Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr …

…into wifapps

.openpublishing.publish.config.json

@@ -813,8 +813,8 @@
       "branch_mapping": {}
     },
     {
-      "path_to_root": "azure-spring-cloud-reference-architecture",
-      "url": "https://github.com/Azure/azure-spring-cloud-reference-architecture",
+      "path_to_root": "azure-spring-apps-reference-architecture",
+      "url": "https://github.com/Azure/azure-spring-apps-reference-architecture",
       "branch": "main",
       "branch_mapping": {}
     },
@@ -1016,9 +1016,11 @@
     "articles/mysql/.openpublishing.redirection.mysql.json",
     "articles/container-apps/.openpublishing.redirection.container-apps.json",
     "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json",
+    "articles/spring-apps/.openpublishing.redirection.spring-apps.json",
     "articles/load-testing/.openpublishing.redirection.azure-load-testing.json",
     "articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json",
     "articles/machine-learning/.openpublishing.redirection.machine-learning.json",
-    "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json"
+    "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",
+    ".openpublishing.redirection.virtual-desktop.json"
   ]
 }

.openpublishing.redirection.active-directory.json

@@ -10830,7 +10830,13 @@
       "source_path": "articles/active-directory/manage-apps/howto-enforce-signed-saml-authentication.md",
       "redirect_url": "/azure/active-directory/manage-apps/howto-saml-token-encryption",
       "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/manage-apps/recover-deleted-apps-faq.md",
+      "redirect_url": "/azure/active-directory/manage-apps/delete-recover-faq",
+      "redirect_document_id": false
     }
 
+
   ]
 }

.openpublishing.redirection.azure-monitor.json

@@ -430,6 +430,11 @@
             "source_path_from_root": "/articles/azure-monitor/insights/key-vault-insights-overview.md" ,
             "redirect_url": "/azure/key-vault/key-vault-insights-overview",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/cloudservices.md" ,
+            "redirect_url": "/azure/azure-monitor/app/azure-web-apps-net-core",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -24728,11 +24728,6 @@
       "redirect_url": "/azure/traffic-manager/traffic-manager-manage-profiles",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/virtual-desktop/connect-windows-7-and-10.md",
-      "redirect_url": "/azure/virtual-desktop/connect-windows-7-10",
-      "redirect_document_id": true
-    },
     {
       "source_path_from_root": "/articles/troubleshoot-client-connection.md",
       "redirect_url": "/azure/virtual-desktop/troubleshoot-client",

.openpublishing.redirection.virtual-desktop.json

@@ -0,0 +1,9 @@
+{
+    "redirections": [
+        {
+            "source_path_from_root": "/articles/virtual-desktop/connect-windows-7-and-10.md",
+            "redirect_url": "/azure/virtual-desktop/connect-windows-7-10",
+            "redirect_document_id": true
+        }
+    ]
+}

articles/active-directory-b2c/authorization-code-flow.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/12/2022
+ms.date: 07/29/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -60,7 +60,7 @@ client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
 |{tenant}| Required | Name of your Azure AD B2C tenant|
 | {policy} | Required | The user flow to be run. Specify the name of a user flow you've created in your Azure AD B2C tenant. For example: `b2c_1_sign_in`, `b2c_1_sign_up`, or `b2c_1_edit_profile`. |
 | client_id |Required |The application ID assigned to your app in the [Azure portal](https://portal.azure.com). |
-| response_type |Required |The response type, which must include `code` for the authorization code flow. |
+| response_type |Required |The response type, which must include `code` for the authorization code flow. You can receive an ID token if you include it in the response type, such as `code+id_token`, and in this case, the scope needs to include `openid`.|
 | redirect_uri |Required |The redirect URI of your app, where authentication responses are sent and received by your app. It must exactly match one of the redirect URIs that you registered in the portal, except that it must be URL-encoded. |
 | scope |Required |A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application will need a *refresh token* for extended access to resources.The client-id indicates the token issued are intended for use by Azure AD B2C registered client. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). |
 | response_mode |Recommended |The method that you use to send the resulting authorization code back to your app. It can be `query`, `form_post`, or `fragment`. |

