From f8e9c4fc1af50b5b3b049037a971069ca80b0de9 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 15:53:36 +0100 Subject: [PATCH 01/20] Adding password reset info --- ...t-macos-platform-single-sign-on-extension.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index 4f9ad8759be..165b77347db 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -83,6 +83,23 @@ Confirm that a previously registered device (with a Workplace Join key in Keycha No, macOS PSSO is only supported in Microsoft Entra join deployments. There are no plans to support hybrid-join deployments, as we recommend that Mac users go fully cloud based. +### How can I change my password when using Platform SSO? + +Users can change their password using Self-Service Password Reset (SSPR) on their device. + +If SSPR is done on another machine users will be allowed to sign-in to the Mac device using either the old or the new password. Using the old password will unlock the device and then prompt the user for the new password to continue syncing data. Using the new password will unlock the device and sync data immediately. + +### What should I do if I forget my password? + +#### [Password Sync](#tab/PasswordSync) +If Users are at lock screen or login screen they can reset their password from there. If the user received a temporary password from an IT admin they should use another device to log in, set up a new password and use that new password at to log in to their own device. + +> [!NOTE] +> If the device is booted and there is FileVault encryption the new Entra password will work on macOS15 only. + +#### [Secure Enclave](#tab/PasswordSync) +Users can reset the local password via Apple ID or an admin recovery key. + ## Known issues ### Passcode policy complexity mismatches From c9980c97456be604d7e8da090085041981c75cb0 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 16:15:02 +0100 Subject: [PATCH 02/20] Adding link to intune docs --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index 165b77347db..e22b702721c 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -97,6 +97,8 @@ If Users are at lock screen or login screen they can reset their password from t > [!NOTE] > If the device is booted and there is FileVault encryption the new Entra password will work on macOS15 only. +IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos#password). + #### [Secure Enclave](#tab/PasswordSync) Users can reset the local password via Apple ID or an admin recovery key. From c302997d5a17af925e3e5a2a11e980a97f68c633 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 16:17:25 +0100 Subject: [PATCH 03/20] Fixes --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index e22b702721c..92c76d38d9e 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -99,7 +99,7 @@ If Users are at lock screen or login screen they can reset their password from t IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos#password). -#### [Secure Enclave](#tab/PasswordSync) +#### [Secure Enclave](#tab/SecureEnclave) Users can reset the local password via Apple ID or an admin recovery key. ## Known issues From 0b7ca2fbe2cd2f37da51515038d8c4a5755a43f3 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 16:21:19 +0100 Subject: [PATCH 04/20] Fixes --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index 92c76d38d9e..bfea6e09362 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -91,7 +91,7 @@ If SSPR is done on another machine users will be allowed to sign-in to the Mac d ### What should I do if I forget my password? -#### [Password Sync](#tab/PasswordSync) +#### Password Sync If Users are at lock screen or login screen they can reset their password from there. If the user received a temporary password from an IT admin they should use another device to log in, set up a new password and use that new password at to log in to their own device. > [!NOTE] @@ -99,7 +99,7 @@ If Users are at lock screen or login screen they can reset their password from t IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos#password). -#### [Secure Enclave](#tab/SecureEnclave) +#### Secure Enclave Users can reset the local password via Apple ID or an admin recovery key. ## Known issues From 34c60b073956120f0926a7e814f5422c6c421160 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 16:23:22 +0100 Subject: [PATCH 05/20] Fixing locale --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index bfea6e09362..3a16c37eb6d 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -97,7 +97,7 @@ If Users are at lock screen or login screen they can reset their password from t > [!NOTE] > If the device is booted and there is FileVault encryption the new Entra password will work on macOS15 only. -IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos#password). +IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](/mem/intune/configuration/platform-sso-macos#password). #### Secure Enclave Users can reset the local password via Apple ID or an admin recovery key. From 742c56fa023e5b3dd354eb7b88e44bedb9c96d40 