From b59956bcf7269784d8b177030f9f9ab55e258933 Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Wed, 15 Nov 2023 15:09:57 -0700 Subject: [PATCH 01/13] docfx-111523 --- docs/docfx.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/docfx.json b/docs/docfx.json index bd040067533..edd6eae31cd 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -58,11 +58,11 @@ }, "fileMetadata": { "feedback_product_url": { - "/identity/**/*.md": "https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789", + "docs/identity/**/*.md": "https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789", "/external-id/*.md": "/entra/identity-platform/developer-support-help-options", "/identity-platform/*.md": "/entra/identity-platform/developer-support-help-options", "/workload-id/*.md": "https://aka.ms/microsoftentraexternalid" - }, + } }, "template": [ "docs.html", @@ -182,8 +182,8 @@ "external-id/customers/*.yml": "Microsoft Entra External ID", "fundamentals/*.md": "Microsoft Entra", "fundamentals/*.yml": "Microsoft Entra", - "global-secure-access/*.md": "Global Secure Access", - "global-secure-access/*.yml": "Global Secure Access", + "docs/global-secure-access/*.md": "Global Secure Access", + "docs/global-secure-access/*.yml": "Global Secure Access", "id-governance/*.md": "Microsoft Entra ID Governance", "id-governance/*.yml": "Microsoft Entra ID Governance", "id-governance/privileged-identity-management/*.md": "Microsoft Entra ID Governance", From 4b3179e04e09e41ff8d167961840c853b5a29604 Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Wed, 15 Nov 2023 15:43:25 -0700 Subject: [PATCH 02/13] nesting --- docs/docfx.json | 156 ++++++++++++++++++++++++------------------------ 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/docs/docfx.json b/docs/docfx.json index edd6eae31cd..d2bbae2ff19 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -44,7 +44,7 @@ "externalReference": [], "globalMetadata": { "brand": "entra", - "uhfHeaderId": "MSDocsHeader-Entra", + "uhfHeaderId": "entra", "breadcrumb_path": "/entra/breadcrumb/toc.json", "extendBreadcrumb": false, "feedback_system": "Standard", @@ -53,15 +53,87 @@ "feedback_help_link_type": "get-help-at-qna", "searchScope": "Microsoft Entra" }, - "no-loc": { - "includes/policy/**/*.md": "[audit, deny, modify, disabled, auditifnotexists, deployifnotexists]" - }, "fileMetadata": { "feedback_product_url": { "docs/identity/**/*.md": "https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789", "/external-id/*.md": "/entra/identity-platform/developer-support-help-options", "/identity-platform/*.md": "/entra/identity-platform/developer-support-help-options", "/workload-id/*.md": "https://aka.ms/microsoftentraexternalid" + }, + "learn_banner_products": { + "docs/**/*.md": [ + "entra" + ] + }, + "featureFlags": { + "docs/**/*.md": [ + "show_learn_banner" + ] + }, + "manager": { + "architecture/*.md": "martincoetzer", + "architecture/*.yml": "martincoetzer", + "external-id/**/*.md": "CelesteDG", + "external-id/**/*.yml": "CelesteDG", + "fundamentals/*.md": "amycolannino", + "fundamentals/*.yml": "amycolannino", + "global-secure-access/*.md": "amycolannino", + "global-secure-access/*.yml": "amycolannino", + "id-governance/**/*.md": "amycolannino", + "id-governance/**/*.yml": "amycolannino", + "id-protection/*.md": "amycolannino", + "id-protection/*.yml": "amycolannino", + "identity/**/*.md": "amycolannino", + "identity/**/*.yml": "amycolannino", + "identity/saas-apps/*.md": "CelesteDG", + "identity/saas-apps/*.yml": "CelesteDG", + "identity/enterprise-apps/*.md": "CelesteDG", + "identity/enterprise-apps/*.yml": "CelesteDG", + "identity-platform/**/*.md": "CelesteDG", + "identity-platform/**/*.yml": "CelesteDG", + "permissions-management/*.md": "amycolannino", + "permissions-management/*.yml": "amycolannino", + "standards/**/*.md": "martincoetzer", + "standards/**/*.yml": "martincoetzer", + "verified-id/*.md": "amycolannino", + "verified-id/*.yml": "amycolannino", + "workload-id/**/*.md": "CelesteDG", + "workload-id/**/*.yml": "CelesteDG" + }, + "titleSuffix": { + "*.md": "Microsoft