Merge pull request #5542 from MicrosoftDocs/main

10/14/2024 AM Publish

docs/external-id/customers/reference-training-videos.md

@@ -8,7 +8,7 @@ ms.service: entra-external-id
 
 ms.subservice: customers
 ms.topic: concept-article
-ms.date: 01/07/2024
+ms.date: 10/14/2024
 ms.author: mimart
 ms.custom: it-pro
 
@@ -44,6 +44,12 @@ Microsoft Entra External ID videos are incorporated within our documentation and
 
 We regularly expand our video library, so be sure to subscribe to the Microsoft Security Channel for the latest updates. Here are some videos to help you get started with Microsoft Entra External ID.
 
+### Introduction to Microsoft Entra External ID
+
+Microsoft Entra External ID is Microsoft’s customer identity and access management (CIAM) platform. It helps control who has access to your external facing applications continually verify their online identity while ensuring their personal information and privacy remain safeguarded. This video gives you an introduction to Microsoft Entra External ID, its capabilities and what it’s like to use it as an end user.
+
+> [!VIDEO https://www.youtube.com/embed/XuxXCMOYiSc?si=yX21DVcKsozFPM0v]
+
 ### Get started with Microsoft Entra external ID
 
 This tutorial guides you through creating a new Microsoft Entra External ID tenant and helps you get started with running a sample app and signing in your users. It also explores the various components involved and discusses ways to enhance your configuration.
@@ -78,6 +84,12 @@ This video explains the concept of a custom claims provider, which enables you t
 > [!VIDEO https://www.youtube.com/embed/1tPA7B9ztz0?si=0VXQJmDfnSUv_jAz]
 The second part shows how to [configure Microsoft Entra ID custom claims provider](https://youtu.be/fxQGVIwX8_4?si=vwcYT7wn7OzL6MzK) with the token issuance start event type, which triggers just before a security token is issued.  This event allows you to call a REST API to add claims to the token that's returned to your application.
 
+### Edit user's profile
+
+In this video, we’ll explore the various methods available for accessing and editing user profiles in Microsoft Entra External ID.
+
+> [!VIDEO https://www.youtube.com/embed/_zKCgukVHYw?si=8T6TAdEorg4SHUUc]
+
 ### Microsoft Graph and continuous integration
 
 This video examines the benefits of using Microsoft Graph API and Microsoft Graph PowerShell for automating tasks and running batch operations. Streamline deployment with GitHub workflows to reduce integration and deployment issues, speed up release cycles, improve change management, and maintain version control across different environments.

docs/external-id/customers/tutorial-native-authentication-prepare-android-app.md

@@ -191,7 +191,7 @@ Your code should look something similar to the following snippet:
             }
         } 
 
-        private fun displaySignedInState(accountState: AccountState) { 
+        private fun displaySignedInState(accountResult: AccountState) { 
             val accountName = accountResult.getAccount().username 
             val textView: TextView = findViewById(R.id.accountText) 
             textView.text = "Cached account found: $accountName" 

docs/external-id/what-is-b2b.md

@@ -4,7 +4,7 @@ description: Learn about B2B collaboration for sharing apps with external identi
 
 ms.service: entra-external-id
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 10/14/2024
 ms.author: cmulligan
 author: csmulligan
 manager: celestedg
@@ -101,7 +101,7 @@ You can use authentication and authorization policies to protect your corporate
 
 ## Let application and group owners manage their own guest users
 
-You can delegate guest user management to application owners so that they can add guest users directly to any application they want to share, whether it's a Microsoft application or not.
+You can delegate guest user management to application owners. This allows them to add guest users directly to any application they want to share, whether it's a Microsoft application or not.
 