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+gearoidodonnell@users.noreply.github.com> Date: Fri, 23 Aug 2024 17:18:55 +0100 Subject: [PATCH 06/20] Spelling fix --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index 3a16c37eb6d..cf8f7ea2a9d 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -92,7 +92,7 @@ If SSPR is done on another machine users will be allowed to sign-in to the Mac d ### What should I do if I forget my password? #### Password Sync -If Users are at lock screen or login screen they can reset their password from there. If the user received a temporary password from an IT admin they should use another device to log in, set up a new password and use that new password at to log in to their own device. +If users are at lock screen or login screen they can reset their password from there. If the user received a temporary password from an IT admin they should use another device to log in, set up a new password and use that new password at to log in to their own device. > [!NOTE] > If the device is booted and there is FileVault encryption the new Entra password will work on macOS15 only. From 43fbf44a8dfc85413f17b516eb6c6e075f8c90e6 Mon Sep 17 00:00:00 2001 From: Gearoid O'Donnell <110535959+garrodonnell@users.noreply.github.com> Date: Tue, 27 Aug 2024 13:29:56 +0100 Subject: [PATCH 07/20] Update docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md Co-authored-by: Brian Melton-Grace --- .../troubleshoot-macos-platform-single-sign-on-extension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md index 3a16c37eb6d..e46123aca62 100644 --- a/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md +++ b/docs/identity/devices/troubleshoot-macos-platform-single-sign-on-extension.md @@ -97,7 +97,7 @@ If Users are at lock screen or login screen they can reset their password from t > [!NOTE] > If the device is booted and there is FileVault encryption the new Entra password will work on macOS15 only. -IT Admins can also enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](/mem/intune/configuration/platform-sso-macos#password). +IT Admins should enable keyvault recovery to ensure data can be recovered in case of a forgotten password. To learn more refer to [Configure Platform SSO for macOS devices in Microsoft Intune](/mem/intune/configuration/platform-sso-macos#password). #### Secure Enclave Users can reset the local password via Apple ID or an admin recovery key. From 6b1c58faac440c97a2a47f003f4473bb8da1fcc2 Mon Sep 17 00:00:00 2001 From: Danny Zollner <66439574+ZollnerdMSFT@users.noreply.github.com> Date: Tue, 8 Oct 2024 13:41:50 -0500 Subject: [PATCH 08/20] Update v2-howto-app-gallery-listing.md Onboarding pause note moved to top of page + wording changed. Removed timelines section. Fixed a few typos / improved some wording --- .../v2-howto-app-gallery-listing.md | 33 ++++--------------- 1 file changed, 7 insertions(+), 26 deletions(-) diff --git a/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md b/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md index c9f81f8a840..ade918838d0 100644 --- a/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md +++ b/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md @@ -27,6 +27,9 @@ To publish your application in the Microsoft Entra application gallery, you need - Submit your application. - Join the Microsoft partner network. +> [!NOTE] +> We are currently not accepting new SSO or provisioning requests while we focus on the [Secure Future Initiative](https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/). Update requests will be processed on a case-by-case basis. + ## Prerequisites To publish your application in the gallery, you must first read and agree to specific [terms and conditions](https://azure.microsoft.com/support/legal/active-directory-app-gallery-terms/). - Implement support for *single sign-on (SSO)*. To learn more about supported options, see [Plan a single sign-on deployment](plan-sso-deployment.md). @@ -34,6 +37,7 @@ To publish your application in the gallery, you must first read and agree to spe - For federated applications (SAML/WS-Fed), the application should preferably support [software-as-a-service (SaaS) model](https://azure.microsoft.com/overview/what-is-saas/) but it is not mandatory and it can be an on-premises application as well. Enterprise gallery applications must support multiple user configurations and not any specific user. - For OpenID Connect, most applications work well as a multitenant application implementing the [Microsoft Entra consent framework](~/identity-platform/application-consent-experience.md). Refer to [this](~/identity-platform/howto-convert-app-to-be-multi-tenant.md) link to convert the application into multitenant. If your application requires additional per-instance configuration, such as customers needing to control their own secrets and certificates, you can publish a single-tenant Open ID Connect application. + - Provisioning is optional yet highly recommended. To learn more about Microsoft Entra SCIM, see [build a SCIM endpoint and configure user provisioning with