Entra", + "architecture/*.md": "Microsoft Entra", + "architecture/*.yml": "Microsoft Entra", + "external-id/*.md": "Microsoft Entra External ID", + "external-id/*.yml": "Microsoft Entra External ID", + "external-id/customers/*.md": "Microsoft Entra External ID", + "external-id/customers/*.yml": "Microsoft Entra External ID", + "fundamentals/*.md": "Microsoft Entra", + "fundamentals/*.yml": "Microsoft Entra", + "global-secure-access/*.md": "Global Secure Access", + "global-secure-access/*.yml": "Global Secure Access", + "id-governance/*.md": "Microsoft Entra ID Governance", + "id-governance/*.yml": "Microsoft Entra ID Governance", + "id-governance/privileged-identity-management/*.md": "Microsoft Entra ID Governance", + "id-governance/privileged-identity-management/*.yml": "Microsoft Entra ID Governance", + "id-protection/*.md": "Microsoft Entra ID Protection", + "id-protection/*.yml": "Microsoft Entra ID Protection", + "entra/identity/*.yml": "Microsoft Entra ID", + "entra/identity/**/*.md": "Microsoft Entra ID", + "entra/identity/**/*.yml": "Microsoft Entra ID", + "identity-platform/*.md": "Microsoft identity platform", + "identity-platform/*.yml": "Microsoft identity platform", + "permissions-management/*.md": "Microsoft Entra Permissions Management", + "permissions-management/*.yml": "Microsoft Entra Permissions Management", + "standards/*.md": "Microsoft Entra", + "standards/*.yml": "Microsoft Entra", + "verified-id/*.md": "Microsoft Entra Verified ID", + "verified-id/*.yml": "Microsoft Entra Verified ID", + "workload-id/*.md": "Microsoft Entra Workload ID", + "workload-id/*.yml": "Microsoft Entra Workload ID" + }, + "no-loc": { + "includes/policy/**/*.md": "[audit, deny, modify, disabled, auditifnotexists, deployifnotexists]" } }, "template": [ @@ -71,7 +143,6 @@ "dest": "entra", "recommendations": true, "recommendation_types": ["Training", "Certification"], - "uhfHeaderId": "entra", "contributors_to_exclude": [ "alexbuckgit", "atookey", @@ -131,78 +202,7 @@ "v-shils", "v-shmck", "v-thepet" - ], - "featureFlags": { - "docs/**/*.md": [ - "show_learn_banner" - ] - }, - "learn_banner_products": { - "docs/**/*.md": [ - "entra" - ] - }, - "manager": { - "architecture/*.md": "martincoetzer", - "architecture/*.yml": "martincoetzer", - "external-id/**/*.md": "CelesteDG", - "external-id/**/*.yml": "CelesteDG", - "fundamentals/*.md": "amycolannino", - "fundamentals/*.yml": "amycolannino", - "global-secure-access/*.md": "amycolannino", - "global-secure-access/*.yml": "amycolannino", - "id-governance/**/*.md": "amycolannino", - "id-governance/**/*.yml": "amycolannino", - "id-protection/*.md": "amycolannino", - "id-protection/*.yml": "amycolannino", - "identity/**/*.md": "amycolannino", - "identity/**/*.yml": "amycolannino", - "identity/saas-apps/*.md": "CelesteDG", - "identity/saas-apps/*.yml": "CelesteDG", - "identity/enterprise-apps/*.md": "CelesteDG", - "identity/enterprise-apps/*.yml": "CelesteDG", - "identity-platform/**/*.md": "CelesteDG", - "identity-platform/**/*.yml": "CelesteDG", - "permissions-management/*.md": "amycolannino", - "permissions-management/*.yml": "amycolannino", - "standards/**/*.md": "martincoetzer", - "standards/**/*.yml": "martincoetzer", - "verified-id/*.md": "amycolannino", - "verified-id/*.yml": "amycolannino", - "workload-id/**/*.md": "CelesteDG", - "workload-id/**/*.yml": "CelesteDG" - }, - "titleSuffix": { - "*.md": "Microsoft Entra", - "architecture/*.md": "Microsoft Entra", - "architecture/*.yml": "Microsoft Entra", - "external-id/*.md": "Microsoft Entra External ID", - "external-id/*.yml": "Microsoft Entra External ID", - "external-id/customers/*.md": "Microsoft Entra External