 - Administrators set up self-service app and group management.
 - Non-administrators use their [Access Panel](https://myapps.microsoft.com) to add guest users to applications or groups.
@@ -123,12 +123,12 @@ Microsoft Entra External ID supports external identity providers like Facebook,
 
 ## Integrate with SharePoint and OneDrive
 
-You can [enable integration with SharePoint and OneDrive](/sharepoint/sharepoint-azureb2b-integration) to share files, folders, list items, document libraries, and sites with people outside your organization, while using Azure B2B for authentication and management. The users you share resources with are typically guest users in your directory, and permissions and groups work the same for these guests as they do for internal users. When enabling integration with SharePoint and OneDrive, you also enable the [email one-time passcode](one-time-passcode.md) feature in Microsoft Entra B2B to serve as a fallback authentication method.
+You can [enable integration with SharePoint and OneDrive](/sharepoint/sharepoint-azureb2b-integration) to share files, folders, list items, document libraries, and sites with people outside your organization, while using Microsoft Entra B2B for authentication and management. The users you share resources with are typically guest users in your directory, and permissions and groups work the same for these guests as they do for internal users. When enabling integration with SharePoint and OneDrive, you also enable the [email one-time passcode](one-time-passcode.md) feature in Microsoft Entra B2B to serve as a fallback authentication method.
 
 :::image type="content" source="media/what-is-b2b/enable-email-otp-options.png" alt-text="Screenshot of the email one-time-passcode setting.":::
 
 ## Next steps
 
 - [Invitation email](invitation-email-elements.md)
 - [Add B2B collaboration guest users in the admin center](add-users-administrator.yml)
-- [B2B direct connect](b2b-direct-connect-overview.md)
+- [B2B direct connect](b2b-direct-connect-overview.md)

docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -187,8 +187,8 @@ Let's look at an example of a user who has single-factor certificate, and is con
 CBA can be used as a second factor like Password (first factor) and CBA (second factor) to get MFA.
 
 >[!NOTE]
-On iOS, users with certificate-based authentication will see a "double prompt", where they must click the option to use certificate-based authentication twice.
-On iOS, users with Microsoft Authenticator App will also see hourly login prompt to authenticate with CBA if there's an Authentication Strength policy enforcing CBA, or if they use CBA as the second factor or step-up authentication.
+> On iOS, users with certificate-based authentication will see a "double prompt", where they must click the option to use certificate-based authentication twice.
+> On iOS, users with Microsoft Authenticator App will also see hourly login prompt to authenticate with CBA if there's an Authentication Strength policy enforcing CBA, or if they use CBA as the second factor or step-up authentication.
 
 ## Understanding the authentication binding policy
 

docs/identity/monitoring-health/concept-microsoft-entra-health.md

@@ -6,97 +6,63 @@ manager: amycolannino
 ms.service: entra-id
 ms.topic: conceptual
 ms.subservice: monitoring-health
-ms.date: 01/04/2024
+ms.date: 10/14/2024
 ms.author: sarahlipsey
 ms.reviewer: sarbar
 
 ---
 
 # What is Microsoft Entra Health?
 
-Microsoft Entra Health (preview) provides you with the ability to view the health of your Microsoft Entra tenant through a report of service level agreement (SLA) attainment and a set of health metrics you can monitor for key Microsoft Entra ID scenarios. All the data is provided at the tenant level. The scenario monitoring solution is currently in public preview and can be enabled or disabled in the Preview Hub; the SLA Attainment report is available by default.
+Microsoft Entra Health (preview) provides you with observability of your Microsoft Entra tenant through continuous low-latency health monitoring and look-back reporting. The low-latency health monitoring solution includes a set of health metric data streams (signals) with built-in alerts designed to help IT operations teams maintain high levels of uptime and service on common Microsoft Entra scenarios. The monthly look-back solution shows the core authentication availability of Microsoft Entra ID each month.
 
-## How to access Microsoft Entra Health
+## How Microsoft Entra health monitoring (preview) works
 
-You can view the Microsoft Entra Health SLA attainment and Scenario monitoring (preview) from the Microsoft Entra admin center.
+1. Metrics and data are gathered, processed, and converted into meaningful signals displayed in Microsoft Entra Health monitoring.
 
-1. Sign into the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Reports Reader](../role-based-access-control/permissions-reference.md#reports-reader).
-1. Browse to **Identity** > **Monitoring and health** > **Health (preview)**.
+1. These signals are fed into our anomaly detection service.
 
-![Screenshot of the Microsoft Entra Health landing page.](media/concept-microsoft-entra-health/identity-health-landing-page.png)
+1. When the anomaly detection service identifies a significant change to a pattern in the signal, it triggers an alert. 
 
