory to help improve and secure sign-in events |
active-directory | Concept Authentication Security Questions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-authentication-security-questions.md | Title: Security questions authentication method - Azure Active Directory + Title: Security questions authentication method description: Learn about using security questions in Azure Active Directory to help improve and secure sign-in events |
active-directory | Concept Certificate Based Authentication Certificateuserids | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-certificateuserids.md | Title: Certificate user IDs for Azure AD certificate-based authentication - Azure Active Directory + Title: Certificate user IDs for Azure AD certificate-based authentication description: Learn about certificate user IDs for Azure AD certificate-based authentication without federation |
active-directory | Concept Certificate Based Authentication Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-limitations.md | Title: Limitations with Azure AD certificate-based authentication without federation - Azure Active Directory + Title: Limitations with Azure AD certificate-based authentication without federation description: Learn supported and unsupported scenarios for Azure AD certificate-based authentication |
active-directory | Concept Certificate Based Authentication Mobile Android | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-mobile-android.md | Title: Azure Active Directory certificate-based authentication on Android devices - Azure Active Directory + Title: Azure Active Directory certificate-based authentication on Android devices description: Learn about Azure Active Directory certificate-based authentication on Android devices |
active-directory | Concept Certificate Based Authentication Mobile Ios | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-mobile-ios.md | Title: Azure Active Directory certificate-based authentication on Apple devices - Azure Active Directory + Title: Azure Active Directory certificate-based authentication on Apple devices description: Learn about Azure Active Directory certificate-based authentication on Apple devices that run macOS or iOS |
active-directory | Concept Certificate Based Authentication Smartcard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-smartcard.md | Title: Windows smart card sign-in using Azure Active Directory certificate-based authentication - Azure Active Directory + Title: Windows smart card sign-in using Azure Active Directory certificate-based authentication description: Learn how to enable Windows smart card sign-in using Azure Active Directory certificate-based authentication |
active-directory | Concept Certificate Based Authentication Technical Deep Dive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md | Title: Azure AD certificate-based authentication technical deep dive - Azure Active Directory + Title: Azure AD certificate-based authentication technical deep dive description: Learn how Azure AD certificate-based authentication works |
active-directory | Concept Certificate Based Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-certificate-based-authentication.md | Title: Overview of Azure AD certificate-based authentication - Azure Active Directory + Title: Overview of Azure AD certificate-based authentication description: Learn about Azure AD certificate-based authentication without federation |
active-directory | Concept Mfa Authprovider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-mfa-authprovider.md | Title: Azure AD Multi-Factor Auth Providers - Azure Active Directory + Title: Azure AD Multi-Factor Auth Providers description: When should you use an Auth Provider with Azure MFA? |
active-directory | Concept Password Ban Bad On Premises | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-password-ban-bad-on-premises.md | Title: Azure AD Password Protection - Azure Active Directory + Title: Azure AD Password Protection description: Ban weak passwords in on-premises Active Directory Domain Services environments by using Azure AD Password Protection |
active-directory | Concept Registration Mfa Sspr Combined | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md | Title: Combined registration for SSPR and Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Combined registration for SSPR and Azure AD Multi-Factor Authentication description: Learn about the combined registration experience for Azure Active Directory to let users register for both Azure AD Multi-Factor Authentication and self-service password reset |
active-directory | Concept Resilient Controls | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-resilient-controls.md | Title: Create a resilient access control management strategy - Azure AD + Title: Create a resilient access control management strategy description: This document provides guidance on strategies an organization should adopt to provide resilience to reduce the risk of lockout during unforeseen disruptions |
active-directory | Concept Sspr Howitworks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-howitworks.md | Title: Self-service password reset deep dive - Azure Active Directory + Title: Self-service password reset deep dive description: How does self-service password reset work |
active-directory | Concept Sspr Licensing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-licensing.md | Title: License self-service password reset - Azure Active Directory + Title: License self-service password reset description: Learn about the difference Azure Active Directory self-service password reset licensing requirements |
active-directory | Concept Sspr Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-policy.md | Title: Self-service password reset policies - Azure Active Directory + Title: Self-service password reset policies description: Learn about the different Azure Active Directory self-service password reset policy options |
active-directory | Concept Sspr Writeback | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-sspr-writeback.md | Title: On-premises password writeback with self-service password reset - Azure Active Directory + Title: On-premises password writeback with self-service password reset description: Learn how password change or reset events in Azure Active Directory can be written back to an on-premises directory environment |
active-directory | Concept System Preferred Multifactor Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md | Title: System-preferred multifactor authentication (MFA) - Azure Active Directory + Title: System-preferred multifactor authentication (MFA) description: Learn how to use system-preferred multifactor authentication Previously updated : 03/02/2023 Last updated : 03/16/2023 System-preferred MFA is a Microsoft managed setting, which is a [tristate policy After system-preferred MFA is enabled, the authentication system does all the work. Users don't need to set any authentication method as their default because the system always determines and presents the most secure method they registered. +>[!NOTE] +>System-preferred MFA is a key security upgrade to traditional second factor notifications. We highly recommend enabling system-preferred MFA in the near term for improved sign-in security. + ## Enable system-preferred MFA To enable system-preferred MFA in advance, you need to choose a single target group for the schema configuration, as shown in the [Request](#request) example. https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy ### Request -The following example excludes a sample target group and includes all users. For more information, see [Update authenticationMethodsPolicy](/graph/api/authenticationmethodspolicy-update?view=graph-rest-beta). +The following example excludes a sample target group and includes all users. For more information, see [Update authenticationMethodsPolicy](/graph/api/authenticationmethodspolicy-update). ```http PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy |
active-directory | How To Authentication Methods Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-methods-manage.md | Title: How to migrate to the Authentication methods policy - Azure Active Directory (preview) + Title: How to migrate to the Authentication methods policy (preview) description: Learn about how to centrally manage multifactor authentication (MFA) and self-service password reset (SSPR) settings in the Authentication methods policy. To check settings in the Authentication methods policy, sign in as an [Authentic :::image type="content" source="media/concept-authentication-methods-manage/authentication-methods-policy.png" alt-text="Screenshot that shows the authentication methods." lightbox="media/concept-authentication-methods-manage/authentication-methods-policy.png"::: -The Authentication methods policy has other methods that aren't available in the legacy policies, such as FIDO2 security key, Temporary Access Pass, and Azure AD certificate-based authentication. These methods aren't in scope for migration and you won't need to make any changes to them if you've them configured already. +The Authentication methods policy has other methods that aren't available in the legacy policies, such as FIDO2 security key, Temporary Access Pass, and Azure AD certificate-based authentication. These methods aren't in scope for migration and you won't need to make any changes to them if you've configured them already. If you've enabled other methods in the Authentication methods policy, write down the users and groups who can or can't use those methods. Take a note of the configuration parameters that govern how the method can be used. For example, you can configure Microsoft Authenticator to provide location in push notifications. Make a record of which users and groups are enabled for similar configuration parameters associated with each method. |
active-directory | How To Authentication Sms Supported Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-sms-supported-apps.md | For the same reason, Microsoft Office mobile apps (except Microsoft Teams, Compa | | | | Native desktop Microsoft apps | Microsoft Teams, O365 apps, Word, Excel, etc.| | Native mobile Microsoft apps (except Microsoft Teams, Company Portal, and Microsoft Azure) | Outlook, Edge, Power BI, Stream, SharePoint, Power Apps, Word, etc.|-| Microsoft 365 web apps (accessed directly on web) | [Outlook](https://outlook.live.com/owa/), [Word](https://office.live.com/start/Word.aspx), [Excel](https://office.live.com/start/Excel.aspx), [PowerPoint](https://office.live.com/start/PowerPoint.aspx), [OneDrive](https://onedrive.live.com/about/signin)| +| Microsoft 365 web apps (accessed directly on web) | [Outlook](https://outlook.live.com/owa/), [Word](https://office.live.com/start/Word.aspx), [Excel](https://office.live.com/start/Excel.aspx), [PowerPoint](https://office.live.com/start/PowerPoint.aspx)| ## Support for Non-Microsoft apps |
active-directory | How To Authentication Two Way Sms Unsupported | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-authentication-two-way-sms-unsupported.md | Title: Two-way SMS no longer supported - Azure Active Directory + Title: Two-way SMS no longer supported description: Explains how to enable another method for users who still use two-way SMS. |
active-directory | How To Certificate Based Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-certificate-based-authentication.md | Title: How to configure Azure AD certificate-based authentication - Azure Active Directory + Title: How to configure Azure AD certificate-based authentication description: Topic that shows how to configure Azure AD certificate-based authentication in Azure Active Directory |
active-directory | How To Mfa Additional Context | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-additional-context.md | Title: Use additional context in Microsoft Authenticator notifications - Azure Active Directory + Title: Use additional context in Microsoft Authenticator notifications description: Learn how to use additional context in MFA notifications |
active-directory | How To Mfa Authenticator Lite | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-authenticator-lite.md | Users receive a notification in Outlook mobile to approve or deny sign-in, or th | Operating system | Outlook version | |:-:|::|- |Android | 4.2308.0 | + |Android | 4.2309.1 | |iOS | 4.2309.0 | ## Enable Authenticator Lite |
active-directory | How To Mfa Number Match | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-number-match.md | Title: Use number matching in multifactor authentication (MFA) notifications - Azure Active Directory + Title: Use number matching in multifactor authentication (MFA) notifications description: Learn how to use number matching in MFA notifications |
active-directory | How To Mfa Registration Campaign | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-registration-campaign.md | Title: Nudge users to set up Microsoft Authenticator - Azure Active Directory + Title: Nudge users to set up Microsoft Authenticator description: Learn how to move your organization away from less secure authentication methods to Microsoft Authenticator |
active-directory | How To Mfa Server Migration Utility | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-mfa-server-migration-utility.md | Title: How to use the MFA Server Migration Utility to migrate to Azure AD MFA - Azure Active Directory + Title: How to use the MFA Server Migration Utility to migrate to Azure AD MFA description: Step-by-step guidance to migrate MFA server settings to Azure AD using the MFA Server Migration Utility. |
active-directory | How To Migrate Mfa Server To Azure Mfa User Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md | Title: Migrate to Azure AD MFA and Azure AD user authentication - Azure Active Directory + Title: Migrate to Azure AD MFA and Azure AD user authentication description: Step-by-step guidance to move from MFA Server on-premises to Azure AD MFA and Azure AD user authentication |
active-directory | How To Migrate Mfa Server To Azure Mfa With Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-with-federation.md | Title: Migrate to Azure AD MFA with federations - Azure Active Directory + Title: Migrate to Azure AD MFA with federations description: Step-by-step guidance to move from MFA Server on-premises to Azure AD MFA with federation |
active-directory | How To Migrate Mfa Server To Azure Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa.md | Title: Migrate from MFA Server to Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Migrate from MFA Server to Azure AD Multi-Factor Authentication description: Step-by-step guidance to migrate from MFA Server on-premises to Azure AD Multi-Factor Authentication |
active-directory | Howto Authentication Methods Activity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-methods-activity.md | Title: Authentication Methods Activity - Azure Active Directory + Title: Authentication Methods Activity description: Overview of the authentication methods that users register to sign in and reset passwords. |
active-directory | Howto Authentication Passwordless Faqs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-faqs.md | Title: FAQs for hybrid FIDO2 security key deployment - Azure Active Directory + Title: FAQs for hybrid FIDO2 security key deployment description: Learn about some frequently asked questions for passwordless hybrid FIDO2 security key sign-in using Azure Active Directory |
active-directory | Howto Authentication Passwordless Phone | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-phone.md | Title: Passwordless sign-in with Microsoft Authenticator - Azure Active Directory + Title: Passwordless sign-in with Microsoft Authenticator description: Enable passwordless sign-in to Azure AD using Microsoft Authenticator |
active-directory | Howto Authentication Passwordless Security Key On Premises | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md | Title: Passwordless security key sign-in to on-premises resources - Azure Active Directory + Title: Passwordless security key sign-in to on-premises resources description: Learn how to enable passwordless security key sign-in to on-premises resources by using Azure Active Directory |
active-directory | Howto Authentication Passwordless Security Key Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md | Title: Passwordless security key sign-in Windows - Azure Active Directory + Title: Passwordless security key sign-in Windows description: Learn how to enable passwordless security key sign-in to Azure Active Directory using FIDO2 security keys |
active-directory | Howto Authentication Passwordless Security Key | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-security-key.md | Title: Passwordless security key sign-in - Azure Active Directory + Title: Passwordless security key sign-in description: Enable passwordless security key sign-in to Azure AD using FIDO2 security keys |
active-directory | Howto Authentication Passwordless Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-passwordless-troubleshoot.md | Title: Known issues and troubleshooting for hybrid FIDO2 security keys - Azure Active Directory + Title: Known issues and troubleshooting for hybrid FIDO2 security keys description: Learn about some known issues and ways to troubleshoot passwordless hybrid FIDO2 security key sign-in using Azure Active Directory |
active-directory | Howto Mfa Adfs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-adfs.md | Title: Secure resources with Azure AD MFA and ADFS - Azure Active Directory + Title: Secure resources with Azure AD MFA and ADFS description: This is the Azure AD Multi-Factor Authentication page that describes how to get started with Azure AD MFA and AD FS in the cloud. |
active-directory | Howto Mfa App Passwords | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-app-passwords.md | Title: Configure app passwords for Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Configure app passwords for Azure AD Multi-Factor Authentication description: Learn how to configure and use app passwords for legacy applications in Azure AD Multi-Factor Authentication |
active-directory | Howto Mfa Mfasettings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-mfasettings.md | Title: Configure Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Configure Azure AD Multi-Factor Authentication description: Learn how to configure settings for Azure AD Multi-Factor Authentication in the Azure portal |
active-directory | Howto Mfa Nps Extension Advanced | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-advanced.md | Title: Configure the Azure AD MFA NPS extension - Azure Active Directory + Title: Configure the Azure AD MFA NPS extension description: After you install the NPS extension, use these steps for advanced configuration like allowed IP lists and UPN replacement. |
active-directory | Howto Mfa Nps Extension Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-errors.md | Title: Troubleshooting Azure AD MFA NPS extension - Azure Active Directory + Title: Troubleshooting Azure AD MFA NPS extension description: Get help resolving issues with the NPS extension for Azure AD Multi-Factor Authentication |
active-directory | Howto Mfa Nps Extension Rdg | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md | Title: Integrate RDG with Azure AD MFA NPS extension - Azure Active Directory + Title: Integrate RDG with Azure AD MFA NPS extension description: Integrate your Remote Desktop Gateway infrastructure with Azure AD MFA using the Network Policy Server extension for Microsoft Azure |
active-directory | Howto Mfa Nps Extension Vpn | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md | Title: VPN with Azure AD MFA using the NPS extension - Azure Active Directory + Title: VPN with Azure AD MFA using the NPS extension description: Integrate your VPN infrastructure with Azure AD MFA by using the Network Policy Server extension for Microsoft Azure. |
active-directory | Howto Mfa Nps Extension | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension.md | Title: Use Azure AD Multi-Factor Authentication with NPS - Azure Active Directory + Title: Use Azure AD Multi-Factor Authentication with NPS description: Learn how to use Azure AD Multi-Factor Authentication capabilities with your existing Network Policy Server (NPS) authentication infrastructure Previously updated : 01/29/2023 Last updated : 03/16/2023 When you install the extension, you need the *Tenant ID* and admin credentials f The NPS server must be able to communicate with the following URLs over TCP port 443: -* *https:\//strongauthenticationservice.auth.microsoft.com* (for Azure Public cloud customers). -* *https:\//strongauthenticationservice.auth.microsoft.us* (for Azure Government customers). -* *https:\//strongauthenticationservice.auth.microsoft.cn* (for Azure China 21Vianet customers). -* *https:\//adnotifications.windowsazure.com* -* *https:\//login.microsoftonline.com* -* *https:\//credentials.azure.com* +* `https:\//login.microsoftonline.com` +* `https:\//credentials.azure.com` Additionally, connectivity to the following URLs is required to complete the [setup of the adapter using the provided PowerShell script](#run-the-powershell-script): -* *https:\//login.microsoftonline.com* -* *https:\//provisioningapi.microsoftonline.com* -* *https:\//aadcdn.msauth.net* -* *https:\//www.powershellgallery.com* -* *https:\//go.microsoft.com* -* *https:\//aadcdn.msftauthimages.net* +* `https:\//login.microsoftonline.com` +* `https:\//provisioningapi.microsoftonline.com` +* `https:\//aadcdn.msauth.net` +* `https:\//www.powershellgallery.com` +* `https:\//go.microsoft.com` +* `https:\//aadcdn.msftauthimages.net` ## Prepare your environment |
active-directory | Howto Mfa Reporting Datacollection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-reporting-datacollection.md | Title: Azure AD user data collection - Azure Active Directory + Title: Azure AD user data collection description: What information is used to help authenticate users by self-service password reset and Azure AD Multi-Factor Authentication? |
active-directory | Howto Mfa Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-reporting.md | Title: Sign-in event details for Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Sign-in event details for Azure AD Multi-Factor Authentication description: Learn how to view sign-in activity for Azure AD Multi-Factor Authentication events and status messages. |
active-directory | Howto Mfa Server Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-server-settings.md | Title: Configure MFA Server - Azure Active Directory + Title: Configure MFA Server description: Learn how to configure settings for Azure MFA Server in the Azure portal |
active-directory | Howto Mfa Userdevicesettings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-userdevicesettings.md | Title: Manage authentication methods for Azure AD Multi-Factor Authentication - Azure Active Directory + Title: Manage authentication methods for Azure AD Multi-Factor Authentication description: Learn how you can configure Azure Active Directory user settings for Azure AD Multi-Factor Authentication |
active-directory | Howto Mfa Userstates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-userstates.md | Title: Enable per-user Multi-Factor Authentication - Azure Active Directory + Title: Enable per-user Multi-Factor Authentication description: Learn how to enable per-user Azure AD Multi-Factor Authentication by changing the user state |
active-directory | Howto Mfaserver Adfs 2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-adfs-2.md | Title: Use Azure MFA Server with AD FS 2.0 - Azure Active Directory + Title: Use Azure MFA Server with AD FS 2.0 description: Describes how to get started with Azure MFA and AD FS 2.0. |
active-directory | Howto Mfaserver Adfs Windows Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-adfs-windows-server.md | Title: Azure MFA Server with AD FS in Windows Server - Azure Active Directory + Title: Azure MFA Server with AD FS in Windows Server description: This article describes how to get started with Azure Multi-Factor Authentication and AD FS in Windows Server 2016. |
active-directory | Howto Mfaserver Deploy Ha | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-ha.md | Title: High availability for Azure MFA Server - Azure Active Directory + Title: High availability for Azure MFA Server description: Deploy multiple instances of Azure Multi-Factor Authentication Server in configurations that provide high availability. |
active-directory | Howto Mfaserver Deploy Mobileapp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-mobileapp.md | Title: Azure MFA Server Mobile App Web Service - Azure Active Directory + Title: Azure MFA Server Mobile App Web Service description: Configure MFA server to send push notifications to users with the Microsoft Authenticator App. |
active-directory | Howto Mfaserver Deploy Upgrade Pf | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-upgrade-pf.md | Title: Upgrade PhoneFactor to Azure AD Multi-Factor Authentication Server - Azure Active Directory + Title: Upgrade PhoneFactor to Azure AD Multi-Factor Authentication Server description: Get started with Azure AD Multi-Factor Authentication Server when you upgrade from the older phonefactor agent. |
active-directory | Howto Mfaserver Deploy Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-upgrade.md | Title: Upgrading Azure MFA Server - Azure Active Directory + Title: Upgrading Azure MFA Server description: Steps and guidance to upgrade the Azure AD Multi-Factor Authentication Server to a newer version. |
active-directory | Howto Mfaserver Deploy Userportal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy-userportal.md | Title: User portal for Azure MFA Server - Azure Active Directory + Title: User portal for Azure MFA Server description: Get started with Azure MFA and the user portal. |
active-directory | Howto Mfaserver Deploy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-deploy.md | Title: Getting started Azure MFA Server - Azure Active Directory + Title: Getting started Azure MFA Server description: Step-by-step get started with Azure MFA Server on-premises |
active-directory | Howto Mfaserver Dir Ad | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-ad.md | Title: Azure MFA Server and Active Directory - Azure Active Directory + Title: Azure MFA Server and Active Directory description: How to integrate the Azure Multi-Factor Authentication Server with Active Directory so you can synchronize the directories. |
active-directory | Howto Mfaserver Dir Ldap | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-ldap.md | Title: LDAP Authentication and Azure Multi-Factor Authentication Server - Azure Active Directory + Title: LDAP Authentication and Azure Multi-Factor Authentication Server description: Deploying LDAP Authentication and Azure Multi-Factor Authentication Server. |
active-directory | Howto Mfaserver Dir Radius | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-dir-radius.md | Title: RADIUS and Azure MFA Server - Azure Active Directory + Title: RADIUS and Azure MFA Server description: Deploying RADIUS Authentication and Azure Multi-Factor Authentication Server. |
active-directory | Howto Mfaserver Iis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-iis.md | Title: IIS Authentication and Azure Multi-Factor Authentication Server - Azure Active Directory + Title: IIS Authentication and Azure Multi-Factor Authentication Server description: Deploying IIS Authentication and Azure Multi-Factor Authentication Server. |
active-directory | Howto Mfaserver Nps Rdg | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-nps-rdg.md | Title: RDG and Azure MFA Server using RADIUS - Azure Active Directory + Title: RDG and Azure MFA Server using RADIUS description: This is the Azure Multi-factor authentication page that will assist in deploying Remote Desktop (RD) Gateway and Azure Multi-Factor Authentication Server using RADIUS. |
active-directory | Howto Mfaserver Nps Vpn | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-nps-vpn.md | Title: Azure MFA Server and third-party VPNs - Azure Active Directory + Title: Azure MFA Server and third-party VPNs description: Step-by-step configuration guides for Azure MFA Server to integrate with Cisco, Citrix, and Juniper. |
active-directory | Howto Mfaserver Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfaserver-windows.md | Title: Windows authentication and Azure MFA Server - Azure Active Directory + Title: Windows authentication and Azure MFA Server description: Deploying Windows Authentication and Azure Multi-Factor Authentication Server. |
active-directory | Howto Password Ban Bad On Premises Agent Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-password-ban-bad-on-premises-agent-versions.md | Title: Password protection agent release history - Azure Active Directory + Title: Password protection agent release history description: Documents version release and behavior change history |
active-directory | Howto Password Smart Lockout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-password-smart-lockout.md | Title: Prevent attacks using smart lockout - Azure Active Directory + Title: Prevent attacks using smart lockout description: Learn how Azure Active Directory smart lockout helps protect your organization from brute-force attacks that try to guess user passwords. |
active-directory | Howto Registration Mfa Sspr Combined Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md | Title: Troubleshoot combined registration - Azure Active Directory + Title: Troubleshoot combined registration description: Troubleshoot Azure AD Multi-Factor Authentication and self-service password reset combined registration |
active-directory | Howto Registration Mfa Sspr Combined | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md | Title: Enable combined security information registration - Azure Active Directory + Title: Enable combined security information registration description: Learn how to simplify the end-user experience with combined Azure AD Multi-Factor Authentication and self-service password reset registration. |
active-directory | Howto Sspr Authenticationdata | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-authenticationdata.md | Title: Pre-populate contact information for self-service password reset - Azure Active Directory + Title: Pre-populate contact information for self-service password reset description: Learn how to pre-populate contact information for users of Azure Active Directory self-service password reset (SSPR) so they can use the feature without completing a registration process. |
active-directory | Howto Sspr Customization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-customization.md | Title: Customize self-service password reset - Azure Active Directory + Title: Customize self-service password reset description: Learn how to customize user display and experience options for Azure AD self-service password reset |
active-directory | Howto Sspr Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-reporting.md | Title: Self-service password reset reports - Azure Active Directory + Title: Self-service password reset reports description: Reporting on Azure AD self-service password reset events |
active-directory | Howto Sspr Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-windows.md | Title: Self-service password reset for Windows devices - Azure Active Directory + Title: Self-service password reset for Windows devices description: Learn how to enable Azure Active Directory self-service password reset at the Windows sign-in screen. |
active-directory | Multi Factor Authentication Get Started Adfs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/multi-factor-authentication-get-started-adfs.md | Title: Two-step verification Azure AD MFA and ADFS - Azure Active Directory + Title: Two-step verification Azure AD MFA and ADFS description: This is the Azure AD Multi-Factor Authentication page that describes how to get started with Azure AD MFA and AD FS. |
active-directory | Troubleshoot Sspr Writeback | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/troubleshoot-sspr-writeback.md | Title: Troubleshoot self-service password reset writeback- Azure Active Directory + Title: Troubleshoot self-service password reset writeback description: Learn how to troubleshoot common problems and resolution steps for self-service password reset writeback in Azure Active Directory |
active-directory | Troubleshoot Sspr | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/troubleshoot-sspr.md | Title: Troubleshoot self-service password reset - Azure Active Directory + Title: Troubleshoot self-service password reset description: Learn how to troubleshoot common problems and resolution steps for self-service password reset in Azure Active Directory |
active-directory | Active Directory Acs Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/active-directory-acs-migration.md | Title: Migrate from the Azure Access Control Service | Microsoft Docs + Title: Migrate from the Azure Access Control Service description: Learn about the options for moving apps and services from the Azure Access Control Service (ACS). |
active-directory | Azure Ad Federation Metadata | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/azure-ad-federation-metadata.md | Title: Azure AD Federation Metadata | Microsoft Docs + Title: Azure AD Federation Metadata description: This article describes the federation metadata document that Azure Active Directory publishes for services that accept Azure Active Directory tokens. |
active-directory | Howto V1 Enable Sso Android | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/howto-v1-enable-sso-android.md | Title: How to enable cross-app SSO on Android using ADAL | Microsoft Docs + Title: How to enable cross-app SSO on Android using ADAL description: How to use the features of the ADAL SDK to enable single sign-on across your applications. |
active-directory | Howto V1 Enable Sso Ios | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/howto-v1-enable-sso-ios.md | Title: How to enable cross-app SSO on iOS using ADAL | Microsoft Docs + Title: How to enable cross-app SSO on iOS using ADAL description: How to use the features of the ADAL SDK to enable Single Sign On across your applications. |
active-directory | Sample V1 Code | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/sample-v1-code.md | Title: Code samples for Azure Active Directory v1.0 | Microsoft Docs + Title: Code samples for Azure Active Directory v1.0 description: Provides an index of Azure Active Directory (v1.0 endpoint) code samples, organized by scenario. documentationcenter: dev-center-name |
active-directory | V1 Oauth2 Client Creds Grant Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-client-creds-grant-flow.md | Title: Azure AD Service to Service Auth using OAuth2.0 | Microsoft Docs + Title: Azure AD Service to Service Auth using OAuth2.0 description: This article describes how to use HTTP messages to implement service to service authentication using the OAuth2.0 client credentials grant flow. |
active-directory | V1 Oauth2 Implicit Grant Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-implicit-grant-flow.md | Title: Understanding the OAuth2 implicit grant flow in Azure AD | Microsoft Docs + Title: Understanding the OAuth2 implicit grant flow in Azure AD description: Learn more about Azure Active Directory's implementation of the OAuth2 implicit grant flow, and whether it's right for your application. documentationcenter: dev-center-name |
active-directory | V1 Oauth2 On Behalf Of Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-oauth2-on-behalf-of-flow.md | Title: Service-to-service authentication with OAuth2.0 on-behalf-of flow | Microsoft Docs + Title: Service-to-service authentication with OAuth2.0 on-behalf-of flow description: This article describes how to use HTTP messages to implement service-to-service authentication with the OAuth2.0 On-Behalf-Of flow. documentationcenter: .net |
active-directory | V1 Permissions Consent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-permissions-consent.md | Title: Permissions in Azure Active Directory | Microsoft docs + Title: Permissions in Azure Active Directory description: Learn about permissions in Azure Active Directory and how to use them. documentationcenter: '' |
active-directory | V1 Protocols Openid Connect Code | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/v1-protocols-openid-connect-code.md | Title: Authorize web app access with OpenID Connect & Azure AD | Microsoft Docs + Title: Authorize web app access with OpenID Connect & Azure AD description: This article describes how to use HTTP messages to authorize access to web applications and web APIs in your tenant using Azure Active Directory and OpenID Connect. documentationcenter: .net |
active-directory | How To Automatic Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/how-to-automatic-upgrade.md | Title: 'Azure AD Connect cloud provisioning agent: Automatic upgrade | Microsoft Docs' + Title: 'Azure AD Connect cloud provisioning agent: Automatic upgrade' description: This article describes the built-in automatic upgrade feature in the Azure AD Connect cloud provisioning agent. documentationcenter: '' |
active-directory | How To Manage Registry Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/how-to-manage-registry-options.md | Title: 'Azure AD Connect cloud provisioning agent: Manage registry options | Microsoft Docs' + Title: 'Azure AD Connect cloud provisioning agent: Manage registry options' description: This article describes how to manage registry options in the Azure AD Connect cloud provisioning agent. documentationcenter: '' |
active-directory | Reference Version History | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/reference-version-history.md | Title: 'Azure AD Connect cloud provisioning agent: Version release history | Microsoft Docs' + Title: 'Azure AD Connect cloud provisioning agent: Version release history' description: This article lists all releases of Azure AD Connect cloud provisioning agent and describes new features and fixed issues |
active-directory | What Is Cloud Sync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/what-is-cloud-sync.md | Title: 'What is Azure AD Connect cloud sync? | Microsoft Docs' + Title: 'What is Azure AD Connect cloud sync?' description: Describes Azure AD Connect cloud sync. |
active-directory | What Is Provisioning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-sync/what-is-provisioning.md | Title: 'What is identity provisioning with Azure AD? | Microsoft Docs' + Title: 'What is identity provisioning with Azure AD?' description: Describes overview of identity provisioning. |
active-directory | Block Legacy Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/block-legacy-authentication.md | Title: Block legacy authentication - Azure Active Directory + Title: Block legacy authentication description: Block legacy authentication using Azure AD Conditional Access. |
active-directory | Concept Condition Filters For Devices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-condition-filters-for-devices.md | Title: Filter for devices as a condition in Conditional Access policy - Azure Active Directory + Title: Filter for devices as a condition in Conditional Access policy description: Use filter for devices in Conditional Access to enhance security posture |
active-directory | Concept Conditional Access Cloud Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md | Title: Cloud apps, actions, and authentication context in Conditional Access policy - Azure Active Directory + Title: Cloud apps, actions, and authentication context in Conditional Access policy description: What are cloud apps, actions, and authentication context in an Azure AD Conditional Access policy |
active-directory | Concept Conditional Access Conditions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-conditions.md | Title: Conditions in Conditional Access policy - Azure Active Directory + Title: Conditions in Conditional Access policy description: What are conditions in an Azure AD Conditional Access policy |
active-directory | Concept Conditional Access Grant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-grant.md | Title: Grant controls in Conditional Access policy - Azure Active Directory + Title: Grant controls in Conditional Access policy description: Grant controls in an Azure Active Directory Conditional Access policy. |
active-directory | Concept Conditional Access Policies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-policies.md | Title: Building a Conditional Access policy - Azure Active Directory + Title: Building a Conditional Access policy description: What are all of the options available to build a Conditional Access policy and what do they mean? |
active-directory | Concept Conditional Access Policy Common | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-policy-common.md | Title: Conditional Access templates - Azure Active Directory + Title: Conditional Access templates description: Deploy commonly used Conditional Access policies with templates |
active-directory | Concept Conditional Access Report Only | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-report-only.md | Title: What is Conditional Access report-only mode? - Azure Active Directory + Title: What is Conditional Access report-only mode? description: How can report-only mode help with Conditional Access policy deployment |
active-directory | Concept Conditional Access Session | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-session.md | Title: Session controls in Conditional Access policy - Azure Active Directory + Title: Session controls in Conditional Access policy description: What are session controls in an Azure AD Conditional Access policy |
active-directory | Concept Conditional Access Users Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-users-groups.md | Title: Users and groups in Conditional Access policy - Azure Active Directory + Title: Users and groups in Conditional Access policy description: Who are users and groups in an Azure AD Conditional Access policy |
active-directory | Concept Continuous Access Evaluation Workload | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-continuous-access-evaluation-workload.md | description: Respond to changes to applications with continuous access evaluatio -+ Last updated 07/22/2022 |
active-directory | Concept Filter For Applications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-filter-for-applications.md | Title: Filter for applications in Conditional Access policy (Preview) - Azure Active Directory + Title: Filter for applications in Conditional Access policy (Preview) description: Use filter for applications in Conditional Access to manage conditions. Application filters are a new feature for Conditional Access that allows organiz In this document, you create a custom attribute set, assign a custom security attribute to your application, and create a Conditional Access policy to secure the application. -> [!NOTE] +> [!IMPORTANT] > Filter for applications is currently in public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). ## Assign roles |
active-directory | Howto Conditional Access Apis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-apis.md | Title: Conditional Access APIs and PowerShell - Azure Active Directory + Title: Conditional Access APIs and PowerShell description: Using the Azure AD Conditional Access APIs and PowerShell to manage policies like code |
active-directory | Howto Conditional Access Insights Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md | Title: Conditional Access insights and reporting workbook - Azure Active Directory + Title: Conditional Access insights and reporting workbook description: Using the Azure AD Conditional Access insights and reporting workbook to troubleshoot policies |
active-directory | Howto Conditional Access Policy Admin Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md | Title: Require MFA for administrators with Conditional Access - Azure Active Directory + Title: Require MFA for administrators with Conditional Access description: Create a custom Conditional Access policy to require administrators to perform multifactor authentication |
active-directory | Howto Conditional Access Policy All Users Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md | Title: Require MFA for all users with Conditional Access - Azure Active Directory + Title: Require MFA for all users with Conditional Access description: Create a custom Conditional Access policy to require all users do multifactor authentication |
active-directory | Howto Conditional Access Policy Authentication Strength External | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-authentication-strength-external.md | Title: Conditional Access - Authentication strength for external users - Azure Active Directory + Title: Conditional Access - Authentication strength for external users description: Create a custom Conditional Access policy with authentication strength to require specific multifactor authentication (MFA) methods for external users. |
active-directory | Howto Conditional Access Policy Azure Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md | Title: Require MFA for Azure management with Conditional Access - Azure Active Directory + Title: Require MFA for Azure management with Conditional Access description: Create a custom Conditional Access policy to require multifactor authentication for Azure management tasks |
active-directory | Howto Conditional Access Policy Block Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-block-access.md | Title: Conditional Access - Block access - Azure Active Directory + Title: Conditional Access - Block access description: Create a custom Conditional Access policy to Block access |
active-directory | Howto Conditional Access Policy Block Legacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-block-legacy.md | Title: Block legacy authentication with Conditional Access - Azure Active Directory + Title: Block legacy authentication with Conditional Access description: Create a custom Conditional Access policy to block legacy authentication protocols |
active-directory | Howto Conditional Access Policy Compliant Device Admin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device-admin.md | Title: Require administrators use compliant or hybrid joined devices - Azure Active Directory + Title: Require administrators use compliant or hybrid joined devices description: Create a custom Conditional Access policy to require compliant or hybrid joined devices for admins |
active-directory | Howto Conditional Access Policy Compliant Device | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md | Title: Require compliant, hybrid joined devices, or MFA - Azure Active Directory + Title: Require compliant, hybrid joined devices, or MFA description: Create a custom Conditional Access policy to require compliant, hybrid joined devices, or multifactor authentication |
active-directory | Howto Conditional Access Policy Location | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-location.md | Title: Conditional Access - Block access by location - Azure Active Directory + Title: Conditional Access - Block access by location description: Create a custom Conditional Access policy to block access to resources by IP location |
active-directory | Howto Conditional Access Policy Registration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-registration.md | Title: Control security information registration with Conditional Access - Azure Active Directory + Title: Control security information registration with Conditional Access description: Create a custom Conditional Access policy for security info registration |
active-directory | Howto Conditional Access Policy Risk User | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-risk-user.md | Title: User risk-based password change - Azure Active Directory + Title: User risk-based password change description: Create Conditional Access policies using Identity Protection user risk |
active-directory | Howto Conditional Access Policy Risk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-policy-risk.md | Title: Sign-in risk-based multifactor authentication - Azure Active Directory + Title: Sign-in risk-based multifactor authentication description: Create Conditional Access policies using Identity Protection sign-in risk |
active-directory | Howto Conditional Access Session Lifetime | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md | Title: Configure authentication session management - Azure Active Directory + Title: Configure authentication session management description: Customize Azure AD authentication session configuration including user sign-in frequency and browser session persistence. |
active-directory | Howto Policy App Enforced Restriction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-app-enforced-restriction.md | Title: Conditional Access - Use application enforced restrictions for unmanaged devices - Azure Active Directory + Title: Conditional Access - Use application enforced restrictions for unmanaged devices description: Create a custom Conditional Access policy for unmanaged devices |
active-directory | Howto Policy Approved App Or App Protection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-approved-app-or-app-protection.md | Title: Conditional Access - Require approved app or app protection policy - Azure Active Directory + Title: Conditional Access - Require approved app or app protection policy description: Create a custom Conditional Access policy require approved app or app protection policy |
active-directory | Howto Policy Guest Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-guest-mfa.md | Title: Require MFA for guest users with Conditional Access - Azure Active Directory + Title: Require MFA for guest users with Conditional Access description: Create a custom Conditional Access policy requiring guest users perform multifactor authentication |
active-directory | Howto Policy Persistent Browser Session | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-persistent-browser-session.md | Title: Require reauthentication with Conditional Access - Azure Active Directory + Title: Require reauthentication with Conditional Access description: Create a custom Conditional Access policy requiring reauthentication |
active-directory | Howto Policy Unknown Unsupported Device | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/howto-policy-unknown-unsupported-device.md | Title: Block unsupported platforms with Conditional Access - Azure Active Directory + Title: Block unsupported platforms with Conditional Access description: Create a custom Conditional Access policy to block unsupported platforms |
active-directory | Policy Migration Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/policy-migration-mfa.md | Title: Migrate a classic Conditional Access policy - Azure Active Directory + Title: Migrate a classic Conditional Access policy description: This article shows how to migrate a classic Conditional Access policy in the Azure portal. |
