Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

articles/active-directory-b2c/string-transformations.md

@@ -212,7 +212,7 @@ Determines whether a claim value is equal to the input parameter value. Check ou
 | InputClaim | inputClaim1 | string | The claim's type, which is to be compared. |
 | InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |
 | InputParameter | compareTo | string | String comparison, one of the values: Ordinal, OrdinalIgnoreCase. |
-| InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |
+| InputParameter | ignoreCase | string | Specifies whether this comparison should ignore the case of the strings being compared. |
 | OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked. |
 
 ### Example of CompareClaimToValue
@@ -227,7 +227,7 @@ Use this claims transformation to check if a claim is equal to a value you speci
   <InputParameters>
     <InputParameter Id="compareTo" DataType="string" Value="V1" />
     <InputParameter Id="operator" DataType="string" Value="not equal" />
-    <InputParameter Id="ignoreCase" DataType="boolean" Value="true" />
+    <InputParameter Id="ignoreCase" DataType="string" Value="true" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="termsOfUseConsentRequired" TransformationClaimType="outputClaim" />

articles/active-directory/authentication/TOC.yml

@@ -287,7 +287,7 @@
   - name: Azure PowerShell cmdlets
     href: /powershell/azure/
   - name: Microsoft Graph REST API beta
-    href: /graph/api/resources/authenticationmethods-overview?view=graph-rest-beta
+    href: /graph/api/resources/authenticationmethods-overview
   - name: Service limits and restrictions
     href: ../enterprise-users/directory-service-limits-restrictions.md
   - name: FIDO2 compatibility

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -4,7 +4,7 @@ description: Learn about deployment considerations and strategy for successful i
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 02/02/2022
+ms.date: 06/01/2022
 ms.author: mtillman
 author: mtillman
 manager: martinco
@@ -246,7 +246,7 @@ You can monitor authentication method registration and usage across your organiz
 
 The Azure AD sign in reports include authentication details for events when a user is prompted for MFA, and if any Conditional Access policies were in use. You can also use PowerShell for reporting on users registered for Azure AD Multi-Factor Authentication. 
 
-NPS extension and AD FS logs can be viewed from **Security** > **MFA** > **Activity report**.
+NPS extension and AD FS logs can be viewed from **Security** > **MFA** > **Activity report**. Inclusion of this activity in the [Sign-in logs](../reports-monitoring/concept-sign-ins.md) is currently in Preview.
 
 For more information, and additional Azure AD Multi-Factor Authentication reports, see [Review Azure AD Multi-Factor Authentication events](howto-mfa-reporting.md#view-the-azure-ad-sign-ins-report).
 

articles/active-directory/conditional-access/TOC.yml

@@ -115,13 +115,13 @@
   - name: Beta Graph APIs
     items: 
     - name: conditionalAccessPolicy API
-      href: /graph/api/resources/conditionalaccesspolicy?view=graph-rest-beta
+      href: /graph/api/resources/conditionalaccesspolicy
     - name: namedLocation API
-      href: /graph/api/resources/namedlocation?view=graph-rest-beta
+      href: /graph/api/resources/namedlocation
     - name: countryNamedLocation API
-      href: /graph/api/resources/countrynamedlocation?view=graph-rest-beta
+      href: /graph/api/resources/countrynamedlocation
     - name: ipNamedLocation API
-      href: /graph/api/resources/ipnamedlocation?view=graph-rest-beta
+      href: /graph/api/resources/ipnamedlocation
 - name: Resources
   items:
   - name: Azure feedback forum

articles/active-directory/develop/microsoft-graph-intro.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Graph API
 description: The Microsoft Graph API is a RESTful web API that enables you to access Microsoft Cloud service resources.
-author: davidmu1
+author: FaithOmbongi
 services: active-directory
 manager: CelesteDG
 
@@ -10,7 +10,7 @@ ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
 ms.date: 10/08/2021
-ms.author: davidmu
+ms.author: ombongifaith
 ms.custom: aaddev
 ---
 

articles/active-directory/enterprise-users/groups-dynamic-membership.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: overview
-ms.date: 06/02/2022
+ms.date: 06/03/2022
 ms.author: curtand
 ms.reviewer: krbain
 ms.custom: it-pro
@@ -81,10 +81,10 @@ The following are the user properties that you can use to create a single expres
 
