Merge pull request #5983 from MicrosoftDocs/main

11/15/2024 AM Publish
MicrosoftDocs · Nov 15, 2024 · 254b0e0 · 254b0e0
2 parents e64bc0d + c48817f
commit 254b0e0
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 146 deletions.
diff --git a/docs/fundamentals/whats-new-archive.md b/docs/fundamentals/whats-new-archive.md
@@ -1354,147 +1354,3 @@ Earlier this month, the Microsoft Authentication Library team announced the rele
 To learn more about MSAL for Python, see: [Microsoft Authentication Library (MSAL) for Python](/entra/msal/python/).
 
 ---
-
-## June 2023
-
-### Public Preview - New provisioning connectors in the Azure AD Application Gallery - June 2023
-
-**Type:** New feature   
-**Service category:** App Provisioning               
-**Product capability:** Third Party Integration    
-
-We've added the following new applications in our App gallery with Provisioning support. You can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
-
-- [Headspace](~/identity/saas-apps/headspace-provisioning-tutorial.md)
-- [Humbol](~/identity/saas-apps/humbol-provisioning-tutorial.md)
-- [LUSID](~/identity/saas-apps/lusid-provisioning-tutorial.md)
-- [Markit Procurement Service](~/identity/saas-apps/markit-procurement-service-provisioning-tutorial.md)
-- [Moqups](~/identity/saas-apps/moqups-provisioning-tutorial.md)
-- [Notion](~/identity/saas-apps/notion-provisioning-tutorial.md)
-- [OpenForms](~/identity/saas-apps/openforms-provisioning-tutorial.md)
-- [SafeGuard Cyber](~/identity/saas-apps/safeguard-cyber-provisioning-tutorial.md)
-- [Uni-tel A/S](~/identity/saas-apps/uni-tel-as-provisioning-tutorial.md)
-- [Vault Platform](~/identity/saas-apps/vault-platform-provisioning-tutorial.md)
-- [V-Client](~/identity/saas-apps/v-client-provisioning-tutorial.md)
-- [Veritas Enterprise Vault.cloud SSO-SCIM](~/identity/saas-apps/veritas-provisioning-tutorial.md)
-
-For more information about how to better secure your organization by using automated user account provisioning, see: [Automate user provisioning to SaaS applications with Azure AD](~/identity/app-provisioning/user-provisioning.md).
-
----
-
-### General Availability - Include/exclude Entitlement Management in Conditional Access policies
-
-**Type:** New feature       
-**Service category:** Entitlement Management                          
-**Product capability:** Entitlement Management                
-
-The Entitlement Management service can now be targeted in the Conditional Access policy for inclusion or exclusion of applications. To target the Entitlement Management service, select “Azure AD Identity Governance - Entitlement Management” in the cloud apps picker. The Entitlement Management app includes the entitlement management part of My Access, the Entitlement Management part of the Microsoft Entra and Azure portals, and the Entitlement Management part of MS Graph. For more information, see:  [Review your Conditional Access policies](~/id-governance/entitlement-management-external-users.md#review-your-conditional-access-policies).
-
----
-
-### General Availability - Azure Active Directory User and Group capabilities on Azure Mobile are now available
-
-**Type:** New feature       
-**Service category:** Azure Mobile App                             
-**Product capability:** End User Experiences                  
-
-The Azure Mobile app now includes a section for Azure Active Directory. Within Azure Active Directory on mobile, user can search for and view more details about user and groups. Additionally, permitted users can invite guest users to their active tenant, assign group membership and ownership for users, and view user sign-in logs. For more information, see: [Get the Azure mobile app](https://azure.microsoft.com/get-started/azure-portal/mobile-app/).
-
----
-
-### Plan for change - Modernizing Terms of Use Experiences
-
-**Type:** Plan for change         
-**Service category:** Terms of Use                               
-**Product capability:** AuthZ/Access Delegation                   
-
-Recently we announced the modernization of terms of use end-user experiences as part of ongoing service improvements. As previously communicated the end user experiences is updated with a new PDF viewer and are moving from https://account.activedirectory.windowsazure.com to https://myaccount.microsoft.com. 
-
-Starting today the modernized experience for viewing previously accepted terms of use is available via https://myaccount.microsoft.com/termsofuse/myacceptances. We encourage you to check out the modernized experience, which follows the same updated design pattern as the upcoming modernization of accepting or declining terms of use as part of the sign-in flow. We would appreciate your [feedback](https://forms.microsoft.com/r/NV0msbrqtF) before we begin to modernize the sign-in flow.
-
----
-
-### General Availability - Privileged Identity Management for Groups
-
-**Type:** New feature       
-**Service category:** Privileged Identity Management                               
-**Product capability:** Privileged Identity Management                 
-
-Privileged Identity Management for Groups is now generally available. With this feature, you have the ability to grant users just-in-time membership in a group, which in turn provides access to Azure Active Directory roles, Azure roles, Azure SQL, Azure Key Vault, Intune, other application roles, and third-party applications. Through one activation, you can conveniently assign a combination of permissions across different applications and Role-Based Access Control systems.
-