articles/active-directory-b2c/azure-ad-external-identities-videos.md

@@ -29,7 +29,7 @@ Get a deeper view into the features and technical aspects of the Azure AD B2C se
 |[Azure AD B2C sign-up sign-in](https://www.youtube.com/watch?v=c8rN1ZaR7wk&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6&t=2s) 10:25       | [:::image type="icon" source="./media/external-identities-videos/customer-sign-up-sign-in.png" border="false":::](https://www.youtube.com/watch?v=c8rN1ZaR7wk&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6)  | [Azure AD B2C single sign on and self service password reset](https://www.youtube.com/watch?v=kRV-7PSLK38&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=7) 8:40       | [:::image type="icon" source="./media/external-identities-videos/single-sign-on.png" border="false":::](https://www.youtube.com/watch?v=kRV-7PSLK38&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=7) |
 | [Application and identity migration to Azure AD B2C](https://www.youtube.com/watch?v=Xw_YwSJmhIQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=9) 10:34       | [:::image type="icon" source="./media/external-identities-videos/identity-migration-aad-b2c.png" border="false":::](https://www.youtube.com/watch?v=Xw_YwSJmhIQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=9) | [Build resilient and scalable flows using Azure AD B2C](https://www.youtube.com/watch?v=8f_Ozpw9yTs&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=12) 16:47       | [:::image type="icon" source="./media/external-identities-videos/b2c-scalable-flows.png" border="false":::](https://www.youtube.com/watch?v=8f_Ozpw9yTs&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=12) |
 | [Building a custom CIAM solution with Azure AD B2C and ISV alliances](https://www.youtube.com/watch?v=UZjiGDD0wa8&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=8) 10:01       | [:::image type="icon" source="./media/external-identities-videos/build-custom-b2c-solution.png" border="false":::](https://www.youtube.com/watch?v=UZjiGDD0wa8&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=8) | [Protecting Web APIs with Azure AD B2C](https://www.youtube.com/watch?v=wuUu71RcsIo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=10) 19:03       | [:::image type="icon" source="./media/external-identities-videos/protecting-web-apis.png" border="false":::](https://www.youtube.com/watch?v=wuUu71RcsIo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=10) |
-| [Integration of SAML with Azure AD B2C](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) 9:09       | [:::image type="icon" source="./media/external-identities-videos/saml-integration.png" border="false":::](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) |
+| [Integration of SAML with Azure AD B2C](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) 9:09       | [:::image type="icon" source="./media/external-identities-videos/saml-integration.png" border="false":::](https://www.youtube.com/watch?v=r2TIVBCm7v4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=11) | [Azure AD B2C Identity Protection and Conditional Access](https://www.youtube.com/watch?v=frn5jVqbmUo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=15) 14:44       | [:::image type="icon" source="./media/external-identities-videos/identity-protection-and-conditional-access.png" border="false":::](https://www.youtube.com/watch?v=frn5jVqbmUo&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=15)
 
 ## Azure Active Directory B2C how to series
 

articles/active-directory-b2c/technicalprofiles.md

@@ -249,6 +249,7 @@ The **InputClaim** element contains the following attributes:
 | --------- | -------- | ----------- |
 | ClaimTypeReferenceId | Yes | The identifier of a claim type. The claim is already defined in the claims schema section in the policy file or parent policy file. |
 | DefaultValue | No | A default value to use to create a claim if the claim indicated by ClaimTypeReferenceId doesn't exist so that the resulting claim can be used as an InputClaim element by the technical profile. |
+|AlwaysUseDefaultValue |No |Forces the use of the default value. |
 | PartnerClaimType | No | The identifier of the claim type of the external partner that the specified policy claim type maps to. If the PartnerClaimType attribute isn't specified, the specified policy claim type is mapped to the partner claim type of the same name. Use this property when your claim type name is different from the other party. An example is if the first claim name is *givenName*, while the partner uses a claim named *first_name*. |
 
 ## Display claims

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -23,27 +23,31 @@ The Azure Active Directory (Azure AD) provisioning service supports a [SCIM 2.0]
 - Administrator role for installing the agent. This task is a one-time effort and should be an Azure account that's either a hybrid administrator or a global administrator. 
 - Administrator role for configuring the application in the cloud (application administrator, cloud application administrator, global administrator, or a custom role with permissions).
 