ID", - "external-id/customers/*.yml": "Microsoft Entra External ID", - "fundamentals/*.md": "Microsoft Entra", - "fundamentals/*.yml": "Microsoft Entra", - "docs/global-secure-access/*.md": "Global Secure Access", - "docs/global-secure-access/*.yml": "Global Secure Access", - "id-governance/*.md": "Microsoft Entra ID Governance", - "id-governance/*.yml": "Microsoft Entra ID Governance", - "id-governance/privileged-identity-management/*.md": "Microsoft Entra ID Governance", - "id-governance/privileged-identity-management/*.yml": "Microsoft Entra ID Governance", - "id-protection/*.md": "Microsoft Entra ID Protection", - "id-protection/*.yml": "Microsoft Entra ID Protection", - "entra/identity/*.yml": "Microsoft Entra ID", - "entra/identity/**/*.md": "Microsoft Entra ID", - "entra/identity/**/*.yml": "Microsoft Entra ID", - "identity-platform/*.md": "Microsoft identity platform", - "identity-platform/*.yml": "Microsoft identity platform", - "permissions-management/*.md": "Microsoft Entra Permissions Management", - "permissions-management/*.yml": "Microsoft Entra Permissions Management", - "standards/*.md": "Microsoft Entra", - "standards/*.yml": "Microsoft Entra", - "verified-id/*.md": "Microsoft Entra Verified ID", - "verified-id/*.yml": "Microsoft Entra Verified ID", - "workload-id/*.md": "Microsoft Entra Workload ID", - "workload-id/*.yml": "Microsoft Entra Workload ID" + ] }, "rules": { "sensitive-language-wl": { @@ -213,4 +213,4 @@ } } } -} + From 15ac75f3b0b329142be0e3cda091966330740d20 Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Wed, 15 Nov 2023 15:50:29 -0700 Subject: [PATCH 03/13] syntax-fix --- docs/docfx.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/docfx.json b/docs/docfx.json index d2bbae2ff19..f1d275379fa 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -202,8 +202,7 @@ "v-shils", "v-shmck", "v-thepet" - ] - }, + ], "rules": { "sensitive-language-wl": { "exclude": [ @@ -212,5 +211,5 @@ ] } } - } - + } +} From 2ba0d2fbf8ab414f421dda15587963365560ed6e Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Thu, 16 Nov 2023 10:44:56 -0700 Subject: [PATCH 04/13] context-yml-fixes --- docs/architecture/context/architecture-context.yml | 2 +- docs/docfx.json | 2 +- docs/external-id/context/external-id-context.yml | 2 +- .../app-provisioning/context/app-provisioning-context.yml | 2 +- docs/identity/app-proxy/context/app-proxy-context.yml | 4 ++-- .../conditional-access/context/conditional-access-context.yml | 2 +- docs/identity/devices/context/devices-context.yml | 2 +- docs/identity/domain-services/TOC.yml | 2 +- .../{azure-ad-ds-context.yml => domain-services-context.yml} | 4 ++-- docs/identity/enterprise-apps/context/manage-apps-context.yml | 2 +- .../context/msi-context.yml | 2 +- .../role-based-access-control/context/ugr-context.yml | 2 +- docs/identity/users/context/ugr-context.yml | 2 +- 13 files changed, 15 insertions(+), 15 deletions(-) rename docs/identity/domain-services/context/{azure-ad-ds-context.yml => domain-services-context.yml} (65%) diff --git a/docs/architecture/context/architecture-context.yml b/docs/architecture/context/architecture-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/architecture/context/architecture-context.yml +++ b/docs/architecture/context/architecture-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/docfx.json b/docs/docfx.json index f1d275379fa..5c4f97dd2cc 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -44,7 +44,7 @@ "externalReference": [], "globalMetadata": { "brand": "entra", - "uhfHeaderId": "entra", + "uhfHeaderId": "MSDocsHeader-Entra", "breadcrumb_path": "/entra/breadcrumb/toc.json", "extendBreadcrumb": false, "feedback_system": "Standard", diff --git a/docs/external-id/context/external-id-context.yml b/docs/external-id/context/external-id-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/external-id/context/external-id-context.yml +++ b/docs/external-id/context/external-id-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/app-provisioning/context/app-provisioning-context.yml b/docs/identity/app-provisioning/context/app-provisioning-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/identity/app-provisioning/context/app-provisioning-context.yml +++ b/docs/identity/app-provisioning/context/app-provisioning-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/app-proxy/context/app-proxy-context.yml b/docs/identity/app-proxy/context/app-proxy-context.yml index d65a6dbba39..e6de4e0ca54 100644 --- a/docs/identity/app-proxy/context/app-proxy-context.yml +++ b/docs/identity/app-proxy/context/app-proxy-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject -brand: azure -uhfHeaderId: azure +brand: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../bread/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/conditional-access/context/conditional-access-context.yml b/docs/identity/conditional-access/context/conditional-access-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/identity/conditional-access/context/conditional-access-context.yml +++ b/docs/identity/conditional-access/context/conditional-access-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/devices/context/devices-context.yml b/docs/identity/devices/context/devices-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/identity/devices/context/devices-context.yml +++ b/docs/identity/devices/context/devices-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/domain-services/TOC.yml b/docs/identity/domain-services/TOC.yml index 210915b7b77..2212a4c2c34 100644 --- a/docs/identity/domain-services/TOC.yml +++ b/docs/identity/domain-services/TOC.yml @@ -104,7 +104,7 @@ - name: Secure remote access to VMs href: secure-remote-vm-access.md - name: Security baseline - href: /security/benchmark/azure/baselines/azure-active-directory-domain-services-security-baseline?toc=/entra/identity/domain-services/toc.json&bc=/entra/identity/domain-services/breadcrumb/toc.json + href: /security/benchmark/azure/baselines/azure-active-directory-domain-services-security-baseline?context=/domain-services/context/domain-services-context.json - name: Domain-join VMs items: - name: Windows Server VM from template diff --git a/docs/identity/domain-services/context/azure-ad-ds-context.yml b/docs/identity/domain-services/context/domain-services-context.yml similarity index 65% rename from docs/identity/domain-services/context/azure-ad-ds-context.yml rename to docs/identity/domain-services/context/domain-services-context.yml index 2f2035c94a6..df99528f5ae 100644 --- a/docs/identity/domain-services/context/azure-ad-ds-context.yml +++ b/docs/identity/domain-services/context/domain-services-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject -brand: azure -uhfHeaderId: azure +brand: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/TOC.yml toc_rel: ../TOC.yml \ No newline at end of file diff --git a/docs/identity/enterprise-apps/context/manage-apps-context.yml b/docs/identity/enterprise-apps/context/manage-apps-context.yml index 555da2fb810..33512cbfb93 100644 --- a/docs/identity/enterprise-apps/context/manage-apps-context.yml +++ b/docs/identity/enterprise-apps/context/manage-apps-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../toc.yml \ No newline at end of file diff --git a/docs/identity/managed-identities-azure-resources/context/msi-context.yml b/docs/identity/managed-identities-azure-resources/context/msi-context.yml index 4198c5af694..ec866d0b75d 100644 --- a/docs/identity/managed-identities-azure-resources/context/msi-context.yml +++ b/docs/identity/managed-identities-azure-resources/context/msi-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../TOC.yml \ No newline at end of file diff --git a/docs/identity/role-based-access-control/context/ugr-context.yml