active-directory | Policy Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/policy-migration.md | Title: Migrate Conditional Access policies - Azure Active Directory + Title: Migrate Conditional Access policies description: Learn what you need to know to migrate classic policies in the Azure portal. |
active-directory | Reference Office 365 Application Contents | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/reference-office-365-application-contents.md | Title: Office 365 App in Conditional Access reference - Azure Active Directory + Title: Office 365 App in Conditional Access reference description: What are all of the services included in the Office 365 app in Azure AD Conditional Access |
active-directory | Service Dependencies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/service-dependencies.md | Title: Conditional Access service dependencies - Azure Active Directory + Title: Conditional Access service dependencies description: Learn how conditions are used in Azure Active Directory Conditional Access to trigger a policy. |
active-directory | Troubleshoot Conditional Access What If | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-conditional-access-what-if.md | Title: Troubleshoot Conditional Access using the What If tool - Azure Active Directory + Title: Troubleshoot Conditional Access using the What If tool description: Where to find what Conditional Access policies were applied and why |
active-directory | Troubleshoot Conditional Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-conditional-access.md | Title: Troubleshooting sign-in problems with Conditional Access - Azure Active Directory + Title: Troubleshooting sign-in problems with Conditional Access description: This article describes what to do when your Conditional Access policies result in unexpected outcomes |
active-directory | Troubleshoot Policy Changes Audit Log | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/troubleshoot-policy-changes-audit-log.md | Title: Troubleshoot Conditional Access policy changes - Azure Active Directory + Title: Troubleshoot Conditional Access policy changes description: Diagnose changes to Conditional Access policy with the Azure AD audit logs. |
active-directory | What If Tool | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/what-if-tool.md | Title: The Conditional Access What If tool - Azure Active Directory + Title: The Conditional Access What If tool description: Learn how you can understand the impact of your Conditional Access policies on your environment. |
active-directory | Workload Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/workload-identity.md | description: Protecting workload identities with Conditional Access policies -+ Last updated 01/05/2023 -A [workload identity](../develop/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they: +A [workload identity](../workload-identities/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they: - CanΓÇÖt perform multifactor authentication. - Often have no formal lifecycle process. |
active-directory | Console Quickstart Portal Nodejs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/console-quickstart-portal-nodejs.md | -> > > [!div id="apipermissionspage"] -> > > [Go to the API Permissions page]() +> > [!div id="apipermissionspage"] +> > [Go to the API Permissions page]() > > ##### Standard user > |
active-directory | Developer Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/developer-glossary.md | -You'll see these terms when you use our documentation, the Azure portal, our authentication libraries, and the Microsoft Graph API. Some terms are Microsoft-specific while others are related to protocols like OAuth or other technologies you use with the Microsoft identity platform. +You see these terms when you use our documentation, the Azure portal, our authentication libraries, and the Microsoft Graph API. Some terms are Microsoft-specific while others are related to protocols like OAuth or other technologies you use with the Microsoft identity platform. ## Access token For more information, see [Application and Service Principal Objects][AAD-App-SP In order to allow an application to integrate with and delegate Identity and Access Management functions to Azure AD, it must be registered with an Azure AD [tenant](#tenant). When you register your application with Azure AD, you're providing an identity configuration for your application, allowing it to integrate with Azure AD and use features like: -- Robust management of Single Sign-On using Azure AD Identity Management and [OpenID Connect][OpenIDConnect] protocol implementation+- Robust management of single sign-on using Azure AD Identity Management and [OpenID Connect][OpenIDConnect] protocol implementation - Brokered access to [protected resources](#resource-server) by [client applications](#client-application), via OAuth 2.0 [authorization server](#authorization-server) - [Consent framework](#consent) for managing client access to protected resources, based on resource owner authorization. One of the endpoints implemented by the [authorization server](#authorization-se ## User-agent-based client -A type of [client application](#client-application) that downloads code from a web server and executes within a user-agent (for instance, a web browser), such as a single-page application (SPA). Since all code is executed on a device, it is considered a "public" client due to its inability to store credentials privately/confidentially. For more information, see [OAuth 2.0 client types and profiles][OAuth2-Client-Types]. +A type of [client application](#client-application) that downloads code from a web server and executes within a user-agent (for instance, a web browser), such as a single-page application (SPA). Since all code is executed on a device, it's considered a "public" client due to its inability to store credentials privately/confidentially. For more information, see [OAuth 2.0 client types and profiles][OAuth2-Client-Types]. ## User principal -Similar to the way a service principal object is used to represent an application instance, a user principal object is another type of security principal, which represents a user. The Microsoft Graph [User resource type][Graph-User-Resource] defines the schema for a user object, including user-related properties like first and last name, user principal name, directory role membership, etc. This provides the user identity configuration for Azure AD to establish a user principal at run-time. The user principal is used to represent an authenticated user for Single Sign-On, recording [consent](#consent) delegation, making access control decisions, etc. +Similar to the way a service principal object is used to represent an application instance, a user principal object is another type of security principal, which represents a user. The Microsoft Graph [User resource type][Graph-User-Resource] defines the schema for a user object, including user-related properties like first and last name, user principal name, directory role membership, etc. This provides the user identity configuration for Azure AD to establish a user principal at run-time. The user principal is used to represent an authenticated user for single sign-on, recording [consent](#consent) delegation, making access control decisions, etc. ## Web client |
active-directory | Msal Compare Msal Js And Adal Js | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md | The snippets below demonstrates the minimal code required for a single-page appl ```html <head>- <meta charset="UTF-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> -- <script - type="text/javascript" - src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.18/js/adal.min.js"> - </script> + <meta charset="UTF-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <script type="text/javascript" src="https://alcdn.msauth.net/lib/1.0.18/js/adal.min.js"></script> </head> -<div> - <button id="loginButton">Login</button> - <button id="logoutButton" style="visibility: hidden;">Logout</button> - <button id="tokenButton" style="visibility: hidden;">Get Token</button> -</div> - <body>- <script> -- const loginButton = document.getElementById("loginButton"); - const logoutButton = document.getElementById("logoutButton"); - const tokenButton = document.getElementById("tokenButton"); -- var authContext = new AuthenticationContext({ - instance: 'https://login.microsoftonline.com/', - clientId: "ENTER_CLIENT_ID", - tenant: "ENTER_TENANT_ID", - cacheLocation: "sessionStorage", - redirectUri: "http://localhost:3000", - popUp: true, - callback: function (errorDesc, token, error, tokenType) { - console.log('Hello ' + authContext.getCachedUser().profile.upn) + <div> + <p id="welcomeMessage" style="visibility: hidden;"></p> + <button id="loginButton">Login</button> + <button id="logoutButton" style="visibility: hidden;">Logout</button> + <button id="tokenButton" style="visibility: hidden;">Get Token</button> + </div> + <script> + // DOM elements to work with + var welcomeMessage = document.getElementById("welcomeMessage"); + var loginButton = document.getElementById("loginButton"); + var logoutButton = document.getElementById("logoutButton"); + var tokenButton = document.getElementById("tokenButton"); ++ // if user is logged in, update the UI + function updateUI(user) { + if (!user) { + return; + } - loginButton.style.visibility = "hidden"; + welcomeMessage.innerHTML = 'Hello ' + user.profile.upn + '!'; + welcomeMessage.style.visibility = "visible"; logoutButton.style.visibility = "visible"; tokenButton.style.visibility = "visible";- } - }); -- authContext.log({ - level: 3, - log: function (message) { - console.log(message); - }, - piiLoggingEnabled: false - }); -- loginButton.addEventListener('click', function () { - authContext.login(); - }); -- logoutButton.addEventListener('click', function () { - authContext.logOut(); - }); -- tokenButton.addEventListener('click', () => { - authContext.acquireTokenPopup( - "https://graph.microsoft.com", - null, null, - function (error, token) { - console.log(error, token); + loginButton.style.visibility = "hidden"; + }; ++ // attach logger configuration to window + window.Logging = { + piiLoggingEnabled: false, + level: 3, + log: function (message) { + console.log(message); }- ) - }); - </script> + }; ++ // ADAL configuration + var adalConfig = { + instance: 'https://login.microsoftonline.com/', + clientId: "ENTER_CLIENT_ID_HERE", + tenant: "ENTER_TENANT_ID_HERE", + redirectUri: "ENTER_REDIRECT_URI_HERE", + cacheLocation: "sessionStorage", + popUp: true, + callback: function (errorDesc, token, error, tokenType) { + if (error) { + console.log(error, errorDesc); + } else { + updateUI(authContext.getCachedUser()); + } + } + }; ++ // instantiate ADAL client object + var authContext = new AuthenticationContext(adalConfig); ++ // handle redirect response or check for cached user + if (authContext.isCallback(window.location.hash)) { + authContext.handleWindowCallback(); + } else { + updateUI(authContext.getCachedUser()); + } ++ // attach event handlers to button clicks + loginButton.addEventListener('click', function () { + authContext.login(); + }); ++ logoutButton.addEventListener('click', function () { + authContext.logOut(); + }); ++ tokenButton.addEventListener('click', () => { + authContext.acquireToken( + "https://graph.microsoft.com", + function (errorDesc, token, error) { + if (error) { + console.log(error, errorDesc); ++ authContext.acquireTokenPopup( + "https://graph.microsoft.com", + null, // extraQueryParameters + null, // claims + function (errorDesc, token, error) { + if (error) { + console.log(error, errorDesc); + } else { + console.log(token); + } + } + ); + } else { + console.log(token); + } + } + ); + }); + </script> </body> </html> The snippets below demonstrates the minimal code required for a single-page appl ```html <head>- <meta charset="UTF-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> -- <script - type="text/javascript" - src="https://alcdn.msauth.net/browser/2.14.2/js/msal-browser.min.js"> - </script> + <meta charset="UTF-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <script type="text/javascript" src="https://alcdn.msauth.net/browser/2.34.0/js/msal-browser.min.js"></script> </head> -<div> - <button id="loginButton">Login</button> - <button id="logoutButton" style="visibility: hidden;">Logout</button> - <button id="tokenButton" style="visibility: hidden;">Get Token</button> -</div> - <body>- <script> - const loginButton = document.getElementById("loginButton"); - const logoutButton = document.getElementById("logoutButton"); - const tokenButton = document.getElementById("tokenButton"); -- const pca = new msal.PublicClientApplication({ - auth: { - clientId: "ENTER_CLIENT_ID", - authority: "https://login.microsoftonline.com/ENTER_TENANT_ID", - redirectUri: "http://localhost:3000", - }, - cache: { - cacheLocation: "sessionStorage" - }, - system: { - loggerOptions: { - loggerCallback(loglevel, message, containsPii) { - console.log(message); - }, - piiLoggingEnabled: false, - logLevel: msal.LogLevel.Verbose, + <div> + <p id="welcomeMessage" style="visibility: hidden;"></p> + <button id="loginButton">Login</button> + <button id="logoutButton" style="visibility: hidden;">Logout</button> + <button id="tokenButton" style="visibility: hidden;">Get Token</button> + </div> + <script> + // DOM elements to work with + const welcomeMessage = document.getElementById("welcomeMessage"); + const loginButton = document.getElementById("loginButton"); + const logoutButton = document.getElementById("logoutButton"); + const tokenButton = document.getElementById("tokenButton"); ++ // if user is logged in, update the UI + const updateUI = (account) => { + if (!account) { + return; }- } - }); -- loginButton.addEventListener('click', () => { - pca.loginPopup().then((response) => { - console.log(`Hello ${response.account.username}!`); - loginButton.style.visibility = "hidden"; + welcomeMessage.innerHTML = `Hello ${account.username}!`; + welcomeMessage.style.visibility = "visible"; logoutButton.style.visibility = "visible"; tokenButton.style.visibility = "visible";- }) - }); -- logoutButton.addEventListener('click', () => { - pca.logoutPopup().then((response) => { - window.location.reload(); - }) - }); -- tokenButton.addEventListener('click', () => { - pca.acquireTokenPopup({ - scopes: ["User.Read"] - }).then((response) => { - console.log(response); - }) - }); - </script> + loginButton.style.visibility = "hidden"; + }; ++ // MSAL configuration + const msalConfig = { + auth: { + clientId: "ENTER_CLIENT_ID_HERE", + authority: "https://login.microsoftonline.com/ENTER_TENANT_ID_HERE", + redirectUri: "ENTER_REDIRECT_URI_HERE", + }, + cache: { + cacheLocation: "sessionStorage" + }, + system: { + loggerOptions: { + loggerCallback(loglevel, message, containsPii) { + console.log(message); + }, + piiLoggingEnabled: false, + logLevel: msal.LogLevel.Verbose, + } + } + }; ++ // instantiate MSAL client object + const pca = new msal.PublicClientApplication(msalConfig); ++ // handle redirect response or check for cached user + pca.handleRedirectPromise().then((response) => { + if (response) { + pca.setActiveAccount(response.account); + updateUI(response.account); + } else { + const account = pca.getAllAccounts()[0]; + updateUI(account); + } + }).catch((error) => { + console.log(error); + }); ++ // attach event handlers to button clicks + loginButton.addEventListener('click', () => { + pca.loginPopup().then((response) => { + pca.setActiveAccount(response.account); + updateUI(response.account); + }) + }); ++ logoutButton.addEventListener('click', () => { + pca.logoutPopup().then((response) => { + window.location.reload(); + }); + }); ++ tokenButton.addEventListener('click', () => { + const account = pca.getActiveAccount(); ++ pca.acquireTokenSilent({ + account: account, + scopes: ["User.Read"] + }).then((response) => { + console.log(response); + }).catch((error) => { + if (error instanceof msal.InteractionRequiredAuthError) { + pca.acquireTokenPopup({ + scopes: ["User.Read"] + }).then((response) => { + console.log(response); + }); + } ++ console.log(error); + }); + }); + </script> </body> </html> |
active-directory | Msal Net Token Cache Serialization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-token-cache-serialization.md | var app = ConfidentialClientApplicationBuilder ### Samples - The following sample showcases using the token cache serializers in .NET Framework and .NET Core applications: [ConfidentialClientTokenCache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). -- The following sample is an ASP.NET web app that uses the same technics: [Use OpenID Connect to sign in users to Microsoft identity platform](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect). For the full code, see [WebApp/Utils/MsalAppBuilder.cs](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/Utils/MsalAppBuilder.cs).+- The following sample is an ASP.NET web app that uses the same technics: [Use OpenID Connect to sign in users to Microsoft identity platform](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect). ## [Desktop apps](#tab/desktop) The following samples illustrate token cache serialization. | | -- | -- | |[active-directory-dotnet-desktop-msgraph-v2](https://github.com/azure-samples/active-directory-dotnet-desktop-msgraph-v2) | Desktop (WPF) | Windows Desktop .NET (WPF) application that calls the Microsoft Graph API. | |[active-directory-dotnet-v1-to-v2](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2) | Desktop (console) | Set of Visual Studio solutions that illustrate the migration of Azure AD v1.0 applications (using ADAL.NET) to Microsoft identity platform applications (using MSAL.NET). In particular, see [Token cache migration](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/blob/master/TokenCacheMigration/README.md) and [Confidential client token cache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). |-[ms-identity-aspnet-webapp-openidconnect](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect) | ASP.NET (net472) | Example of token cache serialization in an ASP.NET MVC application (using MSAL.NET). In particular, see [MsalAppBuilder](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/Utils/MsalAppBuilder.cs). +[ms-identity-aspnet-webapp-openidconnect](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect) | ASP.NET (net472) | Example of token cache serialization in an ASP.NET MVC application (using MSAL.NET). |
active-directory | Workload Identities Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identities-overview.md | - Title: Workload identities -description: Understand the concepts and supported scenarios for using workload identity in Azure Active Directory. ------ Previously updated : 12/15/2022----#Customer intent: As a developer, I want workload identities so I can authenticate with Azure AD and access Azure AD protected resources. ---# What are workload identities? --A workload identity is an identity used by a software workload (such as an application, service, script, or container) to authenticate and access other services and resources. The terminology is inconsistent across the industry, but generally a workload identity is something you need for your software entity to authenticate with some system. For example, a workload identity could be a user account that your client authenticates as to access a MongoDB database. A workload identity could also be an AWS service role attached to an EC2 instance with read-only access to an Amazon S3 bucket. --In Azure Active Directory (Azure AD), workload identities are applications, service principals, and managed identities. --An [application](app-objects-and-service-principals.md#application-object) is an abstract entity, or template, defined by its application object. The application object is the *global* representation of your application for use across all tenants. The application object describes how tokens are issued, the resources the application needs to access, and the actions that the application can take. --A [service principal](app-objects-and-service-principals.md#service-principal-object) is the *local* representation, or application instance, of a global application object in a specific tenant. An application object is used as a template to create a service principal object in every tenant where the application is used. The service principal object defines what the app can actually do in a specific tenant, who can access the app, and what resources the app can access. --A [managed identity](../managed-identities-azure-resources/overview.md) is a special type of service principal that eliminates the need for developers to manage credentials. --Here are some ways that workload identities in Azure AD are used: --- An app that enables a web app to access Microsoft Graph based on admin or user consent. This access could be either on behalf of the user or on behalf of the application.-- A managed identity used by a developer to provision their service with access to an Azure resource such as Azure Key Vault or Azure Storage.-- A service principal used by a developer to enable a CI/CD pipeline to deploy a web app from GitHub to Azure App Service.--## Workload identities, other machine identities, and human identities --At a high level, there are two types of identities: human and machine/non-human identities. Workload identities and device identities together make up a group called machine (or non-human) identities. Workload identities represent software workloads while device identities represent devices such as desktop computers, mobile, IoT sensors, and IoT managed devices. Machine identities are distinct from human identities, which represent people such as employees (internal workers and front line workers) and external users (customers, consultants, vendors, and partners). ---## Supported scenarios ---Here are some ways you can use workload identities: --- Access Azure AD protected resources without needing to manage secrets for workloads that run on Azure using [managed identity](../managed-identities-azure-resources/overview.md).-- Access Azure AD protected resources without needing to manage secrets for supported scenarios such as GitHub Actions, workloads running on Kubernetes, or workloads running in compute platforms outside of Azure using [workload identity federation](workload-identity-federation.md).-- Review service principals and applications that are assigned to privileged directory roles in Azure AD using [access reviews for service principals](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md).-- Apply Conditional Access policies to service principals owned by your organization using [Conditional Access for workload identities](../conditional-access/workload-identity.md), and [Continuous access evaluation for workload identities](../conditional-access/concept-continuous-access-evaluation-workload.md).-- Secure workload identities with [Identity Protection](../identity-protection/concept-workload-identity-risk.md).---## Next steps --- Learn how to [secure access of workload identities](../conditional-access/workload-identity.md) with adaptive policies.-- Get answers to [frequently asked questions about workload identities](workload-identities-faqs.md). |
active-directory | Enterprise State Roaming Group Policy Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/enterprise-state-roaming-group-policy-settings.md | Title: Group Policy and MDM settings for ESR - Azure Active Directory + Title: Group Policy and MDM settings for ESR description: Management settings for Enterprise State Roaming |
active-directory | Enterprise State Roaming Windows Settings Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/enterprise-state-roaming-windows-settings-reference.md | Title: Windows roaming settings reference - Azure Active Directory + Title: Windows roaming settings reference description: Settings that will be roamed or backed up in Windows with ESR |
active-directory | Howto Device Identity Virtual Desktop Infrastructure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure.md | Title: Device identity and desktop virtualization - Azure Active Directory + Title: Device identity and desktop virtualization description: Learn how VDI and Azure AD device identities can be used together |
active-directory | Howto Vm Sign In Azure Ad Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md | Share your feedback about this feature or report problems with using it on the [ ### Missing application -If the Azure Windows VM Sign-In application is missing from Conditional Access, make sure that the application isn't in the tenant: +If the Azure Windows VM Sign-In application is missing from Conditional Access, make sure that the application is in the tenant: 1. Sign in to the Azure portal. 1. Browse to **Azure Active Directory** > **Enterprise applications**. |
active-directory | Manage Stale Devices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/manage-stale-devices.md | Title: How to manage stale devices in Azure AD | Microsoft Docs + Title: How to manage stale devices in Azure AD description: Learn how to remove stale devices from your database of registered devices in Azure Active Directory. |
active-directory | Troubleshoot Device Dsregcmd | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/troubleshoot-device-dsregcmd.md | Title: Troubleshoot devices by using the dsregcmd command - Azure Active Directory + Title: Troubleshoot devices by using the dsregcmd command description: This article covers how to use the output from the dsregcmd command to understand the state of devices in Azure AD. |
active-directory | Clean Up Stale Guest Accounts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/clean-up-stale-guest-accounts.md | Title: Clean up stale guest accounts - Azure Active Directory | Microsoft Docs + Title: Clean up stale guest accounts description: Clean up stale guest accounts using access reviews |
active-directory | Clean Up Unmanaged Azure Ad Accounts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md | Title: Clean up unmanaged Azure AD accounts - Azure Active Directory | Microsoft Docs + Title: Clean up unmanaged Azure AD accounts description: Clean up unmanaged accounts using email OTP and PowerShell modules in Azure Active Directory |
active-directory | Directory Self Service Signup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/directory-self-service-signup.md | Title: Self-service sign up for email-verified users - Azure AD | Microsoft Docs + Title: Self-service sign up for email-verified users description: Use self-service sign-up in an Azure Active Directory (Azure AD) organization documentationcenter: '' |
active-directory | Directory Service Limits Restrictions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/directory-service-limits-restrictions.md | Title: Service limits and restrictions - Azure Active Directory | Microsoft Docs + Title: Service limits and restrictions description: Usage constraints and other service limits for the Azure Active Directory service documentationcenter: '' |
active-directory | Domains Admin Takeover | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-admin-takeover.md | Title: Admin takeover of an unmanaged directory - Azure AD | Microsoft Docs + Title: Admin takeover of an unmanaged directory description: How to take over a DNS domain name in an unmanaged Azure AD organization (shadow tenant). documentationcenter: '' |
active-directory | Domains Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-manage.md | Title: Add and verify custom domain names - Azure Active Directory | Microsoft Docs + Title: Add and verify custom domain names description: Management concepts and how-tos for managing a domain name in Azure Active Directory documentationcenter: '' |
active-directory | Domains Verify Custom Subdomain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/domains-verify-custom-subdomain.md | Title: Change subdomain authentication type using PowerShell and Graph - Azure Active Directory | Microsoft Docs + Title: Change subdomain authentication type using PowerShell and Graph description: Change default subdomain authentication settings inherited from root domain settings in Azure Active Directory. documentationcenter: '' |
active-directory | Groups Assign Sensitivity Labels | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-assign-sensitivity-labels.md | Title: Assign sensitivity labels to groups - Azure AD | Microsoft Docs + Title: Assign sensitivity labels to groups description: Learn how to assign sensitivity labels to groups. See troubleshooting information and view additional available resources. documentationcenter: '' |
active-directory | Groups Bulk Download Members | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-download-members.md | Title: Bulk download group membership list - Azure portal | Microsoft Docs + Title: Bulk download group membership list - Azure portal description: Add users in bulk in the Azure admin center. |
active-directory | Groups Bulk Download | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-download.md | Title: Download a list of groups in the Azure portal | Microsoft Docs + Title: Download a list of groups in the Azure portal description: Download group properties in bulk in the Azure admin center in Azure Active Directory. |
active-directory | Groups Bulk Import Members | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-import-members.md | Title: Bulk upload to add or create members of a group - Azure Active Directory | Microsoft Docs + Title: Bulk upload to add or create members of a group description: Add group members in bulk in the Azure portal. |
active-directory | Groups Bulk Remove Members | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-bulk-remove-members.md | Title: Bulk remove group members by uploading a CSV file - Azure Active Directory | Microsoft Docs + Title: Bulk remove group members by uploading a CSV file description: Remove group members in bulk operations in the Azure admin center. |
active-directory | Groups Change Type | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-change-type.md | Title: Change static group membership to dynamic - Azure AD | Microsoft Docs + Title: Change static group membership to dynamic description: Learn how to convert existing groups from static to dynamic membership using either Azure portal or PowerShell cmdlets. documentationcenter: '' |
active-directory | Groups Create Rule | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-create-rule.md | Title: Create or edit a dynamic group and get status - Azure AD | Microsoft Docs + Title: Create or edit a dynamic group and get status description: How to create or update a group membership rule in the Azure portal, and check its processing status. documentationcenter: '' |
active-directory | Groups Dynamic Membership | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-membership.md | Title: Rules for dynamically populated groups membership - Azure AD | Microsoft Docs + Title: Rules for dynamically populated groups membership description: How to create membership rules to automatically populate groups, and a rule reference. documentationcenter: '' |
active-directory | Groups Dynamic Rule Member Of | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-member-of.md | Title: Group membership for Azure AD dynamic groups with memberOf - Azure AD | Microsoft Docs + Title: Group membership for Azure AD dynamic groups with memberOf description: How to create a dynamic membership group that can contain members of other groups in Azure Active Directory. documentationcenter: '' |
active-directory | Groups Dynamic Rule More Efficient | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-more-efficient.md | Title: Create simpler and faster rules for dynamic groups - Azure AD | Microsoft Docs + Title: Create simpler and faster rules for dynamic groups description: How to optimize your membership rules to automatically populate groups. documentationcenter: '' |
active-directory | Groups Dynamic Rule Validation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-rule-validation.md | Title: Validate rules for dynamic group membership (preview) - Azure AD | Microsoft Docs + Title: Validate rules for dynamic group membership (preview) description: How to test members against a membership rule for a dynamic group in Azure Active Directory. documentationcenter: '' |
active-directory | Groups Dynamic Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-dynamic-tutorial.md | Title: Add users to a dynamic group - tutorial - Azure AD | Microsoft Docs + Title: Add users to a dynamic group - tutorial description: In this tutorial, you use groups with user membership rules to add or remove users automatically documentationcenter: '' |
active-directory | Groups Lifecycle | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-lifecycle.md | Title: Set expiration for Microsoft 365 groups - Azure Active Directory | Microsoft Docs + Title: Set expiration for Microsoft 365 groups description: How to set up expiration for Microsoft 365 groups in Azure Active Directory documentationcenter: '' |
active-directory | Groups Members Owners Search | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-members-owners-search.md | Title: Search and filter groups members and owners (preview) - Azure Active Directory | Microsoft Docs + Title: Search and filter groups members and owners (preview) description: Search and filter groups members and owners in the Azure portal. documentationcenter: '' |
active-directory | Groups Naming Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-naming-policy.md | Title: Enforce group naming policy in Azure Active Directory | Microsoft Docs + Title: Enforce group naming policy in Azure Active Directory description: How to set up naming policy for Microsoft 365 groups in Azure Active Directory documentationcenter: '' |
active-directory | Groups Quickstart Expiration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-quickstart-expiration.md | Title: Group expiration policy quickstart - Azure AD | Microsoft Docs -description: Expiration for Microsoft 365 groups - Azure Active Directory + Title: Group expiration policy quickstart +description: Expiration for Microsoft 365 groups documentationcenter: '' |
active-directory | Groups Quickstart Naming Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-quickstart-naming-policy.md | Title: Group naming policy quickstart - Azure Active Directory | Microsoft Docs + Title: Group naming policy quickstart description: Explains how to add new users or delete existing users in Azure Active Directory documentationcenter: '' |
active-directory | Groups Restore Deleted | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-restore-deleted.md | Title: Restore a deleted Microsoft 365 group - Azure AD | Microsoft Docs + Title: Restore a deleted Microsoft 365 group description: How to restore a deleted group, view restorable groups, and permanently delete a group in Azure Active Directory |
active-directory | Groups Saasapps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-saasapps.md | Title: Use a group to manage access to SaaS apps - Azure AD | Microsoft Docs + Title: Use a group to manage access to SaaS apps description: How to use groups in Azure Active Directory to assign access to SaaS applications that are integrated with Azure Active Directory. documentationcenter: '' |
active-directory | Groups Self Service Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-self-service-management.md | Title: Set up self-service group management - Azure Active Directory | Microsoft Docs + Title: Set up self-service group management description: Create and manage security groups or Microsoft 365 groups in Azure Active Directory and request security group or Microsoft 365 group memberships documentationcenter: '' |
active-directory | Groups Settings Cmdlets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-settings-cmdlets.md | Title: Configure group settings using PowerShell - Azure AD | Microsoft Docs + Title: Configure group settings using PowerShell description: How manage the settings for groups using Azure Active Directory cmdlets documentationcenter: '' |
active-directory | Groups Settings V2 Cmdlets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-settings-v2-cmdlets.md | Title: PowerShell V2 examples for managing groups - Azure AD | Microsoft Docs + Title: PowerShell V2 examples for managing groups description: This page provides PowerShell examples to help you manage your groups in Azure Active Directory keywords: Azure AD, Azure Active Directory, PowerShell, Groups, Group management |
active-directory | Groups Troubleshooting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/groups-troubleshooting.md | Title: Fix problems with dynamic group memberships - Azure AD | Microsoft Docs + Title: Fix problems with dynamic group memberships description: Troubleshooting tips for dynamic group membership in Azure Active Directory |
active-directory | Licensing Directory Independence | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-directory-independence.md | Title: Characteristics of multi-tenant interaction - Azure AD | Microsoft Docs + Title: Characteristics of multi-tenant interaction description: Understanding the data independence of your Azure Active Directory organizations documentationcenter: '' |
active-directory | Licensing Group Advanced | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-group-advanced.md | Title: Group-based licensing additional scenarios - Azure AD | Microsoft Docs + Title: Group-based licensing additional scenarios description: More scenarios for Azure Active Directory group-based licensing keywords: Azure AD licensing |
active-directory | Licensing Groups Assign | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-assign.md | Title: Assign licenses to a group - Azure Active Directory | Microsoft Docs + Title: Assign licenses to a group description: How to assign licenses to users by means of Azure Active Directory group licensing keywords: Azure AD licensing |
active-directory | Licensing Groups Change Licenses | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-change-licenses.md | Title: Change license plans for users and groups - Azure AD | Microsoft Docs + Title: Change license plans for users and groups description: How to migrate users within a group to different service plans using group licensing in Azure Active Directory keywords: Azure AD licensing |
active-directory | Licensing Groups Migrate Users | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-migrate-users.md | Title: Add users with direct licenses to group licensing - Azure AD | Microsoft Docs + Title: Add users with direct licenses to group licensing description: How to migrate from individual user licenses to group-based licensing using Azure Active Directory keywords: Azure AD licensing |
active-directory | Licensing Groups Resolve Problems | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-groups-resolve-problems.md | Title: Resolve group license assignment problems - Azure Active Directory | Microsoft Docs + Title: Resolve group license assignment problems description: How to identify and resolve license assignment problems when you're using Azure Active Directory group-based licensing keywords: Azure AD licensing |
active-directory | Licensing Ps Examples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-ps-examples.md | Title: PowerShell and Microsoft Graph examples for group licensing - Azure AD | Microsoft Docs + Title: PowerShell and Microsoft Graph examples for group licensing description: PowerShell + Graph examples and scenarios for Azure Active Directory group-based licensing keywords: Azure AD licensing |
active-directory | Licensing Service Plan Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/licensing-service-plan-reference.md | Title: Product names and service plan identifiers for licensing - Azure AD | Microsoft Docs + Title: Product names and service plan identifiers for licensing description: Identifier map to manage Azure Active Directory licensing in the Azure portal, the Microsoft 365 admin center, PowerShell, or Microsoft Graph keywords: Azure Active Directory licensing service plans |
active-directory | Linkedin Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/linkedin-integration.md | Title: Admin consent for LinkedIn account connections - Azure AD | Microsoft Docs + Title: Admin consent for LinkedIn account connections description: Explains how to enable or disable LinkedIn integration account connections in Microsoft apps in Azure Active Directory |
active-directory | Linkedin User Consent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/linkedin-user-consent.md | Title: LinkedIn data sharing and consent - Azure Active Directory | Microsoft Docs + Title: LinkedIn data sharing and consent description: Explains how LinkedIn integration shares data via Microsoft apps in Azure Active Directory |
active-directory | Signin Account Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/signin-account-support.md | Title: Does my Azure AD sign-in page accept Microsoft accounts | Microsoft Docs + Title: Does my Azure AD sign-in page accept Microsoft accounts description: How on-screen messaging reflects username lookup during sign-in |
active-directory | Signin Realm Discovery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/signin-realm-discovery.md | Title: Username lookup during sign-in - Azure Active Directory | Microsoft Docs + Title: Username lookup during sign-in description: How on-screen messaging reflects username lookup during sign-in in Azure Active Directory |
active-directory | Users Bulk Add | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-add.md | Title: Bulk create users in the Azure portal | Microsoft Docs + Title: Bulk create users in the Azure portal description: Add users in bulk in the Azure portal in Azure Active Directory |
active-directory | Users Bulk Delete | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-delete.md | Title: Bulk delete users in the Azure portal | Microsoft Docs + Title: Bulk delete users in the Azure portal description: Delete users in bulk in the Azure admin center in Azure Active Directory |
active-directory | Users Bulk Download | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-download.md | Title: Download a list of users in the Azure portal | Microsoft Docs + Title: Download a list of users in the Azure portal description: Download user records in bulk in the Azure admin center in Azure Active Directory. |
active-directory | Users Bulk Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-bulk-restore.md | Title: Bulk restore deleted users in the Azure portal | Microsoft Docs + Title: Bulk restore deleted users in the Azure portal description: Restore deleted users in bulk in the Azure portal in Azure Active Directory |
active-directory | Users Custom Security Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-custom-security-attributes.md | Title: Assign, update, list, or remove custom security attributes for a user (Preview) - Azure Active Directory + Title: Assign, update, list, or remove custom security attributes for a user (Preview) description: Assign, update, list, or remove custom security attributes for a user in Azure Active Directory. |
active-directory | Users Restrict Guest Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-restrict-guest-permissions.md | Title: Restrict guest user access permissions - Azure Active Directory | Microsoft Docs + Title: Restrict guest user access permissions description: Restrict guest user access permissions using the Azure portal, PowerShell, or Microsoft Graph in Azure Active Directory |
active-directory | Users Revoke Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-revoke-access.md | Title: Revoke user access in an emergency in Azure Active Directory | Microsoft Docs + Title: Revoke user access in an emergency in Azure Active Directory description: How to revoke all access for a user in Azure Active Directory |
active-directory | Users Search Enhanced | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-search-enhanced.md | Title: User management enhancements - Azure Active Directory | Microsoft Docs + Title: User management enhancements description: Describes how Azure Active Directory enables user search, filtering, and more information about your users. documentationcenter: '' |
active-directory | Users Sharing Accounts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-sharing-accounts.md | Title: Sharing accounts and credentials - Azure Active Directory | Microsoft Docs + Title: Sharing accounts and credentials description: Describes how Azure Active Directory enables organizations to securely share accounts for on-premises apps and consumer cloud services. documentationcenter: '' |
active-directory | Add Users Administrator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/add-users-administrator.md | Title: Add B2B collaboration users in the Azure portal - Azure AD + Title: Add B2B collaboration users in the Azure portal description: Shows how an admin can add guest users to their directory from a partner organization using Azure Active Directory (Azure AD) B2B collaboration. |
active-directory | Add Users Information Worker | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/add-users-information-worker.md | Title: Add B2B collaboration users as an information worker - Azure AD -description: B2B collaboration allows information workers and app owners to add guest users to Azure AD for access | Microsoft Docs + Title: Add B2B collaboration users as an information worker +description: B2B collaboration allows information workers and app owners to add guest users to Azure AD for access |
active-directory | Allow Deny List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/allow-deny-list.md | Title: Allow or block invites to specific organizations - Azure AD + Title: Allow or block invites to specific organizations description: Shows how an administrator can use the Azure portal or PowerShell to set an access or blocklist to allow or block B2B users from certain domains. |
active-directory | Api Connectors Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/api-connectors-overview.md | Title: About API connectors in self-service sign-up flows - Azure AD + Title: About API connectors in self-service sign-up flows description: Use Azure Active Directory (Azure AD) API connectors to customize and extend your self-service sign-up user flows by using web APIs. |
active-directory | Auditing And Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/auditing-and-reporting.md | Title: Auditing and reporting a B2B collaboration user - Azure AD + Title: Auditing and reporting a B2B collaboration user description: Guest user properties are configurable in Azure Active Directory B2B collaboration |
active-directory | Authentication Conditional Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/authentication-conditional-access.md | Title: Authentication and Conditional Access for B2B users - Azure AD + Title: Authentication and Conditional Access for B2B users description: Learn how to enforce multi-factor authentication policies for Azure Active Directory B2B users. |
active-directory | B2b Government National Clouds | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-government-national-clouds.md | Title: Azure AD B2B in government and national clouds - Azure Active Directory + Title: Azure AD B2B in government and national clouds description: Learn what features are available in Azure Active Directory B2B collaboration in US Government and national clouds |
active-directory | B2b Quickstart Add Guest Users Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-quickstart-add-guest-users-portal.md | Title: 'Quickstart: Add a guest user and send an invitation - Azure AD' + Title: 'Quickstart: Add a guest user and send an invitation' description: Use this quickstart to learn how Azure AD admins can add B2B guest users in the Azure portal and walk through the B2B invitation workflow. |
active-directory | B2b Quickstart Invite Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-quickstart-invite-powershell.md | Title: 'Quickstart: Add a guest user with PowerShell - Azure AD' + Title: 'Quickstart: Add a guest user with PowerShell' description: In this quickstart, you learn how to use PowerShell to send an invitation to an external Azure AD B2B collaboration user. You'll use the Microsoft Graph Identity Sign-ins and the Microsoft Graph Users PowerShell modules. |
active-directory | B2b Tutorial Require Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/b2b-tutorial-require-mfa.md | Title: 'Tutorial - Multi-factor authentication for B2B - Azure AD' + Title: 'Tutorial - Multi-factor authentication for B2B' description: In this tutorial, learn how to require multi-factor authentication (MFA) when you use Azure AD B2B to collaborate with external users and partner organizations. |
active-directory | Bulk Invite Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/bulk-invite-powershell.md | Title: Tutorial for bulk inviting B2B collaboration users - Azure Active Directory | Microsoft Docs + Title: Tutorial for bulk inviting B2B collaboration users description: In this tutorial, you learn how to use PowerShell and a CSV file to send bulk invitations to external Azure AD B2B collaboration guest users. |
active-directory | Claims Mapping | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/claims-mapping.md | Title: B2B collaboration user claims mapping - Azure Active Directory + Title: B2B collaboration user claims mapping description: Customize the user claims that are issued in the SAML token for Azure Active Directory (Azure AD) B2B users. |
active-directory | Code Samples Self Service Sign Up | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/code-samples-self-service-sign-up.md | Title: API connector code samples for user flows - Azure AD + Title: API connector code samples for user flows description: Code samples for API connectors in self-service sign-up flows for Azure Active Directory External Identities. |
active-directory | Code Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/code-samples.md | Title: B2B collaboration code and PowerShell samples - Azure AD + Title: B2B collaboration code and PowerShell samples description: Code and PowerShell samples for Azure Active Directory B2B collaboration |
active-directory | Configure Saas Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/configure-saas-apps.md | Title: Configure SaaS apps for B2B collaboration - Azure AD + Title: Configure SaaS apps for B2B collaboration description: Learn how to configure SaaS apps for Azure Active Directory B2B collaboration and view additional available resources. |
active-directory | Cross Cloud Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-cloud-settings.md | Title: Configure B2B collaboration Microsoft cloud settings - Azure AD + Title: Configure B2B collaboration Microsoft cloud settings description: Use Microsoft cloud settings to enable cross-cloud B2B collaboration between sovereign (national) Microsoft Azure clouds. |
