[BULK] DocuTune - Follow-up revisions for Azure AD

MicrosoftDocs · Oct 10, 2023 · 4f3c23a · 4f3c23a
1 parent dd1207e
commit 4f3c23a
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 16 deletions.
diff --git a/docs/id-governance/TOC.yml b/docs/id-governance/TOC.yml
@@ -60,15 +60,15 @@
         href: /graph/tutorial-accessreviews-roleassignments?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
     - name: Lifecycle Workflows
       items:
-      - name: Automate employee onboarding tasks - Microsoft Entra portal
+      - name: Automate employee onboarding tasks - Microsoft Entra admin center
         href: tutorial-onboard-custom-workflow-portal.md 
       - name: Automate employee onboarding tasks - Microsoft Graph
         href: /graph/tutorial-lifecycle-workflows-onboard-custom-workflow?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
-      - name: Offboarding employees in real-time - Microsoft Entra portal
+      - name: Offboarding employees in real-time - Microsoft Entra admin center
         href: tutorial-offboard-custom-workflow-portal.md
       - name: Offboarding employees in real-time - Microsoft Graph
         href: /graph/tutorial-lifecycle-workflows-offboard-custom-workflow?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
-      - name: Automate employee offboarding tasks - Microsoft Entra portal
+      - name: Automate employee offboarding tasks - Microsoft Entra admin center
         href: tutorial-scheduled-leaver-portal.md  
       - name: Automate employee offboarding tasks - Microsoft Graph
         href: /graph/tutorial-lifecycle-workflows-scheduled-leaver?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json

diff --git a/docs/id-governance/access-reviews-application-preparation.md b/docs/id-governance/access-reviews-application-preparation.md
@@ -56,7 +56,7 @@ In order to permit a wide variety of applications and IT requirements to be addr
 |Pattern|Application integration pattern|Steps to prepare for an access review|
 |:---|---|--|
 |A| The application supports federated SSO, Microsoft Entra ID is the only identity provider, and the application doesn't rely upon group or role claims. | In this pattern, you'll configure that the application requires individual application role assignments, and that users are assigned to the application.  Then to perform the review, you'll create a single access review for the application, of the users assigned to this application role. When the review completes, if a user was denied, then they will be removed from the application role. Microsoft Entra ID will then no longer issue that user with federation tokens and the user will be unable to sign into that application.|
-|B|If the application uses group claims in addition to application role assignments.| An application may use AD or Microsoft Entra group membership, distinct from application roles to express finer-grained access.  Here, you can choose based on your business requirements either to have the users who have application role assignments reviewed, or to review the users who have group memberships.  If the groups do not provide comprehensive access coverage, in particular if users may have access to the application even if they aren't a member of those groups, then we recommend reviewing the application role assignments, as in pattern A above.|
+|B|If the application uses group claims in addition to application role assignments.| An application may use Active Directory or Microsoft Entra group membership, distinct from application roles to express finer-grained access.  Here, you can choose based on your business requirements either to have the users who have application role assignments reviewed, or to review the users who have group memberships.  If the groups do not provide comprehensive access coverage, in particular if users may have access to the application even if they aren't a member of those groups, then we recommend reviewing the application role assignments, as in pattern A above.|
 |C| If the application doesn't rely solely on Microsoft Entra ID for federated SSO, but does support provisioning via SCIM, via updates to a SQL table of users, has a non-AD LDAP directory, or supports a SOAP or REST provisioning protocol. | In this pattern, you'll configure Microsoft Entra ID to provision the users with application role assignments to the application's database or directory, update the application role assignments in Microsoft Entra ID with a list of the users who currently have access, and then create a single access review of the application role assignments.  For more information, see [Governing an application's existing users](identity-governance-applications-existing-users.md)  to update the application role assignments in Microsoft Entra ID.|
 
 ### Other options
@@ -95,7 +95,7 @@ Now that you have identified the integration pattern for the application, check
    * If the application has local user accounts, managed through a MIM connector, configure an application with the [provisioning agent with a custom connector](../app-provisioning/on-premises-custom-connector.md).
    * If the application is SAP ECC with NetWeaver AS ABAP 7.0 or later, configure an application with the [provisioning agent with a SAP ECC configured web services connector](../app-provisioning/on-premises-sap-connector-configure.md).
 