b/docs/identity/role-based-access-control/context/ugr-context.yml index 4198c5af694..ec866d0b75d 100644 --- a/docs/identity/role-based-access-control/context/ugr-context.yml +++ b/docs/identity/role-based-access-control/context/ugr-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../TOC.yml \ No newline at end of file diff --git a/docs/identity/users/context/ugr-context.yml b/docs/identity/users/context/ugr-context.yml index 4198c5af694..ec866d0b75d 100644 --- a/docs/identity/users/context/ugr-context.yml +++ b/docs/identity/users/context/ugr-context.yml @@ -1,5 +1,5 @@ ### YamlMime:ContextObject brand: entra -uhfHeaderId: entra +uhfHeaderId: MSDocsHeader-Entra breadcrumb_path: ../breadcrumb/toc.yml toc_rel: ../TOC.yml \ No newline at end of file From fd72f6f410ad5db7dc1bd8b48c713296e25770aa Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Thu, 16 Nov 2023 13:01:54 -0700 Subject: [PATCH 05/13] redirect --- .openpublishing.redirection.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index da0548fc1a6..f0f79ecee71 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -41,8 +41,12 @@ "source_path_from_root": "/docs/identity-platform/msal-v1-app-scopes.md", "redirect_url": "/entra/identity-platform/msal-acquire-cache-tokens", "redirect_document_id": false + }, + { + "source_path_from_root": "/docs/identity/domain-services/context/azure-ad-ds-context.yml", + "redirect_url": "/entra/identity/domain-services/context/domain-services-context", + "redirect_document_id": false } - ] } From a38e825fb1854e63fff0b04d21ed43c48b9ce275 Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:02:14 -0700 Subject: [PATCH 06/13] redirec-fix --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f0f79ecee71..1a58f6d83ad 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -44,7 +44,7 @@ }, { "source_path_from_root": "/docs/identity/domain-services/context/azure-ad-ds-context.yml", - "redirect_url": "/entra/identity/domain-services/context/domain-services-context", + "redirect_url": "/entra/identity/domain-services/context/domain-services-context.yml", "redirect_document_id": false } ] From 0399b7da20ae6c50926e789f1b7eb109a86cae1d Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Thu, 16 Nov 2023 16:19:12 -0700 Subject: [PATCH 07/13] remove-redirect --- .openpublishing.redirection.json | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1a58f6d83ad..0b1f3c3ad94 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -41,11 +41,6 @@ "source_path_from_root": "/docs/identity-platform/msal-v1-app-scopes.md", "redirect_url": "/entra/identity-platform/msal-acquire-cache-tokens", "redirect_document_id": false - }, - { - "source_path_from_root": "/docs/identity/domain-services/context/azure-ad-ds-context.yml", - "redirect_url": "/entra/identity/domain-services/context/domain-services-context.yml", - "redirect_document_id": false } ] } From 3f57450da502a76b91885b46767c34c7b82b3ed7 Mon Sep 17 00:00:00 2001 From: John Flores Date: Wed, 29 Nov 2023 15:34:27 -0500 Subject: [PATCH 08/13] Update managed-policies.md --- docs/identity/conditional-access/managed-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/conditional-access/managed-policies.md b/docs/identity/conditional-access/managed-policies.md index 3dae04ac643..82df89abbb6 100644 --- a/docs/identity/conditional-access/managed-policies.md +++ b/docs/identity/conditional-access/managed-policies.md @@ -59,7 +59,7 @@ This policy targets Microsoft Entra ID P1 and P2 tenants where security defaults This policy covers all users and requires MFA and reauthentication when we detect high-risk sign-ins. High-risk in this case means something about the way the user signed in is out of the ordinary. These high-risk sign-ins might include: travel that is highly abnormal, password spray attacks, or token replay attacks. For more information about these risk definitions, see