active-directory | Cross Tenant Access Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-overview.md | Title: Cross-tenant access overview - Azure AD + Title: Cross-tenant access overview description: Get an overview of cross-tenant access in Azure AD External Identities. Learn how to manage your B2B collaboration with other Azure AD organizations through this overview of cross-tenant access settings. |
active-directory | Cross Tenant Access Settings B2b Collaboration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md | Title: Configure B2B collaboration cross-tenant access - Azure AD + Title: Configure B2B collaboration cross-tenant access description: Use cross-tenant collaboration settings to manage how you collaborate with other Azure AD organizations. Learn how to configure outbound access to external organizations and inbound access from external Azure AD for B2B collaboration. |
active-directory | Cross Tenant Access Settings B2b Direct Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect.md | Title: Configure B2B direct connect cross-tenant access - Azure AD + Title: Configure B2B direct connect cross-tenant access description: Use cross-tenant access settings to manage how you collaborate with other Azure AD organizations. Learn how to configure outbound access to external organizations and inbound access from external Azure AD for B2B direct connect. |
active-directory | Current Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/current-limitations.md | Title: Limitations of B2B collaboration - Azure Active Directory | Microsoft Docs + Title: Limitations of B2B collaboration description: Current limitations for Azure Active Directory B2B collaboration |
active-directory | Customize Invitation Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customize-invitation-api.md | Title: B2B collaboration API and customization - Azure Active Directory + Title: B2B collaboration API and customization description: Azure Active Directory B2B collaboration supports your cross-company relationships by enabling business partners to selectively access your corporate applications. |
active-directory | Direct Federation Adfs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/direct-federation-adfs.md | Title: Set up SAML/WS-Fed IdP federation with an AD FS for B2B - Azure AD + Title: Set up SAML/WS-Fed IdP federation with an AD FS for B2B description: Learn how to set up AD FS as an identity provider (IdP) for SAML/WS-Fed IdP federation so guests can sign in to your Azure AD apps |
active-directory | Direct Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/direct-federation.md | Title: Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD + Title: Federation with a SAML/WS-Fed identity provider (IdP) for B2B description: Directly federate with a SAML or WS-Fed identity provider so guests can sign in to your Azure AD apps |
active-directory | External Collaboration Settings Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/external-collaboration-settings-configure.md | Title: Enable B2B external collaboration settings - Azure AD + Title: Enable B2B external collaboration settings description: Learn how to enable Active Directory B2B external collaboration and manage who can invite guest users. Use the Guest Inviter role to delegate invitations. |
active-directory | External Identities Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/external-identities-overview.md | Title: External Identities in Azure Active Directory | Microsoft Docs + Title: External Identities in Azure Active Directory description: Azure AD External Identities allow you to collaborate with or publish apps to people outside your organization. Compare solutions for External Identities, including Azure Active Directory B2B collaboration, Azure AD B2B collaboration, and Azure AD B2C. |
active-directory | Facebook Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/facebook-federation.md | Title: Add Facebook as an identity provider - Azure AD + Title: Add Facebook as an identity provider description: Federate with Facebook to enable external users (guests) to sign in to your Azure AD apps with their own Facebook accounts. |
active-directory | Google Federation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/google-federation.md | Title: Add Google as an identity provider for B2B - Azure AD + Title: Add Google as an identity provider for B2B description: Federate with Google to enable guest users to sign in to your Azure AD apps with their own Gmail accounts. |
active-directory | Hybrid Cloud To On Premises | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md | Title: Grant B2B users access to your on-premises apps - Azure AD + Title: Grant B2B users access to your on-premises apps description: Shows how to give cloud B2B users access to on premises apps with Azure AD B2B collaboration. |
active-directory | Hybrid On Premises To Cloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-on-premises-to-cloud.md | Title: Sync local partner accounts to cloud as B2B users - Azure AD + Title: Sync local partner accounts to cloud as B2B users description: Give locally managed external partners access to both local and cloud resources using the same credentials with Azure AD B2B collaboration. |
active-directory | Hybrid Organizations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/hybrid-organizations.md | Title: B2B collaboration for hybrid organizations - Azure AD + Title: B2B collaboration for hybrid organizations description: Give partners access to both on-premises and cloud resources with Azure AD B2B collaboration. |
active-directory | Identity Providers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/identity-providers.md | Title: Identity providers for External Identities - Azure AD + Title: Identity providers for External Identities description: Learn how to use Azure AD as your default identity provider for sharing with external users. |
active-directory | Invitation Email Elements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/invitation-email-elements.md | Title: Elements of the B2B invitation email - Azure Active Directory | Microsoft Docs + Title: Elements of the B2B invitation email description: Azure Active Directory B2B collaboration invitation email template -# The elements of the B2B collaboration invitation email - Azure Active Directory +# The elements of the B2B collaboration invitation email Invitation emails are a critical component to bring partners on board as B2B collaboration users in Azure AD. ItΓÇÖs [not required that you send an email to invite someone using B2B collaboration](redemption-experience.md#redemption-through-a-direct-link), but it gives the user all the information they need to decide if they accept your invite or not. It also gives them a link they can always refer to in the future when they need to return to your resources. |
active-directory | Invite Internal Users | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/invite-internal-users.md | Title: Invite internal users to B2B collaboration - Azure AD + Title: Invite internal users to B2B collaboration description: If you have internal user accounts for partners, distributors, suppliers, vendors, and other guests, you can change to Azure AD B2B collaboration by inviting them to sign in with their own external credentials or login. Use either PowerShell or the Microsoft Graph invitation API. |
active-directory | Microsoft Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/microsoft-account.md | Title: Add Microsoft account (MSA) as an identity provider - Azure AD + Title: Add Microsoft account (MSA) as an identity provider description: Use Azure AD to enable an external user (guest) to sign in to your Azure AD apps with their Microsoft account (MSA). |
active-directory | One Time Passcode | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/one-time-passcode.md | Title: One-time passcode authentication for B2B guest users - Azure AD + Title: One-time passcode authentication for B2B guest users description: How to use Email one-time passcode to authenticate B2B guest users without the need for a Microsoft account. |
active-directory | Redemption Experience | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/redemption-experience.md | Title: Invitation redemption in B2B collaboration - Azure AD + Title: Invitation redemption in B2B collaboration description: Describes the Azure AD B2B collaboration invitation redemption experience for end users, including the agreement to privacy terms. |
active-directory | Reset Redemption Status | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/reset-redemption-status.md | Title: Reset a guest user's redemption status - Azure AD + Title: Reset a guest user's redemption status description: Learn how to reset the invitation redemption status for an Azure Active Directory B2B guest users in Azure AD External Identities. |
active-directory | Self Service Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-portal.md | Title: Self-service sign-up portal for B2B collaboration - Azure AD + Title: Self-service sign-up portal for B2B collaboration description: Learn how to customize the onboarding workflow for Azure Active Directory B2B users to fit your organizationΓÇÖs needs. |
active-directory | Self Service Sign Up Add Api Connector | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-add-api-connector.md | Title: Add API connectors to self-service sign-up flows - Azure AD + Title: Add API connectors to self-service sign-up flows description: Configure a web API to be used in a user flow. |
active-directory | Self Service Sign Up Add Approvals | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-add-approvals.md | Title: Add custom approvals to self-service sign-up flows - Azure AD -description: Add API connectors for custom approval workflows in External Identities self-service sign-up - Azure Active Directory (Azure AD) + Title: Add custom approvals to self-service sign-up flows +description: Add API connectors for custom approval workflows in External Identities self-service sign-up |
active-directory | Self Service Sign Up Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-overview.md | Title: Self-service sign-up for External Identities - Azure AD + Title: Self-service sign-up for External Identities description: Learn how to allow external users to sign up for your applications themselves by enabling self-service sign-up. Create a personalized sign-up experience by customizing the self-service sign-up user flow. |
active-directory | Self Service Sign Up User Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/self-service-sign-up-user-flow.md | Title: Add a self-service sign-up user flow - Azure AD + Title: Add a self-service sign-up user flow description: Create user flows for apps that are built by your organization. Then, users who visit that app can gain a guest account using the options configured in the user flow. |
active-directory | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/troubleshoot.md | Title: Troubleshooting B2B collaboration - Azure Active Directory | Microsoft Docs + Title: Troubleshooting B2B collaboration description: Remedies for common problems with Azure Active Directory B2B collaboration |
active-directory | Tutorial Bulk Invite | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/tutorial-bulk-invite.md | Title: Bulk invite guest users for B2B collaboration tutorial - Azure AD + Title: Bulk invite guest users for B2B collaboration tutorial description: In this tutorial, you learn how to send bulk invitations using a CSV file to external Azure AD B2B collaboration users. |
active-directory | Use Dynamic Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/use-dynamic-groups.md | Title: Dynamic groups and B2B collaboration - Azure Active Directory | Microsoft Docs + Title: Dynamic groups and B2B collaboration description: Shows how to use Azure AD dynamic groups with Azure Active Directory B2B collaboration |
active-directory | User Flow Add Custom Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-flow-add-custom-attributes.md | Title: Add custom attributes to self-service sign-up flows - Azure AD + Title: Add custom attributes to self-service sign-up flows description: Learn about customizing the attributes for your self-service sign-up user flows. |
active-directory | User Properties | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-properties.md | Title: Properties of a B2B guest user - Azure Active Directory | Microsoft Docs + Title: Properties of a B2B guest user description: Azure Active Directory B2B invited guest user properties and states before and after invitation redemption |
active-directory | User Token | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/user-token.md | Title: Understand user tokens in B2B collaboration - Azure AD + Title: Understand user tokens in B2B collaboration description: User token reference for Azure Active Directory B2B collaboration. |
active-directory | Active Directory Access Create New Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md | Title: Quickstart - Access & create new tenant - Azure AD + Title: Quickstart - Access & create new tenant description: Instructions about how to find Azure Active Directory and how to create a new tenant for your organization. |
active-directory | Active Directory Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-architecture.md | Title: Architecture overview - Azure Active Directory | Microsoft Docs + Title: Architecture overview description: Learn what an Azure Active Directory tenant is and how to manage Azure using Azure Active Directory. |
active-directory | Active Directory Data Storage Australia Newzealand | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-australia-newzealand.md | Title: Customer data storage for Australian and New Zealand customers - Azure AD + Title: Customer data storage for Australian and New Zealand customers description: Learn about where Azure Active Directory stores customer-related data for its Australian and New Zealand customers. |
active-directory | Active Directory Data Storage Australia | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-australia.md | Title: Identity data storage for Australian and New Zealand customers - Azure AD + Title: Identity data storage for Australian and New Zealand customers description: Learn about where Azure Active Directory stores identity-related data for its Australian and New Zealand customers. |
active-directory | Active Directory Data Storage Japan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-data-storage-japan.md | Title: Customer data storage for Japan customers - Azure AD + Title: Customer data storage for Japan customers description: Learn about where Azure Active Directory stores customer-related data for its Japan customers. |
active-directory | Active Directory Get Started Premium | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-get-started-premium.md | Title: Sign up for premium editions - Azure Active Directory| Microsoft Docs + Title: Sign up for premium editions description: Instructions about how to sign up for Azure Active Directory Premium editions. |
active-directory | Active Directory Groups View Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-groups-view-azure-portal.md | Title: Quickstart - View groups & members - Azure AD + Title: Quickstart - View groups & members description: Instructions about how to search for and view your organization's groups and their assigned members. |
active-directory | Active Directory How Subscriptions Associated Directory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md | Title: Add an existing Azure subscription to your tenant - Azure AD + Title: Add an existing Azure subscription to your tenant description: Instructions about how to add an existing Azure subscription to your Azure Active Directory (Azure AD) tenant. |
active-directory | Active Directory How To Find Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-how-to-find-tenant.md | Title: How to find your tenant ID - Azure Active Directory + Title: How to find your tenant ID description: Instructions about how to find and Azure Active Directory tenant ID to an existing Azure subscription. |
active-directory | Active Directory Licensing Whatis Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal.md | Title: What is group-based licensing - Azure Active Directory | Microsoft Docs + Title: What is group-based licensing description: Learn about Azure Active Directory group-based licensing, including how it works and best practices. keywords: Azure AD licensing |
active-directory | Active Directory Ops Guide Ops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-ops-guide-ops.md | Some identity and access management services require on-premises agents to enabl #### On-premises agents logs recommended reading - [Troubleshoot Application Proxy](../app-proxy/application-proxy-troubleshoot.md)-- [Self-service password reset troubleshooting- Azure Active Directory](../authentication/troubleshoot-sspr.md)+- [Self-service password reset troubleshooting](../authentication/troubleshoot-sspr.md) - [Understand Azure AD Application Proxy connectors](../app-proxy/application-proxy-connectors.md) - [Azure AD Connect: Troubleshoot Pass-through Authentication](../hybrid/tshoot-connect-pass-through-authentication.md#collecting-pass-through-authentication-agent-logs) - [Troubleshoot error codes for the Azure AD MFA NPS extension](../authentication/howto-mfa-nps-extension-errors.md) |
active-directory | Active Directory Properties Area | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-properties-area.md | Title: Add your organization's privacy info - Azure Active Directory | Microsoft Docs + Title: Add your organization's privacy info description: Instructions about how to add your organization's privacy info to the Azure Active Directory Properties area. |
active-directory | Active Directory Users Assign Role Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-assign-role-azure-portal.md | Title: Manage Azure AD user roles - Azure Active Directory | Microsoft Docs + Title: Manage Azure AD user roles description: Instructions about how to assign and update user roles with Azure Active Directory. |
active-directory | Active Directory Users Profile Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-profile-azure-portal.md | Title: Add or update user profile information - Azure AD + Title: Add or update user profile information description: Instructions about how to manage a user's profile and settings in Azure Active Directory. |
active-directory | Active Directory Users Reset Password Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-reset-password-azure-portal.md | Title: Reset a user's password - Azure Active Directory | Microsoft Docs + Title: Reset a user's password description: Instructions about how to reset a user's password using Azure Active Directory. |
active-directory | Active Directory Users Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-users-restore.md | Title: Restore or permanently remove recently deleted user - Azure AD + Title: Restore or permanently remove recently deleted user description: How to view restorable users, restore a deleted user, or permanently delete a user with Azure Active Directory. |
active-directory | Add Custom Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/add-custom-domain.md | Title: Add your custom domain - Azure Active Directory | Microsoft Docs + Title: Add your custom domain description: Instructions about how to add a custom domain using Azure Active Directory. |
active-directory | Add Users Azure Active Directory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/add-users-azure-active-directory.md | Title: Add or delete users - Azure Active Directory | Microsoft Docs + Title: Add or delete users description: Instructions about how to add new users or delete existing users using Azure Active Directory. |
active-directory | Concept Fundamentals Mfa Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md | Title: Azure AD Multi-Factor Authentication for your organization - Azure Active Directory + Title: Azure AD Multi-Factor Authentication for your organization description: Learn about the available features of Azure AD Multi-Factor Authentication for your organization based on your license model |
active-directory | Concept Learn About Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/concept-learn-about-groups.md | Title: Learn about groups and group membership - Azure Active Directory | Microsoft Docs + Title: Learn about groups and group membership description: Information about Azure Active Directory groups and access rights |
active-directory | Custom Security Attributes Add | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-add.md | Title: Add or deactivate custom security attributes in Azure AD (Preview) - Azure Active Directory + Title: Add or deactivate custom security attributes in Azure AD (Preview) description: Learn how to add new custom security attributes or deactivate custom security attributes in Azure Active Directory. |
active-directory | Custom Security Attributes Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-manage.md | Title: Manage access to custom security attributes in Azure AD (Preview) - Azure Active Directory + Title: Manage access to custom security attributes in Azure AD (Preview) description: Learn how to manage access to custom security attributes in Azure Active Directory. |
active-directory | Custom Security Attributes Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-overview.md | Title: What are custom security attributes in Azure AD? (Preview) - Azure Active Directory + Title: What are custom security attributes in Azure AD? (Preview) description: Learn about custom security attributes in Azure Active Directory. |
active-directory | Custom Security Attributes Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-troubleshoot.md | Title: Troubleshoot custom security attributes in Azure AD (Preview) - Azure Active Directory + Title: Troubleshoot custom security attributes in Azure AD (Preview) description: Learn how to troubleshoot custom security attributes in Azure Active Directory. |
active-directory | Customize Branding | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/customize-branding.md | Title: Add branding to your organization's sign-in page - Azure AD + Title: Add branding to your organization's sign-in page description: Instructions about how to add your organization's branding to the Azure Active Directory sign-in page. |
active-directory | How To Customize Branding | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-customize-branding.md | Title: Add company branding to your organization's sign-in page (preview) - Azure AD + Title: Add company branding to your organization's sign-in page (preview) description: Instructions about how to add your organization's branding to the sign-in experience. |
active-directory | How To Get Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-get-support.md | Title: Find help and get support for Azure Active Directory - Azure Active Directory | Microsoft Docs + Title: Find help and get support for Azure Active Directory description: Instructions about how to get help and open a support request for Azure Active Directory. |
active-directory | How To Manage Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/how-to-manage-groups.md | Title: How to manage groups - Azure Active Directory | Microsoft Docs + Title: How to manage groups description: Instructions about how to manage Azure AD groups and group membership. |
active-directory | Identity Secure Score | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/identity-secure-score.md | Title: What is identity secure score? - Azure Active Directory + Title: What is identity secure score? description: Learn how to use the identity secure score to improve the security posture of your directory. |
active-directory | License Users Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/license-users-groups.md | Title: Assign or remove licenses - Azure Active Directory | Microsoft Docs + Title: Assign or remove licenses description: Instructions about how to assign or remove Azure Active Directory licenses from your users or groups. |
active-directory | Resilience B2c Developer Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-b2c-developer-best-practices.md | Title: Resilience through developer best practices using Azure AD B2C | Microsoft Docs + Title: Resilience through developer best practices using Azure AD B2C description: Resilience through developer best practices in Customer Identity and Access Management using Azure AD B2C |
active-directory | Resilience B2c | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-b2c.md | Title: Build resilience in Customer Identity and Access Management using Azure AD B2C | Microsoft Docs + Title: Build resilience in Customer Identity and Access Management using Azure AD B2C description: Methods to build resilience in Customer Identity and Access Management using Azure AD B2C |
active-directory | Resilience With Monitoring Alerting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilience-with-monitoring-alerting.md | Title: Resilience through monitoring and analytics using Azure AD B2C | Microsoft Docs + Title: Resilience through monitoring and analytics using Azure AD B2C description: Resilience through monitoring and analytics using Azure AD B2C |
active-directory | Resilient End User Experience | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilient-end-user-experience.md | Title: Resilient end-user experience using Azure AD B2C | Microsoft Docs + Title: Resilient end-user experience using Azure AD B2C description: Methods to build resilience in end-user experience using Azure AD B2C |
active-directory | Resilient External Processes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/resilient-external-processes.md | Title: Resilient interfaces with external processes using Azure AD B2C | Microsoft Docs + Title: Resilient interfaces with external processes using Azure AD B2C description: Methods to build resilient interfaces with external processes |
active-directory | Service Accounts Principal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/service-accounts-principal.md | -An Azure Active Directory (Azure AD) service principals are the local representation of an application object in a tenant or directory. It's the identity of the application instance. Service principals define application access, and resources the application accesses. A service principal is created in each tenant where the application is used, and references the globally unique application object. The tenant secures the service principal sign-in and access to resources. +An Azure Active Directory (Azure AD) service principal is the local representation of an application object in a tenant or directory. It's the identity of the application instance. Service principals define application access and resources the application accesses. A service principal is created in each tenant where the application is used and references the globally unique application object. The tenant secures the service principal sign-in and access to resources. Learn more: [Application and service principal objects in Azure AD](../develop/app-objects-and-service-principals.md) |
active-directory | Sign Up Organization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/sign-up-organization.md | Title: Sign up your organization - Azure Active Directory | Microsoft Docs + Title: Sign up your organization description: Instructions about how to sign up your organization to use Azure and Azure Active Directory. |
active-directory | Users Default Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/users-default-permissions.md | Title: Default user permissions - Azure Active Directory | Microsoft Docs + Title: Default user permissions description: Learn about the user permissions available in Azure Active Directory. |
active-directory | Whats New Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new-archive.md | Title: Archive for What's new in Azure Active Directory? | Microsoft Docs + Title: Archive for What's new in Azure Active Directory? description: The What's new release notes in the Overview section of this content set contain six months of activity. After six months, the items are removed from the main article and put into this archive article. In Azure AD entitlement management, a new form of access package assignment poli Users can now configure multiple instances of the same application within an Azure AD tenant. It's now supported for both IdP, and Service Provider (SP), initiated single sign-on requests. Multiple application accounts can now have a separate service principal to handle instance-specific claims mapping and roles assignment. For more information, see: -- [Configure SAML app multi-instancing for an application - Microsoft Entra | Microsoft Docs](../develop/reference-app-multi-instancing.md)-- [Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md)+- [Configure SAML app multi-instancing for an application - Microsoft Entra](../develop/reference-app-multi-instancing.md) +- [Customize app SAML token claims - Microsoft Entra](../develop/active-directory-saml-claims-customization.md) Users can now configure multiple instances of the same application within an Azu Administrators up until recently has the capability to transform claims using many transformations, however using regular expression for claims transformation wasn't exposed to customers. With this public preview release, administrators can now configure and use regular expressions for claims transformation using portal UX. -For more information, see:[Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md). +For more information, see:[Customize app SAML token claims - Microsoft Entra](../develop/active-directory-saml-claims-customization.md). Previously to set up and administer your AAD-DS instance you needed top level pe Check out these resources to learn more: -- [Tutorial - Create an Azure Active Directory Domain Services managed domain | Microsoft Docs](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites)-- [Least privileged roles by task - Azure Active Directory | Microsoft Docs](../roles/delegate-by-task.md#domain-services)-- [Azure built-in roles - Azure RBAC | Microsoft Docs](../../role-based-access-control/built-in-roles.md#domain-services-contributor)+- [Tutorial - Create an Azure Active Directory Domain Services managed domain](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites) +- [Least privileged roles by task](../roles/delegate-by-task.md#domain-services) +- [Azure built-in roles - Azure RBAC](../../role-based-access-control/built-in-roles.md#domain-services-contributor) For more information, see: [Manage devices in Azure AD using the Azure portal](. Previously the only way to have persistent NameID value was to ΓÇïconfigure user attribute with an empty value. Admins can now explicitly configure the NameID value to be persistent ΓÇïalong with the corresponding format. -For more information, see: [Customize app SAML token claims - Microsoft identity platform | Microsoft Docs](../develop/active-directory-saml-claims-customization.md#attributes). +For more information, see: [Customize app SAML token claims - Microsoft identity platform](../develop/active-directory-saml-claims-customization.md#attributes). For more information, see: [Customize app SAML token claims - Microsoft identity With this new parity update, customers can now integrate non-gallery applications such as Socure DevHub with Azure AD to have SSO via SAML. -For more information, see [Claims mapping policy - Microsoft Entra | Microsoft Docs](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements). +For more information, see [Claims mapping policy - Microsoft Entra](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements). For more information about how to better secure your organization by using autom **Product capability:** Identity Security & Protection -The sign-ins Microsoft Graph API now supports confirming safe and compromised on risky sign-ins. This public preview functionality is available at the beta endpoint. For more information, please check out the Microsoft Graph documentation: [signIn: confirmSafe - Microsoft Graph beta | Microsoft Docs](/graph/api/signin-confirmsafe?view=graph-rest-beta&preserve-view=true) +The sign-ins Microsoft Graph API now supports confirming safe and compromised on risky sign-ins. This public preview functionality is available at the beta endpoint. For more information, please check out the Microsoft Graph documentation: [signIn: confirmSafe - Microsoft Graph beta](/graph/api/signin-confirmsafe?view=graph-rest-beta&preserve-view=true) Microsoft cloud settings let you collaborate with organizations from different M -Microsoft Azure global cloud and Microsoft Azure Government -Microsoft Azure global cloud and Microsoft Azure China 21Vianet -To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross-tenant access overview - Azure AD | Microsoft Docs](../external-identities/cross-tenant-access-overview.md#microsoft-cloud-settings). +To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross-tenant access overview - Azure AD](../external-identities/cross-tenant-access-overview.md#microsoft-cloud-settings). To learn more about Microsoft cloud settings for B2B collaboration, see: [Cross- -When setting up federation with a partner's IdP, new guest users from that domain can use their own IdP-managed organizational account to sign in to your Azure AD tenant and start collaborating with you. There's no need for the guest user to create a separate Azure AD account. To learn more about federating with SAML or WS-Fed identity providers in External Identities, see: [Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD | Microsoft Docs](../external-identities/direct-federation.md). +When setting up federation with a partner's IdP, new guest users from that domain can use their own IdP-managed organizational account to sign in to your Azure AD tenant and start collaborating with you. There's no need for the guest user to create a separate Azure AD account. To learn more about federating with SAML or WS-Fed identity providers in External Identities, see: [Federation with a SAML/WS-Fed identity provider (IdP) for B2B - Azure AD](../external-identities/direct-federation.md). In Azure AD entitlement management, an administrator can now configure the incom **Product capability:** Identity Security & Protection -Identity Protection now integrates a signal from Microsoft Defender for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection | Microsoft Docs](../identity-protection/concept-identity-protection-risks.md). +Identity Protection now integrates a signal from Microsoft Defender for Endpoint (MDE) that will protect against PRT theft detection. To learn more, see: [What is risk? Azure AD Identity Protection](../identity-protection/concept-identity-protection-risks.md). We're announcing the public preview of following MS Graph APIs and PowerShell cm If using older MSOnline cmdlets ([Get-MsolDomainFederationSettings](/powershell/module/msonline/get-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true) and [Set-MsolDomainFederationSettings](/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0&preserve-view=true)), we highly recommend transitioning to the latest MS Graph APIs and PowerShell cmdlets. -For more information, see [internalDomainFederation resource type - Microsoft Graph beta | Microsoft Docs](/graph/api/resources/internaldomainfederation?view=graph-rest-beta&preserve-view=true). +For more information, see [internalDomainFederation resource type - Microsoft Graph beta](/graph/api/resources/internaldomainfederation?view=graph-rest-beta&preserve-view=true). For listing your application in the Azure AD app gallery, please read the detail 1. **transitiveRoleAssignments** - Last year the ability to assign Azure AD roles to groups was created. Originally it took four calls to fetch all direct, and transitive, role assignments of a user. This new API call allows it all to be done via one API call. For more information, see:-[List transitiveRoleAssignment - Microsoft Graph beta | Microsoft Docs](/graph/api/rbacapplication-list-transitiveroleassignments). +[List transitiveRoleAssignment - Microsoft Graph beta](/graph/api/rbacapplication-list-transitiveroleassignments). 2. **unifiedRbacResourceAction** - Developers can use this API to list all role permissions and their descriptions in Azure AD. This API can be thought of as a dictionary that can help build custom roles without relying on UX. For more information, see:-[List resourceActions - Microsoft Graph beta | Microsoft Docs](/graph/api/unifiedrbacresourcenamespace-list-resourceactions). +[List resourceActions - Microsoft Graph beta](/graph/api/unifiedrbacresourcenamespace-list-resourceactions). |
active-directory | Whats New Sovereign Clouds | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new-sovereign-clouds.md | Title: What's new in Sovereign Clouds? Release notes - Azure Active Directory | Microsoft Docs + Title: What's new in Sovereign Clouds? Release notes description: Learn what is new with Azure Active Directory Sovereign Cloud. Temporary Access Pass (TAP) is now generally available. TAP can be used to secur In some scenarios customers may want to require a fresh authentication, every time before a user performs specific actions. Sign-in frequency Every time support requiring a user to reauthenticate during Intune device enrollment, password change for risky users and risky sign-ins. -More information: [Configure authentication session management - Azure Active Directory - Microsoft Entra | Microsoft Docs](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time). +More information: [Configure authentication session management](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time). |
active-directory | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new.md | Title: What's new? Release notes - Azure Active Directory | Microsoft Docs + Title: What's new? Release notes description: Learn what is new with Azure Active Directory; such as the latest release notes, known issues, bug fixes, deprecated functionality, and upcoming changes. |
active-directory | Access Reviews Application Preparation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/access-reviews-application-preparation.md | Title: Preparing for an access review of users' access to an application - Azure AD + Title: Preparing for an access review of users' access to an application description: Planning for a successful access reviews campaign for a particular application starts with understanding how to model access for that application in Azure AD. documentationCenter: '' |
active-directory | Access Reviews Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/access-reviews-overview.md | Title: What are access reviews? - Microsoft Entra | Microsoft Docs + Title: What are access reviews? - Microsoft Entra description: Using access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization. documentationcenter: '' |
active-directory | Create Access Review Pim For Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/create-access-review-pim-for-groups.md | Title: Create an access review of PIM for Groups - Azure AD (preview) + Title: Create an access review of PIM for Groups (preview) description: Learn how to create an access review of PIM for Groups in Azure Active Directory. |
active-directory | Create Access Review | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/create-access-review.md | Title: Create an access review of groups and applications - Azure AD + Title: Create an access review of groups and applications description: Learn how to create an access review of group members or application access in Azure Active Directory. |
active-directory | Customize Workflow Schedule | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/customize-workflow-schedule.md | Title: 'Customize workflow schedule - Azure Active Directory' + Title: 'Customize workflow schedule' description: Describes how to customize the schedule of a Lifecycle Workflow. |
active-directory | Delete Lifecycle Workflow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/delete-lifecycle-workflow.md | Title: 'Delete a Lifecycle workflow - Azure Active Directory' + Title: 'Delete a Lifecycle workflow' description: Describes how to delete a Lifecycle Workflow using. |
active-directory | Entitlement Management Access Package Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-access-package-resources.md | Title: Change resource roles for an access package in entitlement management - Azure AD + Title: Change resource roles for an access package in entitlement management description: Learn how to change the resource roles for an existing access package in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Access Package Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-access-package-settings.md | Title: Share link to request an access package in entitlement management - Azure AD + Title: Share link to request an access package in entitlement management description: Learn how to share link to request an access package in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Catalog Create | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-catalog-create.md | Title: Create and manage a catalog of resources in entitlement management - Azure AD + Title: Create and manage a catalog of resources in entitlement management description: Learn how to create a new container of resources and access packages in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Delegate Catalog | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate-catalog.md | Title: Delegate access governance to catalog creators in entitlement management - Azure AD + Title: Delegate access governance to catalog creators in entitlement management description: Learn how to delegate access governance from IT administrators to catalog creators and project managers so that they can manage access themselves. documentationCenter: '' |
active-directory | Entitlement Management Delegate Managers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate-managers.md | Title: Delegate access governance to access package managers in entitlement management - Azure AD + Title: Delegate access governance to access package managers in entitlement management description: Learn how to delegate access governance from IT administrators to access package managers and project managers so that they can manage access themselves. documentationCenter: '' |
active-directory | Entitlement Management Delegate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-delegate.md | Title: Delegation and roles in entitlement management - Azure AD + Title: Delegation and roles in entitlement management description: Learn how to delegate access governance from IT administrators to department managers and project managers so that they can manage access themselves. documentationCenter: '' |
active-directory | Entitlement Management External Users | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-external-users.md | Title: Govern access for external users in entitlement management - Azure AD + Title: Govern access for external users in entitlement management description: Learn about the settings you can specify to govern access for external users in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Logic Apps Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-logic-apps-integration.md | Title: Trigger custom Logic Apps with entitlement management -description: Learn how to configure and use custom Logic Apps in entitlement management. + Title: Trigger custom logic apps with entitlement management +description: Learn how to configure and use custom logic app workflows in entitlement management. documentationCenter: '' -#Customer intent: As an administrator, I want detailed information about how I can configure and add custom Logic Apps to my catalogs and access packages in entitlement management. +#Customer intent: As an administrator, I want detailed information about how I can configure and add custom logic apps to my catalogs and access packages in entitlement management. -# Trigger custom Logic Apps with entitlement management +# Trigger custom logic apps with entitlement management -[Azure Logic Apps](../../logic-apps/logic-apps-overview.md) can be used to automate custom workflows and connect apps and services in one place. Users can integrate Logic Apps with entitlement management to broaden their governance workflows beyond the core entitlement management use cases. +[Azure Logic Apps](../../logic-apps/logic-apps-overview.md) can be used to automate custom workflows and connect apps and services in one place. Users can integrate Azure Logic Apps with entitlement management to broaden their governance workflows beyond the core entitlement management use cases. -These Logic Apps can then be triggered to run in accordance with entitlement management use cases such as when an access package is granted or requested. For example, an admin could create and link a custom Logic App to entitlement management so that when a user requests an access package, a Logic App is triggered that ensures the user is also assigned certain characteristics in a 3rd party SAAS app (like Salesforce) or is sent a custom email. +These logic app workflows can then be triggered to run in accordance with entitlement management use cases such as when an access package is granted or requested. For example, an admin could create and link a custom logic app workflow to entitlement management so that when a user requests an access package, the logic app workflow is triggered to ensure that the user is also assigned certain characteristics in a 3rd party SAAS app (like Salesforce) or is sent a custom email. -Entitlement management use cases that can be integrated with Logic Apps include: +Entitlement management use cases that can be integrated with Azure Logic Apps include: - when an access package is requested Entitlement management use cases that can be integrated with Logic Apps include: - when an access package assignment expires -These triggers to Logic Apps are controlled in a new tab within access package policies called **Rules**. Additionally, a **Custom Extensions** tab on the Catalog page will show all added Logic Apps for a given Catalog. This article describes how to create and add logic apps to catalogs and access packages in entitlement management. +These triggers in logic app workflows are controlled in a new tab within access package policies called **Rules**. Additionally, a **Custom Extensions** tab on the Catalog page will show all added logic app resources for a given Catalog. This article describes how to create and add logic apps to catalogs and access packages in entitlement management. -## Create and add a Logic App to a catalog for use in entitlement management +## Create and add a logic app workflow to a catalog for use in entitlement management **Prerequisite roles:** Global administrator, Identity Governance administrator, Catalog owner or Resource Group Owner These triggers to Logic Apps are controlled in a new tab within access package p 1. In the header navigation bar, select **Add a Custom Extension**. -1. In the **Basics** tab, enter the name of the custom extension (linked Logic App you are adding) and description of the workflow. These fields will show up in the **Custom Extensions** tab of the Catalog going forward. +1. In the **Basics** tab, enter the name of the custom extension (linked logic app that you are adding) and description of the workflow. These fields will show up in the **Custom Extensions** tab of the Catalog going forward.  - 1. Then go on to the **Details** tab. -1. Select **Yes** in the field ΓÇ£Create new logic appΓÇ¥. Otherwise, select **No** and move on to step 9 if you are going to use an existing Logic App. If you selected yes, select one of the options below and move on to step 9: +1. In the **Create new logic app** field, select **Yes**. Otherwise, select **No** and move on to step 9 if you are going to use an existing logic app. If you selected yes, select one of the options below and move on to step 9: - 1. Select **create new Azure AD application** if you want to use a new application as the basis for the new Logic App, or + 1. Select **create new Azure AD application** if you want to use a new application as the basis for the new logic app, or  - 1. select **an existing Azure AD Application** if you want to use an existing application as the basis for the new Logic App. + 1. select **an existing Azure AD Application** if you want to use an existing application as the basis for the new logic app.  - > [!Note] - > Later, you can edit what your Logic App does in Logic App designer. To do so, select on the Logic App you created in the **Custom Extensions** tab of **Catalogs**. + > [!NOTE] + > Later, you can edit what your logic app workflow does in workflow designer. To do so, in the **Custom Extensions** tab of **Catalogs**, select the logic app you created. 1. Next, enter the **Subscription ID**, **Resource group**, **Logic app name**. 1. Then, select **Validate and Create**. -1. Review the summary of your custom extension and make sure the details for your Logic App callout are correct. Then select **Create**. +1. Review the summary of your custom extension and make sure the details for your logic app callout are correct. Then select **Create**.  -1. This custom extension to the linked Logic App will now appear in your Custom Extensions tab under Catalogs. You will be able to call on this in access package policies. -+This custom extension to the linked logic app will now appear in your Custom Extensions tab under Catalogs. You will be able to call on this in access package policies. -## Edit a linked Logic App +## Edit a linked logic app **Prerequisite roles:** Global administrator, Identity Governance administrator, or Catalog owner These triggers to Logic Apps are controlled in a new tab within access package p 1. In the left menu, select **Custom Extensions**. -1. Here, you can view all custom extensions (Logic Apps) that you have added to this Catalog. To edit a Logic App workflow, or to create a workflow for a newly-added Logic App, select the Logic App custom extension under **Endpoint**. This will open Logic App Designer and allow you to create your workflow. +1. Here, you can view all custom extensions (logic apps) that you have added to this Catalog. To edit a logic app workflow, or to create a workflow for a newly-added logic app, select the Azure Logic Apps custom extension under **Endpoint**. This will open the workflow designer and allow you to create your workflow. - For more information on creating Logic App workflows, see [Create automated workflows with Azure Logic Apps in the Azure portal](../../logic-apps/quickstart-create-first-logic-app-workflow.md). +For more information on creating logic app workflows, see [Create an example Consumption workflow with Azure Logic Apps in the Azure portal](../../logic-apps/quickstart-create-example-consumption-workflow.md). ## Add custom extension to a policy in an access package These triggers to Logic Apps are controlled in a new tab within access package p 1. In the left menu, select **Access packages**. -1. Select the access package you want to add a custom extension (Logic App) to from the list of access packages that have already been created. +1. Select the access package you want to add a custom extension (logic app) to from the list of access packages that have already been created. > [!NOTE] > Select **New access package** if you want to create a new access package. These triggers to Logic Apps are controlled in a new tab within access package p 1. In the policy settings, go to the **Custom Extensions (Preview)** tab. -1. In the menu below **Stage**, select the access package event you wish to use as trigger for this custom extension (Logic App). For example, if you only want to trigger the custom extension Logic App workflow when a user requests the access package, select **Request is created**. +1. In the menu below **Stage**, select the access package event you wish to use as trigger for this custom extension (logic app). For example, if you only want to trigger the custom extension logic app workflow when a user requests the access package, select **Request is created**. -1. In the menu below **Custom Extension**, select the custom extension (Logic App) you want to add to the access package. The do action you select will execute when the event selected in the when field occurs. +1. In the menu below **Custom Extension**, select the custom extension (logic app) you want to add to the access package. The do action you select will execute when the event selected in the when field occurs. 1. Select **Update** to add it to an existing access package's policy. These triggers to Logic Apps are controlled in a new tab within access package p ## Troubleshooting and Validation -To verify that your custom extension has correctly triggered the associated Logic App when called upon by the access package **Do** option, you can view the Logic App logs. +To verify that your custom extension has correctly triggered the associated logic app when called upon by the access package **Do** option, you can view the Azure Logic Apps logs. -The overview page for a specific Logic App will show timestamps of when the Logic App was last executed. Also, the Resource Group overview for a resource group with a linked custom extension will show the name of that custom extension in the overview if it has been configured correctly. +The overview page for a specific logic app will show timestamps of when the logic app was last executed. Also, the Resource Group overview for a resource group with a linked custom extension will show the name of that custom extension in the overview if it has been configured correctly. ## Next steps |