Microsoft Entra ID](~/identity/app-provisioning/use-scim-to-provision-users-and-groups.md). You can sign up for a free, test Development account. It's free for 90 days and you get all of the premium Microsoft Entra features with it. You can also extend the account if you use it for development work: [Join the Microsoft 365 Developer Program](/office/developer-program/microsoft-365-developer-program). @@ -75,9 +79,6 @@ If you see a "Request Access" page, then fill in the business justification and After your account is added, you can sign in to the Microsoft Application Network portal and submit the request by selecting the **Submit Request (ISV)** tile on the home page. If you see the "Your sign-in was blocked" error while logging in, see [Troubleshoot sign-in to the Microsoft Application Network portal](troubleshoot-app-publishing.md). -> [!NOTE] -> Currently we are not onboarding new applications in FY25 due to SFI (Security Future Initiatives). Only the update listing requests can be submitted. - ### Implementation-specific options On the application **Registration** form, select the feature that you want to enable. Select **OpenID Connect & OAuth 2.0**, **SAML 2.0/WS-Fed**, or **Password SSO(UserName & Password)** depending on the feature that your application supports. @@ -88,24 +89,6 @@ If you wish to register an MDM application in the Microsoft Entra application ga You can track application requests by customer name at the Microsoft Application Network portal. For more information, see [Application requests by Customers](https://microsoft.sharepoint.com/teams/apponboarding/Apps/SitePages/AppRequestsByCustomers.aspx). -### Timelines - -Listing an **SAML 2.0 or WS-Fed application** in the gallery takes 12 to 15 business days. - -:::image type="content" source="./media/howto-app-gallery-listing/timeline.png" alt-text="Screenshot that shows the timeline for listing a SAML application."::: - -Listing an **OpenID Connect application** in the gallery takes 7 to 10 business days. - -:::image type="content" source="./media/howto-app-gallery-listing/timeline-2.png" alt-text="Screenshot that shows the timeline for listing an OpenID Connect application."::: - -Listing an **SCIM provisioning application** in the gallery varies, depending on numerous factors. - -Not all applications are onboarded. Per the terms and conditions, a decision can be made not to list an application. Onboarding applications is at the sole discretion of the onboarding team. - -Here's the flow of customer-requested applications. - -:::image type="content" source="./media/howto-app-gallery-listing/customer-request-2.png" alt-text="Screenshot that shows the customer-requested apps flow."::: - ## Update or Remove the application from the Gallery You can submit your application update request in the [Microsoft Application Network portal](https://microsoft.sharepoint.com/teams/apponboarding/Apps). @@ -114,22 +97,20 @@ If you see a "Request Access" page, then fill in the business justification and After the account is added, you can sign in to the Microsoft Application Network portal and submit the request by selecting the **Submit Request (ISV)** tile on the home page and select **Update my application’s listing in the gallery** and select one of the following options as per your choice - -* If you want to update applications SSO feature, select **Update my application’s Federated SSO feature**. +* If you want to update an application's SSO feature, select **Update my application’s Federated SSO feature**. * If you want to update Password SSO feature, select **Update my application’s Password SSO feature**. * If you want to upgrade your listing from Password SSO to Federated SSO, select **Upgrade my application from Password SSO to Federated SSO**. -* If you want to update MDM listing, select **Update my MDM app**. +* If you want to update an MDM listing, select **Update my MDM app**. -* If you want to improve User Provisioning feature, select **Improve my application’s User Provisioning feature**. +* If you want to update an existing User Provisioning integration, select **Improve my application’s User Provisioning feature**. * If you want to remove the application from Microsoft Entra application gallery, select **Remove my application listing from the gallery**. If you see the **Your sign-in was blocked** error while logging in, see [Troubleshoot sign-in to the Microsoft Application Network portal](troubleshoot-app-publishing.md). - - ## Join the Microsoft partner network The Microsoft Partner Network provides instant access to exclusive programs, tools, connections, and resources. To join the network and create your go-to-market plan, see [Reach commercial customers](https://partner.microsoft.com/explore/commercial#gtm). From c4a5fa21a9ba740f58f8642d8494105da3b9c9c3 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 11:58:28 -0400 Subject: [PATCH 09/20] updating --- .../connect/harden-update-ad-fs-pingfederate.md | 5 ----- .../connect/reference-connect-version-history.md | 14 +++++++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index c94e86170e1..629ea7f1214 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -14,11 +14,6 @@ ms.author: billmath In October 2024, we released a [new version (2.4.18.0) of Microsoft Entra Connect Sync](reference-connect-version-history.md#24180) in which contains a back-end service change that further hardens our services. **All customers are required to upgrade** to the latest version by **April 7, 2025**. -## 2.4.18.0 Warning ->[!WARNING] ->If you are a customer using a [non-commercial cloud](~/identity-platform/authentication-national-cloud.md) (such as [Azure Government](/azure/azure-government/documentation-government-welcome) or [Azure in China](/azure/china/overview-operations)), please wait until our next update before you attempt to upgrade. There is an installation issue with version [2.4.18.0](reference-connect-version-history.md#24180) that affects customers in non-commercial clouds. Previous versions [2.3.20.0](reference-connect-version-history.md#23200) and below are unimpacted. - -We are currently working on a fix, which we will release as part of an updated version as soon as possible. Customers in our commercial cloud are unaffected and can proceed to upgrade to version [2.4.18.0](reference-connect-version-history.md#24180). ## Expected impacts diff --git a/docs/identity/hybrid/connect/reference-connect-version-history.md b/docs/identity/hybrid/connect/reference-connect-version-history.md index 76d7cc3b8a3..489f57d0d08 100644 --- a/docs/identity/hybrid/connect/reference-connect-version-history.md +++ b/docs/identity/hybrid/connect/reference-connect-version-history.md @@ -19,11 +19,6 @@ The Microsoft Entra team regularly updates Microsoft Entra Connect with new feat This article helps you keep track of the versions that have been released and understand what the changes are in the latest version. -## 2.4.18.0 Warning ->[!WARNING] ->If you are a customer using a [non-commercial cloud](~/identity-platform/authentication-national-cloud.md) (such as [Azure Government](/azure/azure-government/documentation-government-welcome) or [Azure in China](/azure/china/overview-operations)), please wait until our next update before you attempt to upgrade. There is an installation issue with version [2.4.18.0](#24180) that affects customers in non-commercial clouds. Previous versions [2.3.20.0](#2320) and below are unimpacted. - -We are currently working on a fix, which we will release as part of an updated version as soon as possible. Customers in our commercial cloud are unaffected and can proceed to upgrade to version [2.4.18.0](#24180). ## Looking for the latest versions? @@ -97,6 +92,15 @@ If you want all the latest features and updates, check this page and install wha To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md). +## 2.x.xx.x + +### Release status + +10/09/2024: Released for download + + + + ## 2.4.18.0 ### Release status From f0d2b3d441c0d4c3f8f7595ea8e954c70dd3fe3b Mon Sep 17 00:00:00 2001 From: Megan Bradley Date: Wed, 9 Oct 2024 13:01:30 -0600 Subject: [PATCH 10/20] Update docutune-unattended.json override to run security ruleset --- .docutune/config/docutune-unattended.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.docutune/config/docutune-unattended.json b/.docutune/config/docutune-unattended.json index a55cce05009..6dcd2df05dc 100644 --- a/.docutune/config/docutune-unattended.json +++ b/.docutune/config/docutune-unattended.json @@ -24,6 +24,7 @@ "name": "Default", "command": "Fix", "configType": "full", + "termFiles": [ "Security-GUIDs.ps1" ], "include": [ // "docs/external-id/", // "docs/fundamentals/", From ad752ef97f546647a98a10537ce078bff243d842 Mon Sep 17 00:00:00 2001 From: Danny Zollner <66439574+ZollnerdMSFT@users.noreply.github.com> Date: Wed, 9 Oct 2024 14:24:07 -0500 Subject: [PATCH 11/20] Changed SFI link in "We're paused" note. --- docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md b/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md index ade918838d0..281f740e500 100644 --- a/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md +++ b/docs/identity/enterprise-apps/v2-howto-app-gallery-listing.md @@ -8,7 +8,7 @@ ms.service: entra-id ms.subservice: enterprise-apps ms.topic: how-to -ms.date: 07/24/2024 +ms.date: 10/09/2024 ms.author: jomondi ms.reviewer: ergreenl ms.custom: kr2b-contr-experiment, enterprise-apps-article @@ -28,7 +28,7 @@ To publish your application in the Microsoft Entra application gallery, you need - Join the Microsoft partner network. > [!NOTE] -> We are currently not accepting new SSO or provisioning requests while we focus on the [Secure Future Initiative](https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/). Update requests will be processed on a case-by-case basis. +> We are currently not accepting new SSO or provisioning requests while we focus on the [Secure Future Initiative](https://www.microsoft.com/security/blog/topic/secure-future-initiative/). Update requests will be processed on a case-by-case basis. ## Prerequisites To