the article [What are risk detections](/entra/id-protection/concept-identity-protection-risks#sign-in-risk-detections). -This policy targets Microsoft Entra ID P2 tenants where there are enough licenses for each user. Microsoft Entra ID doesn't allow risky users to register for MFA, so to avoid locking them out of the system this policy is only available to organizations where every user is already registered for MFA. +This policy targets Microsoft Entra ID P2 tenants where security defaults aren't enabled and there are enough licenses for each user. Microsoft Entra ID doesn't allow risky users to register for MFA, so to avoid locking them out of the system this policy is only available to organizations where every user is already registered for MFA. ## How do I see the effects? From ca034e8a7d52a4f7a11135229bc8bf615de9d94a Mon Sep 17 00:00:00 2001 From: John Flores Date: Wed, 29 Nov 2023 15:36:33 -0500 Subject: [PATCH 09/13] Update managed-policies.md --- docs/identity/conditional-access/managed-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/conditional-access/managed-policies.md b/docs/identity/conditional-access/managed-policies.md index 82df89abbb6..e1771e350a1 100644 --- a/docs/identity/conditional-access/managed-policies.md +++ b/docs/identity/conditional-access/managed-policies.md @@ -39,7 +39,7 @@ Microsoft will enable these policies after no less than 90 days after they're in ## Policies -These Microsoft-managed policies allow administrators to make simple modifications like excluding users or turning them from report-only mode to on or off. As Administrators get more comfortable with Conditional Access policy, they might choose to clone the policy and make custom versions. +These Microsoft-managed policies allow administrators to make simple modifications like excluding users or turning them from report-only mode to on or off, however they won't be able to rename or delete the Microsoft-managed policies. As Administrators get more comfortable with Conditional Access policy, they might choose to clone the policy and make custom versions. As threats evolve over time, Microsoft might change these policies in the future to take advantage of new features and functionality to improve their function. From cf1077d01fb5a0514aa6df42e1de5cf5d90224c1 Mon Sep 17 00:00:00 2001 From: Justinha Date: Wed, 29 Nov 2023 12:47:12 -0800 Subject: [PATCH 10/13] removed slashes --- ...-based-authentication-certificateuserids.md | 18 +++++++++--------- .../how-to-certificate-based-authentication.md | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/identity/authentication/concept-certificate-based-authentication-certificateuserids.md b/docs/identity/authentication/concept-certificate-based-authentication-certificateuserids.md index ec72b27e1ee..d1f3755b946 100644 --- a/docs/identity/authentication/concept-certificate-based-authentication-certificateuserids.md +++ b/docs/identity/authentication/concept-certificate-based-authentication-certificateuserids.md @@ -6,7 +6,7 @@ services: active-directory ms.service: active-directory ms.subservice: authentication ms.topic: how-to -ms.date: 11/15/2023 +ms.date: 11/29/2023 ms.author: justinha author: vimrang @@ -27,14 +27,14 @@ The values stored in **certificateUserIds** should be in the format described in |Certificate mapping Field | Examples of values in CertificateUserIds | |--------------------------|--------------------------------------| -|PrincipalName | `X509:\bob@woodgrove.com` | -|PrincipalName | `X509:\bob@woodgrove` | -|RFC822Name | `X509:\user@woodgrove.com` | -|IssuerAndSubject | `X509:\DC=com,DC=contoso,CN=CONTOSO-DC-CA\DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | -|Subject | `X509:\DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | -|SKI | `X509:\123456789abcdef` | -|SHA1PublicKey |`X509:\123456789abcdef` | -|IssuerAndSerialNumber | `X509:\DC=com,DC=contoso,CN=CONTOSO-DC-CA\b24134139f069b49997212a86ba0ef48`
To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:
**Syntax**:
`Certutil –dump –v [~certificate path~] >> [~dumpFile path~]`
**Example**:
`certutil -dump -v firstusercert.cer >> firstCertDump.txt` | +|PrincipalName | `X509:bob@woodgrove.com` | +|PrincipalName | `X509:bob@woodgrove` | +|RFC822Name | `X509:user@woodgrove.com` | +|IssuerAndSubject | `X509:DC=com,DC=contoso,CN=CONTOSO-DC-CADC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | +|Subject | `X509:DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | +|SKI | `X509:123456789abcdef` | +|SHA1PublicKey |`X509:123456789abcdef` | +|IssuerAndSerialNumber | `X509:DC=com,DC=contoso,CN=CONTOSO-DC-CAb24134139f069b49997212a86ba0ef48`
To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:
**Syntax**:
`Certutil –dump –v [~certificate path~] >> [~dumpFile path~]`
**Example**:
`certutil -dump -v firstusercert.cer >> firstCertDump.txt` | ## Roles to update certificateUserIds diff --git a/docs/identity/authentication/how-to-certificate-based-authentication.md b/docs/identity/authentication/how-to-certificate-based-authentication.md index 5c7e0ddb383..883bf9ee855 100644 --- a/docs/identity/authentication/how-to-certificate-based-authentication.md +++ b/docs/identity/authentication/how-to-certificate-based-authentication.md @@ -398,7 +398,7 @@ The SerialNumber value to be added in CertificateUserId is: CertificateUserId: ``` -X509: C=US,O=U.SGovernment,OU=DoD,OU=PKI,OU=CONTRACTOR,CN=CRL.BALA.SelfSignedCertificate b24134139f069b49997212a86ba0ef48 +X509:C=US,O=U.SGovernment,OU=DoD,OU=PKI,OU=CONTRACTOR,CN=CRL.BALA.SelfSignedCertificate b24134139f069b49997212a86ba0ef48 ``` #### Issue and Subject manual mapping From 6c15195d038acb23a6289390c39ca94b45295221 Mon Sep 17 00:00:00 2001 From: Jennifer Fields Date: Wed, 29 Nov 2023 14:09:14 -0700 Subject: [PATCH 11/13] Reorganizing image placement --- .../permissions-management-quickstart-guide.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/permissions-management/permissions-management-quickstart-guide.md b/docs/permissions-management/permissions-management-quickstart-guide.md index e241ef9c764..d4adf532c68 100644 --- a/docs/permissions-management/permissions-management-quickstart-guide.md +++ b/docs/permissions-management/permissions-management-quickstart-guide.md @@ -42,6 +42,7 @@ If the above points are met, continue with: Ensure you're a Global Administrator. Learn more about [Permissions Management roles and permissions](product-roles-permissions.md). +:::image type="content" source="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png" alt-text="A diagram showing where Entra ID intersect with Azure roles in the Entra ID tenant." lightbox="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png"::: ## Step 2: Onboard your multicloud environment @@ -122,8 +123,6 @@ When you enabled Permissions Management in the Microsoft Entra tenant, an enterp 2. Assign the *Reader* role to the CIEM application to allow Permissions management to read the Microsoft Entra subscriptions in your environment. -:::image type="content" source="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png" alt-text="A diagram showing where Entra ID intersect with Azure roles in the Entra ID tenant." lightbox="media/permissions-management-quickstart-guide/entra-id-roles-sync-azure-environment.png"::: - :::image type="content" source="media/permissions-management-quickstart-guide/entra-id-tenant-role-connection-azure-subscriptions.png" alt-text="A diagram showing the connection between the Entra ID role connections to an Azure subscription." lightbox="media/permissions-management-quickstart-guide/entra-id-tenant-role-connection-azure-subscriptions.png"::: ### Prerequisites From 449933f3f75c47aad401fd31aab7983753658efd Mon Sep 17 00:00:00 2001 From: shlipsey3 <66325782+shlipsey3@users.noreply.github.com> Date: Wed, 29 Nov 2023 14:46:48 -0700 Subject: [PATCH 12/13] path-fix --- docs/docfx.