 ### Properties of type boolean
 
-| Properties | Allowed values | Usage |
-| --- | --- | --- |
-| accountEnabled |true false |user.accountEnabled -eq true |
-| dirSyncEnabled |true false |user.dirSyncEnabled -eq true |
+Properties | Allowed values | Usage
+--- | --- | ---
+accountEnabled |true false |user.accountEnabled -eq true
+dirSyncEnabled |true false |user.dirSyncEnabled -eq true
 
 ### Properties of type string
 
@@ -101,6 +101,7 @@ The following are the user properties that you can use to create a single expres
 | jobTitle |Any string value or *null* |(user.jobTitle -eq "value") |
 | mail |Any string value or *null* (SMTP address of the user) |(user.mail -eq "value") |
 | mailNickName |Any string value (mail alias of the user) |(user.mailNickName -eq "value") |
+| memberOf | Any string value (valid group object ID) | (device.memberof -any (group.objectId -in ['value'])) |
 | mobile |Any string value or *null* |(user.mobile -eq "value") |
 | objectId |GUID of the user object |(user.objectId -eq "11111111-1111-1111-1111-111111111111") |
 | onPremisesDistinguishedName (preview)| Any string value or *null* |(user.onPremisesDistinguishedName -eq "value") |
@@ -393,12 +394,13 @@ The following device attributes can be used.
  enrollmentProfileName | Apple Device Enrollment Profile name, Android Enterprise Corporate-owned dedicated device Enrollment Profile name, or Windows Autopilot profile name | (device.enrollmentProfileName -eq "DEP iPhones")
  isRooted | true false | (device.isRooted -eq true)
  managementType | MDM (for mobile devices) | (device.managementType -eq "MDM")
+ memberOf | Any string value (valid group object ID) | (user.memberof -any (group.objectId -in ['value'])) 
  deviceId | a valid Azure AD device ID | (device.deviceId -eq "d4fe7726-5966-431c-b3b8-cddc8fdb717d")
  objectId | a valid Azure AD object ID |  (device.objectId -eq "76ad43c9-32c5-45e8-a272-7b58b58f596d")
  devicePhysicalIds | any string value used by Autopilot, such as all Autopilot devices, OrderID, or PurchaseOrderID  | (device.devicePhysicalIDs -any _ -contains "[ZTDId]") (device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881") (device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
  systemLabels | any string matching the Intune device property for tagging Modern Workplace devices | (device.systemLabels -contains "M365Managed")
 
-> [!Note]  
+> [!NOTE]
 > For the deviceOwnership when creating Dynamic Groups for devices you need to set the value equal to "Company". On Intune the device ownership is represented instead as Corporate. Refer to [OwnerTypes](/intune/reports-ref-devices#ownertypes) for more details. 
 
 ## Next steps

articles/active-directory/fundamentals/recover-from-deletions.md

@@ -108,7 +108,7 @@ The most frequent scenarios for application deletion are:
 
 
 
-When you delete an application, the application registration by default enters the soft-delete state. To understand the relationship between application registrations and service principals, see [Apps & service principals in Azure AD - Microsoft identity platform](../develop/app-objects-and-service-principals.md).
+When you delete an application, the application registration by default enters the soft-delete state. To understand the relationship between application registrations and service principals, see [Apps & service principals in Azure AD - Microsoft identity platform](/azure/active-directory/develop/app-objects-and-service-principals).
 
 
 
@@ -143,7 +143,7 @@ For details on restoring soft deleted Microsoft 365 Groups, see the following do
 
 ### Applications
 
-Applications have two objects, the application registration and the service principle. For more information on the differences between the registration and the service principal, see [Apps & service principals in Azure AD.](/develop/app-objects-and-service-principals.md)
+Applications have two objects, the application registration and the service principle. For more information on the differences between the registration and the service principal, see [Apps & service principals in Azure AD.](/azure/active-directory/develop/app-objects-and-service-principals)
 
 To restore an application from the Azure portal, select App registrations, then deleted applications. Select the application registration to restore, and then select Restore app registration. 
 

articles/active-directory/governance/TOC.yml

@@ -29,7 +29,7 @@
       - name: Manage access to resources - Microsoft Graph
         href: /graph/tutorial-access-package-api?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
       - name: Manage access to resources - PowerShell
-        href: /powershell/microsoftgraph/tutorial-entitlement-management?view=graph-powershell-beta
+        href: /powershell/microsoftgraph/tutorial-entitlement-management
       - name: Review access to Microsoft 365 groups - Microsoft Graph
         href: /graph/tutorial-accessreviews-m365group
       - name: Review access to security groups - Microsoft Graph

articles/active-directory/governance/access-reviews-application-preparation.md

@@ -70,7 +70,7 @@ The integration patterns listed above are applicable to third party SaaS applica
 Now that you have identified the integration pattern for the application, check the application as represented in Azure AD is ready for review.
 
 1. In the Azure portal, click **Azure Active Directory**, click **Enterprise Applications**, and check whether your application is on the [list of enterprise applications](../manage-apps/view-applications-portal.md) in your Azure AD tenant.
-1. If the application is not already listed, then check if the application is available the [application gallery](../manage-apps/overview-application-gallery.md) for applications that can be integrated for federated SSO or provisioning. If it is in the gallery, then use the [tutorials](../saas-apps/tutorial-list.md) to configure the application for federation, and if it supports provisioning, also [configure the application](/app-provisioning/configure-automatic-user-provisioning-portal.md) for provisioning.
+1. If the application is not already listed, then check if the application is available the [application gallery](../manage-apps/overview-application-gallery.md) for applications that can be integrated for federated SSO or provisioning. If it is in the gallery, then use the [tutorials](../saas-apps/tutorial-list.md) to configure the application for federation, and if it supports provisioning, also [configure the application](/azure/active-directory/app-provisioning/configure-automatic-user-provisioning-portal) for provisioning.
 1. One the application is in the list of enterprise applications in your tenant, select the application from the list.
 1. Change to the **Properties** tab.  Verify that the **User assignment required?** option is set to **Yes**. If it's set to **No**, all users in your directory, including external identities, can access the application, and you can't review access to the application.
 

articles/active-directory/governance/identity-governance-overview.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 Azure Active Directory (Azure AD) Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources. These and related Azure AD and Enterprise Mobility + Security features allows you to mitigate access risk by protecting, monitoring, and auditing access to critical assets -- while ensuring employee and business partner productivity.  
 
-Identity Governance give organizations the ability to do the following tasks across employees, business partners and vendors, and across services and applications both on-premises and in clouds:
+Identity Governance gives organizations the ability to do the following tasks across employees, business partners and vendors, and across services and applications both on-premises and in clouds:
 
 - Govern the identity lifecycle
 - Govern access lifecycle
@@ -115,4 +115,4 @@ It's a best practice to use the least privileged role to perform administrative
 - [What is Azure AD entitlement management?](entitlement-management-overview.md)
 - [What are Azure AD access reviews?](access-reviews-overview.md)
 - [What is Azure AD Privileged Identity Management?](../privileged-identity-management/pim-configure.md)
-- [What can I do with Terms of use?](../conditional-access/terms-of-use.md)
+- [What can I do with Terms of use?](../conditional-access/terms-of-use.md)

articles/active-directory/manage-apps/add-application-portal-assign-users.md

@@ -66,4 +66,4 @@ If you are planning to complete the next quickstart, keep the application that y
 
 Learn how to set up single sign-on for an enterprise application.
 > [!div class="nextstepaction"]
-> [Enable single sign-on](add-application-portal-setup-sso.md)
+> [Enable single sign-on](what-is-single-sign-on.md)

articles/active-directory/manage-apps/admin-consent-workflow-overview.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 03/30/2022
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.collection: M365-identity-device-management
 