-1. If provisioning is configured, then click on **Edit Attribute Mappings**, expand the Mapping section and click on **Provision Microsoft Entra Users**. Check that in the list of attribute mappings, there is a mapping for `isSoftDeleted` to the attribute in the application's data store that you would like to set to false when a user loses access. If this mapping isn't present, then Microsoft Entra ID will not notify the application when a user has gone out of scope, as described in [how provisioning works](../app-provisioning/how-provisioning-works.md).
+1. If provisioning is configured, then click on **Edit Attribute Mappings**, expand the Mapping section and click on **Provision Microsoft Entra users**. Check that in the list of attribute mappings, there is a mapping for `isSoftDeleted` to the attribute in the application's data store that you would like to set to false when a user loses access. If this mapping isn't present, then Microsoft Entra ID will not notify the application when a user has gone out of scope, as described in [how provisioning works](../app-provisioning/how-provisioning-works.md).
 1. If the application supports federated SSO, then change to the **Conditional Access** tab. Inspect the enabled policies for this application. If there are policies that are enabled, block access, have users assigned to the policies, but no other conditions, then those users may be already blocked from being able to get federated SSO to the application.
 
 1. Change to the **Users and groups** tab.  This list contains all the users who are assigned to the application in Microsoft Entra ID.  If the list is empty, then a review of the application will complete immediately, since there isn't any task for the reviewer to perform.

diff --git a/docs/id-governance/entitlement-management-logs-and-reporting.md b/docs/id-governance/entitlement-management-logs-and-reporting.md
@@ -89,11 +89,11 @@ Use the following procedure to view events:
     ![View app role assignments](./media/entitlement-management-access-package-incompatible/workbook-ara.png)
 
 ## Create custom Azure Monitor queries using the Microsoft Entra admin center
-You can create your own queries on Microsoft Entra ID audit events, including entitlement management events.  
+You can create your own queries on Microsoft Entra audit events, including entitlement management events.  
 
 1. In Identity of the Microsoft Entra admin center, select **Logs** under the Monitoring section in the left navigation menu to create a new query page.
 
-1. Your workspace should be shown in the upper left of the query page. If you have multiple Azure Monitor workspaces, and the workspace you're using to store Microsoft Entra ID audit events isn't shown, select **Select Scope**. Then, select the correct subscription and workspace.
+1. Your workspace should be shown in the upper left of the query page. If you have multiple Azure Monitor workspaces, and the workspace you're using to store Microsoft Entra audit events isn't shown, select **Select Scope**. Then, select the correct subscription and workspace.
 
 1. Next, in the query text area, delete the string "search *" and replace it with the following query:
 

diff --git a/docs/id-governance/entitlement-management-verified-id-settings.md b/docs/id-governance/entitlement-management-verified-id-settings.md
@@ -58,10 +58,10 @@ To add a verified ID requirement to an access package, you must start from the a
 1. On the **Requests** tab, scroll to the **Required Verified Ids** section.
 
 1. Select **+ Add issuer** and choose an issuer from the Microsoft Entra Verified ID network. If you want to issue your own credentials to users, see: [Issue Microsoft Entra Verified ID credentials from an application](../verifiable-credentials/verifiable-credentials-configure-issuer.md).
-    :::image type="content" source="media/entitlement-management-verified-id-settings/select-issuer.png" alt-text="Select issuer for Microsoft Entra Verified I D.":::
+    :::image type="content" source="media/entitlement-management-verified-id-settings/select-issuer.png" alt-text="Select issuer for Microsoft Entra ID Verified I D.":::
 
 1. Select the **credential type(s)** you want users to present during the request process.
-    :::image type="content" source="media/entitlement-management-verified-id-settings/issuer-credentials.png" alt-text="Screenshot of credential types for Microsoft Entra Verified I D.":::
+    :::image type="content" source="media/entitlement-management-verified-id-settings/issuer-credentials.png" alt-text="Screenshot of credential types for Microsoft Entra ID Verified I D.":::
     > [!NOTE]
     > If you select multiple credential types from one issuer, users will be required to present credentials of all selected types. Similarly, if you include multiple issuers, users will be required to present credentials from each of the issuers you include in the policy. To give users the option of presenting different credentials from various issuers, configure separate policies for each issuer/credential type you’ll accept.
 1. Select **Add** to add the verified ID requirement to the access package policy. 

diff --git a/docs/id-governance/how-to-lifecycle-workflow-sync-attributes.md b/docs/id-governance/how-to-lifecycle-workflow-sync-attributes.md
@@ -110,7 +110,7 @@ For more information on attributes, see [Attribute mapping in Microsoft Entra Co
 ## How to create a custom sync rule in Microsoft Entra Connect for EmployeeHireDate
 The following example walks you through setting up a custom synchronization rule that synchronizes the Active Directory attribute to the employeeHireDate attribute in Microsoft Entra ID.
    1. Open a PowerShell window as administrator and run `Set-ADSyncScheduler -SyncCycleEnabled $false` to disable the scheduler.
-   1. Go to Start\Azure AD Connect\ and open the Synchronization Rules Editor
+   1. Go to Start\Microsoft Entra Connect\ and open the Synchronization Rules Editor
    1. Ensure the direction at the top is set to **Inbound**.
    1. Select **Add Rule.**
    1. On the **Create Inbound synchronization rule** screen, enter the following information and select **Next**.

diff --git a/docs/id-governance/identity-governance-applications-define.md b/docs/id-governance/identity-governance-applications-define.md
@@ -29,7 +29,7 @@ Organizations with compliance requirements or risk management plans have sensiti
    > [!Note]
    > If you're using an application from the Microsoft Entra application gallery that supports provisioning, then Microsoft Entra ID may import defined roles in the application and automatically update the application manifest with the application's roles automatically, once provisioning is configured.
 
-1. **Select which roles and groups have membership that are to be governed in Azure AD.** Based on compliance and risk management requirements, organizations often prioritize those application roles or groups that give privileged access or access to sensitive information.
+1. **Select which roles and groups have membership that are to be governed in Microsoft Entra ID.** Based on compliance and risk management requirements, organizations often prioritize those application roles or groups that give privileged access or access to sensitive information.
 
 ## Define the organization's policy with prerequisites and other constraints for access to the application
 
@@ -50,7 +50,7 @@ If you already have an organization role definition, then see [how to migrate an
 
 1. **Determine how long a user who has been approved for access, should have access, and when that access should go away.**  For many applications, a user might retain access indefinitely, until they're no longer affiliated with the organization. In some situations, access may be tied to particular projects or milestones, so that when the project ends, access is removed automatically.  Or, if only a few users are using an application through a policy, you may configure quarterly or yearly reviews of everyone's access through that policy, so that there's regular oversight.
 
-1. **If your organization is governing access already with an organizational role model, plan to bring that organizational role model into Azure AD.** You may have an [organizational role](identity-governance-organizational-roles.md) defined which assigns access based on a user's property, such as their position or department. These processes can ensure users lose access eventually when access is no longer needed, even if there isn't a pre-determined project end date.  
+1. **If your organization is governing access already with an organizational role model, plan to bring that organizational role model into Microsoft Entra ID.** You may have an [organizational role](identity-governance-organizational-roles.md) defined which assigns access based on a user's property, such as their position or department. These processes can ensure users lose access eventually when access is no longer needed, even if there isn't a pre-determined project end date.  
 
 1. **Inquire if there are separation of duties constraints.** For example, you may have an application with two app roles, *Western Sales* and *Eastern Sales*, and you want to ensure that a user can only have one sales territory at a time.  Include a list of any pairs of app roles that are incompatible for your application, so that if a user has one role, they aren't allowed to request the second role.
 

diff --git a/docs/id-governance/identity-governance-automation.md b/docs/id-governance/identity-governance-automation.md
@@ -20,7 +20,7 @@ ms.custom:
 ---
 # Automate Microsoft Entra ID Governance tasks via Azure Automation and Microsoft Graph
 
-[Azure Automation](../../automation/overview.md) is an Azure cloud service that allows you to automate common or repetitive systems management and processes.  Microsoft Graph is the Microsoft unified API endpoint for Microsoft Entra features that manage users, groups, access packages, access reviews, and other resources in the directory.  You can manage Microsoft Entra ID at scale from the PowerShell command line, using the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).  You can also include the Microsoft Graph PowerShell cmdlets from a [PowerShell-based runbook in Azure Automation](/azure/automation/automation-intro), so that you can automate Microsoft Entra ID tasks from a simple script.
+[Azure Automation](../../automation/overview.md) is an Azure cloud service that allows you to automate common or repetitive systems management and processes.  Microsoft Graph is the Microsoft unified API endpoint for Microsoft Entra features that manage users, groups, access packages, access reviews, and other resources in the directory.  You can manage Microsoft Entra ID at scale from the PowerShell command line, using the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).  You can also include the Microsoft Graph PowerShell cmdlets from a [PowerShell-based runbook in Azure Automation](/azure/automation/automation-intro), so that you can automate Microsoft Entra tasks from a simple script.
 
 Azure Automation and the PowerShell Graph SDK supports certificate-based authentication and application permissions, so you can have Azure Automation runbooks authenticate to Microsoft Entra ID without needing a user context.
 

diff --git a/docs/id-governance/identity-governance-overview.md b/docs/id-governance/identity-governance-overview.md
@@ -83,7 +83,7 @@ In addition to the features listed above, additional Microsoft Entra features fr
 |Policy and role management|Admin can define Conditional Access policies for run-time access to applications.  Resource owners can define policies for user's access via access packages.|[Conditional Access](../conditional-access/overview.md) and [Entitlement management](entitlement-management-overview.md) policies|
 |Access certification|Admins can enable recurring access recertification for: SaaS apps, on-premises apps, cloud group memberships, Microsoft Entra ID or Azure Resource role assignments. Automatically remove resource access, block guest access and delete guest accounts.|[Access reviews](access-reviews-overview.md), also surfaced in [PIM](../privileged-identity-management/pim-create-roles-and-resource-roles-review.md)|
 |Fulfillment and provisioning|Automatic provisioning and deprovisioning into Microsoft Entra connected apps, including via SCIM, LDAP, SQL and into SharePoint Online sites. |[user provisioning](../app-provisioning/user-provisioning.md)|
-|Reporting and analytics|Admins can retrieve audit logs of recent user provisioning and sign on activity. Integration with Azure Monitor and 'who has access' via access packages.|[Microsoft Entra ID reports](../reports-monitoring/overview-reports.md) and [monitoring](../reports-monitoring/overview-monitoring.md)|
+|Reporting and analytics|Admins can retrieve audit logs of recent user provisioning and sign on activity. Integration with Azure Monitor and 'who has access' via access packages.|[Microsoft Entra reports](../reports-monitoring/overview-reports.md) and [monitoring](../reports-monitoring/overview-monitoring.md)|
 |Privileged access|Just-in-time and scheduled access, alerting, approval workflows for Microsoft Entra roles (including custom roles) and Azure Resource roles.|[Microsoft Entra PIM](../privileged-identity-management/pim-configure.md)|
 |Auditing|Admins can be alerted of creation of admin accounts.|[Microsoft Entra PIM alerts](../privileged-identity-management/pim-how-to-configure-security-alerts.md)|
 

diff --git a/docs/id-governance/lifecycle-workflow-audits.md b/docs/id-governance/lifecycle-workflow-audits.md
@@ -43,4 +43,4 @@ After filtering this information, you're also able to see other information in t
 
 - [Lifecycle Workflow History](lifecycle-workflow-history.md)
 - [Check the status of a workflow](check-status-workflow.md)
-- [Microsoft Entra ID audit activity reference](../reports-monitoring/reference-audit-activities.md)
+- [Microsoft Entra audit activity reference](../reports-monitoring/reference-audit-activities.md)