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docfx.json b/docs/docfx.json index 5c4f97dd2cc..a3b7b4ec838 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -118,9 +118,9 @@ "id-governance/privileged-identity-management/*.yml": "Microsoft Entra ID Governance", "id-protection/*.md": "Microsoft Entra ID Protection", "id-protection/*.yml": "Microsoft Entra ID Protection", - "entra/identity/*.yml": "Microsoft Entra ID", - "entra/identity/**/*.md": "Microsoft Entra ID", - "entra/identity/**/*.yml": "Microsoft Entra ID", + "identity/*.yml": "Microsoft Entra ID", + "identity/**/*.md": "Microsoft Entra ID", + "identity/**/*.yml": "Microsoft Entra ID", "identity-platform/*.md": "Microsoft identity platform", "identity-platform/*.yml": "Microsoft identity platform", "permissions-management/*.md": "Microsoft Entra Permissions Management", From 2eb596d1c38aa47ceff1ecbb69af8f4e77d5d485 Mon Sep 17 00:00:00 2001 From: Justinha Date: Wed, 29 Nov 2023 14:09:30 -0800 Subject: [PATCH 13/13] removed slashes --- ...ate-based-authentication-technical-deep-dive.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md b/docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md index 7d220c23697..97c98915926 100644 --- a/docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md +++ b/docs/identity/authentication/concept-certificate-based-authentication-technical-deep-dive.md @@ -199,13 +199,13 @@ Mapping types based on user names and email addresses are considered low-affinit | Certificate mapping field | Examples of values in certificateUserIds | User object attributes | Type | |:--------------------------|:----------------------------------------:|:----------------------:|:----:| -|PrincipalName | `X509:\bob@woodgrove.com` | userPrincipalName
onPremisesUserPrincipalName
certificateUserIds | low-affinity | -|RFC822Name | `X509:\user@woodgrove.com` | userPrincipalName
onPremisesUserPrincipalName
certificateUserIds | low-affinity | -|IssuerAndSubject | `X509:\DC=com,DC=contoso,CN=CONTOSO-DC-CA\DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity | -|Subject | `X509:\DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity | -|SKI | `X509:\123456789abcdef` | certificateUserIds | high-affinity | -|SHA1PublicKey | `X509:\123456789abcdef` | certificateUserIds | high-affinity | -|IssuerAndSerialNumber | `X509:\DC=com,DC=contoso,CN=CONTOSO-DC-CA\b24134139f069b49997212a86ba0ef48`
To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:
**Syntax**:
`Certutil –dump –v [~certificate path~] >> [~dumpFile path~]`
**Example**:
`certutil -dump -v firstusercert.cer >> firstCertDump.txt` | certificateUserIds | high-affinity | +|PrincipalName | `X509:bob@woodgrove.com` | userPrincipalName
onPremisesUserPrincipalName
certificateUserIds | low-affinity | +|RFC822Name | `X509:user@woodgrove.com` | userPrincipalName
onPremisesUserPrincipalName
certificateUserIds | low-affinity | +|IssuerAndSubject | `X509:DC=com,DC=contoso,CN=CONTOSO-DC-CADC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity | +|Subject | `X509:DC=com,DC=contoso,OU=UserAccounts,CN=mfatest` | certificateUserIds | low-affinity | +|SKI | `X509:123456789abcdef` | certificateUserIds | high-affinity | +|SHA1PublicKey | `X509:123456789abcdef` | certificateUserIds | high-affinity | +|IssuerAndSerialNumber | `X509:DC=com,DC=contoso,CN=CONTOSO-DC-CAb24134139f069b49997212a86ba0ef48`
To get the correct value for serial number, run this command and store the value shown in CertificateUserIds:
**Syntax**:
`Certutil –dump –v [~certificate path~] >> [~dumpFile path~]`
**Example**:
`certutil -dump -v firstusercert.cer >> firstCertDump.txt` | certificateUserIds | high-affinity | ### Define Affinity binding at the tenant level and override with custom rules