-PIM for Groups offers can also be used for just-in-time ownership. As the owner of the group, you can manage group properties, including membership. For more information, see: [Privileged Identity Management (PIM) for Groups](~/id-governance/privileged-identity-management/concept-pim-for-groups.md).
-
----
-
-### General Availability - Privileged Identity Management and Conditional Access integration 
-
-**Type:** New feature       
-**Service category:** Privileged Identity Management                               
-**Product capability:** Privileged Identity Management                    
-
-The Privileged Identity Management (PIM) integration with Conditional Access authentication context is generally available. You can require users to meet various requirements during role activation such as:
-
-- Have specific authentication method through [Authentication Strengths](~/identity/authentication/concept-authentication-strengths.md)
-- Activate from a compliant device 
-- Validate location based on GPS
-- Not have certain level of sign-in risk identified with Identity Protection
-- Meet other requirements defined in Conditional Access policies
-
-The integration is available for all providers: PIM for Azure AD roles, PIM for Azure resources, PIM for groups. For more information, see:
-- [Configure Azure AD role settings in Privileged Identity Management](~/id-governance/privileged-identity-management/pim-how-to-change-default-settings.md)
-- [Configure Azure resource role settings in Privileged Identity Management](~/id-governance/privileged-identity-management/pim-resource-roles-configure-role-settings.md)
-- [Configure PIM for Groups settings](~/id-governance/privileged-identity-management/groups-role-settings.md)
-
----
-
-### General Availability - Updated look and feel for Per-user MFA
-
-**Type:** Plan for change    
-**Service category:** MFA                       
-**Product capability:** Identity Security & Protection              
-
-As part of ongoing service improvements, we're making updates to the per-user MFA admin configuration experience to align with the look and feel of Azure. This change doesn't include any changes to the core functionality and only includes visual improvements. For more information, see: [Enable per-user Microsoft Entra multifactor authentication to secure sign-in events](~/identity/authentication/howto-mfa-userstates.md).
-
----
-
-### General Availability - Converged Authentication Methods in US Gov cloud
-
-**Type:** New feature   
-**Service category:** MFA                      
-**Product capability:** User Authentication              
-
-The Converged Authentication Methods Policy enables you to manage all authentication methods used for MFA and SSPR in one policy and migrate off the legacy MFA and SSPR policies. This update also targets authentication methods to groups of users instead of enabling them for all users in the tenant. Customers should migrate management of authentication methods off the legacy MFA and SSPR policies before September 30, 2024. For more information, see: [Manage authentication methods for Azure AD](~/identity/authentication/concept-authentication-methods-manage.md).
-
----
-
-### General Availability - Support for Directory Extensions using Azure AD cloud sync
-
-**Type:** New feature  
-**Service category:** Provisioning  
-**Product capability:** Azure AD Connect cloud sync
-
-Hybrid IT Admins can now sync both Active Directory and Azure AD Directory Extensions using Azure AD Connect cloud sync. This new capability adds the ability to dynamically discover the schema for both Active Directory and Azure Active Directory, thereby, allowing customers to map the needed attributes using the attribute mapping experience of cloud sync. For more information, see [Directory extensions and custom attribute mapping in cloud sync](~/identity/hybrid/cloud-sync/custom-attribute-mapping.md).
-
----
-
-### Public Preview - Restricted Management Administrative Units
-
-**Type:** New feature   
-**Service category:** Directory Management                        
-**Product capability:** Access Control               
-
-Restricted Management Administrative Units allow you to restrict modification of users, security groups, and device in Azure AD so that only designated administrators can make changes. Global Administrators and other tenant-level administrators can't modify the users, security groups, or devices that are added to a restricted management admin unit. For more information, see: [Restricted management administrative units in Azure Active Directory (Preview)](~/identity/role-based-access-control/admin-units-restricted-management.md).
-
----
-
-### General Availability - Report suspicious activity integrated with Identity Protection
-
-**Type:** Changed feature   
-**Service category:** Identity Protection                        
-**Product capability:** Identity Security & Protection              
-
-Report suspicious activity is an updated implementation of the MFA fraud alert, where users can report a voice or phone app MFA prompt as suspicious. If enabled, users reporting prompts have their user risk set to high, enabling admins to use Identity Protection risk based policies or risk detection APIs to take remediation actions. Report suspicious activity operates in parallel with the legacy MFA fraud alert at this time. For more information, see: [Configure Microsoft Entra multifactor authentication settings](~/identity/authentication/howto-mfa-mfasettings.md).
-
----
-
-
diff --git a/docs/id-governance/sap.md b/docs/id-governance/sap.md
@@ -101,7 +101,7 @@ With separation-of-duties checks in Microsoft Entra [entitlement management](htt
 