active-directory | Entitlement Management Onboard External User | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-onboard-external-user.md | Title: Tutorial - Onboard external users to Azure AD through an approval process - Azure Active Directory + Title: Tutorial - Onboard external users to Azure AD through an approval process description: Step-by-step tutorial for how to create an access package for external users requiring approvals in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Organization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-organization.md | Title: Add a connected organization in entitlement management - Azure Active Directory + Title: Add a connected organization in entitlement management description: Learn how to allow people outside your organization to request access packages so that you can collaborate on projects. documentationCenter: '' |
active-directory | Entitlement Management Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-overview.md | Title: What is entitlement management? - Azure AD + Title: What is entitlement management? description: Get an overview of entitlement management and how you can use it to manage access to groups, applications, and SharePoint Online sites for internal and external users. documentationCenter: '' |
active-directory | Entitlement Management Reprocess Access Package Assignments | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-reprocess-access-package-assignments.md | Title: Reprocess assignments for an access package in entitlement management - Azure AD + Title: Reprocess assignments for an access package in entitlement management description: Learn how to reprocess assignments for an access package in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Reprocess Access Package Requests | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-reprocess-access-package-requests.md | Title: Reprocess requests for an access package in entitlement management - Azure Active Directory + Title: Reprocess requests for an access package in entitlement management description: Learn how to reprocess a request for an access package in entitlement management. documentationCenter: '' |
active-directory | Entitlement Management Verified Id Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-verified-id-settings.md | Title: Configure verified ID settings for an access package in entitlement management (Preview) - Azure AD + Title: Configure verified ID settings for an access package in entitlement management (Preview) description: Learn how to configure verified ID settings for an access package in entitlement management. documentationCenter: '' |
active-directory | Identity Governance Applications Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-applications-prepare.md | Title: Govern access for applications in your environment - Azure AD + Title: Govern access for applications in your environment description: Microsoft Entra Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. These features can be used for your existing business critical third party on-premises and cloud-based applications. documentationcenter: '' |
active-directory | Identity Governance Organizational Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-organizational-roles.md | Title: Govern access with an organizational role model - Azure AD + Title: Govern access with an organizational role model description: Microsoft Entra Identity Governance allows you to model organizational roles using access packages, so you can migrate your existing role definitions to entitlement management. documentationcenter: '' |
active-directory | Identity Governance Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/identity-governance-overview.md | Title: Identity Governance - Microsoft Entra | Microsoft Docs + Title: Identity Governance - Microsoft Entra description: Microsoft Entra Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. documentationcenter: '' |
active-directory | Lifecycle Workflow Extensibility | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/lifecycle-workflow-extensibility.md | Title: Workflow Extensibility - Azure Active Directory + Title: Workflow Extensibility description: Conceptual article discussing workflow extensibility with Lifecycle Workflows |
active-directory | What Are Lifecycle Workflows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-are-lifecycle-workflows.md | Title: 'What are lifecycle workflows? - Azure Active Directory' + Title: 'What are lifecycle workflows?' description: Describes overview of Lifecycle workflow feature. |
active-directory | What Is Identity Lifecycle Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-is-identity-lifecycle-management.md | Title: 'What is identity lifecycle management with Azure Active Directory? | Microsoft Docs' + Title: 'What is identity lifecycle management with Azure Active Directory?' description: Describes overview of identity lifecycle management. |
active-directory | What Is Provisioning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/what-is-provisioning.md | Title: 'What is provisioning with Azure Active Directory? | Microsoft Docs' + Title: 'What is provisioning with Azure Active Directory?' description: Describes overview of identity provisioning and the ILM scenarios. |
active-directory | Workflows Faqs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/workflows-faqs.md | Title: 'Lifecycle workflows FAQs - Azure AD (preview)' + Title: 'Lifecycle workflows FAQs (preview)' description: Frequently asked questions about Lifecycle workflows (preview). |
active-directory | Concept Adsync Service Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-adsync-service-account.md | Title: 'Azure AD Connect: ADSync service account | Microsoft Docs' + Title: 'Azure AD Connect: ADSync service account' description: This topic describes the ADSync service account and provides best practices regarding the account. documentationcenter: '' |
active-directory | Concept Azure Ad Connect Sync Declarative Provisioning Expressions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-declarative-provisioning-expressions.md | Title: 'Azure AD Connect: Declarative Provisioning Expressions | Microsoft Docs' + Title: 'Azure AD Connect: Declarative Provisioning Expressions' description: Explains the declarative provisioning expressions. documentationcenter: '' |
active-directory | Concept Azure Ad Connect Sync Declarative Provisioning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-declarative-provisioning.md | Title: 'Azure AD Connect: Understanding Declarative Provisioning | Microsoft Docs' + Title: 'Azure AD Connect: Understanding Declarative Provisioning' description: Explains the declarative provisioning configuration model in Azure AD Connect. documentationcenter: '' |
active-directory | Concept Azure Ad Connect Sync Default Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-default-configuration.md | Title: 'Azure AD Connect sync: Understanding the default configuration | Microsoft Docs' + Title: 'Azure AD Connect sync: Understanding the default configuration' description: This article describes the default configuration in Azure AD Connect sync. documentationcenter: '' |
active-directory | Concept Azure Ad Connect Sync User And Contacts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts.md | Title: 'Azure AD Connect sync: Understanding Users, Groups, and Contacts | Microsoft Docs' + Title: 'Azure AD Connect sync: Understanding Users, Groups, and Contacts' description: Explains users, groups, and contacts in Azure AD Connect sync. documentationcenter: '' |
active-directory | Four Steps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/four-steps.md | Title: Four steps to a strong identity foundation - Azure AD + Title: Four steps to a strong identity foundation description: This article describes four steps hybrid identity customers can take to build a strong identity foundation. |
active-directory | How To Connect Adconnectivitytools | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-adconnectivitytools.md | Title: 'Azure AD Connect: What is the ADConnectivityTool PowerShell Module | Microsoft Docs' + Title: 'Azure AD Connect: What is the ADConnectivityTool PowerShell Module' description: This document introduces the new ADConnectivity PowerShell module and how it can be used to help troubleshoot. |
active-directory | How To Connect Azure Ad Trust | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-azure-ad-trust.md | Title: Azure AD Connect - Manage AD FS trust with Azure AD using Azure AD Connect | Microsoft Docs + Title: Azure AD Connect - Manage AD FS trust with Azure AD using Azure AD Connect description: Operational details of Azure AD trust handling by Azure AD connect. documentationcenter: '' |
active-directory | How To Connect Azureadaccount | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-azureadaccount.md | Title: 'Change the Azure AD Connector account password | Microsoft Docs' + Title: 'Change the Azure AD Connector account password' description: This topic documents how to restore the Azure AD Connector account. documentationcenter: '' |
active-directory | How To Connect Configure Ad Ds Connector Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account.md | Title: 'Azure AD Connect: Configure AD DS Connector Account Permissions | Microsoft Docs' + Title: 'Azure AD Connect: Configure AD DS Connector Account Permissions ' description: This document details how to configure the AD DS Connector account with the new ADSyncConfig PowerShell module |
active-directory | How To Connect Create Custom Sync Rule | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-create-custom-sync-rule.md | Title: How to customize a synchronization rule in Azure AD Connect | Microsoft Docs' + Title: How to customize a synchronization rule in Azure AD Connect' description: Learn how to use the synchronization rule editor to edit or create a new synchronization rule. documentationcenter: '' |
active-directory | How To Connect Device Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-device-options.md | Title: 'Azure AD Connect: Device options | Microsoft Docs' + Title: 'Azure AD Connect: Device options' description: This document details device options available in Azure AD Connect documentationcenter: '' |
active-directory | How To Connect Device Writeback | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-device-writeback.md | Title: 'Azure AD Connect: Enabling device writeback | Microsoft Docs' + Title: 'Azure AD Connect: Enabling device writeback' description: This document details how to enable device writeback using Azure AD Connect documentationcenter: '' |
active-directory | How To Connect Emergency Ad Fs Certificate Rotation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-emergency-ad-fs-certificate-rotation.md | Title: Emergency rotation of the AD FS certificates | Microsoft Docs + Title: Emergency rotation of the AD FS certificates description: This article explains how to revoke and update AD FS certificates immediately. |
active-directory | How To Connect Fed Group Claims | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-group-claims.md | Title: Configure group claims for applications by using Azure Active Directory | Microsoft Docs + Title: Configure group claims for applications by using Azure Active Directory description: Get information on how to configure group claims for use with Azure AD. documentationcenter: '' |
active-directory | How To Connect Fed Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-management.md | Title: Azure AD Connect - AD FS management and customization | Microsoft Docs + Title: Azure AD Connect - AD FS management and customization description: This article discusses how to manage AD FS with Azure AD Connect and customize the AD FS user sign-in experience with Azure AD Connect and PowerShell. keywords: AD FS, ADFS, AD FS management, AAD Connect, Connect, sign-in, AD FS customization, repair trust, M365, federation, relying party |
active-directory | How To Connect Fed O365 Certs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-o365-certs.md | Title: Certificate renewal for Microsoft 365 and Azure AD users | Microsoft Docs + Title: Certificate renewal for Microsoft 365 and Azure AD users description: This article explains to Microsoft 365 users how to resolve issues with emails that notify them about renewing a certificate. documentationcenter: '' |
active-directory | How To Connect Fed Ssl Update | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-ssl-update.md | Title: Azure AD Connect - Update the TLS/SSL certificate for an AD FS farm | Microsoft Docs + Title: Azure AD Connect - Update the TLS/SSL certificate for an AD FS farm description: This document details the steps to update the TLS/SSL certificate of an AD FS farm by using Azure AD Connect. |
active-directory | How To Connect Fed Whatis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fed-whatis.md | Title: Azure AD Connect and federation | Microsoft Docs + Title: Azure AD Connect and federation description: This page is the central location for all documentation regarding AD FS operations that use Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Fix Default Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-fix-default-rules.md | Title: 'How to fix modified default rules - Azure AD Connect | Microsoft Docs' + Title: 'How to fix modified default rules - Azure AD Connect' description: Learn how to fix modified default rules that come with Azure AD Connect. |
active-directory | How To Connect Health Ad Fs Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-ad-fs-sign-in.md | Title: AD FS sign-ins in Azure AD with Connect Health | Microsoft Docs + Title: AD FS sign-ins in Azure AD with Connect Health description: This document describes how to integrate AD FS sign-ins with the Azure AD Connect Health sign-ins report. documentationcenter: '' |
active-directory | How To Connect Health Adds | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adds.md | Title: Using Azure AD Connect Health with AD DS | Microsoft Docs + Title: Using Azure AD Connect Health with AD DS description: This is the Azure AD Connect Health page that will discuss how to monitor AD DS. documentationcenter: '' |
active-directory | How To Connect Health Adfs Risky Ip Workbook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs-risky-ip-workbook.md | Title: Azure AD Connect Health with AD FS risky IP report workbook | Microsoft Docs + Title: Azure AD Connect Health with AD FS risky IP report workbook description: Describes the Azure AD Connect Health AD FS risky IP report with Azure Monitor Workbooks. documentationcenter: '' |
active-directory | How To Connect Health Adfs Risky Ip | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs-risky-ip.md | Title: Azure AD Connect Health with the AD FS Risky IP report | Microsoft Docs + Title: Azure AD Connect Health with the AD FS Risky IP report description: This article describes the Azure AD Connect Health AD FS Risky IP report. documentationcenter: '' |
active-directory | How To Connect Health Adfs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-adfs.md | Title: Using Azure AD Connect Health with AD FS | Microsoft Docs + Title: Using Azure AD Connect Health with AD FS description: This is the Azure AD Connect Health page how to monitor your on-premises AD FS infrastructure. documentationcenter: '' |
active-directory | How To Connect Health Alert Catalog | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-alert-catalog.md | Title: Azure AD Connect Health - Alert Catalog | Microsoft Docs + Title: Azure AD Connect Health - Alert Catalog description: This document shows the catalog of all alerts in Azure AD Connect Health. documentationcenter: '' |
active-directory | How To Connect Health Data Freshness | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-data-freshness.md | Title: Azure AD Connect Health - Health service data is not up to date alert | Microsoft Docs + Title: Azure AD Connect Health - Health service data is not up to date alert description: This document describes the cause of "Health service data is not up to date" alert and how to troubleshoot it. documentationcenter: '' |
active-directory | How To Connect Health Data Retrieval | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-data-retrieval.md | Title: Azure AD Connect Health instructions data retrieval | Microsoft Docs + Title: Azure AD Connect Health instructions data retrieval description: This page describes how to retrieve data from Azure AD Connect Health. documentationcenter: '' |
active-directory | How To Connect Health Diagnose Sync Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors.md | Title: Azure AD Connect Health - Diagnose duplicated attribute synchronization errors | Microsoft Docs + Title: Azure AD Connect Health - Diagnose duplicated attribute synchronization errors description: This document describes the diagnosis process of duplicated attribute synchronization errors and a potential fix of the orphaned object scenarios directly from the Azure portal. documentationcenter: '' |
active-directory | How To Connect Health Sync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-health-sync.md | Title: Using Azure AD Connect Health with sync | Microsoft Docs + Title: Using Azure AD Connect Health with sync description: This is the Azure AD Connect Health page that will discuss how to monitor Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Install Automatic Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-automatic-upgrade.md | Title: 'Azure AD Connect: Automatic upgrade | Microsoft Docs' + Title: 'Azure AD Connect: Automatic upgrade' description: This topic describes the built-in automatic upgrade feature in Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Install Existing Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-existing-database.md | Title: 'Install Azure AD Connect by using an existing ADSync database | Microsoft Docs' + Title: 'Install Azure AD Connect by using an existing ADSync database' description: This topic describes how to use an existing ADSync database. documentationcenter: '' |
active-directory | How To Connect Install Existing Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-existing-tenant.md | Title: 'Azure AD Connect: When you already have Azure AD | Microsoft Docs' + Title: 'Azure AD Connect: When you already have Azure AD' description: This topic describes how to use Connect when you have an existing Azure AD tenant. |
active-directory | How To Connect Install Prerequisites | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-prerequisites.md | Title: 'Azure AD Connect: Prerequisites and hardware | Microsoft Docs' + Title: 'Azure AD Connect: Prerequisites and hardware' description: This article describes the prerequisites and the hardware requirements for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Install Roadmap | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-roadmap.md | Title: 'Azure AD Connect and Azure AD Connect Health installation roadmap. | Microsoft Docs' + Title: 'Azure AD Connect and Azure AD Connect Health installation roadmap.' description: This document provides an overview of the installation options and paths available for installing Azure AD Connect and Connect Health. |
active-directory | How To Connect Install Select Installation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-select-installation.md | Title: 'Azure AD Connect: Select your installation type | Microsoft Docs' + Title: 'Azure AD Connect: Select your installation type' description: This topic walks you through how to select the installation type to use for Azure AD Connect documentationcenter: '' |
active-directory | How To Connect Install Sql Delegation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-install-sql-delegation.md | Title: 'Install Azure AD Connect using SQL delegated administrator permissions | Microsoft Docs' + Title: 'Install Azure AD Connect using SQL delegated administrator permissions' description: This topic describes an update to Azure AD Connect that allows for installation using an account that only has SQL dbo permissions. documentationcenter: '' |
active-directory | How To Connect Installation Wizard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-installation-wizard.md | Title: 'Re-running the Azure AD Connect install wizard | Microsoft Docs' + Title: 'Re-running the Azure AD Connect install wizard' description: Explains how the installation wizard works the second time you run it. keywords: The Azure AD Connect installation wizard lets you configure maintenance settings the second time you run it |
active-directory | How To Connect Modify Group Writeback | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-modify-group-writeback.md | If the original version of group writeback is already enabled and in use in your To configure directory settings to disable automatic writeback of newly created Microsoft 365 groups, use one of these methods: -- Azure portal: Update the `NewUnifiedGroupWritebackDefault` setting to `false`. - PowerShell: Use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true). For example: ```PowerShell |
active-directory | How To Connect Monitor Federation Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-monitor-federation-changes.md | Title: Monitor changes to federation configuration in Azure AD | Microsoft Docs + Title: Monitor changes to federation configuration in Azure AD description: This article explains how to monitor changes to your federation configuration with Azure AD. documentationcenter: '' |
active-directory | How To Connect Password Hash Synchronization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md | Title: Implement password hash synchronization with Azure AD Connect sync | Microsoft Docs + Title: Implement password hash synchronization with Azure AD Connect sync description: Provides information about how password hash synchronization works and how to set up. documentationcenter: '' |
active-directory | How To Connect Post Installation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-post-installation.md | Title: 'Azure AD Connect: Next steps and how to manage Azure AD Connect | Microsoft Docs' + Title: 'Azure AD Connect: Next steps and how to manage Azure AD Connect' description: Learn how to extend the default configuration and operational tasks for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Preview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-preview.md | Title: 'Azure AD Connect: Features in preview | Microsoft Docs' + Title: 'Azure AD Connect: Features in preview' description: This topic describes in more detail features which are in preview in Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Pta Current Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-current-limitations.md | Title: 'Azure AD Connect: Pass-through Authentication - Current limitations | Microsoft Docs' + Title: 'Azure AD Connect: Pass-through Authentication - Current limitations' description: This article describes the current limitations of Azure Active Directory (Azure AD) Pass-through Authentication keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Pta Disable Do Not Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-disable-do-not-configure.md | Title: 'Disable pass-through authentication by using Azure AD Connect or PowerShell | Microsoft Docs' + Title: 'Disable pass-through authentication by using Azure AD Connect or PowerShell' description: This article describes how to disable pass-through authentication by using the Azure AD Connect Do Not Configure feature or by using PowerShell. |
active-directory | How To Connect Pta How It Works | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-how-it-works.md | Title: 'Azure AD Connect: Pass-through Authentication - How it works | Microsoft Docs' + Title: 'Azure AD Connect: Pass-through Authentication - How it works' description: This article describes how Azure Active Directory Pass-through Authentication works keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Pta Quick Start | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-quick-start.md | Title: 'Azure AD Pass-through Authentication - Quickstart | Microsoft Docs' + Title: 'Azure AD Pass-through Authentication - Quickstart' description: This article describes how to get started with Azure Active Directory (Azure AD) Pass-through Authentication. keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Pta Upgrade Preview Authentication Agents | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-upgrade-preview-authentication-agents.md | Title: Azure AD Connect - Pass-through Authentication - Upgrade auth agents | Microsoft Docs + Title: Azure AD Connect - Pass-through Authentication - Upgrade auth agents description: This article describes how to upgrade your Azure Active Directory (Azure AD) Pass-through Authentication configuration. keywords: Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Pta User Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta-user-privacy.md | Title: User Privacy and Azure Active Directory Pass-through Authentication | Microsoft Docs + Title: User Privacy and Azure Active Directory Pass-through Authentication description: This article deals with Azure Active Directory (Azure AD) Pass-through Authentication and GDPR compliance. keywords: Azure AD Connect Pass-through Authentication, GDPR, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Pta | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-pta.md | Title: 'Azure AD Connect: Pass-through Authentication | Microsoft Docs' + Title: 'Azure AD Connect: Pass-through Authentication' description: This article describes Azure Active Directory (Azure AD) Pass-through Authentication and how it allows Azure AD sign-ins by validating users' passwords against on-premises Active Directory. keywords: what is Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Sso How It Works | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso-how-it-works.md | Title: 'Azure AD Connect: Seamless Single Sign-On - How it works | Microsoft Docs' + Title: 'Azure AD Connect: Seamless Single Sign-On - How it works' description: This article describes how the Azure Active Directory Seamless Single Sign-On feature works. keywords: what is Azure AD Connect, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Sso User Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso-user-privacy.md | Title: 'User Privacy and Azure AD Seamless Single Sign-On | Microsoft Docs' + Title: 'User Privacy and Azure AD Seamless Single Sign-On' description: This article deals with Azure Active Directory (Azure AD) Seamless SSO and GDPR compliance. keywords: what is Azure AD Connect, GDPR, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Sso | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sso.md | Title: 'Azure AD Connect: Seamless single sign-on | Microsoft Docs' + Title: 'Azure AD Connect: Seamless single sign-on' description: This topic describes Azure Active Directory (Azure AD) Seamless single sign-on and how it allows you to provide true single sign-on for corporate desktop users inside your corporate network. keywords: what is Azure AD Connect, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | How To Connect Staged Rollout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-staged-rollout.md | Title: 'Azure AD Connect: Cloud authentication via Staged Rollout | Microsoft Docs' + Title: 'Azure AD Connect: Cloud authentication via Staged Rollout' description: This article explains how to migrate from federated authentication, to cloud authentication, by using a Staged Rollout. |
active-directory | How To Connect Sync Best Practices Changing Default Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-best-practices-changing-default-configuration.md | Title: 'Azure AD Connect sync: Changing the default configuration | Microsoft Docs' + Title: 'Azure AD Connect sync: Changing the default configuration' description: Provides best practices for changing the default configuration of Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Sync Change Addsacct Pass | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-change-addsacct-pass.md | Title: 'Azure AD Connect sync: Changing the AD DS account password | Microsoft Docs' + Title: 'Azure AD Connect sync: Changing the AD DS account password' description: This topic document describes how to update Azure AD Connect after the password of the AD DS account is changed. keywords: AD DS account, Active Directory account, password |
active-directory | How To Connect Sync Change Serviceacct Pass | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-change-serviceacct-pass.md | Title: 'Azure AD Connect sync: Changing the ADSync service account | Microsoft Docs' + Title: 'Azure AD Connect sync: Changing the ADSync service account' description: This topic document describes the encryption key and how to abandon it after the password is changed. keywords: Azure AD sync service account, password |
active-directory | How To Connect Sync Configure Filtering | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md | Title: 'Azure AD Connect sync: Configure filtering | Microsoft Docs' + Title: 'Azure AD Connect sync: Configure filtering' description: Explains how to configure filtering in Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Sync Endpoint Api V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-endpoint-api-v2.md | Title: 'Azure AD Connect sync V2 endpoint | Microsoft Docs' + Title: 'Azure AD Connect sync V2 endpoint' description: This document covers updates to the Azure AD connect sync v2 endpoints API. |
active-directory | How To Connect Sync Feature Directory Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions.md | Title: 'Azure AD Connect sync: Directory extensions | Microsoft Docs' + Title: 'Azure AD Connect sync: Directory extensions' description: This topic describes the directory extensions feature in Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Feature Prevent Accidental Deletes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-prevent-accidental-deletes.md | Title: 'Azure AD Connect sync: Prevent accidental deletes | Microsoft Docs' + Title: 'Azure AD Connect sync: Prevent accidental deletes' description: This topic describes how to prevent accidental deletes in Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Feature Scheduler | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-feature-scheduler.md | Title: 'Azure AD Connect sync: Scheduler | Microsoft Docs' + Title: 'Azure AD Connect sync: Scheduler' description: This topic describes the built-in scheduler feature in Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Sync Recycle Bin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-recycle-bin.md | Title: 'Azure AD Connect sync: Enable AD recycle bin | Microsoft Docs' + Title: 'Azure AD Connect sync: Enable AD recycle bin' description: This topic recommends the use of AD Recycle Bin feature with Azure AD Connect. keywords: AD Recycle Bin, accidental deletion, source anchor |
active-directory | How To Connect Sync Service Manager Ui Connectors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-connectors.md | Title: Connectors in the Azure AD Synchronization Service Manager UI | Microsoft Docs' + Title: Connectors in the Azure AD Synchronization Service Manager UI' description: Understand the Connectors tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Service Manager Ui Mvdesigner | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-mvdesigner.md | Title: Azure AD Connect MV Designer | Microsoft Docs' + Title: Azure AD Connect MV Designer' description: Understand the Metaverse Designer tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Service Manager Ui Operations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui-operations.md | Title: 'Azure AD Connect Synchronization Service Manager Operations | Microsoft Docs' + Title: 'Azure AD Connect Synchronization Service Manager Operations' description: Understand the Operations tab in the Synchronization Service Manager for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Service Manager Ui | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-service-manager-ui.md | Title: 'Azure AD Connect sync: Synchronization Service Manager UI | Microsoft Docs' + Title: 'Azure AD Connect sync: Synchronization Service Manager UI' description: Understand Synchronization Service Manager for Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Sync Staging Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-staging-server.md | Title: 'Azure AD Connect sync: Operational tasks and considerations | Microsoft Docs' + Title: 'Azure AD Connect sync: Operational tasks and considerations' description: This topic describes operational tasks for Azure AD Connect sync and how to prepare for operating this component. documentationcenter: '' |
active-directory | How To Connect Sync Technical Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-technical-concepts.md | Title: 'Azure AD Connect sync: Technical concepts | Microsoft Docs' + Title: 'Azure AD Connect sync: Technical concepts' description: Explains the technical concepts of Azure AD Connect sync. documentationcenter: '' |
active-directory | How To Connect Sync Whatis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-sync-whatis.md | Title: 'Azure AD Connect sync: Understand and customize synchronization | Microsoft Docs' + Title: 'Azure AD Connect sync: Understand and customize synchronization' description: Explains how Azure AD Connect sync works and how to customize. documentationcenter: '' |
active-directory | How To Connect Syncservice Duplicate Attribute Resiliency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency.md | Title: Identity synchronization and duplicate attribute resiliency | Microsoft Docs + Title: Identity synchronization and duplicate attribute resiliency description: New behavior of how to handle objects with UPN or ProxyAddress conflicts during directory sync using Azure AD Connect. documentationcenter: '' |
active-directory | How To Connect Syncservice Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-features.md | Title: Azure AD Connect sync service features and configuration | Microsoft Docs + Title: Azure AD Connect sync service features and configuration description: Describes service side features for Azure AD Connect sync service. documentationcenter: '' |
active-directory | How To Connect Syncservice Shadow Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-syncservice-shadow-attributes.md | Title: Azure AD Connect sync service shadow attributes | Microsoft Docs + Title: Azure AD Connect sync service shadow attributes description: Describes how shadow attributes work in Azure AD Connect sync service. |
active-directory | How To Upgrade Previous Version | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-upgrade-previous-version.md | Title: 'Azure AD Connect: Upgrade from a previous version | Microsoft Docs' + Title: 'Azure AD Connect: Upgrade from a previous version' description: Explains the different methods to upgrade to the latest release of Azure Active Directory Connect, including an in-place upgrade and a swing migration. documentationcenter: '' |
active-directory | Plan Connect Design Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-design-concepts.md | Title: 'Azure AD Connect: Design concepts | Microsoft Docs' + Title: 'Azure AD Connect: Design concepts' description: This topic details certain implementation design areas documentationcenter: '' |
active-directory | Plan Connect Topologies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-topologies.md | Title: 'Azure AD Connect: Supported topologies | Microsoft Docs' + Title: 'Azure AD Connect: Supported topologies' description: This topic details supported and unsupported topologies for Azure AD Connect documentationcenter: '' |
active-directory | Plan Connect User Signin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-connect-user-signin.md | Title: 'Azure AD Connect: User sign-in | Microsoft Docs' + Title: 'Azure AD Connect: User sign-in' description: Azure AD Connect user sign-in for custom settings. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Accesscontrol Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-accesscontrol-requirements.md | Title: Hybrid identity design access control requirements Azure | Microsoft Docs + Title: Hybrid identity design access control requirements Azure description: Covers the pillars of identity, and identifying access requirements for resources for users in a hybrid environment. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Business Needs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-business-needs.md | Title: Identity requirements for hybrid cloud identity design Azure | Microsoft Docs + Title: Identity requirements for hybrid cloud identity design Azure description: Identify the companyΓÇÖs business needs that will lead you to define the requirements for the hybrid identity design. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Contentmgt Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-contentmgt-requirements.md | Title: Hybrid identity design - content management requirements Azure | Microsoft Docs + Title: Hybrid identity design - content management requirements Azure description: Provides insight into how to determine the content management requirements of your business. Usually when a user has their own device, they might also have multiple credentials that will be alternating according to the application that they use. It is important to differentiate what content was created using personal credentials versus the ones created using corporate credentials. Your identity solution should be able to interact with cloud services to provide a seamless experience to the end user while ensure their privacy and increase the protection against data leakage. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Data Protection Strategy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-data-protection-strategy.md | Title: Hybrid identity design - data protection strategy Azure | Microsoft Docs + Title: Hybrid identity design - data protection strategy Azure description: You define the data protection strategy for your hybrid identity solution to meet the business requirements that you defined. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Dataprotection Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-dataprotection-requirements.md | Title: Hybrid identity design - data protection requirements Azure | Microsoft Docs + Title: Hybrid identity design - data protection requirements Azure description: When planning your hybrid identity solution, identify the data protection requirements for your business and which options are available to best fulfill these requirements. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Directory Sync Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-directory-sync-requirements.md | Title: Hybrid identity design - directory sync requirements Azure | Microsoft Docs + Title: Hybrid identity design - directory sync requirements Azure description: Identify what requirements are needed for synchronizing all the users between on=premises and cloud for the enterprise. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Hybrid Id Management Tasks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-hybrid-id-management-tasks.md | Title: Hybrid identity design - management tasks Azure | Microsoft Docs + Title: Hybrid identity design - management tasks Azure description: Azure AD checks the specific conditions you pick when authenticating the user and before allowing access to the application with Conditional Access control. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Identity Adoption Strategy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-identity-adoption-strategy.md | Title: Hybrid identity design - adoption strategy Azure | Microsoft Docs + Title: Hybrid identity design - adoption strategy Azure description: With Conditional Access control, Azure AD checks the specific conditions you pick when authenticating the user and before allowing access to the application. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Incident Response Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-incident-response-requirements.md | Title: Hybrid identity design - incident response requirements Azure | Microsoft Docs + Title: Hybrid identity design - incident response requirements Azure description: Determine monitoring and reporting capabilities for the hybrid identity solution that can be leveraged by IT to take actions to identify and mitigate a potential threat. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Lifecycle Adoption Strategy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-lifecycle-adoption-strategy.md | Title: Hybrid identity design - lifecycle adoption strategy Azure | Microsoft Docs + Title: Hybrid identity design - lifecycle adoption strategy Azure description: Helps define the hybrid identity management tasks according to the options available for each lifecycle phase. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Multifactor Auth Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-multifactor-auth-requirements.md | Title: Hybrid identity design - multi-factor authentication requirements Azure | Microsoft Docs + Title: Hybrid identity design - multi-factor authentication requirements Azure description: With Conditional Access control, Azure AD verifies the specific conditions you pick when authenticating the user and before allowing access to the application. documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-overview.md | Title: Azure Active Directory hybrid identity design considerations - overview | Microsoft Docs + Title: Azure Active Directory hybrid identity design considerations - overview description: Overview and content map of Hybrid Identity design considerations guide documentationcenter: '' |
active-directory | Plan Hybrid Identity Design Considerations Tools Comparison | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-tools-comparison.md | Title: 'Hybrid Identity: Directory integration tools comparison | Microsoft Docs' + Title: 'Hybrid Identity: Directory integration tools comparison' description: This is page provides a comprehensive table that compares the various directory integration tools that can be used for directory integration. documentationcenter: '' |
active-directory | Reference Connect Adconnectivitytools | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adconnectivitytools.md | Title: 'Azure AD Connect: ADConnectivityTools PowerShell Reference | Microsoft Docs' + Title: 'Azure AD Connect: ADConnectivityTools PowerShell Reference' description: This document provides reference information for the ADConnectivityTools.psm1 PowerShell module. |
active-directory | Reference Connect Adsync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsync.md | Title: 'Azure AD Connect: ADSync PowerShell Reference | Microsoft Docs' + Title: 'Azure AD Connect: ADSync PowerShell Reference' description: This document provides reference information for the ADSync.psm1 PowerShell module. |
active-directory | Reference Connect Adsyncconfig | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsyncconfig.md | Title: 'Azure AD Connect: ADSyncConfig PowerShell Reference | Microsoft Docs' + Title: 'Azure AD Connect: ADSyncConfig PowerShell Reference' description: This document provides reference information for the ADSyncConfig.psm1 PowerShell module. |
active-directory | Reference Connect Adsynctools | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-adsynctools.md | Title: 'Azure AD Connect: ADSyncTools PowerShell Reference | Microsoft Docs' + Title: 'Azure AD Connect: ADSyncTools PowerShell Reference' description: This document provides reference information for the ADSyncTools.psm1 PowerShell module. |
active-directory | Reference Connect Dirsync Deprecated | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-dirsync-deprecated.md | Title: Upgrade from DirSync and Azure AD Sync | Microsoft Docs + Title: Upgrade from DirSync and Azure AD Sync description: Describes how to upgrade from DirSync and Azure AD Sync to Azure AD Connect. documentationcenter: '' |
active-directory | Reference Connect Instances | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-instances.md | Title: 'Azure AD Connect: Sync service instances | Microsoft Docs' + Title: 'Azure AD Connect: Sync service instances' description: This page documents special considerations for Azure AD instances. documentationcenter: '' |
active-directory | Reference Connect Msexchuserholdpolicies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-msexchuserholdpolicies.md | Title: 'Azure AD Connect: msExchUserHoldPolicies and cloudMsExchUserHoldPolicies | Microsoft Docs' + Title: 'Azure AD Connect: msExchUserHoldPolicies and cloudMsExchUserHoldPolicies' description: This topic describes attribute behavior of the msExchUserHoldPolicies and cloudMsExchUserHoldPolicies attributes documentationcenter: '' |
active-directory | Reference Connect Ports | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-ports.md | Title: 'Hybrid Identity required ports and protocols - Azure | Microsoft Docs' + Title: 'Hybrid Identity required ports and protocols - Azure' description: This page is a technical reference page for ports that are required to be open for Azure AD Connect documentationcenter: '' |
active-directory | Reference Connect Pta Version History | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-pta-version-history.md | Title: 'Azure AD Pass-through Authentication: Version release history | Microsoft Docs' + Title: 'Azure AD Pass-through Authentication: Version release history' description: This article lists all releases of the Azure AD Pass-through Authentication agent |
active-directory | Reference Connect Sync Attributes Synchronized | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-sync-attributes-synchronized.md | Title: 'Attributes synchronized by Azure AD Connect | Microsoft Docs' + Title: 'Attributes synchronized by Azure AD Connect' description: Lists the attributes that are synchronized to Azure Active Directory. documentationcenter: '' |
active-directory | Reference Connect Sync Functions Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-sync-functions-reference.md | Title: 'Azure AD Connect sync: Functions Reference | Microsoft Docs' + Title: 'Azure AD Connect sync: Functions Reference' description: Reference of declarative provisioning expressions in Azure AD Connect sync. documentationcenter: '' |
active-directory | Reference Connect User Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-user-privacy.md | Title: 'Azure AD Connect and user privacy | Microsoft Docs' + Title: 'Azure AD Connect and user privacy' description: This document describes how to obtain GDPR compliancy with Azure AD Connect. documentationcenter: '' |
active-directory | Reference Connect Version History Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-version-history-archive.md | Title: 'Azure AD Connect: Version release history archive | Microsoft Docs' + Title: 'Azure AD Connect: Version release history archive' description: This article lists all archived releases of Azure AD Connect and Azure AD Sync |
active-directory | Reference Connect Version History | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/reference-connect-version-history.md | Title: 'Azure AD Connect: Version release history | Microsoft Docs' + Title: 'Azure AD Connect: Version release history' description: This article lists all releases of Azure AD Connect and Azure AD Sync. ms.assetid: ef2797d7-d440-4a9a-a648-db32ad137494 |
active-directory | Tshoot Connect Attribute Not Syncing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-attribute-not-syncing.md | Title: Troubleshoot an attribute not synchronizing in Azure AD Connect | Microsoft Docs' + Title: Troubleshoot an attribute not synchronizing in Azure AD Connect' description: This topic provides steps for how to troubleshoot issues with attribute synchronization using the troubleshooting task. documentationcenter: '' |
active-directory | Tshoot Connect Install Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-install-issues.md | Title: Troubleshoot Azure AD Connect install issues | Microsoft Docs' + Title: Troubleshoot Azure AD Connect install issues' description: This topic provides steps for how to troubleshoot issues with installing Azure AD Connect. documentationcenter: '' |