-## On-premises app provisioning to SCIM-enabled apps
-To provision users to SCIM-enabled apps:
-
- 1. [Download](https://aka.ms/OnPremProvisioningAgent) the provisioning agent and copy it onto the virtual machine or server that your SCIM endpoint is hosted on.
- 1. Open the provisioning agent installer, agree to the terms of service, and select **Install**.
- 1. Open the provisioning agent wizard, and select **On-premises provisioning** when prompted for the extension you want to enable.
- 1. Provide credentials for an Azure AD administrator when you're prompted to authorize. Hybrid administrator or global administrator is required.
- 1. Select **Confirm** to confirm the installation was successful.
- 1. Navigate to the Azure Portal and add the **On-premises SCIM app** from the [gallery](../../active-directory/manage-apps/add-application-portal.md).
- 1. Select **On-Premises Connectivity**, and download the provisioning agent. 1. Go back to your application, and select **On-Premises Connectivity**.
- 1. Select the agent that you installed from the dropdown list, and select **Assign Agent(s)**.
- 1. Wait 20 minutes prior to completing the next step, to provide time for the agent assignment to complete.
- 1. Provide the URL for your SCIM endpoint in the **Tenant URL** box. An example is https://localhost:8585/scim. 
-     ![Screenshot that shows assigning an agent.](./media/on-premises-scim-provisioning/scim-2.png)
- 1. Select **Test Connection**, and save the credentials. Use the steps [here](on-premises-ecma-troubleshoot.md#troubleshoot-test-connection-issues) if you run into connectivity issues. 
- 1. Configure any [attribute mappings](customize-application-attributes.md) or [scoping](define-conditional-rules-for-provisioning-user-accounts.md) rules required for your application.
- 1. Add users to scope by [assigning users and groups](../../active-directory/manage-apps/add-application-portal-assign-users.md) to the application.
- 1. Test provisioning a few users [on demand](provision-on-demand.md).
- 1. Add more users into scope by assigning them to your application.
- 1. Go to the **Provisioning** pane, and select **Start provisioning**.
- 1. Monitor using the [provisioning logs](../../active-directory/reports-monitoring/concept-provisioning-logs.md).
+## Deploying Azure AD provisioning agent
+The Azure AD Provisioning agent can be deployed on the same server hosting a SCIM enabled application, or a seperate server, providing it has line of sight to the application's SCIM endpoint. A single agent also supports provision to multiple applications hosted locally on the same server or seperate hosts, again as long as each SCIM endpoint is reachable by the agent.  
+
+ 1. [Download](https://aka.ms/OnPremProvisioningAgent) the provisioning agent and copy it onto the virtual machine or server that your SCIM application endpoint is hosted on.
+ 2. Run the provisioning agent installer, agree to the terms of service, and select **Install**.
+ 3. Once installed, locate  and launch the **AAD Connect Provisioning Agent wizard**, and when prompted for an extensions select **On-premises provisioning**
+ 4. For the agent to register itself with your tenant, provide credentials for an Azure AD admin with Hybrid administrator or global administrator permissions.
+ 5. Select **Confirm** to confirm the installation was successful.
+
+## Provisioning to SCIM-enabled application
+Once the agent is installed, no further configuration is necesary on-prem, and all provisioning configurations are then managed from the portal. Repeat the below steps for every on-premises application being provisioned via SCIM.
+
+ 1. In the Azure portal navigate to the Enterprise applications and add the **On-premises SCIM app** from the [gallery](../../active-directory/manage-apps/add-application-portal.md).
+ 2. From the left hand menu navigate to the **Provisioning** option and select **Get started**.
+ 3. Select **Automatic** from the dropdown list and expand the **On-Premises Connectivity** option.
+ 4.  Select the agent that you installed from the dropdown list and select **Assign Agent(s)**.
+ 5.  Now either wait 10 minutes or restart the **Microsoft Azure AD Connect Provisioning Agent** before proceeding to the next step & testing the connection.
+ 6.  In the **Tenant URL** field, provide the SCIM endpoint URL for your application. The URL is typically unique to each target application and must be resolveable by DNS. An example for a scenario where the agent is installed on the same host as the application is https://localhost:8585/scim ![Screenshot that shows assigning an agent.](./media/on-premises-scim-provisioning/scim-2.png)
+ 7.  Select **Test Connection**, and save the credentials. The application SCIM endpoint must be actively listening for inbound provisioning requests, otherwise the test will fail. Use the steps [here](on-premises-ecma-troubleshoot.md#troubleshoot-test-connection-issues) if you run into connectivity issues. 
+ 8.  Configure any [attribute mappings](customize-application-attributes.md) or [scoping](define-conditional-rules-for-provisioning-user-accounts.md) rules required for your application.
+ 9.  Add users to scope by [assigning users and groups](../../active-directory/manage-apps/add-application-portal-assign-users.md) to the application.
+ 10.  Test provisioning a few users [on demand](provision-on-demand.md).
+ 11.  Add more users into scope by assigning them to your application.
+ 12.  Go to the **Provisioning** pane, and select **Start provisioning**.
+ 13.  Monitor using the [provisioning logs](../../active-directory/reports-monitoring/concept-provisioning-logs.md).
 
 ## Additional requirements
 * Ensure your [SCIM](https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010) implementation meets the [Azure AD SCIM requirements](use-scim-to-provision-users-and-groups.md).

articles/active-directory/develop/howto-remove-app.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 11/15/2020
+ms.date: 07/28/2022
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: marsma, aragra, lenalepa, sureshja
@@ -48,9 +48,9 @@ To delete an application, be listed as an owner of the application or have admin
 
 ## Remove an application authored by another organization
 
-If you are viewing **App registrations** in the context of a tenant, a subset of the applications that appear under the **All apps** tab are from another tenant and were registered into your tenant during the consent process. More specifically, they are represented by only a service principal object in your tenant, with no corresponding application object. For more information on the differences between application and service principal objects, see [Application and service principal objects in Azure AD](./app-objects-and-service-principals.md).
+If you're viewing **App registrations** in the context of a tenant, a subset of the applications that appear under the **All apps** tab are from another tenant and were registered into your tenant during the consent process. More specifically, they're represented by only a service principal object in your tenant, with no corresponding application object. For more information on the differences between application and service principal objects, see [Application and service principal objects in Azure AD](./app-objects-and-service-principals.md).
 
-In order to remove an application’s access to your directory (after having granted consent), the company administrator must remove its service principal. The administrator must have Global Administrator access, and can remove the application through the Azure portal or use the [Azure AD PowerShell Cmdlets](/previous-versions/azure/jj151815(v=azure.100)) to remove access.
+In order to remove an application’s access to your directory (after having granted consent), the company administrator must remove its service principal. The administrator must have Global Administrator access. To learn how to delete a service principal, see [Delete an enterprise application](../manage-apps/delete-application-portal.md).
 
 ## Next steps