 * Admins and access managers can prevent users from requesting extra access packages if they're already assigned to other access packages or are a member of other groups that are incompatible with the requested access.
 * Enterprises with critical regulatory requirements for SAP apps have a single consistent view of access controls. They can then enforce separation-of-duties checks across their financial and other business-critical applications, along with Microsoft Entra integrated applications.
-* With integration with [Pathlock](https://pathlock.com/applications/microsoft-entra-id-governance/) and other partner products, customers can take advantage of fine-grained separation-of-duties checks with access packages in Microsoft Entra ID Governance.
+* With Microsoft Entra integrations to [SAP access governance](https://learning.sap.com/learning-journeys/exploring-the-fundamentals-of-sap-system-security/discussing-access-governance-integration-scenarios-ac-iag-), to [Pathlock](https://pathlock.com/applications/microsoft-entra-id-governance/) and to other partner products, customers can take advantage of additional risk and fine-grained separation-of-duties checks enforced in those products, with access packages in Microsoft Entra ID Governance.
 
 ## Additional guidance
 

diff --git a/docs/id-governance/scenarios/migrate-from-sap-idm.md b/docs/id-governance/scenarios/migrate-from-sap-idm.md
@@ -224,7 +224,7 @@ Microsoft Entra includes multiple access lifecycle management technologies to en
 
   ![Entitlement management overview diagram](~/id-governance/media/entitlement-management-overview/elm-overview.png)
 
- * **Access management through Entitlement management and an external GRC product.** With the integration from Microsoft Entra ID Governance to [Pathlock](https://pathlock.com/applications/microsoft-entra-id-governance/) and other partner products, customers can take advantage of fine-grained separation-of-duties checks enforced in those products, with access packages in Microsoft Entra ID Governance.
+ * **Access management through Entitlement management and an external GRC product.** With Microsoft Entra integrations to [SAP access governance](https://learning.sap.com/learning-journeys/exploring-the-fundamentals-of-sap-system-security/discussing-access-governance-integration-scenarios-ac-iag-), to [Pathlock](https://pathlock.com/applications/microsoft-entra-id-governance/) and to other partner products, customers can take advantage of additional risk and fine-grained separation-of-duties checks enforced in those products, with access packages in Microsoft Entra ID Governance.
 
 ### Use Microsoft Entra for reporting