Merge pull request #870 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST, 12/15

docs/identity/hybrid/connect/reference-connect-version-history.md

@@ -72,6 +72,21 @@ If you want all the latest features and updates, check this page and install wha
 
 To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
 
+## 2.3.2.0
+
+### Release status
+12/12/2023: Released for download
+
+### Functional Changes
+- Application scaling with Windows Accessibility font size setting has been added.
+- Group Writeback V2 can no longer be enabled as the feature is being decommissioned. Please see the notice in this [article about group writeback](how-to-connect-group-writeback-enable.md).
+
+### Other Changes
+- SQL related drivers shipped with Microsoft Entra Connect have been updated. ODBC to 17.10.5, OLE DB to 18.6.7.
+- Microsoft Entra Connect Health shipped with Microsoft Entra Connect has been updated to 4.5.2428.0.
+- Fixed a DSSO bug for Azure in China
+
+
 ## 2.2.8.0
 
 ### Release status

docs/identity/role-based-access-control/manage-roles-portal.md

@@ -11,7 +11,7 @@ ms.topic: how-to
 ms.date: 02/06/2023
 ms.author: rolyon
 ms.reviewer: vincesm
-ms.custom: it-pro, has-azure-ad-ps-ref
+ms.custom: it-pro, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 
 ms.collection: M365-identity-device-management
 ---
@@ -23,7 +23,7 @@ To grant access to users in Microsoft Entra ID, you assign Microsoft Entra roles
 
 - Privileged Role Administrator or Global Administrator. To know who your Privileged Role Administrator or Global Administrator is, see [List Microsoft Entra role assignments](view-assignments.md)
 - Microsoft Entra ID P2 license when using Privileged Identity Management (PIM)
-- AzureADPreview module when using PowerShell
+- [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview) module when using PowerShell
 - Admin consent when using Graph explorer for Microsoft Graph API
 
 For more information, see [Prerequisites to use PowerShell or Graph Explorer](prerequisites.md).
@@ -98,7 +98,7 @@ Follow these steps to assign Microsoft Entra roles using PowerShell.
 
 ### Setup
 
-1. Open a PowerShell window and use [Import-Module](/powershell/module/microsoft.powershell.core/import-module) to import the AzureADPreview module. For more information, see [Prerequisites to use PowerShell or Graph Explorer](prerequisites.md).
+1. Open a PowerShell window and use [Import-Module](/powershell/module/microsoft.powershell.core/import-module) to import the Microsoft Graph PowerShell module. For more information, see [Prerequisites to use PowerShell or Graph Explorer](prerequisites.md).
 
     ```powershell
     Import-Module -Name Microsoft.Graph.Identity.Governance -Force

docs/identity/saas-apps/4me-provisioning-tutorial.md

@@ -26,7 +26,7 @@ The objective of this tutorial is to demonstrate the steps to be performed in 4m
 The scenario outlined in this tutorial assumes that you already have the following prerequisites:
 
 * A Microsoft Entra tenant
-* [A 4me tenant](https://www.4me.com/trial/)
+* [A 4me tenant](https://www.4me.com/)
 * A user account in 4me with Admin permissions.
 
 > [!NOTE]
@@ -148,7 +148,7 @@ For more information on how to read the Microsoft Entra provisioning logs, see [
 
 * 4me has different SCIM endpoint URLs for test and production environments. The former ends with **.qa** while the latter ends with **.com**
 * 4me generated Secret Tokens have an expiration date of a month from generation.
-* 4me doesn’t support **DELETE** operations
+* 4me doesn’t support **HARD DELETE** of Users. SCIM users are never really deleted in 4me, instead the **active** attribute of the SCIM user will be set to **false** and the related 4me person record will be disabled.
 
 ## Additional resources
 

docs/identity/saas-apps/beatrust-tutorial.md

@@ -85,7 +85,7 @@ Follow these steps to enable Microsoft Entra SSO.
     `https://beatrust.com`
 
     b. In the **Reply URL** text box, type the URL:
-    `https://auth.beatrust.com/__/auth/handler`
+    `https://beatrust.com/__/auth/handler`
 
     c. In the **Sign-on URL** text box, type a URL using  of the following pattern:
     `https://beatrust.com/<org_key>

docs/identity/saas-apps/hiretual-tutorial.md

@@ -92,9 +92,13 @@ Follow these steps to enable Microsoft Entra SSO.
 
     ![Screenshot shows the User access URL.](./media/hiretual-tutorial/access-url.png "SSO Configuration")
 
-1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
-	![The Certificate download link](common/copy-metadataurl.png)
+    ![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
+
+1. On the **Set up hireEZ-SSO** section, copy the appropriate URL(s) based on your requirement.
+
+	![Screenshot shows to copy configuration appropriate URL.](common/copy-configuration-urls.png "Attributes")
 
 <a name='create-an-azure-ad-test-user'></a>
 
@@ -136,18 +140,18 @@ In this section, you'll enable B.Simon to use single sign-on by granting access
 
     ![Screenshot shows the SSO Configuration.](./media/hiretual-tutorial/configuration.png "SSO Configuration")
 
-    1. In the **SAML2.O SSO URL** textbox, paste the **User access URL** which you copied previously.
+    1. In the **SAML2.O SSO URL** textbox, paste the **Login URL** which you have copied from the Microsoft Entra admin center.
 
-    1. Copy **Entity ID** value from the metadata file and paste in the **Identity Provider Issuer** textbox.
+    1. In the **Identity Provider Issuer** textbox, paste the **Microsoft Entra Identifier** which you have copied from the Microsoft Entra admin center.
 
-    1. Copy **X509 Certificate** from the metadata file and paste the content in the **Certificate** textbox.
+    1. Copy the content from the **Federation Metadata XML** file, which you have downloaded from the Microsoft Entra admin center and paste it in the **Certificate** textbox.
 
     1. Enable **Single Sign-On Connection Status** button.
 
     1. Test your Single Sign-On integration first and then enable **Admin SP-Initiated Single Sign-On** button. 
 
     > [!NOTE]
-    > If your Single Sign-On configuration has any errors or you have trouble to login to hireEZ-SSO Web App/Extension after you connected Admin SP-Initiated Single Sign-On, please contact [hireEZ-SSO support team](mailto:[email protected]).
+    > If your Single Sign-On configuration has any errors or you had trouble to login to hireEZ-SSO Web App/Extension after you connected Admin SP-Initiated Single Sign-On, please contact [hireEZ-SSO support team](mailto:[email protected]).
     
 ### Create hireEZ-SSO test user
 
@@ -159,15 +163,15 @@ In this section, you test your Microsoft Entra single sign-on configuration with
 
 #### SP initiated:
 
-* Click on **Test this application**, this will redirect to hireEZ-SSO Sign on URL where you can initiate the login flow.  
+* Click on **Test this application**, this will redirect to hireEZ-SSO Sign-on URL where you can initiate the login flow.  
 
 * Go to hireEZ-SSO Sign-on URL directly and initiate the login flow from there.
 
 #### IDP initiated:
 
 * Click on **Test this application**, and you should be automatically signed in to the hireEZ-SSO for which you set up the SSO. 
 
-You can also use Microsoft My Apps to test the application in any mode. When you click the hireEZ-SSO tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the hireEZ-SSO for which you set up the SSO. For more information, see [Microsoft Entra My Apps](/azure/active-directory/manage-apps/end-user-experiences#azure-ad-my-apps).
+You can also use Microsoft My Apps to test the application in any mode. When you click the hireEZ-SSO tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the hireEZ-SSO for which you set up the SSO. For more information, see [Microsoft Entra My Apps](/azure/active-directory/manage-apps/end-user-experiences#azure-ad-my-apps).
 
 ## Next steps
 

docs/identity/saas-apps/policystat-tutorial.md

@@ -154,7 +154,7 @@ In this section, you'll enable B.Simon to use single sign-on by granting access
 
 ## Configure PolicyStat SSO
 
-1. In a different web browser window, log into your PolicyStat company site as an administrator.
+1. In a different web browser window, log in to your PolicyStat company site as an administrator.
 
 1. Click the **Admin** tab, and then click **Single Sign-On Configuration** in left navigation pane.
 
@@ -170,7 +170,8 @@ In this section, you'll enable B.Simon to use single sign-on by granting access
 
 1. Click **Configure Attributes**, and then, in the **Configure Attributes** section, perform the following steps using the **CLAIM NAMES** found in your Azure configuration:
 
-    1. In the **Username Attribute** textbox, type the username claim value you are passing over as the key username attribute. The default value in Azure is UPN, but if you already have accounts in PolicyStat, you will need to match those username values to avoid duplicate accounts or update the existing accounts in PolicyStat to the UPN value. Default value to enter to pass the UPN **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`** .
+    1. In the **Username Attribute** textbox, type the username claim value you are passing over as the key username attribute. The default value in Azure is UPN, but if you already have accounts in PolicyStat, you will need to match those username values to avoid duplicate accounts or update the existing accounts in PolicyStat to the UPN value. To update existing usernames in bulk, please contact RLDatix PolicyStat Support https://websupport.rldatix.com/support-form/.
+    Default value to enter to pass the UPN **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`** .
 
     1. In the **First Name Attribute** textbox, type the First Name Attribute claim name from Azure **`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`**.