-### Enable the Scenario monitoring preview 
+1. When the alert is triggered, an email notification is sent to a set of users, preselected by the tenant admin. This email notification prompts recipients to investigate and determine if there's a problem.
 
-If you'd like to view the **Scenario monitoring (preview)**:
+1. After you see an alert, you need to research possible root causes, determine the next steps, and take action to mitigate the root cause. Each health alert contains an impact assessment and links to resources to help you through the process.
 
-1. Sign into the [Microsoft Entra admin center] as at least a [Reports Reader](../role-based-access-control/permissions-reference.md#reports-reader).
-1. Browse to **Identity** > **Settings** > **Preview hub**.
-1. Enable **Scenario monitoring**.
+## Microsoft Entra Health monitoring signals
 
-Enabling preview feature might take up to 24 hours to populate. Enabling the preview only changes your view, not the entire tenant. You can disable the preview at any time.
+Many IT administrators spend a considerable amount of time investigating several key scenarios, such as sign-ins requiring multifactor authentication (MFA) or sign-ins requiring a compliant or managed device. Microsoft Entra Health provides a visualization of the data associated with these metrics, so you can quickly identify trends and potential issues.
 
-## SLA attainment
-
-In addition to providing global SLA performance, Microsoft Entra ID now provides tenant-level SLA performance for organizations with at least 5000 monthly active users. The Service Level Agreement (SLA) attainment is the user authentication availability for Microsoft Entra ID. For the current availability target and details on how SLA is calculated, see [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_1/).
-
-Hover your mouse over the bar for a month to view the percentage for that month. A table with the same details appears below the graph.
-
-You can also view SLA attainment using [Microsoft Graph](/graph/api/resources/serviceactivity?view=graph-rest-beta&preserve-view=true).
+The following key scenarios can be monitored in Microsoft Entra Health:
 
-![Screenshot of the SLA attainment report.](media/concept-microsoft-entra-health/sla-attainment.png)
-
-## Scenario monitoring (preview) 
-
-Many IT administrators spend a considerable amount of time investigating the health of the following key scenarios:
-
-- Interactive user sign-in requests that require Microsoft Entra multifactor authentication.
+- Interactive user sign-in requests that require Microsoft Entra multifactor authentication (MFA).
 - User sign-in requests that require a managed device through a Conditional Access policy.
 - User sign-in requests that require a compliant device through a Conditional Access policy.
 - User sign-in requests to applications using SAML authentication.
 
-The data associated with each of these scenarios is aggregated into a view that's specific to that scenario. If you're only interested in sign-ins from compliant devices, you can dive into that scenario without noise from other sign-in activities.
-
-Data is aggregated every 15 minutes, for low latency insights into your tenant's health. Each scenario detail page provides trends and totals for that scenario for the last 30 days. You can set the date range to 24 hours, 7 days, or 1 month.
+The data associated with each of these scenarios is aggregated into a view that's specific to that scenario. If you're only interested in sign-ins from compliant devices, you can dive into that scenario without noise from other sign-in activities. 
 
-Select **View details** on a tile to view the metrics for that scenario. You can also view these metric streams using [Microsoft Graph](/graph/api//resources/serviceactivity?view=graph-rest-beta&preserve-view=true).
+Each scenario detail page provides trends and totals for that scenario for the last 30 days. This data is aggregated every 15 minutes, for low latency insights into your tenant's health.
 
-![Screenshot of the scenario monitoring landing page.](media/concept-microsoft-entra-health/scenario-monitoring.png)
+## Microsoft Entra Health monitoring alerts
 
-### Sign-ins requiring a compliant device
+In addition to providing health signals, Microsoft Entra Health monitoring also has an anomaly detection service that looks at the data and develops dynamic alerting thresholds based on the pattern specific to your tenant. When the service identifies a significant change to that pattern at the tenant level, it triggers an alert. By monitoring these scenarios and reviewing the alerts, you can more effectively monitor and improve the health of your tenant.
 
-This scenario captures each user authentication that satisfies a Conditional Access policy requiring sign-in from a compliant device.
+Alerts are specific to your tenant and to the scenario being monitored. Machine learning requires at least four weeks of data to establish a pattern for your tenant. The more data we collect on the signal, the more accurate the anomaly detection service becomes. The service looks back 25-30 minutes on the timeline and triggers an alert if the signal deviates from the pattern.
 
-- [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy).
-- [Learn about Conditional Access and Intune](/mem/intune/protect/conditional-access).
-- [Learn about Microsoft Entra joined devices](../devices/concept-directory-join.md).
+The service provides alerts for the following scenarios:
 
-![Screenshot of the compliant device scenario.](media/concept-microsoft-entra-health/scenario-monitoring-compliant-device.png)
+- [Sign-ins requiring a Conditional Access compliant device](scenario-health-sign-ins-compliant-managed-device.md)
+- [Sign-ins requiring a Conditional Access managed device](scenario-health-sign-ins-compliant-managed-device.md)
+- [Sign-ins requiring multifactor authentication (MFA)](scenario-health-sign-ins-mfa.md)
 
-### Sign-ins requiring a managed device
+At this time, alerts are only available through the Microsoft Graph API. With the Microsoft Graph health monitoring alerts APIs, you can view the alerts, configure email notifications, and update the state of the alert. You can run the API calls on a recurring cadence (for example, daily or hourly) or configure email notifications. For more information, see [How to use Microsoft Entra scenario health alerts](howto-use-health-scenario-alerts.md) and the [Microsoft Graph health monitoring alerts API documentation](/graph/api/resources/healthmonitoring-overview?view=graph-rest-beta&preserve-view=true).
 
-This scenario captures each user authentication that satisfies a Conditional Access policy requiring sign-in from a managed device.
-
-- [What is device management](/mem/intune/fundamentals/what-is-device-management)?
-- [Learn about Microsoft Entra hybrid joined devices](../devices/concept-hybrid-join.md).
-
-![Screenshot of the managed device scenario.](media/concept-microsoft-entra-health/scenario-monitoring-managed-device.png)
-
-### Sign-ins requiring multifactor authentication (MFA)
-
-This scenario provides two aggregated data graphs. The first displays the number of users who successfully completed an interactive MFA sign-in using a Microsoft Entra cloud MFA service. The metric excludes instances when a user refreshes the session without completing the interactive MFA or using passwordless sign-in methods.
-
-This scenario also provides an aggregated look at failures of interactive MFA sign-in attempts. The same type of refreshed sessions and passwordless methods are excluded from this metric.
-
-- [Configure Conditional Access for MFA for all users](../conditional-access/howto-conditional-access-policy-all-users-mfa.md).
-- [Troubleshoot common sign-in errors](howto-troubleshoot-sign-in-errors.md).
-
-![Screenshot of the MFA scenario.](media/concept-microsoft-entra-health/scenario-monitoring-MFA.png)
+## SLA attainment
 
-### Sign-ins to applications using SAML authentication
+In addition to publicly reporting global SLA performance, Microsoft Entra ID provides tenant-level SLA performance for organizations with at least 5000 monthly active users. The Service Level Agreement (SLA) attainment is the user authentication availability for Microsoft Entra ID. For the current availability target and details on how SLA is calculated, see [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_1/).
 
-This scenario looks at SAML 2.0 authentication attempts that the Microsoft Entra cloud service for your tenant successfully processed. This metric currently excludes WS-FED/SAML 1.1 apps integrated with Microsoft Entra ID.
+Hover your mouse over the bar for a month to view the percentage for that month. A table with the same details appears below the graph.
 
-- [Learn how the Microsoft Identity platform uses the SAML protocol](../../identity-platform/saml-protocol-reference.md)
-- [Use a SAML 2.0 IdP for single sign on](../hybrid/connect/how-to-connect-fed-saml-idp.md).
+You can also view SLA attainment using [Microsoft Graph APIs](/graph/api/resources/azureadauthentication?view=graph-rest-beta&preserve-view=true).
 
-![Screenshot of the SAML scenario.](media/concept-microsoft-entra-health/scenario-monitoring-SAML.png)
+![Screenshot of the SLA attainment report.](media/concept-microsoft-entra-health/sla-attainment.png)