active-directory | Tshoot Connect Largeobjecterror Usercertificate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-largeobjecterror-usercertificate.md | Title: Azure AD Connect - LargeObject errors caused by userCertificate attribute | Microsoft Docs + Title: Azure AD Connect - LargeObject errors caused by userCertificate attribute description: This topic provides the remediation steps for LargeObject errors caused by userCertificate attribute. documentationcenter: '' |
active-directory | Tshoot Connect Object Not Syncing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-object-not-syncing.md | Title: Troubleshoot an object that is not syncing with Azure Active Directory | Microsoft Docs' + Title: Troubleshoot an object that is not syncing with Azure Active Directory' description: Troubleshoot an object that is not syncing with Azure Active Directory. documentationcenter: '' |
active-directory | Tshoot Connect Pass Through Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-pass-through-authentication.md | Title: 'Azure AD Connect: Troubleshoot Pass-through Authentication | Microsoft Docs' + Title: 'Azure AD Connect: Troubleshoot Pass-through Authentication' description: This article describes how to troubleshoot Azure Active Directory (Azure AD) Pass-through Authentication. keywords: Troubleshoot Azure AD Connect Pass-through Authentication, install Active Directory, required components for Azure AD, SSO, Single Sign-on |
active-directory | Tshoot Connect Password Hash Synchronization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-password-hash-synchronization.md | Title: Troubleshoot password hash synchronization with Azure AD Connect sync | Microsoft Docs + Title: Troubleshoot password hash synchronization with Azure AD Connect sync description: This article provides information about how to troubleshoot password hash synchronization problems. documentationcenter: '' |
active-directory | Tshoot Connect Recover From Localdb 10Gb Limit | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-recover-from-localdb-10gb-limit.md | Title: 'Azure AD Connect: How to recover from LocalDB 10GB limit issue | Microsoft Docs' + Title: 'Azure AD Connect: How to recover from LocalDB 10GB limit issue' description: This topic describes how to recover Azure AD Connect Synchronization Service when it encounters LocalDB 10GB limit issue. documentationcenter: '' |
active-directory | Tshoot Connect Source Anchor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-source-anchor.md | Title: 'Azure AD Connect: Troubleshoot Source Anchor Issues during Installation | Microsoft Docs' + Title: 'Azure AD Connect: Troubleshoot Source Anchor Issues during Installation' description: This topic provides steps for how to troubleshoot issues with the source anchor during installation. |
active-directory | Tshoot Connect Sso | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-sso.md | Title: 'Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On | Microsoft Docs' + Title: 'Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On' description: This topic describes how to troubleshoot Azure Active Directory Seamless Single Sign-On |
active-directory | Tshoot Connect Sync Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-sync-errors.md | Title: 'Azure AD Connect: Troubleshoot errors during synchronization | Microsoft Docs' + Title: 'Azure AD Connect: Troubleshoot errors during synchronization' description: This article explains how to troubleshoot errors that occur during synchronization with Azure AD Connect. documentationcenter: '' |
active-directory | Tshoot Connect Tshoot Sql Connectivity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/tshoot-connect-tshoot-sql-connectivity.md | Title: 'Azure AD Connect: Troubleshoot SQL connectivity issues | Microsoft Docs' + Title: 'Azure AD Connect: Troubleshoot SQL connectivity issues' description: Explains how to troubleshoot SQL connectivity issues that occur with Azure AD Connect. documentationcenter: '' |
active-directory | What Is Inter Directory Provisioning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/what-is-inter-directory-provisioning.md | Title: 'What is inter-directory provisioning with Azure Active Directory? | Microsoft Docs' + Title: 'What is inter-directory provisioning with Azure Active Directory?' description: Describes overview of identity inter-directory provisioning. |
active-directory | Whatis Azure Ad Connect V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-azure-ad-connect-v2.md | Title: 'What is Azure AD Connect v2.0? | Microsoft Docs' + Title: 'What is Azure AD Connect v2.0?' description: Learn about the next version of Azure AD Connect. |
active-directory | Whatis Azure Ad Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-azure-ad-connect.md | Title: 'What is Azure AD Connect and Connect Health. | Microsoft Docs' + Title: 'What is Azure AD Connect and Connect Health.' description: Learn about the tools used to synchronize and monitor your on-premises environment with Azure AD. |
active-directory | Whatis Fed | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-fed.md | Title: 'What is federation with Azure AD? | Microsoft Docs' + Title: 'What is federation with Azure AD?' description: Describes federation with Azure AD. |
active-directory | Whatis Phs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/whatis-phs.md | Title: 'What is password hash synchronization with Azure AD? | Microsoft Docs' + Title: 'What is password hash synchronization with Azure AD?' description: Describes password hash synchronization. |
active-directory | Concept Identity Protection B2b | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/concept-identity-protection-b2b.md | Title: Identity Protection and B2B users - Azure Active Directory + Title: Identity Protection and B2B users description: Using Identity Protection with B2B users |
active-directory | Concept Workload Identity Risk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/concept-workload-identity-risk.md | description: Workload identity risk in Azure Active Directory Identity Protectio -+ Last updated 11/10/2022 -# Securing workload identities with Identity Protection +# Securing workload identities Azure AD Identity Protection has historically protected users in detecting, investigating, and remediating identity-based risks. We're now extending these capabilities to workload identities to protect applications and service principals. |
active-directory | Configure Authentication For Federated Users Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md | For federated users with cloud-enabled credentials, such as SMS sign-in or FIDO To configure HRD policy for an application in Azure AD, you need: - An Azure account with an active subscription. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.+- One of the following roles: Global Administrator, or owner of the service principal. + ::: zone pivot="powershell-hrd" - The latest Azure AD PowerShell cmdlet preview. ::: zone-end The following policy auto-accelerates users to a federated identity provider sig ::: zone pivot="powershell-hrd" ```powershell-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true}}") -DisplayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true}}") -DisplayName BasicAutoAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ``` ::: zone-end ::: zone pivot="graph-hrd" -```json +```http +POST /policies/homeRealmDiscoveryPolicies + "HomeRealmDiscoveryPolicy": { "AccelerateToFederatedDomain": true } The following policy auto-accelerates users to a federated identity provider sig ::: zone pivot="powershell-hrd" ```powershell-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true, `"PreferredDomain`":`"federated.example.edu`"}}") -DisplayName MultiDomainAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true, `"PreferredDomain`":`"federated.example.edu`"}}") + -DisplayName MultiDomainAutoAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ``` ::: zone-end ::: zone pivot="graph-hrd" -```json +```http +POST /policies/homeRealmDiscoveryPolicies + "HomeRealmDiscoveryPolicy": { "AccelerateToFederatedDomain": true, "PreferredDomain": [ New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFe The following policy enables username/password authentication for federated users directly with Azure AD for specific applications: +++```powershell +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") + -DisplayName EnableDirectAuthPolicy + -Type HomeRealmDiscoveryPolicy +``` ++ ::: zone pivot="graph-hrd" -```json +```http +POST /policies/homeRealmDiscoveryPolicies "EnableDirectAuthPolicy": { "AllowCloudPasswordValidation": true The following policy enables username/password authentication for federated user ::: zone pivot="powershell-hrd" -```powershell -New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuthPolicy -Type HomeRealmDiscoveryPolicy -``` - To see your new policy and get its **ObjectID**, run the following command: ```powershell Get-AzureADServicePrincipal After you have the **ObjectID** of the service principal of the application for which you want to configure auto-acceleration, run the following command. This command associates the HRD policy that you created in step 1 with the service principal that you located in step 2. ```powershell-Add-AzureADServicePrincipalPolicy -Id <ObjectID of the Service Principal> -RefObjectId <ObjectId of the Policy> +Add-AzureADServicePrincipalPolicy + -Id <ObjectID of the Service Principal> + -RefObjectId <ObjectId of the Policy> ``` You can repeat this command for each service principal to which you want to add the policy. Use the previous example to get the **ObjectID** of the policy, and that of the ## Configuring policy through Graph Explorer -Set the HRD policy using Microsoft Graph. See [homeRealmDiscoveryPolicy](/graph/api/resources/homeRealmDiscoveryPolicy?view=graph-rest-1.0&preserve-view=true) resource type for information on how to create the policy. - From the Microsoft Graph explorer window: -1. Grant consent to the *Policy.ReadWrite.ApplicationConfiguration* permission. -1. Use the URL https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies -1. POST the new policy to this URL, or PATCH to https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies/{policyID} if overwriting an existing one. -1. POST or PATCH contents: -- ```json - { - "definition": [ - "{\"HomeRealmDiscoveryPolicy\": - {\"AccelerateToFederatedDomain\":true, - \"PreferredDomain\":\"federated.example.edu\", - \"AlternateIdLogin\":{\"Enabled\":true}}}" - ], - "displayName": "Home Realm Discovery auto acceleration", - "isOrganizationDefault": true - } +1. Sign in with one of the roles listed in the prerequisites section. +1. Grant consent to the `Policy.ReadWrite.ApplicationConfiguration` permission. +1. Use the [Home realm discovery policy](/graph/api/resources/homerealmdiscoverypolicy) to create a new policy. +1. POST the new policy, or PATCH to update an existing policy. ++ ```http + PATCH /policies/homeRealmDiscoveryPolicies/{id} + { + "definition": [ + "{\"HomeRealmDiscoveryPolicy\": + {\"AccelerateToFederatedDomain\":true, + \"PreferredDomain\":\"federated.example.edu\", + \"AlternateIdLogin\":{\"Enabled\":true}}}" + ], + "displayName": "Home Realm Discovery auto acceleration", + "isOrganizationDefault": true + } ```-1. To see your new policy and get its ObjectID, run the following query: +1. To view your new policy, run the following query: ```http- GET https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies + GET /policies/homeRealmDiscoveryPolicies/{id} ``` 1. To delete the HRD policy you created, run the query: ```http- DELETE https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies/{policy objectID} + DELETE /policies/homeRealmDiscoveryPolicies/{id} ``` ::: zone-end |
active-directory | Configure Permission Classifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-permission-classifications.md | DELETE https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0 ## Next steps - [Manage app consent policies](manage-app-consent-policies.md)-- [Permissions and consent in the Microsoft identity platform](../develop/v2-permissions-and-consent.md)+- [Permissions and consent in the Microsoft identity platform](../develop/v2-permissions-and-consent.md) |
active-directory | Custom Security Attributes Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/custom-security-attributes-apps.md | Title: Manage custom security attributes for an application (Preview) - Azure Active Directory + Title: Manage custom security attributes for an application (Preview) description: Assign, update, list, or remove custom security attributes for an application that has been registered with your Azure Active Directory (Azure AD) tenant. |
active-directory | Manage Application Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-application-permissions.md | Title: Review permissions granted to applications -description: Learn how to review and manage permissions for an application in Azure Active Directory. +description: Learn how to review and revoke permissions, and invalidate refresh tokens for an application in Azure Active Directory. -In this article, you'll learn how to review permissions granted to applications in your Azure Active Directory (Azure AD) tenant. You may need to review permissions when you've detected a malicious application or the application has been granted more permissions than is necessary. +In this article, you learn how to review permissions granted to applications in your Azure Active Directory (Azure AD) tenant. You may need to review permissions when you've detected a malicious application or the application has been granted more permissions than is necessary. You learn how to revoke permissions granted to the application using Microsoft Graph API and existing versions of PowerShell. -The steps in this article apply to all applications that were added to your Azure Active Directory (Azure AD) tenant via user or admin consent. For more information on consenting to applications, see [User and admin consent](user-admin-consent-overview.md). +The steps in this article apply to all applications that were added to your Azure AD tenant via user or admin consent. For more information on consenting to applications, see [User and admin consent](user-admin-consent-overview.md). ## Prerequisites Each option generates PowerShell scripts that enable you to control user access :::zone pivot="aad-powershell" -Using the following Azure AD PowerShell script revokes all permissions granted to an application. +## Review and revoke permissions ++Use the following Azure AD PowerShell script to revoke all permissions granted to an application. ```powershell Connect-AzureAD -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All" "AppRoleAssignment.ReadWrite.All", $assignments | ForEach-Object { :::zone pivot="ms-powershell" -Using the following Microsoft Graph PowerShell script revokes all permissions granted to an application. +## Review and revoke permissions ++Use the following Microsoft Graph PowerShell script to revoke all permissions granted to an application. ```powershell Connect-MgGraph -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All", "AppRoleAssignment.ReadWrite.All" $spApplicationPermissions = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrin :::zone pivot = "ms-graph" +## Review and revoke permissions + To review permissions, Sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section. -You'll need to consent to the following permissions: +You need to consent to the following permissions: `Application.ReadWrite.All`, `Directory.ReadWrite.All`, `DelegatedPermissionGrant.ReadWrite.All`, `AppRoleAssignment.ReadWrite.All`. |
active-directory | Migrate Application Authentication To Azure Active Directory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/migrate-application-authentication-to-azure-active-directory.md | -This article describes the benefits and how to plan for migrating your application authentication to Azure AD. It's intended for Azure administrators and identity professionals. +This article describes the benefits and how to plan for migrating your application authentication to Azure AD. It's intended for technical project managers and identity professionals. The process is broken into four phases, each with detailed planning and exit criteria, and designed to help you plan your migration strategy and understand how Azure AD authentication supports your organizational goals. Your applications are likely using the following types of authentication: - On-premises federation solutions (such as Active Directory Federation Services (ADFS) and Ping) - Active Directory (such as Kerberos Auth and Windows-Integrated Auth) - Other cloud-based identity and access management (IAM) solutions (such as Okta or Oracle)-- On-premises web infrastructure (such as IIS and Apache)-- Cloud-hosted infrastructure (such as Azure and AWS)+- Header based authentication To ensure that the users can easily and securely access applications, your goal is to have a single set of access controls and policies across your on-premises and cloud environments. -[Azure Active Directory (Azure AD)](../fundamentals/active-directory-whatis.md) offers a universal identity platform that provides your people, partners, and customers a single identity to access the applications they want and collaborate from any platform and device. +[Azure Active Directory (Azure AD)](../fundamentals/active-directory-whatis.md) offers a universal identity platform that provides your employees, partners, and customers a single identity to access the applications they want and collaborate from any platform and device. - + Azure AD has a [full suite of identity management capabilities](../fundamentals/active-directory-whatis.md#which-features-work-in-azure-ad). Standardizing your app authentication and authorization to Azure AD gets you the benefits that these capabilities provide. You can find more migration resources at [https://aka.ms/migrateapps](./migratio ## Benefits of migrating app authentication to Azure AD -Moving app authentication to Azure AD will help you manage risk and cost, increase productivity, and address compliance and governance requirements. +Moving app authentication to Azure AD helps you manage risk and cost, increase productivity, and address compliance and governance requirements. ### Manage risk Safeguarding your apps requires that you have a full view of all the risk factor Your organization may have multiple Identity Access Management (IAM) solutions in place. Migrating to one Azure AD infrastructure is an opportunity to reduce dependencies on IAM licenses (on-premises or in the cloud) and infrastructure costs. In cases where you may have already paid for Azure AD via Microsoft 365 licenses, there's no reason to pay the added cost of another IAM solution. -With Azure AD, you can reduce infrastructure costs by: --- Providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md).-- Decoupling apps from the on-premises credential approach in your tenant by [setting up Azure AD as the trusted universal identity provider](../hybrid/plan-connect-user-signin.md#choosing-the-user-sign-in-method-for-your-organization).+With Azure AD, you can reduce infrastructure costs by providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md). ### Increase productivity Economics and security benefits drive organizations to adopt Azure AD, but full - Use self-service IAM capabilities, such as [Self-Service Password Resets](../authentication/concept-sspr-howitworks.md) and [SelfService Group Management](../enterprise-users/groups-self-service-management.md). - Reduce administrative overhead by managing only a single identity for each user across cloud and on-premises environments: + - Faster onboarding of new applications from the Azure AD app gallery. + - [Automate provisioning](../app-provisioning/user-provisioning.md) of user accounts (in [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps))based on Azure AD identities+ - Access all your apps from MyApps panel in the [Azure portal](https://portal.azure.com/) -- Enable developers to secure access to their apps and improve the end-user experience by using the [Microsoft Identity Platform](../develop/v2-overview.md) with the Microsoft Authentication Library (MSAL).+ - Using Azure AD Lifecycle workflows automate onboarding or offboarding, which was previously done with scripts. + - Empower your partners with access to cloud resources using [Azure AD B2B collaboration](../external-identities/what-is-b2b.md). Cloud resources remove the overhead of configuring point-to-point federation with your partners. ### Address compliance and governance When technology projects fail, it's often due to mismatched expectations, the ri Before we get into the tools, you should understand how to think through the migration process. Through several direct-to-customer workshops, we recommend the following four phases: - + ### Assemble the project team The following table includes the key roles and their contributions: | **Identity Architect / Azure AD App Administrator** | They're responsible for the following:<br /> - design the solution in cooperation with stakeholders<br /> - document the solution design and operational procedures for handoff to the operations team<br /> - manage the pre-production and production environments | | **On premises AD operations team** | The organization that manages the different on-premises identity sources such as AD forests, LDAP directories, HR systems etc.<br /> - perform any remediation tasks needed before synchronizing<br /> - Provide the service accounts required for synchronization<br /> - provide access to configure federation to Azure AD | | **IT Support Manager** | A representative from the IT support organization who can provide input on the supportability of this change from a helpdesk perspective. |-| **Security Owner** | A representative from the security team that can ensure that the plan will meet the security requirements of your organization. | -| **Application technical owners** | Includes technical owners of the apps and services that will integrate with Azure AD. They provide the applicationsΓÇÖ identity attributes that should include in the synchronization process. They usually have a relationship with CSV representatives. | +| **Security Owner** | A representative from the security team that can ensure that the plan meets the security requirements of your organization. | +| **Application technical owners** | Includes technical owners of the apps and services that integrate with Azure AD. They provide the applicationsΓÇÖ identity attributes that should include in the synchronization process. They usually have a relationship with CSV representatives. | | **Application business Owners** | Representative colleagues who can provide input on the user experience and usefulness of this change from a userΓÇÖs perspective and owns the overall business aspect of the application, which may include managing access. |-| **Pilot group of users** | Users who will test as a part of their daily work, the pilot experience, and provide feedback to guide the rest of the deployments. | +| **Pilot group of users** | Users who test as a part of their daily work, the pilot experience, and provide feedback to guide the rest of the deployments. | ### Plan communications Effective business engagement and communication are the keys to success. It's im Based on the communication strategy that you have chosen for the app you may want to remind users of the pending downtime. You should also verify that there are no recent changes or business impacts that would require to postpone the deployment. -In the following table you'll find the minimum suggested communication to keep your stakeholders informed: +In the following table you find the minimum suggested communication to keep your stakeholders informed: #### Plan phases and project strategy In the following table you'll find the minimum suggested communication to keep y | Communication | Audience | | | - | | - Outcome of application migration testing | - App technical owners<br />- App business owners |-| - Notification that migration is coming and explanation of resultant end-user experiences.<br />- Downtime coming and complete communications, including what they should now do, feedback, and how to get help | - End users (and all others) | +| - Notification that migration is coming and explanation of resultant <br/>end-user experiences.<br />- Downtime coming and complete communications, including what<br/> they should now do, feedback, and how to get help | - End users (and all others) | **Phase 4 ΓÇô Manage and gain insights**: In the following table you'll find the minimum suggested communication to keep y | | - | | Available analytics and how to access | - App technical owners<br />- App business owners | +There are two main categories of users of your apps and resources that Azure AD supports. + ### Migration states communication dashboard Communicating the overall state of the migration project is crucial, as it shows progress, and helps app owners whose apps are coming up for migration to prepare for the move. You can put together a simple dashboard using Power BI or other reporting tools to provide visibility into the status of applications during the migration. The migration states you might consider using are as follows: | **Production Configuration Successful** | Change the configurations to work against the production AD tenant and assess the app authentication in the test environment | | **Complete / Sign Off** | Deploy the changes for the app to the production environment and execute against the production Azure AD tenant | -This will ensure app owners know what the app migration and testing schedule are when their apps are up for migration, and what the results are from other apps that have already been migrated. You might also consider providing links to your bug tracker database for owners to be able to file and view issues for apps that are being migrated. +This ensures app owners know what the app migration and testing schedule are when their apps are up for migration, and what the results are from other apps that have already been migrated. You might also consider providing links to your bug tracker database for owners to be able to file and view issues for apps that are being migrated. ### Best practices The following are our customer and partnerΓÇÖs success stories, and suggested be ### Find your apps -The first decision point in an application migration is which apps to migrate, which if any should remain, and which apps to deprecate. There is always an opportunity to deprecate the apps that you will not use in your organization. There are several ways to find apps in your organization. While discovering apps, ensure you are including in-development and planned apps. Use Azure AD for authentication in all future apps. +The first decision point in an application migration is which apps to migrate, which if any should remain, and which apps to deprecate. There is always an opportunity to deprecate the apps that you won't use in your organization. There are several ways to find apps in your organization. While discovering apps, ensure you include in-development and planned apps. Use Azure AD for authentication in all future apps. -Using Active Directory Federation Services (AD FS) To gather a correct app inventory: +Using Active Directory Federation Services (AD FS) to gather a correct app inventory: -- **Use Azure AD Connect Health.** If you have an Azure AD Premium license, we recommend deploying [Azure AD Connect Health](../hybrid/how-to-connect-health-adfs.md) to analyze the app usage in your on premises environment. You can use the [ADFS application report](./migrate-adfs-application-activity.md) (preview) to discover ADFS applications that can be migrated and evaluate the readiness of the application to be migrated. After completing your migration, deploy [Cloud Discovery](/cloud-app-security/set-up-cloud-discovery) that allows you to continuously monitor Shadow IT in your organization once youΓÇÖre in the cloud.+- **Use Azure AD Connect Health.** If you have an Azure AD Premium license, we recommend deploying [Azure AD Connect Health](../hybrid/how-to-connect-health-adfs.md) to analyze the app usage in your on-premises environment. You can use the [ADFS application report](./migrate-adfs-application-activity.md) to discover ADFS applications that can be migrated and evaluate the readiness of the application to be migrated. After completing your migration, deploy [Cloud Discovery](/cloud-app-security/set-up-cloud-discovery) that allows you to continuously monitor Shadow IT in your organization once youΓÇÖre in the cloud. -- **AD FS log parsing**. If you donΓÇÖt have Azure AD Premium licenses, we recommend using the ADFS to Azure AD app migration tools based on [PowerShell.](https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration). Refer to [Solution guide](./migrate-adfs-apps-to-azure.md):+- **Use ADFS to Azure AD app migration tool**: If you donΓÇÖt have Azure AD Premium licenses, we recommend using the ADFS to Azure AD app migration tools based on [PowerShell](https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration). Refer to [solution guide](./migrate-adfs-apps-to-azure.md): -[Migrating apps from Active Directory Federation Services (AD FS) to Azure AD.](./migrate-adfs-apps-to-azure.md) +- **AD FS log parsing**. Parse the log files from your authentication servers to identify which apps are being used in your environment, and what their typical access patterns and access volumes are. ### Using other identity providers (IdPs) -For other identity providers (such as Okta or Ping), you can use their tools to export the application inventory. You may consider looking at service principles registered on Active Directory that correspond to the web apps in your organization. +For other identity providers (such as Okta or Ping), you can use their tools to export the application inventory. ### Using cloud discovery tools In the cloud environment, you need rich visibility, control over data travel, an - Use the [Get-AzureWebsite](/powershell/module/servicemanagement/azure.service/get-azurewebsite) cmdlet to get information about Azure websites. - Use the [Get-AzureRMWebApp](/powershell/module/azurerm.websites/get-azurermwebapp) cmdlet to get information about your Azure Web Apps.D - You can find all the apps running on Microsoft IIS from the Windows command line using [AppCmd.exe](/iis/get-started/getting-started-with-iis/getting-started-with-appcmdexe#working-with-sites-applications-virtual-directories-and-application-pools).- - Use [Applications](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#application-entity) and [Service Principals](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#serviceprincipal-entity) to get you information on an app and app instance in a directory in Azure AD. + - Use [Applications](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#application-entity) and [Service Principals](/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#serviceprincipal-entity) to get your information on web apps and app instance in a directory in Azure AD. ### Using manual processes -Once you have taken the automated approaches described above, you will have a good handle on your applications. However, you might consider doing the following to ensure you have good coverage across all user access areas: +Once you have taken the automated approaches described in this article, you have a good handle on your applications. However, you might consider doing the following to ensure you have good coverage across all user access areas: - Contact the various business owners in your organization to find the applications in use in your organization. - Run an HTTP inspection tool on your proxy server, or analyze proxy logs, to see where traffic is commonly routed. Once you have taken the automated approaches described above, you will have a go ### Type of apps to migrate -Once you find your apps, you will identify these types of apps in your organization: +Once you find your apps, you identify these types of apps in your organization: -- Apps that use modern authentication protocols already-- Apps that use legacy authentication protocols that you choose to modernize-- Apps that use legacy authentication protocols that you choose NOT to modernize-- New Line of Business (LoB) apps+- Apps that use modern authentication protocols such as [Security Assertion Markup Language (SAML)](../fundamentals/auth-saml.md) and [OpenID Connect (OIDC)](../fundamentals/auth-oidc.md) already +- Apps that use legacy authentication such as [Kerberos](https://techcommunity.microsoft.com/t5/itops-talk-blog/deep-dive-how-azure-ad-kerberos-works/ba-p/3070889), [Header-based](application-proxy-configure-single-sign-on-with-headers.md), or NT LAN Manager (NTLM) protocols that you choose to modernize +- Apps that use legacy authentication protocols that you choose NOT to modernize ### Apps that use modern authentication already -The already modernized apps are the most likely to be moved to Azure AD. These apps already use modern authentication protocols (such as SAML or OpenID Connect) and can be reconfigured to authenticate with Azure AD. +The already modernized apps are the most likely to be moved to Azure AD. These apps already use modern authentication protocols such as SAML or OIDC and can be reconfigured to authenticate with Azure AD. -In addition to the choices in the [Azure AD app gallery,](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) these could be apps that already exist in your organization or any third-party apps from a vendor who is not a part of the Azure AD gallery ([non-gallery applications)](./add-application-portal.md). +We recommend you search and add applications from the [Azure AD app gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps). If you donΓÇÖt find them in the gallery, you can still add custom SAML or OIDC apps to Azure AD. ### Legacy apps that you choose to modernize For legacy apps that you want to modernize, moving to Azure AD for core authentication and authorization unlocks all the power and data-richness that the [Microsoft Graph](https://developer.microsoft.com/graph/gallery/?filterBy=Samples,SDKs) and [Intelligent Security Graph](https://www.microsoft.com/security/operations/intelligence?rtc=1) have to offer. -We recommend updating the authentication stack code for these applications from the legacy protocol (such as Windows-Integrated Authentication, Kerberos Constrained Delegation, HTTP Headers-based authentication) to a modern protocol (such as SAML or OpenID Connect). +We recommend updating the authentication stack code for these applications from the legacy protocol (such as Windows-Integrated Authentication, Kerberos, HTTP Headers-based authentication) to a modern protocol (such as SAML or OpenID Connect). ### Legacy apps that you choose NOT to modernize For certain apps using legacy authentication protocols, sometimes modernizing th Azure AD can bring great benefits to these legacy apps, as you can enable modern Azure AD security and governance features like [Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md), [Conditional Access](../conditional-access/overview.md), [Identity Protection](../identity-protection/index.yml), [Delegated Application Access](./access-panel-manage-self-service-access.md), and [Access Reviews](../governance/manage-user-access-with-access-reviews.md#create-and-perform-an-access-review) against these apps without touching the app at all! -Start by **extending these apps into the cloud** with Azure AD [Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-password-vaulting.md) using simple means of authentication (like Password Vaulting) to get your users migrated quickly, or via our [partner integrations](https://azure.microsoft.com/services/active-directory/sso/secure-hybrid-access/) with application delivery controllers you might have deployed already. +Start by extending these apps into the cloud through our [Secure Hybrid Access (SHA) partner integrations](secure-hybrid-access.md) with application delivery controllers that you might have deployed already. ### New Line of Business (LoB) apps You are successful in this phase with: - What systems those apps connect to - From where and on what devices users access them- - Whether they will be migrated, deprecated, or connected with [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md). + - Whether they'll be migrated, deprecated, or connected with [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md). > [!NOTE]-> You can download the [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) to record the applications that you want to migrate to Azure AD authentication, and those you want to leave but manage by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md). +> You can download the [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) to record the applications that you want to migrate to Azure AD authentication. ## Phase 2: Classify apps and plan pilot One way to think about this is along the axes of business criticality, usage, an ### Business criticality -Business criticality will take on different dimensions for each business, but the two measures that you should consider are **features and functionality** and **user profiles**. Assign apps with unique functionality a higher point value than those with redundant or obsolete functionality. +Business criticality takes on different dimensions for each business, but the two measures that you should consider are **features and functionality** and **user profiles**. Assign apps with unique functionality a higher point value than those with redundant or obsolete functionality. - + ### Usage Applications with **high usage numbers** should receive a higher value than apps with low usage. Assign a higher value to apps with external, executive, or security team users. For each app in your migration portfolio, complete these assessments. - + Once you have determined values for business criticality and usage, you can then determine the **application lifespan**, and create a matrix of priority. See one such matrix below: - -+ ### Prioritize apps for migration You can choose to begin the app migration with either the lowest priority apps or the highest priority apps based on your organizationΓÇÖs needs. -In a scenario where you may not have experience using Azure AD and Identity services, consider moving your **lowest priority apps** to Azure AD first. This will minimize your business impact, and you can build momentum. Once you have successfully moved these apps and have gained the stakeholderΓÇÖs confidence, you can continue to migrate the other apps. +In a scenario where you may not have experience using Azure AD and Identity services, consider moving your **lowest priority apps** to Azure AD first. This minimizes your business impact, and you can build momentum. Once you have successfully moved these apps and have gained the stakeholderΓÇÖs confidence, you can continue to migrate the other apps. -If there is no clear priority, you should consider moving the apps that are in the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) first and support multiple identity providers (ADFS or Okta) because they are easier to integrate. It is likely that these apps are the **highest-priority apps** in your organization. To help integrate your SaaS applications with Azure AD, we have developed a collection of [tutorials](../saas-apps/tutorial-list.md) that walk you through configuration. +If there is no clear priority, you should consider moving the apps that are in the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps) first and support multiple identity providers because they are easier to integrate. It is likely that these apps are the **highest-priority apps** in your organization. To help integrate your SaaS applications with Azure AD, we have developed a collection of [tutorials](../saas-apps/tutorial-list.md) that walk you through configuration. -When you have a deadline to migrate the apps, these highest priority apps bucket will take the major workload. You can eventually select the lower priority apps as they will not change the cost even though you have moved the deadline. Even if you must renew the license, it will be for a small amount. +When you have a deadline to migrate the apps, these highest priority apps bucket takes the major workload. You can eventually select the lower priority apps as they won't change the cost even though you have moved the deadline. -In addition to this classification and depending on the urgency of your migration, you may also consider putting up a **migration schedule** within which app owners must engage to have their apps migrated. At the end of this process, you should have a list of all applications in prioritized buckets for migration. +In addition to this classification and depending on the urgency of your migration, you should publish a **migration schedule** within which app owners must engage to have their apps migrated. At the end of this process, you should have a list of all applications in prioritized buckets for migration. ### Document your apps -First, start by gathering key details about your applications. The [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx)will help you to make your migration decisions quickly and get a recommendation out to your business group in no time at all. +First, start by gathering key details about your applications. The [Application Discovery Worksheet](https://download.microsoft.com/download/2/8/3/283F995C-5169-43A0-B81D-B0ED539FB3DD/Application%20Discovery%20worksheet.xlsx) helps you to make your migration decisions quickly and get a recommendation out to your business group in no time at all. Information that is important to making your migration decision includes: Information that is important to making your migration decision includes: - **Business criticality** ΓÇô is its high criticality? Low? Or somewhere in between? - **User access volume** ΓÇô does everyone access this app or just a few people? - **Planned lifespan** ΓÇô how long will this app be around? Less than six months? More than two years?-- **Current identity provider** ΓÇô what is the primary IdP for this app? Or does it rely on local storage?+- **Current identity provider** ΓÇô what is the primary IdP for this app? - **Method of authentication** ΓÇô does the app authenticate using open standards?+- **Security requirements** - must it be on a corporate network? Requires MFA or registered device? +- **User audience** ΓÇô employees, partners or internal or external customers? - **Whether you plan to update the app code** ΓÇô is the app under planned or active development? - **Whether you plan to keep the app on-premises** ΓÇô do you want to keep the app in your datacenter long term? - **Whether the app depends on other apps or APIs** ΓÇô does the app currently call into other apps or APIs? - **Whether the app is in the Azure AD gallery** ΓÇô is the app currently already integrated with the [Azure AD Gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps)? -Other data that will help you later, but that you do not need to make an immediate migration decision includes: +Other data that helps you later, but that you do not need to make an immediate migration decision includes: - **App URL** ΓÇô where do users go to access the app? - **App description** ΓÇô what is a brief description of what the app does? Once you have classified your application and documented the details, then be su ### Plan a pilot -The app(s) you select for the pilot should represent the key identity and security requirements of your organization, and you must have clear buy-in from the application owners. Pilots typically run in a separate test environment. See [best practices for pilots](../fundamentals/active-directory-deployment-plans.md#best-practices-for-a-pilot) on the deployment plans page. +The app(s) you select for the pilot should represent the key identity and security requirements of your organization, and you must have clear buy-in from the application owners. Pilots typically run in a separate test environment. DonΓÇÖt forget about your external partners. Make sure that they participate in migration schedules and testing. Finally, ensure they have a way to access your helpdesk if there were breaking issues. While some apps are easy to migrate, others may take longer due to multiple serv Many SaaS app vendors charge for changing the SSO connection. Check with them and plan for this. -Azure AD also has [service limits and restrictions](../enterprise-users/directory-service-limits-restrictions.md) you should be aware of. - ### App owner sign-off Business critical and universally used applications may need a group of pilot users to test the app in the pilot stage. Once you have tested an app in the pre-production or pilot environment, ensure that app business owners sign off on performance prior to the migration of the app and all users to production use of Azure AD for authentication. You can use this information to protect access to all services integrated with A - Plan identity security improvements - Review the success of your improvements -This will also help you implement the [five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md). Use the guidance as a starting point for your organization and adjust the policies to meet your organization's specific requirements. +This also helps you implement the [five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md). Use the guidance as a starting point for your organization and adjust the policies to meet your organization's specific requirements. ### Who is accessing your data? There are two main categories of users of your apps and resources that Azure AD - **External:** Vendors, suppliers, distributors, or other business partners that interact with your organization in the regular course of business with [Azure AD B2B collaboration.](../external-identities/what-is-b2b.md) -You can define groups for these users and populate these groups in diverse ways. You may choose that an administrator must manually add members into a group, or you can enable selfservice group membership. Rules can be established that automatically add members into groups based on the specified criteria using [dynamic groups](../enterprise-users/groups-dynamic-membership.md). +You can define groups for these users and populate these groups in diverse ways. You may choose that an administrator must manually add members into a group, or you can enable self-service group membership. Rules can be established that automatically add members into groups based on the specified criteria using [dynamic groups](../enterprise-users/groups-dynamic-membership.md). External users may also refer to customers. [Azure AD B2C](../../active-directory-b2c/overview.md), a separate product supports customer authentication. However, it is outside the scope of this paper. External users may also refer to customers. [Azure AD B2C](../../active-director The device and location that a user uses to access an app are also important. Devices physically connected to your corporate network are more secure. Connections from outside the network over VPN may need scrutiny. - + With these aspects of resource, user, and device in mind, you may choose to use [Azure AD Conditional Access](../conditional-access/overview.md) capabilities. Conditional access goes beyond user permissions: it is based on a combination of factors, such as the identity of a user or group, the network that the user is connected to, the device and application they are using, and the type of data they are trying to access. The access granted to the user adapts to this broader set of conditions. Once you have gained business buy-in, the next step is to start migrating these Use the tools and guidance below to follow the precise steps needed to migrate your applications to Azure AD: - **General migration guidance** ΓÇô Use the whitepaper, tools, email templates, and applications questionnaire in the [Azure AD apps migration toolkit](./migration-resources.md) to discover, classify, and migrate your apps.-- **SaaS applications** ΓÇô See our list of [hundreds of SaaS app tutorials](../saas-apps/tutorial-list.md) and the complete [Azure AD SSO deployment plan](https://aka.ms/ssodeploymentplan) to walk through the end-to-end process.+- **SaaS applications** ΓÇô See our list of [SaaS app tutorials](../saas-apps/tutorial-list.md) and the [Azure AD SSO deployment plan](plan-sso-deployment.md) to walk through the end-to-end process. - **Applications running on-premises** ΓÇô Learn all [about the Azure AD Application Proxy](../app-proxy/application-proxy.md) and use the complete [Azure AD Application Proxy deployment plan](https://aka.ms/AppProxyDPDownload) to get going quickly. - **Apps youΓÇÖre developing** ΓÇô Read our step-by-step [integration](../develop/quickstart-register-app.md) and [registration](../develop/quickstart-register-app.md) guidance. After migration, you may choose to send communication informing the users of the ### Plan testing -During the process of the migration, your app may already have a test environment used during regular deployments. You can continue to use this environment for migration testing. If a test environment is not currently available, you may be able to set one up using Azure App Service or Azure Virtual Machines, depending on the architecture of the application. You may choose to set up a separate test Azure AD tenant to use as you develop your app configurations. This tenant will start in a clean state and will not configured to sync with any system. --You can test each app by logging in with a test user and make sure all functionality is the same as prior to the migration. If you determine during testing that users will need to update their [MFA](../authentication/howto-mfa-userstates.md) or [SSPR](../authentication/tutorial-enable-sspr.md)settings, or you are adding this functionality during the migration, be sure to add that to your end-user communication plan. See [MFA](https://aka.ms/mfatemplates) and [SSPR](https://aka.ms/ssprtemplates) end-user communication templates. +During the process of the migration, your app may already have a test environment used during regular deployments. You can continue to use this environment for migration testing. If a test environment is not currently available, you may be able to set one up using Azure App Service or Azure Virtual Machines, depending on the architecture of the application. You may choose to set up a separate test Azure AD tenant to use as you develop your app configurations. This tenant will start in a clean state and won't be configured to sync with any system. Once you have migrated the apps, go to the [Azure portal](https://portal.azure.com/) to test if the migration was a success. Follow the instructions below: Depending on how you configure your app, verify that SSO works properly. | **OAuth / OpenID Connect** | Select **Enterprise applications > Permissions** and ensure you have consented to the application to be used in your organization in the user settings for your app. | | **SAML-based SSO** | Use the [Test SAML Settings](./debug-saml-sso-issues.md) button found under **Single Sign-On.** | | **Password-Based SSO** | Download and install the [MyApps Secure Sign-in Extension](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension). This extension helps you start any of your organization's cloud apps that require you to use an SSO process. |- | **[Application Proxy](../app-proxy/application-proxy.md)** | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](../app-proxy/application-proxy-troubleshoot.md) for further assistance. | +You can test each app by logging in with a test user and make sure all functionality is the same as prior to the migration. If you determine during testing that users will need to update their [MFA](../authentication/howto-mfa-userstates.md) or [SSPR](../authentication/tutorial-enable-sspr.md)settings, or you are adding this functionality during the migration, be sure to add that to your end-user communication plan. See [MFA](https://aka.ms/mfatemplates) and [SSPR](https://aka.ms/ssprtemplates) end-user communication templates. + ### Troubleshoot -If you run into problems, check out our [apps troubleshooting guide](../app-provisioning/isv-automatic-provisioning-multi-tenant-apps.md) to get help. You can also check out our troubleshooting articles, see [Problems signing in to SAML-based single sign-on configured apps](/troubleshoot/azure/active-directory/troubleshoot-sign-in-saml-based-apps). +If you run into problems, check out our [apps troubleshooting guide](../app-provisioning/isv-automatic-provisioning-multi-tenant-apps.md) and [Secure Hybrid Access partner integration article](secure-hybrid-access-integrations.md) to get help. You can also check out our troubleshooting articles, see [Problems signing in to SAML-based single sign-on configured apps](/troubleshoot/azure/active-directory/troubleshoot-sign-in-saml-based-apps). ### Plan rollback If your migration fails, the best strategy is to roll back and test. Here are the steps that you can take to mitigate migration issues: - **Take screenshots** of the existing configuration of your app. You can look back if you must reconfigure the app once again.-- You might also consider **providing links to the legacy authentication**, if there was issues with cloud authentication.-- Before you complete your migration, **do not change your existing configuration** with the earlier identity provider.-- Begin by migrating **the apps that support multiple IdPs**. If something goes wrong, you can always change to the preferred IdPΓÇÖs configuration.+- You might also consider **providing links for the application to use legacy authentication**, if there were issues with cloud authentication. +- Before you complete your migration, **do not change your existing configuration** with the existing identity provider. +- Consider migrating **the apps that support multiple IdPs**. If something goes wrong, you can always change to the preferred IdPΓÇÖs configuration. - Ensure that your app experience has a **Feedback button** or pointers to your **helpdesk** issues. ### Exit criteria We recommend taking the following actions as appropriate to your organization. Once you have migrated the apps, you can enrich your userΓÇÖs experience in many ways - Make apps discoverable-- Point your user to the [MyApps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension)portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](../app-proxy/application-proxy.md) provided they have permissions to access those apps.+- Point your user to the [MyApps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510#download-and-install-the-my-apps-secure-sign-in-extension) portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](../app-proxy/application-proxy.md) provided they have permissions to access those apps. You can guide your users on how to discover their apps: - Use the [Existing Single Sign-on](./view-applications-portal.md) feature to **link your users to any app**-- Enable [Self-Service Application Access](./manage-self-service-access.md)to an app and **let users add apps that you curate**+- Enable [Self-Service Application Access](./manage-self-service-access.md) to an app and **let users add apps that you curate** - [Hide applications from end-users](./hide-application-from-user-portal.md) (default Microsoft apps or other apps) to make the apps they do need more discoverable ### Make apps accessible |