 #customer intent: As an admin, I want to learn about the admin consent workflow and how it affects end-user and admin consent experience

articles/active-directory/manage-apps/app-management-powershell-samples.md

@@ -2,14 +2,14 @@
 title: PowerShell samples in Application Management
 description: These PowerShell samples are used for apps you manage in your Azure Active Directory tenant. You can use these sample scripts to find expiration information about secrets and certificates.
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: sample
 ms.date: 02/18/2021
-ms.author: sureshja
+ms.author: jomondi
 ms.reviewer: sureshja
 ---
 

articles/active-directory/manage-apps/application-management-certs-faq.md

@@ -2,14 +2,14 @@
 title: Application Management certificates frequently asked questions
 description: Learn answers to frequently asked questions (FAQ) about managing certificates for apps using Azure Active Directory as an Identity Provider (IdP).  
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: reference
 ms.date: 03/19/2021
-ms.author: sureshja
+ms.author: jomondi
 ms.reviewer: sureshja, saumadan
 ---
 

articles/active-directory/manage-apps/application-sign-in-problem-application-error.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: troubleshooting
 ms.date: 07/11/2017
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.collection: M365-identity-device-management
 ---
 

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 10/23/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.custom: contperf-fy22q2, contperf-fy22q3
 
 #customer intent: As an admin, I want to manage user assignment for an app in Azure Active Directory using PowerShell

articles/active-directory/manage-apps/certificate-signing-options.md

@@ -2,14 +2,14 @@
 title: Advanced certificate signing options in a SAML token
 description: Learn how to use advanced certificate signing options in the SAML token for pre-integrated apps in Azure Active Directory
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: conceptual
 ms.date: 07/30/2021
-ms.author: saumadan
+ms.author: jomondi
 ms.reviewer: saumadan
 ms.custom: aaddev
 ms.collection: M365-identity-device-management

articles/active-directory/manage-apps/cloud-app-security.md

@@ -2,14 +2,14 @@
 title: App visibility and control with Microsoft Defender for Cloud Apps
 description: Learn ways to identify app risk levels, stop breaches and leaks in real time, and use app connectors to take advantage of provider APIs for visibility and governance.
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: conceptual
 ms.workload: identity
 ms.date: 07/29/2021
-ms.author: davidmu
+ms.author: jomondi
 ms.collection: M365-identity-device-management
 ms.reviewer: bokacevi, dacurwin
 ---

articles/active-directory/manage-apps/configure-admin-consent-workflow.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 05/27/2022
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.collection: M365-identity-device-management
 ms.custom: contperf-fy22q2
 #customer intent: As an admin, I want to configure the admin consent workflow.

articles/active-directory/manage-apps/delete-application-portal.md

@@ -2,14 +2,14 @@
 title: 'Quickstart: Delete an enterprise application'
 description: Delete an enterprise application in Azure Active Directory.
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: quickstart
 ms.workload: identity
 ms.date: 03/24/2022
-ms.author: sureshja
+ms.author: jomondi
 ms.reviewer: sureshja
 ms.custom: mode-other
 #Customer intent: As an administrator of an Azure AD tenant, I want to delete an enterprise application.

articles/active-directory/manage-apps/disable-user-sign-in-portal.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 09/23/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.custom: it-pro
 ms.collection: M365-identity-device-management
 #customer intent: As an admin, I want to disable the way a user signs in for an application so that no user can sign in to it in Azure Active Directory.

articles/active-directory/manage-apps/grant-admin-consent.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: how-to
 ms.date: 10/23/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ms.collection: M365-identity-device-management
 ms.custom: contperf-fy22q2
 

articles/active-directory/manage-apps/plan-an-application-integration.md

@@ -11,7 +11,6 @@ ms.topic: conceptual
 ms.workload: identity
 ms.date: 04/05/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ---
 
 # Integrating Azure Active Directory with applications getting started guide

articles/active-directory/manage-apps/troubleshoot-app-publishing.md

@@ -2,14 +2,14 @@
 title: Your sign-in was blocked
 description: Troubleshoot a blocked sign-in to the Microsoft Application Network portal. 
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: troubleshooting
 ms.workload: identity
 ms.date: 1/18/2022
-ms.author: davidmu
+ms.author: jomondi
 ms.reviewer: jeedes
 #Customer intent: As a publisher of an application, I want troubleshoot a blocked sign-in to the Microsoft Application Network portal.
 ---

articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: reference
 ms.date: 01/07/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ---
 
 # Understand how users are assigned to apps

articles/active-directory/manage-apps/what-is-access-management.md

@@ -10,7 +10,6 @@ ms.workload: identity
 ms.topic: conceptual
 ms.date: 09/23/2021
 ms.author: ergreenl
-ms.reviewer: davidmu
 ---
 
 # Manage access to an application