publish your application in the gallery, you must first read and agree to specific [terms and conditions](https://azure.microsoft.com/support/legal/active-directory-app-gallery-terms/). From c74141b6085379097c3597f43b2536076c3139d3 Mon Sep 17 00:00:00 2001 From: Danny Zollner <66439574+ZollnerdMSFT@users.noreply.github.com> Date: Wed, 9 Oct 2024 15:53:54 -0500 Subject: [PATCH 12/20] Update workday-writeback-tutorial.md Expanded note on sync all/sync assigned limitation. --- docs/identity/saas-apps/workday-writeback-tutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/saas-apps/workday-writeback-tutorial.md b/docs/identity/saas-apps/workday-writeback-tutorial.md index fe9e4d9e989..b1b5a8b06e6 100644 --- a/docs/identity/saas-apps/workday-writeback-tutorial.md +++ b/docs/identity/saas-apps/workday-writeback-tutorial.md @@ -300,7 +300,7 @@ Once the Workday provisioning app configurations are complete, you can turn on t > ![Select Writeback scope](./media/sap-successfactors-inbound-provisioning/select-writeback-scope.png) > [!NOTE] - > The Workday Writeback provisioning app doesn't support the option **Sync only assigned users and groups**. + > The Workday Writeback provisioning app doesn't support the option **Sync only assigned users and groups** and will always operate as if the "Sync all users and groups" option is selected. 2. Click **Save**. From b866e1ab1ed3d1e5945e0cd6c4787481619e3c19 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:21:06 -0400 Subject: [PATCH 13/20] updating --- .../hybrid/connect/harden-update-ad-fs-pingfederate.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index 629ea7f1214..ab174dfc253 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -12,7 +12,7 @@ ms.author: billmath # Hardening update to Microsoft Entra Connect Sync AD FS and PingFederate configuration -In October 2024, we released a [new version (2.4.18.0) of Microsoft Entra Connect Sync](reference-connect-version-history.md#24180) in which contains a back-end service change that further hardens our services. **All customers are required to upgrade** to the latest version by **April 7, 2025**. +In October 2024, we released new versions (2.4.xx.0) of Microsoft Entra Connect Sync in which contains a back-end service change that further hardens our services. **All customers are required to upgrade** to the [minimum versions](#minimum-versions) by **April 7, 2025**. ## Expected impacts @@ -25,11 +25,11 @@ If you aren’t upgraded to the minimum required version, you may encounter the >[!NOTE] > If you’re unable to upgrade by the deadline, you can restore the impacted functionalities by upgrading to the latest version. However, you would **lose the ability to configurate AD FS and PingFederate** during the time period between **April 7, 2025 and when you upgrade**. -### Minimum version +### Minimum versions To avoid any service impact, customers should be on version by April 7, 2025. - Customers in commercial clouds: [2.4.18.0](reference-connect-version-history.md#24180) or higher. -- Customers in non-commercial clouds: x.x.xx.x or higher. [Learn more](reference-connect-version-history.md#24180-warning) +- Customers in non-commercial clouds: 2.4.21.0 or higher. >[!IMPORTANT] From e057a5b057a55dc36af1bf9b9e9cc3a141a37607 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:23:54 -0400 Subject: [PATCH 14/20] updating --- .../hybrid/connect/reference-connect-version-history.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/reference-connect-version-history.md b/docs/identity/hybrid/connect/reference-connect-version-history.md index 489f57d0d08..c7aa9ba8e1a 100644 --- a/docs/identity/hybrid/connect/reference-connect-version-history.md +++ b/docs/identity/hybrid/connect/reference-connect-version-history.md @@ -92,12 +92,15 @@ If you want all the latest features and updates, check this page and install wha To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md). -## 2.x.xx.x +## 2.4.21.0 ### Release status 10/09/2024: Released for download +### Bug fixes + +- Fixed an issue with non-commercial clouds. From 21b7808f50680c03dafb7d3cb955a025315c13f2 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:25:26 -0400 Subject: [PATCH 15/20] updating --- .../hybrid/connect/reference-connect-version-history.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/reference-connect-version-history.md b/docs/identity/hybrid/connect/reference-connect-version-history.md index c7aa9ba8e1a..343c86bdbb8 100644 --- a/docs/identity/hybrid/connect/reference-connect-version-history.md +++ b/docs/identity/hybrid/connect/reference-connect-version-history.md @@ -68,7 +68,8 @@ Required permissions | For permissions required to apply an update, see [Microso |[2.3.6.0](#2360)|1 Apr 2025 (12 months after release of 2.3.8.0)| |[2.3.8.0](#2380)|25 Jul 2025 (12 months after release of 2.3.20.0)| |[2.3.20.0](#23200)|7 Oct 2025 (12 months after release of 2.4.18.0)| -|[2.4.18.0](#24180)|TBD| +|[2.4.18.0](#24180)|9 Oct 2025 (12 months after release of 2.4.21.0)| +|[2.4.21.0](#24210)|TBD| **All other versions