active-directory | Prevent Domain Hints With Home Realm Discovery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/prevent-domain-hints-with-home-realm-discovery.md | zone_pivot_groups: home-realm-discovery Home Realm Discovery Policy (HRD) offers administrators multiple ways to control how and where their users authenticate. The `domainHintPolicy` section of the HRD policy is used to help migrate federated users to cloud managed credentials like [FIDO](../authentication/howto-authentication-passwordless-security-key.md), by ensuring that they always visit the Azure AD sign-in page and aren't auto-accelerated to a federated IDP because of domain hints. To learn more about HRD policy, see [Home Realm Discovery](home-realm-discovery-policy.md). -This policy is needed in situations where and admins can't control or update domain hints during sign-in. For example, `outlook.com/contoso.com` sends the user to a login page with the `&domain_hint=contoso.com` parameter appended, to auto-accelerate the user directly to the federated IDP for the `contoso.com` domain. Users with managed credentials sent to a federated IDP can't sign in using their managed credentials, reducing security, and frustrating users with randomized sign-in experiences. Admins rolling out managed credentials [should also set up this policy](#suggested-use-within-a-tenant) to ensure that users can always use their managed credentials. +This policy is needed in situations where and admins can't control or update domain hints during sign-in. For example, `outlook.com/contoso.com` sends the user to a sign-in page with the `&domain_hint=contoso.com` parameter appended, to auto-accelerate the user directly to the federated IDP for the `contoso.com` domain. Users with managed credentials sent to a federated IDP can't sign in using their managed credentials, reducing security, and frustrating users with randomized sign-in experiences. Admins rolling out managed credentials [should also set up this policy](#suggested-use-within-a-tenant) to ensure that users can always use their managed credentials. ## DomainHintPolicy details -The DomainHintPolicy section of the HRD policy is a JSON object, that allows an admin to opt out certain domains and applications from domain hint usage. Functionally, this tells the Azure AD sign-in page to behave as if a `domain_hint` parameter on the login request wasn't present. +The DomainHintPolicy section of the HRD policy is a JSON object that allows an admin to opt out certain domains and applications from domain hint usage. Functionally, this tells the Azure AD sign-in page to behave as if a `domain_hint` parameter on the sign-in request wasn't present. ### The Respect and Ignore policy sections The DomainHintPolicy section of the HRD policy is a JSON object, that allows an The DomainHintPolicy logic runs on each incoming request that contains a domain hint and accelerates based on two pieces of data in the request ΓÇô the domain in the domain hint, and the client ID (the app). In short - "Respect" for a domain or app takes precedence over an instruction to "Ignore" a domain hint for a given domain or application. -- In the absence of any domain hint policy, or if none of the 4 sections reference the app or domain hint mentioned, [the rest of the HRD policy will be evaluated](home-realm-discovery-policy.md#priority-and-evaluation-of-hrd-policies).-- If either one (or both) of `RespectDomainHintForApps` or `RespectDomainHintForDomains` section includes the app or domain hint in the request, then the user will be auto-accelerated to the federated IDP as requested.-- If either one (or both) of `IgnoreDomainHintsForApps` or `IgnoreDomainHintsForDomains` references the app or the domain hint in the request, and theyΓÇÖre not referenced by the ΓÇ£RespectΓÇ¥ sections, then the request won't be auto-accelerated, and the user will remain at the Azure AD login page to provide a username.+- In the absence of any domain hint policy, or if none of the four sections reference the app or domain hint mentioned, [the rest of the HRD policy will be evaluated](home-realm-discovery-policy.md#priority-and-evaluation-of-hrd-policies). +- If either one (or both) of `RespectDomainHintForApps` or `RespectDomainHintForDomains` section includes the app or domain hint in the request, then the user is auto-accelerated to the federated IDP as requested. +- If either one (or both) of `IgnoreDomainHintsForApps` or `IgnoreDomainHintsForDomains` references the app or the domain hint in the request, and theyΓÇÖre not referenced by the ΓÇ£RespectΓÇ¥ sections, then the request won't be auto-accelerated, and the user remains at the Azure AD sign-in page to provide a username. -Once a user has entered a username at the login page, they can use their managed credentials. If they choose not to use a managed credential, or they have none registered, they'll be taken to their federated IDP for credential entry as usual. +Once a user has entered a username at the sign-in page, they can use their managed credentials. If they choose not to use a managed credential, or they have none registered, they are taken to their federated IDP for credential entry as usual. ## Prerequisites To disable auto-acceleration sign-in for an application in Azure AD, you need: - An Azure account with an active subscription. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.+- One of the following roles: Global Administrator, or owner of the service principal. ::: zone pivot="powershell-hrd" - The latest Azure AD PowerShell cmdlet preview. ::: zone-end To disable auto-acceleration sign-in for an application in Azure AD, you need: Admins of federated domains should set up this section of the HRD policy in a four-phase plan. The goal of this plan is to eventually get all users in a tenant to use their managed credentials regardless of domain or application, save those apps that have hard dependencies on `domain_hint` usage. This plan helps admins find those apps, exempt them from the new policy, and continue rolling out the change to the rest of the tenant. -1. Pick a domain to initially roll this change out to. This will be your test domain, so pick one that may be more receptive to changes in UX (For example, seeing a different login page). This will ignore all domain hints from all applications that use this domain name. Set this policy in your tenant-default HRD policy: +1. Pick a domain to initially roll this change out to. This is your test domain, so pick one that may be more receptive to changes in UX (For example, seeing a different sign-in page). This ignores all domain hints from all applications that use this domain name. Set this policy in your tenant-default HRD policy: ::: zone pivot="graph-hrd" -```json +```http +PATCH /policies/homeRealmDiscoveryPolicies/{id} + "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com" ], "RespectDomainHintForDomains": [], Admins of federated domains should set up this section of the HRD policy in a fo ::: zone pivot="powershell-hrd" ```powershell -New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": [] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": [] } } }") + -DisplayName BasicBlockAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ``` ::: zone-end New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli ::: zone pivot="graph-hrd" -```json +```http +PATCH /policies/homeRealmDiscoveryPolicies/{id} + "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com" ], "RespectDomainHintForDomains": [], New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli ::: zone pivot="powershell-hrd" ```powershell-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`" ], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }") + -DisplayName BasicBlockAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ```+ ::: zone-end 3. Continue expanding rollout of the policy to new domains, collecting more feedback. ::: zone pivot="graph-hrd" -```json +```http +PATCH /policies/homeRealmDiscoveryPolicies/{id} + "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "testDomain.com", "otherDomain.com", "anotherDomain.com"], "RespectDomainHintForDomains": [], New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli ::: zone pivot="powershell-hrd" ```powershell-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`", "otherDomain.com", "anotherDomain.com"], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"testDomain.com`", "otherDomain.com", "anotherDomain.com"], `"RespectDomainHintForDomains`": [], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }") + -DisplayName BasicBlockAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ``` ::: zone-end New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli ::: zone pivot="graph-hrd" -```json +```http +PATCH /policies/homeRealmDiscoveryPolicies/{id} + "DomainHintPolicy": { "IgnoreDomainHintForDomains": [ "*" ], "RespectDomainHintForDomains": ["guestHandlingDomain.com"], New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPoli ::: zone pivot="powershell-hrd" ```powershell-New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"*`" ], `"RespectDomainHintForDomains`": [guestHandlingDomain.com], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid] } } }") -DisplayName BasicBlockAccelerationPolicy -Type HomeRealmDiscoveryPolicy +New-AzureADPolicy + -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"DomainHintPolicy`": { `"IgnoreDomainHintForDomains`": [ `"*`" ], `"RespectDomainHintForDomains`": [guestHandlingDomain.com], `"IgnoreDomainHintForApps`": [], `"RespectDomainHintForApps`": ["app1-clientID-Guid", "app2-clientID-Guid"] } } }") + -DisplayName BasicBlockAccelerationPolicy + -Type HomeRealmDiscoveryPolicy ``` ::: zone-end -After step 4 is complete all users, except those in `guestHandlingDomain.com`, can sign-in at the Azure AD sign-in page even when domain hints would otherwise cause an auto-acceleration to a federated IDP. The exception to this is if the app requesting sign-in is one of the exempted ones - for those apps, all domain hints will still be accepted. +After step 4 is complete all users, except those in `guestHandlingDomain.com`, can sign-in at the Azure AD sign-in page even when domain hints would otherwise cause an auto-acceleration to a federated IDP. The exception to this is if the app requesting sign-in is one of the exempted ones - for those apps, all domain hints are still accepted. ::: zone pivot="graph-hrd" ## Configuring policy through Graph Explorer -Set the [Home Realm Discovery policy](/graph/api/resources/homeRealmDiscoveryPolicy) as usual, using Microsoft Graph. --1. Grant the Policy.ReadWrite.ApplicationConfiguration permission in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). -1. Use the URL `https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies` -1. POST the new policy to this URL, or PATCH to `/policies/homerealmdiscoveryPolicies/{policyID}` if overwriting an existing one. --POST or PATCH contents: --```json -{ - "displayName":"Home Realm Discovery Domain Hint Exclusion Policy", - "definition":[ - "{\"HomeRealmDiscoveryPolicy\" : {\"DomainHintPolicy\": { \"IgnoreDomainHintForDomains\": [ \"Contoso.com\" ], \"RespectDomainHintForDomains\": [], \"IgnoreDomainHintForApps\": [\"sample-guid-483c-9dea-7de4b5d0a54a\"], \"RespectDomainHintForApps\": [] } } }" - ], - "isOrganizationDefault":true -} -``` +Manage the [Home Realm Discovery policy](/graph/api/resources/homeRealmDiscoveryPolicy) using [Microsoft Graph](https://developer.microsoft.com/graph/graph-explorer). ++1. Sign in to Microsoft Graph explorer with one of the roles listed in the prerequisite section. +1. Grant the `Policy.ReadWrite.ApplicationConfiguration` permission. +1. Use the [Home realm discovery policy](/graph/api/resources/homerealmdiscoverypolicy) to create a new policy. +1. POST the new policy, or PATCH to update an existing policy. ++ ```http + PATCH /policies/homeRealmDiscoveryPolicies/{id} + { + "displayName":"Home Realm Discovery Domain Hint Exclusion Policy", + "definition":[ + "{\"HomeRealmDiscoveryPolicy\" : {\"DomainHintPolicy\": { \"IgnoreDomainHintForDomains\": [\"Contoso.com\"], \"RespectDomainHintForDomains\": [], \"IgnoreDomainHintForApps\": [\"sample-guid-483c-9dea-7de4b5d0a54a\"], \"RespectDomainHintForApps\": [] } } }" + ], + "isOrganizationDefault":true + } + ``` Be sure to use slashes to escape the `Definition` JSON section when using Graph. |
active-directory | Tenant Restrictions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tenant-restrictions.md | -Large organizations that emphasize security want to move to cloud services like Microsoft 365, but need to know that their users only can access approved resources. Traditionally, companies restrict domain names or IP addresses when they want to manage access. This approach fails in a world where software as a service (or SaaS) apps are hosted in a public cloud, running on shared domain names like outlook.office.com and login.microsoftonline.com. Blocking these addresses would keep users from accessing Outlook on the web entirely, instead of merely restricting them to approved identities and resources. +Large organizations that emphasize security want to move to cloud services like Microsoft 365, but need to know that their users only can access approved resources. Traditionally, companies restrict domain names or IP addresses when they want to manage access. This approach fails in a world where software as a service (or SaaS) apps are hosted in a public cloud, running on shared domain names like `outlook.office.com` and `login.microsoftonline.com`. Blocking these addresses would keep users from accessing Outlook on the web entirely, instead of merely restricting them to approved identities and resources. The Azure Active Directory (Azure AD) solution to this challenge is a feature called tenant restrictions. With tenant restrictions, organizations can control access to SaaS cloud applications, based on the Azure AD tenant the applications use for [single sign-on](what-is-single-sign-on.md). For example, you may want to allow access to your organization's Microsoft 365 applications, while preventing access to other organizations' instances of these same applications. With tenant restrictions, organizations can specify the list of tenants that users on their network are permitted to access. Azure AD then only grants access to these permitted tenants - all other tenants are blocked, even ones that your users may be guests in. -This article focuses on tenant restrictions for Microsoft 365, but the feature protects all apps that send the user to Azure AD for single sign-on. If you use SaaS apps with a different Azure AD tenant from the tenant used by your Microsoft 365, make sure that all required tenants are permitted (e.g. in B2B collaboration scenarios). For more information about SaaS cloud apps, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps). +This article focuses on tenant restrictions for Microsoft 365, but the feature protects all apps that send the user to Azure AD for single sign-on. If you use SaaS apps with a different Azure AD tenant from the tenant used by your Microsoft 365, make sure that all required tenants are permitted (For example, in B2B collaboration scenarios). For more information about SaaS cloud apps, see the [Active Directory Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps). -Additionally, the tenant restrictions feature now supports [blocking the use of all Microsoft consumer applications](#blocking-consumer-applications) (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the `login.live.com` endpoint, and is detailed at the end of the document. +The tenant restrictions feature also supports [blocking the use of all Microsoft consumer applications](#blocking-consumer-applications) (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the `login.live.com` endpoint, and is detailed at the end of this article. ## How it works The overall solution comprises the following components: The following diagram illustrates the high-level traffic flow. Tenant restrictions requires TLS inspection only on traffic to Azure AD, not to the Microsoft 365 cloud services. This distinction is important, because the traffic volume for authentication to Azure AD is typically much lower than traffic volume to SaaS applications like Exchange Online and SharePoint Online. - - ## Set up tenant restrictions There are two steps to get started with tenant restrictions. First, make sure that your clients can connect to the right addresses. Second, configure your proxy infrastructure. The following configuration is required to enable tenant restrictions through yo - Clients must trust the certificate chain presented by the proxy for TLS communications. For example, if certificates from an internal public key infrastructure (PKI) are used, the internal issuing root certificate authority certificate must be trusted. -- Azure AD Premium 1 licenses are required for use of Tenant Restrictions.+- Azure AD Premium 1 licenses are required for use of tenant restrictions. #### Configuration -For each outgoing request to login.microsoftonline.com, login.microsoft.com, and login.windows.net, insert two HTTP headers: *Restrict-Access-To-Tenants* and *Restrict-Access-Context*. +For each outgoing request to `login.microsoftonline.com`, `login.microsoft.com`, and `login.windows.net`, insert two HTTP headers: *Restrict-Access-To-Tenants* and *Restrict-Access-Context*. > [!NOTE]-> Do not include subdomains under `*.login.microsoftonline.com` in your proxy configuration. Doing so will include device.login.microsoftonline.com and will interfere with Client Certificate authentication, which is used in Device Registration and Device-based Conditional Access scenarios. Configure your proxy server to exclude device.login.microsoftonline.com and enterpriseregistration.windows.net from TLS break-and-inspect and header injection. +> Do not include subdomains under `*.login.microsoftonline.com` in your proxy configuration. Doing so will include `device.login.microsoftonline.com` and will interfere with Client Certificate authentication, which is used in Device Registration and Device-based Conditional Access scenarios. Configure your proxy server to exclude `device.login.microsoftonline.com` and `enterpriseregistration.windows.net` from TLS break-and-inspect and header injection. The headers should include the following elements: -- For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, as well as the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`+- For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, and the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47` - For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`. You *must* use your own directory ID here to get logs for these authentications. If you use any directory ID other than your own, those sign-in logs *will* appear in someone else's tenant, with all personal information removed. For more information, see [Admin experience](#admin-experience). The headers should include the following elements: > > To validate that a directory ID or domain name refer to the same tenant, use that ID or domain in place of \<tenant\> in this URL: `https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration`. If the results with the domain and the ID are the same, they refer to the same tenant. -To prevent users from inserting their own HTTP header with non-approved tenants, the proxy needs to replace the *Restrict-Access-To-Tenants* header if it is already present in the incoming request. +To prevent users from inserting their own HTTP header with non-approved tenants, the proxy needs to replace the *Restrict-Access-To-Tenants* header if it's already present in the incoming request. -Clients must be forced to use the proxy for all requests to login.microsoftonline.com, login.microsoft.com, and login.windows.net. For example, if PAC files are used to direct clients to use the proxy, end users shouldn't be able to edit or disable the PAC files. +Clients must be forced to use the proxy for all requests to `login.microsoftonline.com`, `login.microsoft.com`, and `login.windows.net`. For example, if PAC files are used to direct clients to use the proxy, end users shouldn't be able to edit or disable the PAC files. ## The user experience This section describes the experience for both end users and admins. An example user is on the Contoso network, but is trying to access the Fabrikam instance of a shared SaaS application like Outlook online. If Fabrikam is a non-permitted tenant for the Contoso instance, the user sees an access denial message, which says you're trying to access a resource that belongs to an organization unapproved by your IT department. - - ### Admin experience While configuration of tenant restrictions is done on the corporate proxy infrastructure, admins can access the tenant restrictions reports in the Azure portal directly. To view the reports: While configuration of tenant restrictions is done on the corporate proxy infras The admin for the tenant specified as the Restricted-Access-Context tenant can use this report to see sign-ins blocked because of the tenant restrictions policy, including the identity used and the target directory ID. Sign-ins are included if the tenant setting the restriction is either the user tenant or resource tenant for the sign-in. -The report may contain limited information, such as target directory ID, when a user who is in a tenant other than the Restricted-Access-Context tenant signs in. In this case, user identifiable information, such as name and user principal name, is masked to protect user data in other tenants ("{PII Removed}@domain.com" or 00000000-0000-0000-0000-000000000000 in place of usernames and object IDs as appropriate). +The report may contain limited information, such as target directory ID, when a user who is in a tenant other than the Restricted-Access-Context tenant signs in. In this case, user identifiable information, such as name and user principal name, is masked to protect user data in other tenants (For example, `"{PII Removed}@domain.com" or 00000000-0000-0000-0000-000000000000` in place of usernames and object IDs as appropriate). Like other reports in the Azure portal, you can use filters to specify the scope of your report. You can filter on a specific time interval, user, application, client, or status. If you select the **Columns** button, you can choose to display data with any combination of the following fields: -- **User** - this field can have personal data removed, where it will be set to `00000000-0000-0000-0000-000000000000`.+- **User** - this field can have personal data removed, where it is set to `00000000-0000-0000-0000-000000000000`. - **Application** - **Status** - **Date** - **Date (UTC)** - where UTC is Coordinated Universal Time - **IP Address** - **Client**-- **Username** - this field can have personal data removed, where it will be set to `{PII Removed}@domain.com`+- **Username** - this field can have personal data removed, where it is set to `{PII Removed}@domain.com` - **Location** - **Target tenant ID** Microsoft 365 applications must meet two criteria to fully support tenant restri 1. The client used supports modern authentication. 2. Modern authentication is enabled as the default authentication protocol for the cloud service. -Refer to [Updated Office 365 modern authentication](https://www.microsoft.com/en-us/microsoft-365/blog/2015/03/23/office-2013-modern-authentication-public-preview-announced/) for the latest information on which Office clients currently support modern authentication. That page also includes links to instructions for enabling modern authentication on specific Exchange Online and Skype for Business Online tenants. SharePoint Online already enables Modern authentication by default. Teams only supports modern auth, and does not support legacy auth, so this bypass concern does not apply to Teams. +For the latest information on which Office clients currently support modern authentication, see [Updated Office 365 modern authentication](https://www.microsoft.com/microsoft-365/blog/2015/03/23/office-2013-modern-authentication-public-preview-announced/). That page also includes links to instructions for enabling modern authentication on specific Exchange Online and Skype for Business Online tenants. SharePoint Online already enables Modern authentication by default. Teams only supports modern auth, and doesn't support legacy auth, so this bypass concern doesn't apply to Teams. -Microsoft 365 browser-based applications (the Office Portal, Yammer, SharePoint sites, Outlook on the Web, and more) currently support tenant restrictions. Thick clients (Outlook, Skype for Business, Word, Excel, PowerPoint, and more) can enforce tenant restrictions only when using modern authentication. +Microsoft 365 browser-based applications (such as the Office Portal, Yammer, SharePoint sites, and Outlook on the Web.) currently support tenant restrictions. Thick clients (Outlook, Skype for Business, Word, Excel, PowerPoint, and more) can enforce tenant restrictions only when using modern authentication. -Outlook and Skype for Business clients that support modern authentication may still able to use legacy protocols against tenants where modern authentication isn't enabled, effectively bypassing tenant restrictions. Tenant restrictions may block applications that use legacy protocols if they contact login.microsoftonline.com, login.microsoft.com, or login.windows.net during authentication. +Outlook and Skype for Business clients that support modern authentication may still be able to use legacy protocols against tenants where modern authentication isn't enabled, effectively bypassing tenant restrictions. Tenant restrictions may block applications that use legacy protocols if they contact `login.microsoftonline.com`, `login.microsoft.com`, or `login.windows.net` during authentication. For Outlook on Windows, customers may choose to implement restrictions preventing end users from adding non-approved mail accounts to their profiles. For example, see the [Prevent adding non-default Exchange accounts](https://gpsearch.azurewebsites.net/default.aspx?ref=1) group policy setting. ### Azure RMS and Office Message Encryption incompatibility -The [Azure Rights Management Service](/azure/information-protection/what-is-azure-rms) (RMS) and [Office Message Encryption](/microsoft-365/compliance/ome) features are not compatible with tenant restrictions. These features rely on signing your users into other tenants in order to get decryption keys for the encrypted documents. Because tenant restrictions blocks access to other tenants, encrypted mail and documents sent to your users from untrusted tenants will not be accessible. +The [Azure Rights Management Service](/azure/information-protection/what-is-azure-rms) (RMS) and [Office Message Encryption](/microsoft-365/compliance/ome) features aren't compatible with tenant restrictions. These features rely on signing your users into other tenants in order to get decryption keys for the encrypted documents. Because tenant restrictions blocks access to other tenants, encrypted mail and documents sent to your users from untrusted tenants won't be accessible. ## Testing If you want to try out tenant restrictions before implementing it for your whole ### Fiddler for a host-based approach -Fiddler is a free web debugging proxy that can be used to capture and modify HTTP/HTTPS traffic, including inserting HTTP headers. To configure Fiddler to test tenant restrictions, perform the following steps: +Fiddler is a free web debugging proxy that can be used to capture and modify HTTP/HTTPS traffic, it includes inserting HTTP headers. To configure Fiddler to test tenant restrictions, perform the following steps: 1. [Download and install Fiddler](https://www.telerik.com/fiddler). After you configure Fiddler, you can capture traffic by going to the **File** me ### Staged rollout of proxy settings -Depending on the capabilities of your proxy infrastructure, you may be able to stage the rollout of settings to your users. Here are a couple high-level options for consideration: +Depending on the capabilities of your proxy infrastructure, you may be able to stage the rollout of settings to your users. See the following high-level options for consideration: 1. Use PAC files to point test users to a test proxy infrastructure, while normal users continue to use the production proxy infrastructure. 2. Some proxy servers may support different configurations using groups. Some organizations attempt to fix this by blocking `login.live.com` in order to 1. Blocking `login.live.com` blocks the use of personal accounts in B2B guest scenarios, which can intrude on visitors and collaboration. 1. [Autopilot requires the use of `login.live.com`](/mem/autopilot/networking-requirements) in order to deploy. Intune and Autopilot scenarios can fail when `login.live.com` is blocked.-1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [will cease to work](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). +1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [cease to work](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). ### Configuration for consumer apps While the `Restrict-Access-To-Tenants` header functions as an allowlist, the Microsoft account (MSA) block works as a deny signal, telling the Microsoft account platform to not allow users to sign in to consumer applications. To send this signal, the `sec-Restrict-Tenant-Access-Policy` header is injected to traffic visiting `login.live.com` using the same corporate proxy or firewall as [above](#proxy-configuration-and-requirements). The value of the header must be `restrict-msa`. When the header is present and a consumer app is attempting to sign in a user directly, that sign in will be blocked. -At this time, authentication to consumer applications does not appear in the [admin logs](#admin-experience), as login.live.com is hosted separately from Azure AD. +At this time, authentication to consumer applications doesn't appear in the [admin logs](#admin-experience), as login.live.com is hosted separately from Azure AD. -### What the header does and does not block +### What the header does and doesn't block The `restrict-msa` policy blocks the use of consumer applications, but allows through several other types of traffic and authentication: 1. User-less traffic for devices. This includes traffic for Autopilot, Windows Update, and organizational telemetry. 1. B2B authentication of consumer accounts. Users with Microsoft accounts that are [invited to collaborate with a tenant](../external-identities/redemption-experience.md#invitation-redemption-flow) authenticate to login.live.com in order to access a resource tenant. 1. This access is controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to that resource tenant.-1. "Passthrough" authentication, used by many Azure apps as well as Office.com, where apps use Azure AD to sign in consumer users in a consumer context. - 1. This access is also controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to the special "passthrough" tenant (`f8cdef31-a31e-4b4a-93e4-5f571e91255a`). If this tenant does not appear in your `Restrict-Access-To-Tenants` list of allowed domains, consumer accounts will be blocked by Azure AD from signing into these apps. +1. "Passthrough" authentication, used by many Azure apps and Office.com, where apps use Azure AD to sign in consumer users in a consumer context. + 1. This access is also controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to the special "passthrough" tenant (`f8cdef31-a31e-4b4a-93e4-5f571e91255a`). If this tenant doesn't appear in your `Restrict-Access-To-Tenants` list of allowed domains, consumer accounts will be blocked by Azure AD from signing into these apps. ++## Platforms that don't support TLS break and inspect ++Tenant restrictions depends on injection of a list of allowed tenants in the HTTPS header, which requires Transport Layer Security Inspection (TLSI) to break and inspect traffic. For environments where the client's side isn't able to break and inspect the traffic to add headers, tenant restrictions won't work. ++Take the example of Android 7.0 and onwards. Android changed how it handles trusted certificate authorities (CAs) to provide safer defaults for secure app traffic. For more information, see [Changes to Trusted Certificate Authorities in Android Nougat](https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html). ++Following the recommendation from Google, Microsoft client apps ignore user certificates by default thus making such apps unable to work with tenant restrictions, since the certificates used by the network proxy are installed in the user certificate store, which isn't trusted by client apps. ++For such environments that can't break and inspect traffic to add the tenant restrictions parameters onto the header, other features of Azure AD can provide protection. The following list provides more information on such Azure AD features. ++- [Conditional Access: Only allow use of managed/compliant devices](/mem/intune/protect/conditional-access-intune-common-ways-use#device-based-conditional-access) +- [Conditional Access: Manage access for guest/external users](/microsoft-365/security/office-365-security/identity-access-policies-guest-access) +- [B2B Collaboration: Restrict outbound rules by Cross-tenant access for the same tenants listed in the parameter "Restrict-Access-To-Tenants"](../external-identities/cross-tenant-access-settings-b2b-collaboration.md) +- [B2B Collaboration: Restrict invitations to B2B users to the same domains listed in the "Restrict-Access-To-Tenants" parameter](../external-identities/allow-deny-list.md) +- [Application management: Restrict how users consent to applications](configure-user-consent.md) +- [Intune: Apply App Policy through Intune to restrict usage of managed apps to only the UPN of the account that enrolled the device](/mem/intune/apps/app-configuration-policies-use-android) - Check the section under, **Allow only configured organization accounts in apps** subheading. +However, some specific scenarios can only be covered using tenant restrictions. ## Next steps - Read about [Updated Office 365 modern authentication](https://www.microsoft.com/microsoft-365/blog/2015/11/19/updated-office-365-modern-authentication-public-preview/) |
active-directory | How Manage User Assigned Managed Identities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md | Title: Manage user-assigned managed identities - Azure AD + Title: Manage user-assigned managed identities description: Create user-assigned managed identities. |
active-directory | How To Assign App Role Managed Identity Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-cli.md | Title: Assign a managed identity to an application role using Azure CLI - Azure AD + Title: Assign a managed identity to an application role using Azure CLI description: Step-by-step instructions for assigning a managed identity access to another application's role, using Azure CLI. |
active-directory | How To Assign App Role Managed Identity Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-powershell.md | Title: Assign a managed identity to an application role using PowerShell - Azure AD + Title: Assign a managed identity to an application role using PowerShell description: Step-by-step instructions for assigning a managed identity access to another application's role, using PowerShell. documentationcenter: |
active-directory | How To Managed Identity Regional Move | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-managed-identity-regional-move.md | Title: Move managed identities to another region - Azure AD + Title: Move managed identities to another region description: Steps involved in getting a managed identity recreated in another region |
active-directory | How To Use Vm Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-sdk.md | Title: Use managed identities on an Azure VM with Azure SDKs - Azure AD + Title: Use managed identities on an Azure VM with Azure SDKs description: Code samples for using Azure SDKs with an Azure VM that has managed identities for Azure resources. documentationcenter: |
active-directory | How To Use Vm Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-sign-in.md | Title: Use managed identities on an Azure VM for sign-in - Azure ADV + Title: Use managed identities on an Azure VM for sign-inV description: Step-by-step instructions and examples for using an Azure VM-managed identities for Azure resources service principal for script client sign-in and resource access. documentationcenter: |
active-directory | How To Use Vm Token | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-token.md | Title: Use managed identities on a virtual machine to acquire access token - Azure AD + Title: Use managed identities on a virtual machine to acquire access token description: Step-by-step instructions and examples for using managed identities for Azure resources on virtual machines to acquire an OAuth access token. documentationcenter: |
active-directory | How To View Managed Identity Service Principal Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-cli.md | Title: View service principal of a managed identity - Azure CLI - Azure AD + Title: View service principal of a managed identity - Azure CLI description: Step-by-step instructions for viewing the service principal of a managed identity using Azure CLI. documentationcenter: '' |
active-directory | How To View Managed Identity Service Principal Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-portal.md | Title: View service principal of a managed identity in the Azure portal - Azure AD + Title: View service principal of a managed identity in the Azure portal description: Step-by-step instructions for viewing the service principal of a managed identity in the Azure portal. documentationcenter: '' |
active-directory | How To View Managed Identity Service Principal Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-to-view-managed-identity-service-principal-powershell.md | Title: View the service principal of a managed identity using PowerShell - Azure AD + Title: View the service principal of a managed identity using PowerShell description: Step-by-step instructions for viewing the service principal of a managed identity using PowerShell. documentationcenter: '' |
active-directory | Howto Assign Access Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-cli.md | Title: Assign a managed identity access to a resource using Azure CLI - Azure AD + Title: Assign a managed identity access to a resource using Azure CLI description: Step-by-step instructions for assigning a managed identity on one resource, access to another resource, using Azure CLI. documentationcenter: |
active-directory | Howto Assign Access Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-portal.md | Title: Assign a managed identity access to a resource using the Azure portal - Azure AD + Title: Assign a managed identity access to a resource using the Azure portal description: Step-by-step instructions for assigning a managed identity on one resource access to another resource, by using the Azure portal. documentationcenter: |
active-directory | Howto Assign Access Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-powershell.md | Title: Assign a managed identity access to a resource using PowerShell - Azure AD + Title: Assign a managed identity access to a resource using PowerShell description: Step-by-step instructions for assigning a managed identity on one resource, access to another resource, using PowerShell. documentationcenter: |
active-directory | Known Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/known-issues.md | Title: Known issues with managed identities - Azure Active Directory + Title: Known issues with managed identities description: Known issues with managed identities for Azure resources. documentationcenter: |
active-directory | Managed Identities Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/managed-identities-faq.md | Title: Managed identities for Azure resources frequently asked questions - Azure AD" + Title: Managed identities for Azure resources frequently asked questions" description: Frequently asked questions about managed identities documentationcenter: Last updated 07/27/2022 -# Managed identities for Azure resources frequently asked questions - Azure AD +# Managed identities for Azure resources frequently asked questions [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)] |
active-directory | Managed Identities Status | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/managed-identities-status.md | Title: Azure Services with managed identities support - Azure AD + Title: Azure Services with managed identities support description: List of services supporting managed identities |
active-directory | Qs Configure Cli Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md | Title: Configure managed identities on Azure VM using Azure CLI - Azure AD + Title: Configure managed identities on Azure VM using Azure CLI description: Step-by-step instructions for configuring system and user-assigned managed identities on an Azure VM using Azure CLI. |
active-directory | Qs Configure Cli Windows Vmss | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vmss.md | Title: Configure managed identities on virtual machine scale set - Azure CLI - Azure AD + Title: Configure managed identities on virtual machine scale set - Azure CLI description: Step-by-step instructions for configuring system and user-assigned managed identities on an Azure virtual machine scale set, using Azure CLI. documentationcenter: |
active-directory | Qs Configure Portal Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md | Title: Configure managed identities using the Azure portal - Azure AD + Title: Configure managed identities using the Azure portal description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM using the Azure portal. documentationcenter: '' |
active-directory | Qs Configure Portal Windows Vmss | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vmss.md | Title: Configure managed identities on virtual machine scale set - Azure AD + Title: Configure managed identities on virtual machine scale set description: Step-by-step instructions for configuring managed identities for Azure resources on a virtual machine scale set using the Azure portal. documentationcenter: '' |
active-directory | Qs Configure Powershell Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md | Title: Configure managed identities on an Azure VM using PowerShell - Azure AD + Title: Configure managed identities on an Azure VM using PowerShell description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM using PowerShell. |
active-directory | Qs Configure Powershell Windows Vmss | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vmss.md | Title: Configure managed identities on virtual machine scale sets using PowerShell - Azure AD + Title: Configure managed identities on virtual machine scale sets using PowerShell description: Step-by-step instructions for configuring a system and user-assigned managed identities on a virtual machine scale set using PowerShell. documentationcenter: |
active-directory | Qs Configure Rest Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vm.md | Title: Configure managed identities on Azure VM using REST - Azure AD + Title: Configure managed identities on Azure VM using REST description: Step-by-step instructions for configuring a system and user-assigned managed identities on an Azure VM using CURL to make REST API calls. documentationcenter: |
active-directory | Qs Configure Rest Vmss | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vmss.md | Title: Configure managed identities on Azure virtual machine scale set using REST - Azure AD + Title: Configure managed identities on Azure virtual machine scale set using REST description: Step-by-step instructions for configuring a system and user-assigned managed identities on an Azure virtual machine scale set using CURL to make REST API calls. documentationcenter: |
active-directory | Qs Configure Sdk Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-sdk-windows-vm.md | Title: Use a SDK to configure managed identities on a VM - Azure AD + Title: Use a SDK to configure managed identities on a VM description: Step-by-step instructions for configuring and using managed identities for Azure resources on an Azure VM, using an Azure SDK. documentationcenter: '' |
active-directory | Qs Configure Template Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm.md | Title: Configure managed identities on Azure VM using template - Azure AD + Title: Configure managed identities on Azure VM using template description: Step-by-step instructions for configuring managed identities for Azure resources on an Azure VM, using an Azure Resource Manager template. documentationcenter: '' |
active-directory | Qs Configure Template Windows Vmss | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-template-windows-vmss.md | Title: Configure template to use managed identities on virtual machine scale sets - Azure AD + Title: Configure template to use managed identities on virtual machine scale sets description: Step-by-step instructions for configuring managed identities for Azure resources on a virtual machine scale set, using an Azure Resource Manager template. documentationcenter: '' |
active-directory | Services Azure Active Directory Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/services-azure-active-directory-support.md | Title: Azure services that support Azure AD authentication - Azure AD + Title: Azure services that support Azure AD authentication description: List of services that support Azure AD authentication |
active-directory | Tutorial Linux Vm Access Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-arm.md | Title: "Quickstart`:` Use a managed identity to access Azure Resource Manager - Azure AD" + Title: "Quickstart`:` Use a managed identity to access Azure Resource Manager" description: A quickstart that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Resource Manager. documentationcenter: '' |
active-directory | Tutorial Linux Vm Access Cosmos Db | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-cosmos-db.md | Title: Tutorial`:`Use a managed identity to access Azure Cosmos DB - Linux - Azure AD + Title: Tutorial`:`Use a managed identity to access Azure Cosmos DB - Linux description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Cosmos DB. documentationcenter: |
active-directory | Tutorial Linux Vm Access Datalake | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-datalake.md | Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Linux - Azure AD + Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Linux description: A tutorial that shows you how to use a Linux VM system-assigned managed identity to access Azure Data Lake Store. documentationcenter: |
active-directory | Tutorial Linux Vm Access Storage Access Key | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage-access-key.md | Title: Tutorial`:` Use a managed identity to access Azure Storage via access key - Linux - Azure AD + Title: Tutorial`:` Use a managed identity to access Azure Storage via access key - Linux description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Storage via an access key. documentationcenter: '' |
active-directory | Tutorial Linux Vm Access Storage Sas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage-sas.md | Title: 'Tutorial: Access Azure Storage using a SAS credential - Linux - Azure AD' + Title: 'Tutorial: Access Azure Storage using a SAS credential - Linux' description: Tutorial showing how to use a Linux VM system-assigned managed identity to access Azure Storage using a SAS credential instead of a storage account access key. documentationcenter: '' |
active-directory | Tutorial Linux Vm Access Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-storage.md | Title: Tutorial`:` Use a managed identity to access Azure Storage - Linux - Azure AD + Title: Tutorial`:` Use a managed identity to access Azure Storage - Linux description: A tutorial that walks you through the process of using a Linux VM system-assigned managed identity to access Azure Storage. documentationcenter: |
active-directory | Tutorial Vm Windows Access Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md | Title: Access Azure Storage using a Windows VM system-assigned managed identity | Microsoft Docs + Title: Access Azure Storage using a Windows VM system-assigned managed identity description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Storage. documentationcenter: '' |
active-directory | Tutorial Windows Vm Access Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm.md | Title: "Tutorial: Use managed identity to access Azure Resource Manager - Windows - Azure AD" + Title: "Tutorial: Use managed identity to access Azure Resource Manager - Windows" description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Resource Manager. documentationcenter: '' |
active-directory | Tutorial Windows Vm Access Cosmos Db | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md | Title: 'Tutorial: Use a managed identity to access Azure Cosmos DB - Windows - Azure AD' + Title: 'Tutorial: Use a managed identity to access Azure Cosmos DB - Windows' description: A tutorial that walks you through the process of using a system-assigned managed identity on a Windows VM, to access Azure Cosmos DB. documentationcenter: '' |
active-directory | Tutorial Windows Vm Access Datalake | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake.md | Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Windows - Azure AD + Title: Tutorial`:` Use a managed identity to access Azure Data Lake Store - Windows description: A tutorial that shows you how to use a Windows VM system-assigned managed identity to access Azure Data Lake Store. documentationcenter: |
active-directory | Tutorial Windows Vm Access Nonaad | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad.md | Title: "Tutorial: Use a managed identity to access Azure Key Vault - Windows - Azure AD" + Title: "Tutorial: Use a managed identity to access Azure Key Vault - Windows" description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Key Vault. documentationcenter: '' |
active-directory | Tutorial Windows Vm Access Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql.md | Title: 'Tutorial: Use a managed identity to access Azure SQL Database - Windows - Azure AD' + Title: 'Tutorial: Use a managed identity to access Azure SQL Database - Windows' description: A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure SQL Database. documentationcenter: '' |
active-directory | Tutorial Windows Vm Access Storage Sas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-storage-sas.md | Title: Tutorial`:` Use managed identity to access Azure Storage using SAS credential - Azure AD + Title: Tutorial`:` Use managed identity to access Azure Storage using SAS credential description: A tutorial that shows you how to use a Windows VM system-assigned managed identity to access Azure Storage, using a SAS credential instead of a storage account access key. documentationcenter: '' |
active-directory | Tutorial Windows Vm Ua Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-ua-arm.md | Title: "Tutorial: Use a managed identity to access Azure Resource Manager - Windows - Azure AD" + Title: "Tutorial: Use a managed identity to access Azure Resource Manager - Windows" description: A tutorial that walks you through the process of using a user-assigned managed identity on a Windows VM, to access Azure Resource Manager. documentationcenter: '' |
active-directory | Azure Ad Pim Approval Workflow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md | Title: Approve or deny requests for Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: Approve or deny requests for Azure AD roles in PIM description: Learn how to approve or deny requests for Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Azure Pim Resource Rbac | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/azure-pim-resource-rbac.md | Title: View audit report for Azure resource roles in Privileged Identity Management (PIM) - Azure AD | Microsoft Docs + Title: View audit report for Azure resource roles in Privileged Identity Management (PIM) description: View activity and audit history for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Concept Pim For Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/concept-pim-for-groups.md | Title: Privileged Identity Management (PIM) for Groups (preview) - Azure Active Directory + Title: Privileged Identity Management (PIM) for Groups (preview) description: How to manage Azure AD Privileged Identity Management (PIM) for Groups. documentationcenter: '' |
active-directory | Groups Activate Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-activate-roles.md | Title: Activate your group membership or ownership in Privileged Identity Management - Azure Active Directory + Title: Activate your group membership or ownership in Privileged Identity Management description: Learn how to activate your group membership or ownership in Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Groups Approval Workflow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-approval-workflow.md | Title: Approve activation requests for group members and owners (preview) - Azure Active Directory + Title: Approve activation requests for group members and owners (preview) description: Learn how to approve activation requests for group members and owners (preview) in Azure AD Privileged Identity Management (PIM). |
active-directory | Groups Assign Member Owner | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-assign-member-owner.md | Title: Assign eligibility for a group (preview) in Privileged Identity Management - Azure Active Directory + Title: Assign eligibility for a group (preview) in Privileged Identity Management description: Learn how to assign eligibility for a group (preview) in Privileged Identity Management. documentationcenter: '' |
active-directory | Groups Audit | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-audit.md | Title: Audit activity history for group assignments (preview) in Privileged Identity Management - Azure Active Directory + Title: Audit activity history for group assignments (preview) in Privileged Identity Management description: View activity and audit activity history for group assignments (preview) in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Groups Discover Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-discover-groups.md | Title: Bring groups into Privileged Identity Management (preview) - Azure Active Directory + Title: Bring groups into Privileged Identity Management (preview) description: Learn how to bring groups into Privileged Identity Management (preview). documentationcenter: '' |
active-directory | Groups Renew Extend | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-renew-extend.md | Title: Extend or renew PIM for groups assignments (preview) - Azure Active Directory + Title: Extend or renew PIM for groups assignments (preview) description: Learn how to extend or renew PIM for groups assignments (preview). documentationcenter: '' |
active-directory | Groups Role Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-role-settings.md | Title: Configure PIM for Groups settings (preview) - Azure Active Directory + Title: Configure PIM for Groups settings (preview) description: Learn how to configure PIM for Groups settings (preview). documentationcenter: '' |
active-directory | Pim Apis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-apis.md | Title: API concepts in Privileged Identity management - Azure AD | Microsoft Docs + Title: API concepts in Privileged Identity management description: Information for understanding the APIs in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Complete Azure Ad Roles And Resource Roles Review | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-complete-azure-ad-roles-and-resource-roles-review.md | Title: Complete an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: Complete an access review of Azure resource and Azure AD roles in PIM description: Learn how to complete an access review of Azure resource and Azure AD roles Privileged Identity Management in Azure Active Directory. documentationcenter: '' |
active-directory | Pim Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-configure.md | Title: What is Privileged Identity Management? - Azure AD | Microsoft Docs + Title: What is Privileged Identity Management? description: Provides an overview of Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Create Azure Ad Roles And Resource Roles Review | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md | Title: Create an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: Create an access review of Azure resource and Azure AD roles in PIM description: Learn how to create an access review of Azure resource and Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Deployment Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-deployment-plan.md | Title: Plan a Privileged Identity Management deployment - Azure AD | Microsoft Docs + Title: Plan a Privileged Identity Management deployment description: Learn how to deploy Privileged Identity Management (PIM) in your Azure AD organization. documentationcenter: '' |
active-directory | Pim Email Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-email-notifications.md | Title: Email notifications in Privileged Identity Management (PIM) - Azure Active Directory | Microsoft Docs + Title: Email notifications in Privileged Identity Management (PIM) description: Describes email notifications in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Getting Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-getting-started.md | Title: Start using PIM - Azure Active Directory | Microsoft Docs + Title: Start using PIM description: Learn how to enable and get started using Azure AD Privileged Identity Management (PIM) in the Azure portal. documentationcenter: '' |
active-directory | Pim How To Activate Role | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-activate-role.md | Title: Activate Azure AD roles in PIM - Azure Active Directory | Microsoft Docs + Title: Activate Azure AD roles in PIM description: Learn how to activate Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim How To Add Role To User | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md | Title: Assign Azure AD roles in PIM - Azure Active Directory | Microsoft Docs + Title: Assign Azure AD roles in PIM description: Learn how to assign Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim How To Change Default Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md | Title: Configure Azure AD role settings in PIM - Azure Active Directory + Title: Configure Azure AD role settings in PIM description: Learn how to configure Azure AD role settings in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim How To Configure Security Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts.md | Title: Security alerts for Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: Security alerts for Azure AD roles in PIM description: Configure security alerts for Azure AD roles Privileged Identity Management in Azure Active Directory. documentationcenter: '' |
active-directory | Pim How To Renew Extend | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-renew-extend.md | Title: Renew Azure AD role assignments in PIM - Azure Active Directory | Microsoft Docs + Title: Renew Azure AD role assignments in PIM description: Learn how to extend or renew Azure Active Directory role assignments in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim How To Require Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-require-mfa.md | Title: MFA or 2FA and Privileged Identity Management - Azure AD | Microsoft Docs + Title: MFA or 2FA and Privileged Identity Management description: Learn how Azure AD Privileged Identity Management (PIM) validates multifactor authentication (MFA). documentationcenter: '' |
active-directory | Pim How To Use Audit Log | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-use-audit-log.md | Title: View audit log report for Azure AD roles in Azure AD PIM | Microsoft Docs + Title: View audit log report for Azure AD roles in Azure AD PIM description: Learn how to view the audit log history for Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Perform Azure Ad Roles And Resource Roles Review | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md | Title: Perform an access review of Azure resource and Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: Perform an access review of Azure resource and Azure AD roles in PIM description: Learn how to review access of Azure resource and Azure AD roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Activate Your Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-activate-your-roles.md | Title: Activate Azure resource roles in PIM - Azure AD | Microsoft Docs + Title: Activate Azure resource roles in PIM description: Learn how to activate your Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Approval Workflow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-approval-workflow.md | Title: Approve requests for Azure resource roles in PIM - Azure AD | Microsoft Docs + Title: Approve requests for Azure resource roles in PIM description: Learn how to approve or deny requests for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Assign Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md | Title: Assign Azure resource roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs + Title: Assign Azure resource roles in Privileged Identity Management description: Learn how to assign Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Configure Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-alerts.md | Title: Configure security alerts for Azure roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs + Title: Configure security alerts for Azure roles in Privileged Identity Management description: Learn how to configure security alerts for Azure resource roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Configure Role Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings.md | Title: Configure Azure resource role settings in PIM - Azure Active Directory + Title: Configure Azure resource role settings in PIM description: Learn how to configure Azure resource role settings in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Custom Role Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-custom-role-policy.md | Title: Use Azure custom roles in PIM - Azure AD | Microsoft Docs + Title: Use Azure custom roles in PIM description: Learn how to use Azure custom roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Discover Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-discover-resources.md | Title: Discover Azure resources to manage in PIM - Azure AD | Microsoft Docs + Title: Discover Azure resources to manage in PIM description: Learn how to discover Azure resources to manage in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Overview Dashboards | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-overview-dashboards.md | Title: Resource dashboards for access reviews in PIM - Azure AD | Microsoft Docs + Title: Resource dashboards for access reviews in PIM description: Describes how to use a resource dashboard to perform an access review in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Resource Roles Renew Extend | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-renew-extend.md | Title: Renew Azure resource role assignments in PIM - Azure AD | Microsoft Docs + Title: Renew Azure resource role assignments in PIM description: Learn how to extend or renew Azure resource role assignments in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-roles.md | Title: Roles you cannot manage in Privileged Identity Management - Azure Active Directory | Microsoft Docs + Title: Roles you cannot manage in Privileged Identity Management description: Describes the roles you cannot manage in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Pim Security Wizard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-security-wizard.md | Title: Azure AD roles Discovery and insights (preview) in Privileged Identity Management former Security Wizard - Azure Active Directory + Title: Azure AD roles Discovery and insights (preview) in Privileged Identity Management former Security Wizard description: Discovery and insights (formerly Security Wizard) help you convert permanent Azure AD role assignments to just-in-time assignments with Privileged Identity Management. documentationcenter: '' |
active-directory | Pim Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-troubleshoot.md | Title: Troubleshoot resource access denied in Privileged Identity Management - Azure Active Directory | Microsoft Docs + Title: Troubleshoot resource access denied in Privileged Identity Management description: Learn how to troubleshoot system errors with roles in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Powershell For Azure Ad Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/powershell-for-azure-ad-roles.md | Title: PowerShell for Azure AD roles in PIM - Azure AD | Microsoft Docs + Title: PowerShell for Azure AD roles in PIM description: Manage Azure AD roles using PowerShell cmdlets in Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Subscription Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/subscription-requirements.md | Title: License requirements to use Privileged Identity Management - Azure Active Directory | Microsoft Docs + Title: License requirements to use Privileged Identity Management description: Describes the licensing requirements to use Azure AD Privileged Identity Management (PIM). documentationcenter: '' |
active-directory | Concept Activity Logs Azure Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md | Title: Azure Active Directory activity logs in Azure Monitor | Microsoft Docs + Title: Azure Active Directory activity logs in Azure Monitor description: Introduction to Azure Active Directory activity logs in Azure Monitor |
active-directory | Concept All Sign Ins | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-all-sign-ins.md | Title: Sign-in logs (preview) in Azure Active Directory | Microsoft Docs + Title: Sign-in logs (preview) in Azure Active Directory description: Conceptual information about Azure AD sign-in logs, including new features in preview. |
active-directory | Concept Audit Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-audit-logs.md | Title: Audit logs in Azure Active Directory | Microsoft Docs + Title: Audit logs in Azure Active Directory description: Overview of the audit logs in Azure Active Directory. |
active-directory | Concept Provisioning Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-provisioning-logs.md | Title: Provisioning logs in Azure Active Directory | Microsoft Docs + Title: Provisioning logs in Azure Active Directory description: Overview of the provisioning logs in Azure Active Directory. |
active-directory | Concept Sign Ins | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-sign-ins.md | Title: Sign-in logs in Azure Active Directory | Microsoft Docs + Title: Sign-in logs in Azure Active Directory description: Conceptual information about Azure AD sign-in logs. |
active-directory | Concept Usage Insights Report | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/concept-usage-insights-report.md | Title: Usage and insights report | Microsoft Docs + Title: Usage and insights report description: Introduction to usage and insights report in the Azure portal |
active-directory | Howto Access Activity Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-access-activity-logs.md | Title: Access activity logs in Azure AD | Microsoft Docs + Title: Access activity logs in Azure AD description: Learn how to choose the right method for accessing the activity logs in Azure AD. |
active-directory | Howto Analyze Activity Logs Log Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics.md | Title: Analyze activity logs using Azure Monitor logs | Microsoft Docs + Title: Analyze activity logs using Azure Monitor logs description: Learn how to analyze Azure Active Directory activity logs using Azure Monitor logs |
active-directory | Howto Configure Prerequisites For Reporting Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api.md | Title: Prerequisites for Azure Active Directory reporting API | Microsoft Docs + Title: Prerequisites for Azure Active Directory reporting API description: Learn about the prerequisites to access the Azure AD reporting API |
active-directory | Howto Download Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-download-logs.md | Title: How to download logs in Azure Active Directory | Microsoft Docs + Title: How to download logs in Azure Active Directory description: Learn how to download activity logs in Azure Active Directory. |
active-directory | Howto Integrate Activity Logs With Arcsight | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight.md | Title: Integrate logs with ArcSight using Azure Monitor | Microsoft Docs + Title: Integrate logs with ArcSight using Azure Monitor description: Learn how to integrate Azure Active Directory logs with ArcSight using Azure Monitor |
active-directory | Howto Integrate Activity Logs With Log Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md | Title: Stream Azure Active Directory logs to Azure Monitor logs | Microsoft Docs + Title: Stream Azure Active Directory logs to Azure Monitor logs description: Learn how to integrate Azure Active Directory logs with Azure Monitor logs |
active-directory | Howto Integrate Activity Logs With Splunk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk.md | Title: Integrate Splunk using Azure Monitor | Microsoft Docs + Title: Integrate Splunk using Azure Monitor description: Learn how to integrate Azure Active Directory logs with Splunk using Azure Monitor. |
active-directory | Howto Integrate Activity Logs With Sumologic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic.md | Title: Stream logs to SumoLogic using Azure Monitor | Microsoft Docs + Title: Stream logs to SumoLogic using Azure Monitor description: Learn how to integrate Azure Active Directory logs with SumoLogic using Azure Monitor. |
active-directory | Howto Manage Inactive User Accounts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-manage-inactive-user-accounts.md | Title: How to manage inactive user accounts in Azure AD | Microsoft Docs + Title: How to manage inactive user accounts in Azure AD description: Learn about how to detect and handle user accounts in Azure AD that have become obsolete |
active-directory | Howto Troubleshoot Sign In Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-troubleshoot-sign-in-errors.md | Title: How to troubleshoot sign-in errors reports | Microsoft Docs + Title: How to troubleshoot sign-in errors reports description: Learn how to troubleshoot sign-in errors using Azure Active Directory reports in the Azure portal |
active-directory | Howto Use Azure Monitor Workbooks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md | Title: Azure Monitor workbooks for Azure Active Directory | Microsoft Docs + Title: Azure Monitor workbooks for Azure Active Directory description: Learn how to use Azure Monitor workbooks for Azure Active Directory reports. |
active-directory | Howto Use Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/howto-use-recommendations.md | Title: How to use Azure Active Directory recommendations | Microsoft Docs + Title: How to use Azure Active Directory recommendations description: Learn how to use Azure Active Directory recommendations. |
active-directory | Overview Monitoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-monitoring.md | Title: What is Azure Active Directory monitoring? | Microsoft Docs + Title: What is Azure Active Directory monitoring? description: Provides a general overview of Azure Active Directory monitoring. |
active-directory | Overview Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-recommendations.md | Title: What are Azure Active Directory recommendations? | Microsoft Docs + Title: What are Azure Active Directory recommendations? description: Provides a general overview of Azure Active Directory recommendations. |
active-directory | Overview Reports | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-reports.md | Title: What are Azure Active Directory reports? | Microsoft Docs + Title: What are Azure Active Directory reports? description: Provides a general overview of Azure Active Directory reports. |
active-directory | Overview Service Health Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/overview-service-health-notifications.md | Title: What are Service Health notifications in Azure Active Directory? | Microsoft Docs + Title: What are Service Health notifications in Azure Active Directory? description: Learn how Service Health notifications provide you with a customizable dashboard that tracks the health of your Azure services in the regions where you use them. |
active-directory | Plan Monitoring And Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/plan-monitoring-and-reporting.md | Title: Plan reports & monitoring deployment - Azure AD + Title: Plan reports & monitoring deployment description: Describes how to plan and execute implementation of reporting and monitoring. |
active-directory | Quickstart Access Log With Graph Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/quickstart-access-log-with-graph-api.md | Title: Access Azure AD logs with the Microsoft Graph API | Microsoft Docs + Title: Access Azure AD logs with the Microsoft Graph API description: In this quickstart, you learn how you can access the sign-ins log using the Graph API. |
active-directory | Quickstart Azure Monitor Route Logs To Storage Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md | Title: Tutorial - Archive directory logs to a storage account | Microsoft Docs + Title: Tutorial - Archive directory logs to a storage account description: Learn how to set up Azure Diagnostics to push Azure Active Directory logs to a storage account |
active-directory | Recommendation Mfa From Known Devices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-mfa-from-known-devices.md | Title: Azure Active Directory recommendation - Minimize MFA prompts from known devices in Azure AD | Microsoft Docs + Title: Azure Active Directory recommendation - Minimize MFA prompts from known devices in Azure AD description: Learn why you should minimize MFA prompts from known devices in Azure AD. |
active-directory | Recommendation Migrate Apps From Adfs To Azure Ad | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-migrate-apps-from-adfs-to-azure-ad.md | Title: Azure Active Directory recommendation - Migrate apps from ADFS to Azure AD in Azure AD | Microsoft Docs + Title: Azure Active Directory recommendation - Migrate apps from ADFS to Azure AD in Azure AD description: Learn why you should migrate apps from ADFS to Azure AD in Azure AD |
active-directory | Recommendation Migrate To Authenticator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md | Title: Azure Active Directory recommendation - Migrate to Microsoft authenticator | Microsoft Docs + Title: Azure Active Directory recommendation - Migrate to Microsoft authenticator description: Learn why you should migrate your users to the Microsoft authenticator app in Azure AD. |
active-directory | Recommendation Remove Unused Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-remove-unused-apps.md | Title: Azure Active Directory recommendation - Remove unused apps (preview) | Microsoft Docs + Title: Azure Active Directory recommendation - Remove unused apps (preview) description: Learn why you should remove unused apps. |
active-directory | Recommendation Remove Unused Credential From Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-remove-unused-credential-from-apps.md | Title: Azure Active Directory recommendation - Remove unused credentials from apps (preview) | Microsoft Docs + Title: Azure Active Directory recommendation - Remove unused credentials from apps (preview) description: Learn why you should remove unused credentials from apps. |
active-directory | Recommendation Renew Expiring Application Credential | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-renew-expiring-application-credential.md | Title: Azure Active Directory recommendation - Renew expiring application credentials (preview) | Microsoft Docs + Title: Azure Active Directory recommendation - Renew expiring application credentials (preview) description: Learn why you should renew expiring application credentials. |
active-directory | Recommendation Renew Expiring Service Principal Credential | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-renew-expiring-service-principal-credential.md | Title: Azure Active Directory recommendation - Renew expiring service principal credentials (preview) | Microsoft Docs + Title: Azure Active Directory recommendation - Renew expiring service principal credentials (preview) description: Learn why you should renew expiring service principal credentials. |
active-directory | Recommendation Turn Off Per User Mfa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/recommendation-turn-off-per-user-mfa.md | Title: Azure Active Directory recommendation - Turn off per user MFA in Azure AD | Microsoft Docs + Title: Azure Active Directory recommendation - Turn off per user MFA in Azure AD description: Learn why you should turn off per user MFA in Azure AD |
active-directory | Reference Audit Activities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-audit-activities.md | Title: Azure Active Directory (Azure AD) audit activity reference | Microsoft Docs + Title: Azure Active Directory (Azure AD) audit activity reference description: Get an overview of the audit activities that can be logged in your audit logs in Azure Active Directory (Azure AD). |
active-directory | Reference Azure Ad Sla Performance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-azure-ad-sla-performance.md | Title: Azure Active Directory SLA performance | Microsoft Docs + Title: Azure Active Directory SLA performance description: Learn about the Azure AD SLA performance |
active-directory | Reference Azure Monitor Sign Ins Log Schema | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-azure-monitor-sign-ins-log-schema.md | Title: Sign-in log schema in Azure Monitor | Microsoft Docs + Title: Sign-in log schema in Azure Monitor description: Describe the Azure AD sign-in log schema for use in Azure Monitor |
active-directory | Reference Basic Info Sign In Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-basic-info-sign-in-logs.md | Title: Basic info in the Azure AD sign-in logs | Microsoft Docs + Title: Basic info in the Azure AD sign-in logs description: Learn what the basic info in the sign-in logs is about. |
active-directory | Reference Powershell Reporting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-powershell-reporting.md | Title: Azure AD PowerShell cmdlets for reporting | Microsoft Docs + Title: Azure AD PowerShell cmdlets for reporting description: Reference of the Azure AD PowerShell cmdlets for reporting. |
active-directory | Reference Reports Data Retention | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/reference-reports-data-retention.md | Title: Azure Active Directory data retention | Microsoft Docs + Title: Azure Active Directory data retention description: Learn how long Azure Active Directory stores the various types of reporting data. |
active-directory | Troubleshoot Audit Data Verified Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/troubleshoot-audit-data-verified-domain.md | Title: 'Troubleshoot audit data of verified domain change | Microsoft Docs' + Title: 'Troubleshoot audit data of verified domain change ' description: Provides you with information that will appear in the Azure Active Directory activity logs when you change a users verified domain. |
active-directory | Tutorial Azure Monitor Stream Logs To Event Hub | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md | Title: Tutorial - Stream logs to an Azure event hub | Microsoft Docs + Title: Tutorial - Stream logs to an Azure event hub description: Learn how to set up Azure Diagnostics to push Azure Active Directory logs to an event hub |
active-directory | Tutorial Log Analytics Wizard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/tutorial-log-analytics-wizard.md | Title: Configure a log analytics workspace in Azure AD | Microsoft Docs + Title: Configure a log analytics workspace in Azure AD description: Learn how to configure log analytics. |
active-directory | Workbook Authentication Prompts Analysis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-authentication-prompts-analysis.md | Title: Authentication prompts analysis workbook in Azure AD | Microsoft Docs + Title: Authentication prompts analysis workbook in Azure AD description: Learn how to use the authentication prompts analysis workbook. |
active-directory | Workbook Conditional Access Gap Analyzer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer.md | Title: Conditional access gap analyzer workbook in Azure AD | Microsoft Docs + Title: Conditional access gap analyzer workbook in Azure AD description: Learn how to use the conditional access gap analyzer workbook. |
active-directory | Workbook Cross Tenant Access Activity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-cross-tenant-access-activity.md | Title: Cross-tenant access activity workbook in Azure AD | Microsoft Docs + Title: Cross-tenant access activity workbook in Azure AD description: Learn how to use the cross-tenant access activity workbook. |
active-directory | Workbook Legacy Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-legacy-authentication.md | Title: Sign-ins using legacy authentication workbook in Azure AD | Microsoft Docs + Title: Sign-ins using legacy authentication workbook in Azure AD description: Learn how to use the sign-ins using legacy authentication workbook. |
active-directory | Workbook Mfa Gaps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-mfa-gaps.md | Title: Multifactor Authentication Gaps workbook in Azure AD | Microsoft Docs + Title: Multifactor Authentication Gaps workbook in Azure AD description: Learn how to use the MFA Gaps workbook. |
active-directory | Workbook Risk Analysis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-risk-analysis.md | Title: Identity protection risk analysis workbook in Azure AD | Microsoft Docs + Title: Identity protection risk analysis workbook in Azure AD description: Learn how to use the identity protection risk analysis workbook. |
active-directory | Workbook Sensitive Operations Report | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/reports-monitoring/workbook-sensitive-operations-report.md | Title: Sensitive operations report workbook in Azure AD | Microsoft Docs + Title: Sensitive operations report workbook in Azure AD description: Learn how to use the sensitive operations report workbook. |
active-directory | Admin Units Assign Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-assign-roles.md | Title: Assign or list Azure AD roles with administrative unit scope - Azure Active Directory | Microsoft Docs + Title: Assign or list Azure AD roles with administrative unit scope description: Use administrative units to restrict the scope of role assignments in Azure Active Directory. documentationcenter: '' |
active-directory | Admin Units Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-manage.md | Title: Create or delete administrative units - Azure Active Directory + Title: Create or delete administrative units description: Create administrative units to restrict the scope of role permissions in Azure Active Directory. documentationcenter: '' |
active-directory | Admin Units Members Add | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-add.md | Title: Add users, groups, or devices to an administrative unit - Azure Active Directory + Title: Add users, groups, or devices to an administrative unit description: Add users, groups, or devices to an administrative unit in Azure Active Directory documentationcenter: '' |
active-directory | Admin Units Members Dynamic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-dynamic.md | Title: Manage users or devices for an administrative unit with dynamic membership rules (Preview) - Azure Active Directory + Title: Manage users or devices for an administrative unit with dynamic membership rules (Preview) description: Manage users or devices for an administrative unit with dynamic membership rules (Preview) in Azure Active Directory documentationcenter: '' |
active-directory | Admin Units Members List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-list.md | Title: List users, groups, or devices in an administrative unit - Azure Active Directory + Title: List users, groups, or devices in an administrative unit description: List users, groups, or devices in an administrative unit in Azure Active Directory. documentationcenter: '' |
active-directory | Admin Units Members Remove | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/admin-units-members-remove.md | Title: Remove users, groups, or devices from an administrative unit - Azure Active Directory + Title: Remove users, groups, or devices from an administrative unit description: Remove users, groups, or devices from an administrative unit in Azure Active Directory documentationcenter: '' |
active-directory | Administrative Units | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/administrative-units.md | Title: Administrative units in Azure Active Directory | Microsoft Docs + Title: Administrative units in Azure Active Directory description: Use administrative units for more granular delegation of permissions in Azure Active Directory. documentationcenter: '' |
active-directory | Assign Roles Different Scopes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/assign-roles-different-scopes.md | Title: Assign Azure AD roles at different scopes - Azure Active Directory + Title: Assign Azure AD roles at different scopes description: Learn how to assign roles at different scopes in Azure Active Directory |
active-directory | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/best-practices.md | Title: Best practices for Azure AD roles - Azure Active Directory + Title: Best practices for Azure AD roles description: Best practices for using Azure Active Directory roles. |
active-directory | Custom Assign Graph | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-assign-graph.md | Title: Assign Azure AD admin roles with Microsoft Graph API | Microsoft Docs + Title: Assign Azure AD admin roles with Microsoft Graph API description: Assign and remove Azure AD administrator roles with Graph API in Azure Active Directory |
active-directory | Custom Assign Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-assign-powershell.md | Title: Assign custom roles using Azure AD PowerShell - Azure AD | Microsoft Docs + Title: Assign custom roles using Azure AD PowerShell description: Manage members of an Azure AD administrator custom role with Azure AD PowerShell. |
active-directory | Custom Available Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-available-permissions.md | Title: Custom role permissions for app registration - Azure AD | Microsoft Docs + Title: Custom role permissions for app registration description: Delegate custom administrator role permissions for managing app registrations. |
active-directory | Custom Consent Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-consent-permissions.md | Title: App consent permissions for custom roles in Azure Active Directory | Microsoft Docs + Title: App consent permissions for custom roles in Azure Active Directory description: Preview app consent permissions for custom Azure AD roles in the Azure portal, PowerShell, or Graph API. |
active-directory | Custom Create | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-create.md | Title: Create custom roles in Azure AD role-based access control | Microsoft Docs + Title: Create custom roles in Azure AD role-based access control description: Create and assign custom Azure AD roles with resource scope on Azure Active Directory resources. |
active-directory | Custom Device Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-device-permissions.md | Title: Device management permissions for Azure AD custom roles - Azure Active Directory + Title: Device management permissions for Azure AD custom roles description: Device management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API. |
active-directory | Custom Enterprise App Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-enterprise-app-permissions.md | Title: App permissions for custom roles in Azure Active Directory | Microsoft Docs + Title: App permissions for custom roles in Azure Active Directory description: Preview enterprise app permissions for custom Azure AD roles in the Azure portal, PowerShell, or Graph API. |
active-directory | Custom Group Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-group-permissions.md | Title: Group management permissions for Azure AD custom roles - Azure Active Directory + Title: Group management permissions for Azure AD custom roles description: Group management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API. |
active-directory | Custom User Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/custom-user-permissions.md | Title: User management permissions for Azure AD custom roles (preview) - Azure Active Directory + Title: User management permissions for Azure AD custom roles (preview) description: User management permissions for Azure AD custom roles in the Azure portal, PowerShell, or Microsoft Graph API. |
active-directory | Delegate App Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/delegate-app-roles.md | Title: Delegate application management administrator permissions - Azure AD | Microsoft Docs + Title: Delegate application management administrator permissions description: Grant permissions for application access management in Azure Active Directory documentationcenter: '' |
active-directory | Delegate By Task | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/delegate-by-task.md | Title: Least privileged roles by task - Azure Active Directory | Microsoft Docs + Title: Least privileged roles by task description: Least privileged roles to delegate for tasks in Azure Active Directory documentationcenter: '' |
active-directory | Groups Assign Role | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-assign-role.md | Title: Assign Azure AD roles to groups - Azure Active Directory + Title: Assign Azure AD roles to groups description: Assign Azure AD roles to role-assignable groups in the Azure portal, PowerShell, or Graph API. |
active-directory | Groups Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-concept.md | Title: Use Azure AD groups to manage role assignments - Azure Active Directory + Title: Use Azure AD groups to manage role assignments description: Use Azure AD groups to simplify role assignment management in Azure Active Directory. |
active-directory | Groups Create Eligible | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-create-eligible.md | Title: Create a group for assigning roles in Azure Active Directory | Microsoft Docs + Title: Create a group for assigning roles in Azure Active Directory description: Learn how to create a role-assignable group in Azure AD. Manage Azure roles in the Azure portal, PowerShell, or Graph API. |
active-directory | Groups Pim Eligible | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-pim-eligible.md | Title: Assign a role to a group using Privileged Identity Management in Azure AD | Microsoft Docs + Title: Assign a role to a group using Privileged Identity Management in Azure AD description: Learn how you can assign an Azure Active Directory (Azure AD) role to a group using Azure AD Privileged Identity Management (PIM). |
active-directory | Groups View Assignments | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/groups-view-assignments.md | Title: View roles assigned to a group in Azure Active Directory | Microsoft Docs + Title: View roles assigned to a group in Azure Active Directory description: Learn how the roles assigned to a group can be viewed using the Azure portal. Viewing groups and assigned roles are default user permissions. |
active-directory | List Role Assignments Users | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/list-role-assignments-users.md | Title: List Azure AD role assignments for a user - Azure Active Directory + Title: List Azure AD role assignments for a user description: Learn how to list Azure AD roles assignments of a user |
active-directory | M365 Workload Docs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/m365-workload-docs.md | Title: Admin role docs across Microsoft 365 services - Azure AD | Microsoft Docs + Title: Admin role docs across Microsoft 365 services description: Find content and API references for administrator roles for Microsoft 365 services in Azure Active Directory documentationcenter: '' |
active-directory | Manage Roles Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/manage-roles-portal.md | Title: Assign Azure AD roles to users - Azure Active Directory + Title: Assign Azure AD roles to users description: Learn how to grant access to users in Azure Active Directory by assigning Azure AD roles. |
active-directory | My Staff Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/my-staff-configure.md | Title: Use My Staff to delegate user management - Azure AD | Microsoft Docs + Title: Use My Staff to delegate user management description: Delegate user management using My Staff and administrative units documentationcenter: '' |
active-directory | Permissions Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/permissions-reference.md | Title: Azure AD built-in roles - Azure Active Directory + Title: Azure AD built-in roles description: Describes the Azure Active Directory built-in roles and permissions. |
active-directory | Prerequisites | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/prerequisites.md | Title: Prerequisites to use PowerShell or Graph Explorer for Azure AD roles - Azure Active Directory + Title: Prerequisites to use PowerShell or Graph Explorer for Azure AD roles description: Prerequisites to use PowerShell or Graph Explorer for Azure Active Directory roles. documentationcenter: '' |
active-directory | Quickstart App Registration Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/quickstart-app-registration-limits.md | Title: Remove limits on creating app registrations - Azure AD | Microsoft Docs + Title: Remove limits on creating app registrations description: Assign a custom role to grant unrestricted app registrations in the Azure AD Active Directory |
active-directory | Role Definitions List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/role-definitions-list.md | Title: List Azure AD role definitions - Azure AD + Title: List Azure AD role definitions description: Learn how to list Azure built-in and custom roles. |
active-directory | Security Emergency Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/security-emergency-access.md | Title: Manage emergency access admin accounts - Azure AD + Title: Manage emergency access admin accounts description: This article describes how to use emergency access accounts to help prevent being inadvertently locked out of your Azure Active Directory (Azure AD) organization. |
active-directory | Security Planning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/roles/security-planning.md | Title: Secure access practices for administrators in Azure AD | Microsoft Docs + Title: Secure access practices for administrators in Azure AD description: Ensure that your organization's administrative access and administrator accounts are secure. For system architects and IT pros who configure Azure AD, Azure, and Microsoft Online Services. keywords: |
active-directory | 123Formbuilder Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/123formbuilder-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with 123FormBuilder SSO | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with 123FormBuilder SSO' description: Learn how to configure single sign-on between Azure Active Directory and 123FormBuilder SSO. |
active-directory | 15Five Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/15five-provisioning-tutorial.md | Title: 'Tutorial: Configure 15Five for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure 15Five for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to 15Five. |
active-directory | 15Five Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/15five-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with 15Five | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with 15Five' description: Learn how to configure single sign-on between Azure Active Directory and 15Five. |
active-directory | 360Online Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/360online-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with 360 Online | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with 360 Online' description: Learn how to configure single sign-on between Azure Active Directory and 360 Online. |
active-directory | 4Me Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/4me-provisioning-tutorial.md | Title: 'Tutorial: Configure 4me for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure 4me for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to 4me. |
active-directory | 4Me Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/4me-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 4me | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 4me' description: Learn how to configure single sign-on between Azure Active Directory and 4me. |
active-directory | 8X8 Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/8x8-provisioning-tutorial.md | Title: 'Tutorial: Configure 8x8 for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure 8x8 for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to 8x8. |
active-directory | 8X8virtualoffice Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/8x8virtualoffice-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 8x8 | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with 8x8' description: Learn how to configure single sign-on between Azure Active Directory and 8x8. |
active-directory | A Cloud Guru Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/a-cloud-guru-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with A Cloud Guru | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with A Cloud Guru' description: Learn how to configure single sign-on between Azure Active Directory and A Cloud Guru. |
active-directory | Abbyy Flexicapture Cloud Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abbyy-flexicapture-cloud-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ABBYY FlexiCapture Cloud | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ABBYY FlexiCapture Cloud' description: Learn how to configure single sign-on between Azure Active Directory and ABBYY FlexiCapture Cloud. |
active-directory | Abintegro Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abintegro-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Abintegro | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Abintegro' description: Learn how to configure single sign-on between Azure Active Directory and Abintegro. |
active-directory | Absorblms Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/absorblms-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Absorb LMS | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Absorb LMS' description: Learn how to configure single sign-on between Azure Active Directory and Absorb LMS. |
active-directory | Abstract Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/abstract-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Abstract | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Abstract' description: Learn how to configure single sign-on between Azure Active Directory and Abstract. |
active-directory | Academy Attendance Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/academy-attendance-tutorial.md | Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Academy Attendance | Microsoft Docs" + Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Academy Attendance" description: Learn how to configure single sign-on between Azure Active Directory and Academy Attendance. |
active-directory | Acadia Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acadia-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Acadia | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Acadia' description: Learn how to configure single sign-on between Azure Active Directory and Acadia. |
active-directory | Accenture Academy Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/accenture-academy-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Accenture Academy | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Accenture Academy' description: Learn how to configure single sign-on between Azure Active Directory and Accenture Academy. |
active-directory | Accredible Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/accredible-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Accredible | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Accredible' description: Learn how to configure single sign-on between Azure Active Directory and Accredible. |
active-directory | Acquireio Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acquireio-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AcquireIO | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AcquireIO' description: Learn how to configure single sign-on between Azure Active Directory and AcquireIO. |
active-directory | Active And Thriving Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/active-and-thriving-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Active and Thriving | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Active and Thriving' description: Learn how to configure single sign-on between Azure Active Directory and Active and Thriving. |
active-directory | Acunetix 360 Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acunetix-360-provisioning-tutorial.md | Title: 'Tutorial: Configure Acunetix 360 for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Acunetix 360 for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Acunetix 360. |
active-directory | Acunetix 360 Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/acunetix-360-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Acunetix 360 | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Acunetix 360' description: Learn how to configure single sign-on between Azure Active Directory and Acunetix 360. |
active-directory | Adaptivesuite Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adaptivesuite-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Adaptive Insights | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Adaptive Insights' description: Learn how to configure single sign-on between Azure Active Directory and Adaptive Insights. |
active-directory | Adglobalview Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adglobalview-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated) | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated)' description: Learn how to configure single sign-on between Azure Active Directory and ADP Globalview (Deprecated). |
active-directory | Adobe Creative Cloud Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-creative-cloud-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Adobe Creative Cloud | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Adobe Creative Cloud' description: Learn how to configure single sign-on between Azure Active Directory and Adobe Creative Cloud. |
active-directory | Adobe Echosign Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-echosign-tutorial.md | Title: 'Tutorial: Azure AD SSO integration with Adobe Sign | Microsoft Docs' + Title: 'Tutorial: Azure AD SSO integration with Adobe Sign' description: Learn how to configure single sign-on between Azure Active Directory and Adobe Sign. |
active-directory | Adobe Identity Management Provisioning Oidc Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md | Title: 'Tutorial: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Adobe Identity Management (OIDC). documentationcenter: '' |
active-directory | Adobe Identity Management Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial.md | Title: 'Tutorial: Configure Adobe Identity Management for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Adobe Identity Management for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Adobe Identity Management. documentationcenter: '' |
active-directory | Adobecaptivateprime Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobecaptivateprime-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Adobe Captivate Prime | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Adobe Captivate Prime' description: Learn how to configure single sign-on between Azure Active Directory and Adobe Captivate Prime. |
active-directory | Adobeexperiencemanager Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adobeexperiencemanager-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Adobe Experience Manager | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Adobe Experience Manager' description: Learn how to configure single sign-on between Azure Active Directory and Adobe Experience Manager. |
active-directory | Adpfederatedsso Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/adpfederatedsso-tutorial.md | Upon receipt of confirmation from your ADP representative, configure your ADP se ### Configure ADP to support multiple instances in the same tenant -1. Go to **Basic SAML Configuration** section and configure another test value in **Identifier (Entity ID)** textbox. +1. Go to **Basic SAML Configuration** section and enter any instance specific URL in the **Identifier (Entity ID)** textbox. ++ > [!NOTE] + > Please note that this can be any random value which you feel relevant for your instance.  Upon receipt of confirmation from your ADP representative, configure your ADP se 1. Enable **Override audience claim** checkbox. - 1. In the **Audience claim value** textbox, enter **Identifier (Entity ID)** value, which you've copied from **Basic SAML Configuration** section and click **Save**. + 1. In the **Audience claim value** textbox, enter `https://fed.adp.com` and click **Save**. 1. Navigate to **Properties** tab under Manage section and copy **Application ID** from the Azure portal. |
active-directory | Advance Kerbf5 Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/advance-kerbf5-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on integration with F5 | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on integration with F5' description: In this article, learn the steps you need to perform to integrate F5 with Azure Active Directory (Azure AD). |
active-directory | Agiloft Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/agiloft-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Agiloft Contract Management Suite | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Agiloft Contract Management Suite' description: Learn how to configure single sign-on between Azure Active Directory and Agiloft Contract Management Suite. |
active-directory | Aha Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aha-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Aha! | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Aha!' description: Learn how to configure single sign-on between Azure Active Directory and Aha!. |
active-directory | Airstack Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airstack-provisioning-tutorial.md | Title: 'Tutorial: Configure Airstack for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Airstack for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Airstack. |
active-directory | Airstack Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airstack-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Airstack | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Airstack' description: Learn how to configure single sign-on between Azure Active Directory and Airstack. |
active-directory | Airtable Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/airtable-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Airtable | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Airtable' description: Learn how to configure single sign-on between Azure Active Directory and Airtable. |
active-directory | Akamai Enterprise Application Access Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/akamai-enterprise-application-access-provisioning-tutorial.md | Title: 'Tutorial: Configure Akamai Enterprise Application Access for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Akamai Enterprise Application Access for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Akamai Enterprise Application Access. |
active-directory | Akashi Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/akashi-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AKASHI | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AKASHI' description: Learn how to configure single sign-on between Azure Active Directory and AKASHI. |
active-directory | Alacritylaw Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alacritylaw-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlacrityLaw | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlacrityLaw' description: Learn how to configure single sign-on between Azure Active Directory and AlacrityLaw. |
active-directory | Alcumus Info Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alcumus-info-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Alcumus Info Exchange | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Alcumus Info Exchange' description: Learn how to configure single sign-on between Azure Active Directory and Alcumus Info Exchange. |
active-directory | Alertmedia Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alertmedia-provisioning-tutorial.md | Title: 'Tutorial: Configure AlertMedia for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure AlertMedia for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to AlertMedia. documentationcenter: '' |
active-directory | Alertmedia Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alertmedia-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlertMedia | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AlertMedia' description: Learn how to configure single sign-on between Azure Active Directory and AlertMedia. |
active-directory | Alexishr Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alexishr-provisioning-tutorial.md | Title: 'Tutorial: Configure AlexisHR for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure AlexisHR for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to AlexisHR. |
active-directory | Alibaba Cloud Service Role Based Sso Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alibaba-cloud-service-role-based-sso-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Alibaba Cloud Service (Role-based SSO) | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Alibaba Cloud Service (Role-based SSO)' description: Learn how to configure single sign-on between Azure Active Directory and Alibaba Cloud Service (Role-based SSO). |
active-directory | Alinto Protect Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/alinto-protect-provisioning-tutorial.md | Title: 'Tutorial: Configure Alinto Protect for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Alinto Protect for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Alinto Protect. |
active-directory | Ally Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ally-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ally.io | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ally.io' description: Learn how to configure single sign-on between Azure Active Directory and Ally.io. |
active-directory | Amazon Business Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amazon-business-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Amazon Business | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Amazon Business' description: Learn how to configure single sign-on between Azure Active Directory and Amazon Business. |
active-directory | Amazon Managed Grafana Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amazon-managed-grafana-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amazon Managed Grafana | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amazon Managed Grafana' description: Learn how to configure single sign-on between Azure Active Directory and Amazon Managed Grafana. |
active-directory | Amplitude Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amplitude-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amplitude | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Amplitude' description: Learn how to configure single sign-on between Azure Active Directory and Amplitude. |
active-directory | Anaqua Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/anaqua-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with ANAQUA | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with ANAQUA' description: Learn how to configure single sign-on between Azure Active Directory and ANAQUA. |
active-directory | Andfrankly Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/andfrankly-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with &frankly | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with &frankly' description: Learn how to configure single sign-on between Azure Active Directory and &frankly. |
active-directory | Andromedascm Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/andromedascm-tutorial.md | Title: "Tutorial: Azure Active Directory integration with Andromeda | Microsoft Docs" + Title: "Tutorial: Azure Active Directory integration with Andromeda" description: Learn how to configure single sign-on between Azure Active Directory and Andromeda. |
active-directory | Animaker Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/animaker-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Animaker | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Animaker' description: Learn how to configure single sign-on between Azure Active Directory and Animaker. |
active-directory | Apexportal Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apexportal-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Apex Portal | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Apex Portal' description: Learn how to configure single sign-on between Azure Active Directory and Apex Portal. |
active-directory | Appaegis Isolation Access Cloud Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appaegis-isolation-access-cloud-provisioning-tutorial.md | Title: 'Tutorial: Configure Appaegis Isolation Access Cloud for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Appaegis Isolation Access Cloud for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Appaegis Isolation Access Cloud. |
active-directory | Appblade Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appblade-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with AppBlade | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with AppBlade' description: Learn how to configure single sign-on between Azure Active Directory and AppBlade. |
active-directory | Appdynamics Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appdynamics-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with AppDynamics | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with AppDynamics' description: Learn how to configure single sign-on between Azure Active Directory and AppDynamics. |
active-directory | Appian Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appian-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Appian | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Appian' description: Learn how to configure single sign-on between Azure Active Directory and Appian. |
active-directory | Appinux Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appinux-tutorial.md | Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Appinux | Microsoft Docs" + Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Appinux" description: Learn how to configure single sign-on between Azure Active Directory and Appinux. |
active-directory | Apple Business Manager Provision Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apple-business-manager-provision-tutorial.md | Title: 'Tutorial: Configure Apple Business Manager for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Apple Business Manager for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Apple Business Manager. documentationcenter: '' |
active-directory | Apple School Manager Provision Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apple-school-manager-provision-tutorial.md | Title: 'Tutorial: Configure Apple School Manager for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Apple School Manager for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Apple School Manager. documentationcenter: '' |
active-directory | Applied Mental Health Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/applied-mental-health-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Applied Mental Health | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Applied Mental Health' description: Learn how to configure single sign-on between Azure Active Directory and Applied Mental Health. |
active-directory | Appraisd Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/appraisd-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Appraisd | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Appraisd' description: Learn how to configure single sign-on between Azure Active Directory and Appraisd. |
active-directory | Apptio Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/apptio-tutorial.md | Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Apptio | Microsoft Docs" + Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Apptio" description: Learn how to configure single sign-on between Azure Active Directory and Apptio. |
active-directory | Aravo Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aravo-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Aravo | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Aravo' description: Learn how to configure single sign-on between Azure Active Directory and Aravo. |
active-directory | Arc Facilities Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arc-facilities-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ARC Facilities | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ARC Facilities' description: Learn how to configure single sign-on between Azure Active Directory and ARC Facilities. |
active-directory | Arc Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arc-tutorial.md | Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Arc Publishing - SSO | Microsoft Docs" + Title: "Tutorial: Azure Active Directory single sign-on (SSO) integration with Arc Publishing - SSO" description: Learn how to configure single sign-on between Azure Active Directory and Arc Publishing - SSO. |
active-directory | Arcgis Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/arcgis-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with ArcGIS Online | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with ArcGIS Online' description: Learn how to configure single sign-on between Azure Active Directory and ArcGIS Online. |
active-directory | Ardoq Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ardoq-provisioning-tutorial.md | Title: 'Tutorial: Configure Ardoq for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Ardoq for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Ardoq. |
active-directory | Ardoq Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ardoq-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ardoq | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Ardoq' description: Learn how to configure single sign-on between Azure Active Directory and Ardoq. |
active-directory | Ares For Enterprise Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ares-for-enterprise-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with ARES for Enterprise | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with ARES for Enterprise' description: Learn how to configure single sign-on between Azure Active Directory and ARES for Enterprise. |
active-directory | Ariba Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ariba-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Ariba | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Ariba' description: Learn how to configure single sign-on between Azure Active Directory and Ariba. |
active-directory | Aruba User Experience Insight Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aruba-user-experience-insight-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Aruba User Experience Insight | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Aruba User Experience Insight' description: Learn how to configure single sign-on between Azure Active Directory and Aruba User Experience Insight. |
active-directory | Asana Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/asana-provisioning-tutorial.md | Title: 'Tutorial: Configure Asana for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Asana for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Asana. |
active-directory | Ascentis Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/ascentis-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Ascentis | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Ascentis' description: Learn how to configure single sign-on between Azure Active Directory and Ascentis. |
active-directory | Askspoke Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askspoke-provisioning-tutorial.md | Title: "Tutorial: Configure askSpoke for automatic user provisioning with Azure Active Directory | Microsoft Docs" + Title: "Tutorial: Configure askSpoke for automatic user provisioning with Azure Active Directory" description: Learn how to automatically provision and de-provision user accounts from Azure AD to askSpoke. documentationcenter: "" |
active-directory | Askspoke Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askspoke-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with askSpoke | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with askSpoke' description: Learn how to configure single sign-on between Azure Active Directory and askSpoke. |
active-directory | Askyourteam Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/askyourteam-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AskYourTeam | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AskYourTeam' description: Learn how to configure single sign-on between Azure Active Directory and AskYourTeam. |
active-directory | Assetbank Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/assetbank-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Asset Bank | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Asset Bank' description: Learn how to configure single sign-on between Azure Active Directory and Asset Bank. |
active-directory | Assetsonar Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/assetsonar-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AssetSonar | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AssetSonar' description: Learn how to configure single sign-on between Azure Active Directory and AssetSonar. |
active-directory | Astra Schedule Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/astra-schedule-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Astra Schedule | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Astra Schedule' description: Learn how to configure single sign-on between Azure Active Directory and Astra Schedule. |
active-directory | Atea Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atea-provisioning-tutorial.md | Title: 'Tutorial: Configure Atea for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Atea for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atea. |
active-directory | Atlassian Cloud Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial.md | Title: 'Tutorial: Configure Atlassian Cloud for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Atlassian Cloud for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atlassian Cloud. documentationcenter: '' |
active-directory | Atmos Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/atmos-provisioning-tutorial.md | Title: 'Tutorial: Configure Atmos for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Atmos for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Atmos. |
active-directory | Attendancemanagementservices Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/attendancemanagementservices-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Attendance Management Services | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Attendance Management Services' description: Learn how to configure single sign-on between Azure Active Directory and Attendance Management Services. |
active-directory | Auditboard Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/auditboard-provisioning-tutorial.md | Title: 'Tutorial: Configure AuditBoard for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure AuditBoard for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to AuditBoard. documentationcenter: '' |
active-directory | Auditboard Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/auditboard-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with AuditBoard | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with AuditBoard' description: Learn how to configure single sign-on between Azure Active Directory and AuditBoard. |
active-directory | Autodesk Sso Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autodesk-sso-provisioning-tutorial.md | Title: 'Tutorial: Configure Autodesk SSO for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Autodesk SSO for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Autodesk SSO. |
active-directory | Autodesk Sso Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autodesk-sso-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Autodesk SSO | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Autodesk SSO' description: Learn how to configure single sign-on between Azure Active Directory and Autodesk SSO. |
active-directory | Autotaskendpointbackup Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autotaskendpointbackup-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Autotask Endpoint Backup | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Autotask Endpoint Backup' description: Learn how to configure single sign-on between Azure Active Directory and Autotask Endpoint Backup. |
active-directory | Autotaskworkplace Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/autotaskworkplace-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Autotask Workplace | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Autotask Workplace' description: Learn how to configure single sign-on between Azure Active Directory and Autotask Workplace. |
active-directory | Awarego Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/awarego-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AwareGo | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AwareGo' description: Learn how to configure single sign-on between Azure Active Directory and AwareGo. |
active-directory | Aws Clientvpn Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-clientvpn-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AWS ClientVPN | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with AWS ClientVPN' description: Learn how to configure single sign-on between Azure Active Directory and AWS ClientVPN. |
active-directory | Aws Multi Accounts Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-multi-accounts-tutorial.md | Title: "Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts | Microsoft Docs" + Title: "Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts" description: Learn how to configure single sign-on between Azure AD and Amazon Web Services (legacy tutorial). |
active-directory | Aws Single Sign On Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md | Title: 'Tutorial: Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to AWS IAM Identity Center. documentationcenter: '' |
active-directory | Baldwin Safety & Compliance Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/baldwin-safety-&-compliance-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Baldwin Safety and Compliance | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Baldwin Safety and Compliance' description: Learn how to configure single sign-on between Azure Active Directory and Baldwin Safety and Compliance. |
active-directory | Bamboo Hr Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bamboo-hr-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with BambooHR | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with BambooHR' description: Learn how to configure single sign-on between Azure Active Directory and BambooHR. |
active-directory | Bamboo Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bamboo-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bamboo by resolution GmbH | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bamboo by resolution GmbH' description: Learn how to configure single sign-on between Azure Active Directory and SAML SSO for Bamboo by resolution GmbH. |
active-directory | Banyan Command Center Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/banyan-command-center-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform' description: Learn how to configure single sign-on between Azure Active Directory and Banyan Security Zero Trust Remote Access Platform. |
active-directory | Beautiful.Ai Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beautiful.ai-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beautiful.ai | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beautiful.ai' description: Learn how to configure single sign-on between Azure Active Directory and Beautiful.ai. |
active-directory | Beekeeper Azure Ad Data Connector Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beekeeper-azure-ad-data-connector-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beekeeper Azure AD SSO | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beekeeper Azure AD SSO' description: Learn how to configure single sign-on between Azure Active Directory and Beekeeper Azure AD SSO. |
active-directory | Beeline Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beeline-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Beeline | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Beeline' description: Learn how to configure single sign-on between Azure Active Directory and Beeline. |
active-directory | Benchling Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/benchling-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Benchling | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Benchling' description: Learn how to configure single sign-on between Azure Active Directory and Benchling. |
active-directory | Benq Iam Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/benq-iam-provisioning-tutorial.md | Title: 'Tutorial: Configure BenQ IAM for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BenQ IAM for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BenQ IAM. |
active-directory | Bentley Automatic User Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bentley-automatic-user-provisioning-tutorial.md | Title: 'Tutorial: Configure Bentley - Automatic User Provisioning for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Bentley - Automatic User Provisioning for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Bentley - Automatic User Provisioning. documentationcenter: '' |
active-directory | Bersin Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bersin-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Bersin | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Bersin' description: Learn how to configure single sign-on between Azure Active Directory and Bersin. |
active-directory | Beyond Identity Admin Console Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/beyond-identity-admin-console-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beyond Identity Admin Console | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Beyond Identity Admin Console' description: Learn how to configure single sign-on between Azure Active Directory and Beyond Identity Admin Console. |
active-directory | Bgsonline Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bgsonline-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with BGS Online | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with BGS Online' description: Learn how to configure single sign-on between Azure Active Directory and BGS Online. |
active-directory | Bic Cloud Design Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bic-cloud-design-provisioning-tutorial.md | Title: 'Tutorial: Configure BIC Cloud Design for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BIC Cloud Design for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BIC Cloud Design. documentationcenter: '' |
active-directory | Bis Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bis-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BIS | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BIS' description: Learn how to configure single sign-on between Azure Active Directory and BIS. |
active-directory | Bitabiz Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitabiz-provisioning-tutorial.md | Title: 'Tutorial: Configure BitaBIZ for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BitaBIZ for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to BitaBIZ. |
active-directory | Bitabiz Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitabiz-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with BitaBIZ | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with BitaBIZ' description: Learn how to configure single sign-on between Azure Active Directory and BitaBIZ. |
active-directory | Bitbucket Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bitbucket-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bitbucket by resolution GmbH | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with SAML SSO for Bitbucket by resolution GmbH' description: Learn how to configure single sign-on between Azure Active Directory and SAML SSO for Bitbucket by resolution GmbH. |
active-directory | Bizagi Studio For Digital Process Automation Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-provisioning-tutorial.md | Title: 'Tutorial: Configure Bizagi Studio for Digital Process Automation for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Bizagi Studio for Digital Process Automation for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and deprovision user accounts from Azure AD to Bizagi Studio for Digital Process Automation. documentationcenter: '' |
active-directory | Bizagi Studio For Digital Process Automation Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation' description: Learn how to configure single sign-on between Azure Active Directory and Bizagi for Digital Process Automation. |
active-directory | Bldng App Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bldng-app-provisioning-tutorial.md | Title: 'Tutorial: Configure BLDNG APP for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BLDNG APP for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BLDNG APP. |
active-directory | Blink Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blink-provisioning-tutorial.md | Title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Blink. |
active-directory | Blink Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blink-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Blink | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Blink' description: Learn how to configure single sign-on between Azure Active Directory and Blink. |
active-directory | Blinq Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blinq-provisioning-tutorial.md | Title: 'Tutorial: Configure Blinq for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Blinq for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Blinq. |
active-directory | Blogin Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blogin-provisioning-tutorial.md | Title: 'Tutorial: Configure BlogIn for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BlogIn for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BlogIn. documentationcenter: '' |
active-directory | Blogin Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/blogin-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlogIn | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlogIn' description: Learn how to configure single sign-on between Azure Active Directory and BlogIn. |
active-directory | Bluejeans Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bluejeans-provisioning-tutorial.md | Title: 'Tutorial: Configure BlueJeans for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BlueJeans for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to BlueJeans. |
active-directory | Bluejeans Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bluejeans-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlueJeans for Azure AD | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BlueJeans for Azure AD' description: Learn how to configure single sign-on between Azure Active Directory and BlueJeans for Azure AD. |
active-directory | Bomgarremotesupport Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bomgarremotesupport-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BeyondTrust Remote Support | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BeyondTrust Remote Support' description: Learn how to configure single sign-on between Azure Active Directory and BeyondTrust Remote Support. |
active-directory | Bonos Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonos-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bonos | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bonos' description: Learn how to configure single sign-on between Azure Active Directory and Bonos. |
active-directory | Bonus Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonus-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Bonusly | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Bonusly' description: Learn how to configure single sign-on between Azure Active Directory and Bonusly. |
active-directory | Bonusly Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bonusly-provisioning-tutorial.md | Title: 'Tutorial: Configure Bonusly for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Bonusly for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Bonusly. |
active-directory | Boomi Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boomi-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Boomi | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Boomi' description: Learn how to configure single sign-on between Azure Active Directory and Boomi. |
active-directory | Box Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/box-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Box | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Box' description: Learn how to configure single sign-on between Azure Active Directory and Box. |
active-directory | Box Userprovisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/box-userprovisioning-tutorial.md | Title: 'Tutorial: Configure Box for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Box for automatic user provisioning with Azure Active Directory' description: Learn how to configure single sign-on between Azure Active Directory and Box . |
active-directory | Boxcryptor Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boxcryptor-provisioning-tutorial.md | Title: 'Tutorial: Configure Boxcryptor for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Boxcryptor for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Boxcryptor. documentationcenter: '' |
active-directory | Boxcryptor Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/boxcryptor-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Boxcryptor | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Boxcryptor' description: Learn how to configure single sign-on between Azure Active Directory and Boxcryptor. |
active-directory | Bpanda Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bpanda-provisioning-tutorial.md | Title: 'Tutorial: Configure Bpanda for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Bpanda for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Bpanda. documentationcenter: '' |
active-directory | Bpmonline Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bpmonline-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Creatio | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Creatio' description: Learn how to configure single sign-on between Azure Active Directory and Creatio. |
active-directory | Brandfolder Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brandfolder-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Brandfolder | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Brandfolder' description: Learn how to configure single sign-on between Azure Active Directory and Brandfolder. |
active-directory | Bridge Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bridge-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Bridge | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Bridge' description: Learn how to configure single sign-on between Azure Active Directory and Bridge. |
active-directory | Bright Pattern Omnichannel Contact Center Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bright-pattern-omnichannel-contact-center-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bright Pattern Omnichannel Contact Center | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bright Pattern Omnichannel Contact Center' description: Learn how to configure single sign-on between Azure Active Directory and Bright Pattern Omnichannel Contact Center. |
active-directory | Brightidea Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brightidea-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Brightidea | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Brightidea' description: Learn how to configure single sign-on between Azure Active Directory and Brightidea. |
active-directory | Brightspace Desire2learn Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brightspace-desire2learn-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Brightspace by Desire2Learn | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Brightspace by Desire2Learn' description: Learn how to configure single sign-on between Azure Active Directory and Brightspace by Desire2Learn. |
active-directory | Britive Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/britive-provisioning-tutorial.md | Title: 'Tutorial: Configure Britive for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Britive for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Britive. |
active-directory | Britive Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/britive-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Britive | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Britive' description: Learn how to configure single sign-on between Azure Active Directory and Britive. |
active-directory | Brivo Onair Identity Connector Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brivo-onair-identity-connector-provisioning-tutorial.md | Title: 'Tutorial: Configure Brivo Onair Identity Connector for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Brivo Onair Identity Connector for automatic user provisioning with Azure Active Directory' description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Brivo Onair Identity Connector. |
active-directory | Broadcom Dx Saas Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/broadcom-dx-saas-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Broadcom DX SaaS | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Broadcom DX SaaS' description: Learn how to configure single sign-on between Azure Active Directory and Broadcom DX SaaS. |
active-directory | Browserstack Single Sign On Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/browserstack-single-sign-on-provisioning-tutorial.md | Title: 'Tutorial: Configure BrowserStack Single Sign-on for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BrowserStack Single Sign-on for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BrowserStack Single Sign-on. documentationcenter: '' |
active-directory | Browserstack Single Sign On Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/browserstack-single-sign-on-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BrowserStack Single Sign-on | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with BrowserStack Single Sign-on' description: Learn how to configure single sign-on between Azure Active Directory and BrowserStack Single Sign-on. |
active-directory | Brushup Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/brushup-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Brushup | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Brushup' description: Learn how to configure single sign-on between Azure Active Directory and Brushup. |
active-directory | Bugsnag Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bugsnag-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Bugsnag | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Bugsnag' description: Learn how to configure single sign-on between Azure Active Directory and Bugsnag. |
active-directory | Bullseyetdp Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bullseyetdp-provisioning-tutorial.md | Title: 'Tutorial: Configure BullseyeTDP for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure BullseyeTDP for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to BullseyeTDP. documentationcenter: '' |
active-directory | Bynder Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/bynder-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Bynder | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Bynder' description: Learn how to configure single sign-on between Azure Active Directory and Bynder. |
active-directory | C3m Cloud Control Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/c3m-cloud-control-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with C3M Cloud Control | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with C3M Cloud Control' description: Learn how to configure single sign-on between Azure Active Directory and C3M Cloud Control. |
active-directory | Cakehr Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cakehr-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CakeHR | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CakeHR' description: Learn how to configure single sign-on between Azure Active Directory and CakeHR. |
active-directory | Carbonite Endpoint Backup Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/carbonite-endpoint-backup-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Carbonite Endpoint Backup | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Carbonite Endpoint Backup' description: Learn how to configure single sign-on between Azure Active Directory and Carbonite Endpoint Backup. |
active-directory | Cato Networks Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cato-networks-provisioning-tutorial.md | Title: 'Tutorial: Configure Cato Networks for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Cato Networks for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Cato Networks. writer: twimmers |
active-directory | Central Desktop Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/central-desktop-tutorial.md | Title: 'Tutorial: Azure Active Directory integration with Central Desktop | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory integration with Central Desktop' description: Learn how to configure single sign-on between Azure Active Directory and Central Desktop. |
active-directory | Cequence Application Security Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cequence-application-security-tutorial.md | Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Cequence Application Security Platform | Microsoft Docs' + Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Cequence Application Security Platform' description: Learn how to configure single sign-on between Azure Active Directory and Cequence Application Security Platform. |
active-directory | Cerby Provisioning Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/cerby-provisioning-tutorial.md | Title: 'Tutorial: Configure Cerby for automatic user provisioning with Azure Active Directory | Microsoft Docs' + Title: 'Tutorial: Configure Cerby for automatic user provisioning with Azure Active Directory' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Cerby. |
active-directory | Cerby Tutorial |