are not supported** From 1c85eb8bf652bb35be34415987e1279d5280db8d Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:27:56 -0400 Subject: [PATCH 16/20] updating --- docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index ab174dfc253..4f659fa233b 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -31,6 +31,7 @@ To avoid any service impact, customers should be on version by April 7, 2025. - Customers in commercial clouds: [2.4.18.0](reference-connect-version-history.md#24180) or higher. - Customers in non-commercial clouds: 2.4.21.0 or higher. +To upgrade to the latest version: [Install Microsoft Entra Connect](https://aka.ms/connectsync-download) >[!IMPORTANT] > Make sure you familiarize yourself with the [minimum requirements](how-to-connect-install-prerequisites.md) for the version, including but not limited to: From 9ed24f4bf6451a32cdf9fa2095bdc1ac26f1c7ae Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:33:04 -0400 Subject: [PATCH 17/20] updating --- .../identity/hybrid/connect/harden-update-ad-fs-pingfederate.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index 4f659fa233b..fe4404d1b06 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -12,7 +12,7 @@ ms.author: billmath # Hardening update to Microsoft Entra Connect Sync AD FS and PingFederate configuration -In October 2024, we released new versions (2.4.xx.0) of Microsoft Entra Connect Sync in which contains a back-end service change that further hardens our services. **All customers are required to upgrade** to the [minimum versions](#minimum-versions) by **April 7, 2025**. +In October 2024, we released new versions (2.4.xx.0) of Microsoft Entra Connect Sync. These versions contain a back-end service change that further hardens our services. **All customers are required to upgrade** to the [minimum versions](#minimum-versions) by **April 7, 2025**. ## Expected impacts From f1370e193978bd31fd2b029c5efd031b9d55e2c8 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:34:30 -0400 Subject: [PATCH 18/20] updating --- .../identity/hybrid/connect/harden-update-ad-fs-pingfederate.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index fe4404d1b06..c8021f0cc0a 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -29,7 +29,7 @@ If you aren’t upgraded to the minimum required version, you may encounter the To avoid any service impact, customers should be on version by April 7, 2025. - Customers in commercial clouds: [2.4.18.0](reference-connect-version-history.md#24180) or higher. -- Customers in non-commercial clouds: 2.4.21.0 or higher. +- Customers in non-commercial clouds: [2.4.21.0](reference-connect-version-history.md#24210) or higher. To upgrade to the latest version: [Install Microsoft Entra Connect](https://aka.ms/connectsync-download) From d614b109c84f026dc0eabbcab1d3e11ec2adc0e5 Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:35:07 -0400 Subject: [PATCH 19/20] updating --- .../identity/hybrid/connect/harden-update-ad-fs-pingfederate.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index c8021f0cc0a..48e21bd40df 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -34,7 +34,7 @@ To avoid any service impact, customers should be on version by April 7, 2025. To upgrade to the latest version: [Install Microsoft Entra Connect](https://aka.ms/connectsync-download) >[!IMPORTANT] -> Make sure you familiarize yourself with the [minimum requirements](how-to-connect-install-prerequisites.md) for the version, including but not limited to: +> Make sure you familiarize yourself with the [minimum requirements](how-to-connect-install-prerequisites.md) for the versions, including but not limited to: > > - [.NET 4.7.2](https://dotnet.microsoft.com/download/dotnet-framework/net472#:~:text=Downloads%20for%20building%20and%20running%20applications%20with%20.NET%20Framework%204.7.2) > - [TLS 1. 2](reference-connect-tls-enforcement.md) From 3a6a1bb9735f4e8345fa99b546fff1177baca52d Mon Sep 17 00:00:00 2001 From: Bill Mathers Date: Wed, 9 Oct 2024 17:44:10 -0400 Subject: [PATCH 20/20] updating --- .../hybrid/connect/harden-update-ad-fs-pingfederate.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md index 48e21bd40df..21d81d42654 100644 --- a/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md +++ b/docs/identity/hybrid/connect/harden-update-ad-fs-pingfederate.md @@ -31,7 +31,9 @@ To avoid any service impact, customers should be on version by April 7, 2025. - Customers in commercial clouds: [2.4.18.0](reference-connect-version-history.md#24180) or higher. - Customers in non-commercial clouds: [2.4.21.0](reference-connect-version-history.md#24210) or higher. -To upgrade to the latest version: [Install Microsoft Entra Connect](https://aka.ms/connectsync-download) +To upgrade to the latest version. +> [!div class="nextstepaction"] +> [Install Microsoft Entra Connect](https://www.microsoft.com/download/details.aspx?id=47594) >[!IMPORTANT] > Make sure you familiarize yourself with the [minimum requirements](how-to-connect-install-prerequisites.md) for the versions, including but not limited to: