Merge pull request #26317 from microsoftgraph/main

Merge to publish.

Author: Lauragra

api-reference/beta/api/plannertaskconfiguration-update.md

@@ -41,6 +41,7 @@ PATCH /solutions/businessScenarios/{businessScenarioId}/planner/taskConfiguratio
 |:---|:---|
 |Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
 |Content-Type|application/json. Required.|
+|If-Match| Last known `@odata-etag` value for the **plannerTaskConfiguration** to be updated. Required. Learn more about [etags](https://learn.microsoft.com/en-us/graph/api/resources/planner-overview?view=graph-rest-1.0#planner-resource-versioning).|
 
 ## Request body
 
@@ -70,89 +71,49 @@ The following example shows a request.
 ``` http
 PATCH https://graph.microsoft.com/beta/solutions/businessScenarios/c5d514e6c6864911ac46c720affb6e4d/planner/taskConfiguration
 Content-Type: application/json
+If-Match: W/"JzEtVGFzayAgQEBAQEBAQEBAQEBAQEBAWCc="
 
 {
-  "@odata.type": "#microsoft.graph.plannerTaskConfiguration",
-  "editPolicy": {
-    "rules": [
-      {
-        "defaultRule": "block",
-        "role": {
-          "@odata.type": "#microsoft.graph.plannerRelationshipBasedUserType",
-          "roleKind": "relationship",
-          "role": "defaultRules"
-        },
-        "propertyRule": {
-          "percentComplete": ["allow"],
-          "ruleKind": "taskRule",
-          "assignments": {
-            "defaultRules": ["addSelf"],
-            "overrides": []
-          }
-        }
-      },
-      {
-        "defaultRule": "block",
-        "role": {
-          "@odata.type": "#microsoft.graph.plannerRelationshipBasedUserType",
-          "roleKind": "relationship",
-          "role": "taskAssignees"
-        },
-        "propertyRule": {
-          "startDate": ["allow"],
-          "dueDate": ["allow"],
-          "percentComplete": ["allow"],
-          "order": ["allow"],
-          "ruleKind": "taskRule",
-          "references": {
-            "defaultRules": ["allow"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["allow"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["block"]
-              }
-            ]
-          },
-          "checkLists": {
-            "defaultRules": ["allow"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["allow"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["check"]
-              }
-            ]
-          },
-          "assignments": {
-            "defaultRules": ["block"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["removeSelf"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["check"]
-              }
-            ]
-          },
-          "appliedCategories": {
-            "defaultRules": [
-              "allow"
-            ],
-            "overrides": []
-          }
-        }
-      }
-    ]
-  }
+    "editPolicy": {
+        "rules": [
+            {
+                "userType": {
+                    "@odata.type": "#microsoft.graph.plannerRelationshipBasedUserType",
+                    "selectionKind": "relationship",
+                    "role": "defaultRules"
+                },
+                "defaultRule": "block",
+                "propertyRule": {
+                    "ruleKind": "taskRule",
+                    "references": {
+                        "defaultRules": [ "allow" ],
+                        "overrides": []
+                    },
+                    "checkLists": {
+                        "defaultRules": [ "allow" ],
+                        "overrides": []
+                    },
+                    "assignments": {
+                        "defaultRules": [ "allow" ],
+                        "overrides": [
+                            {
+                                "name": "userCreated",
+                                "rules": [ "allow" ]
+                            },
+                            {
+                                "name": "applicationCreated",
+                                "rules": [ "allow" ]
+                            }
+                        ]
+                    },
+                    "appliedCategories": {
+                        "defaultRules": [ "allow" ],
+                        "overrides": []
+                    }
+                }
+            }
+        ]
+    }
 }
 ```
 
@@ -193,117 +154,10 @@ Content-Type: application/json
 ### Response
 
 The following example shows the response.
->**Note:** The response object shown here might be shortened for readability.
 <!-- {
   "blockType": "response",
-  "truncated": true,
-  "@odata.type": "microsoft.graph.plannerTaskConfiguration"
-}
--->
-``` http
-HTTP/1.1 200 OK
-Content-Type: application/json
-
-{
-  "@odata.type": "#microsoft.graph.plannerTaskConfiguration",
-  "id": "52be01e6291f403aa49f2b9f5288ab48",
-  "editPolicy": {
-    "rules": [
-      {
-        "defaultRule": "block",
-        "role": {
-          "@odata.type": "#microsoft.graph.plannerRelationshipBasedUserType",
-          "roleKind": "relationship",
-          "role": "defaultRules"
-        },
-        "propertyRule": {
-          "move": [],
-          "delete": [],
-          "title": [],
-          "notes": [],
-          "priority": [],
-          "startDate": [],
-          "dueDate": [],
-          "percentComplete": ["allow"],
-          "order": [],
-          "previewType": [],
-          "ruleKind": "taskRule",
-          "references": null,
-          "checkLists": null,
-          "assignments": {
-            "defaultRules": ["addSelf"],
-            "overrides": []
-          },
-          "appliedCategories": null
-        }
-      },
-      {
-        "defaultRule": "block",
-        "role": {
-          "@odata.type": "#microsoft.graph.plannerRelationshipBasedUserType",
-          "roleKind": "relationship",
-          "role": "taskAssignees"
-        },
-        "propertyRule": {
-          "move": [],
-          "delete": [],
-          "title": [],
-          "notes": [],
-          "priority": [],
-          "startDate": ["allow"],
-          "dueDate": ["allow"],
-          "percentComplete": ["allow"],
-          "order": ["allow"],
-          "previewType": [],
-          "ruleKind": "taskRule",
-          "references": {
-            "defaultRules": ["allow"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["allow"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["block"]
-              }
-            ]
-          },
-          "checkLists": {
-            "defaultRules": ["allow"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["allow"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["check"]
-              }
-            ]
-          },
-          "assignments": {
-            "defaultRules": ["block"],
-            "overrides": [
-              {
-                "name": "userCreated",
-                "rules": ["removeSelf"]
-              },
-              {
-                "name": "applicationCreated",
-                "rules": ["check"]
-              }
-            ]
-          },
-          "appliedCategories": {
-            "defaultRules": [
-              "allow"
-            ],
-            "overrides": []
-          }
-        }
-      }
-    ]
-  }
-}
+  "truncated": true
+} -->
+```http
+HTTP/1.1 204 No Content
 ```

api-reference/beta/resources/tiindicator.md

@@ -40,7 +40,7 @@ Currently, **targetProduct** supports the following products:
 
    There's a limit of 15,000 indicators per tenant for Microsoft Defender for Endpoint.
 
-- **Microsoft Sentinel** – Only existing customers can use the **tiIndicator** API to send threat intelligence indicators to Microsoft Sentinel. For the most up-to-date, detailed instructions on how to send threat intelligent indicators to Microsoft Sentinel, see [Connect your threat intelligence platform to Microsoft Sentinel](/azure/sentinel/connect-threat-intelligence-tip).
+- **Microsoft Sentinel** – Only existing customers can use the **tiIndicator** API to send threat intelligence indicators to Microsoft Sentinel. For the most up-to-date, detailed instructions on how to send threat intelligent indicators to Microsoft Sentinel, see [Connect your threat intelligence platform to Microsoft Sentinel with the upload API](/azure/sentinel/connect-threat-intelligence-upload-api).
 
 For details about the types of indicators supported and limits on indicator counts per tenant, see [Manage indicators](/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
 

concepts/application-saml-sso-configure-api.md

@@ -8,7 +8,7 @@ ms.localizationpriority: high
 ms.topic: tutorial
 ms.custom: scenarios:getting-started
 ms.subservice: entra-applications
-ms.date: 02/23/2024
+ms.date: 02/27/2025
 #customer intent: As a developer, I want to configure SAML-based single sign-on for my application using Microsoft Graph, so that I can improve usability of apps by enabling secure authentication and authorization for users.
 ---
 
@@ -27,13 +27,15 @@ In this tutorial, you learn how to:
 
 ## Prerequisites
 
-- Sign in to an API client such as [Graph Explorer](https://aka.ms/ge) as a user with Cloud Application Administrator role in your Microsoft Entra tenant.
+This tutorial configures SSO for the AWS IAM Identity Center. However, most of the steps on Microsoft Graph apply to any other app that you want to configure SSO.
+
+- Sign in to an API client such as [Graph Explorer](https://aka.ms/ge) with the privileges to instantiate apps from the Microsoft Entra application gallery, configure app roles, and policies on apps. *Cloud Application Administrator* in the least privileged Microsoft Entra built-in role with these permissions.
 - Grant yourself the following delegated permissions: `Application.ReadWrite.All`, `AppRoleAssignment.ReadWrite.All`, `Policy.Read.All`, `Policy.ReadWrite.ApplicationConfiguration`, and `User.ReadWrite.All`.
-- Have a test user to assign to the application.
+- Have a test user to assign to the application. You'll create a matching user in the AWS IAM Identity Center later in this tutorial.
 
 ## Step 1: Identify the application to configure
 
-Microsoft Entra ID has a gallery that contains thousands of preintegrated applications that you can use as a template for your application. In Microsoft Graph, this list is available through the **applicationTemplate** entity.
+To create an app that supports SSO, you register it through the Microsoft Entra App Gallery. The Microsoft Entra App Gallery is a catalog of thousands of preintegrated apps that simplify deploying and configuring SSO and automated user provisioning. In Microsoft Graph, this list is available through the **applicationTemplate** entity.
 
 In this step, you identify the application template for the `AWS IAM Identity Center (successor to AWS Single Sign-On)` application that you want to configure. Record its **id**.
 
@@ -123,7 +125,7 @@ Content-type: application/json
 
 ## Step 2: Instantiate the application
 
-Using the **id** value for the application template, create an instance of the application in your tenant. Here, you name the application **AWS Contoso**. The response includes an application and service principal object for **AWS Contoso**, which is an instance of the **AWS IAM Identity Center (successor to AWS Single Sign-On)** app. Record the IDs of the two objects for use later in this tutorial.
+Using the **id** value for the application template, create an instance of the application in your tenant. Here, you name the application **AWS Contoso**. The response includes an application and service principal object for **AWS Contoso**, which is an instance of the **AWS IAM Identity Center (successor to AWS Single Sign-On)** app. Record the IDs of the created application and service principal objects for use later in this tutorial.
 
 #### Request
 
@@ -361,11 +363,11 @@ Content-type: application/json
 
 ## Step 3: Configure single sign-on
 
-In this step, you configure SSO for both the AWS Contoso application and the service principal. For the application, you configure the SAML URLs while for the service principal, you set the SSO mode to `saml`.
+In this step, you configure SSO for both the AWS Contoso. For the application, you configure the SAML URLs while for the service principal, you set the SSO mode to `saml`.
 
 ### Step 3.1: Set single sign-on mode for the service principal
 
-Set `saml` as the SSO mode for the service principal you created in Step 2. The request returns a `204 No Content` response code.
+Set `saml` as the SSO mode for the AWS Contoso service principal. The request returns a `204 No Content` response code.
 
 # [HTTP](#tab/http)
 <!-- {
@@ -417,7 +419,7 @@ Content-type: application/json
 
 ### Step 3.2: Set basic SAML URLs for the application
 
-In this step, set the **web**/**redirectUris** and **web**/**redirectUris** for the application you created in Step 2. The request returns a `204 No Content` response code.
+Set the **web**/**redirectUris** and **web**/**redirectUris** for the AWS Contoso application. The request returns a `204 No Content` response code.
 
 # [HTTP](#tab/http)
 <!-- {
@@ -476,7 +478,7 @@ Content-type: application/json
 
 ## Step 4: Add app roles
 
-If the application requires the role information in the token, add the definition of the roles in the application object. By default, the **appRoles** object in the application and service principal in Step 2 included the default `User` and `msiam_access` roles. Don't modify or remove them. To add more roles, you must include both the existing roles and the new roles in the **appRoles** object in the request, otherwise, the existing roles are replaced.
+If the application requires the role information in the token, add the definition of the roles in the **appRoles** property. AWS Contoso was instantiated with the default `User` and `msiam_access` roles - don't modify or remove them. To add more roles, you include both the existing roles and the new roles in the **appRoles** object in the request, otherwise, the existing roles are replaced.
 
 In this step, add the `Finance,WAAD` and `Admin,WAAD` roles to the AWS Contoso service principal. The request returns a `204 No Content` response code.
 
@@ -1128,7 +1130,7 @@ Content-type: application/json
 
 ### Assign a user to the application
 
-Assign the user that you created to the service principal and grant them the `Admin,WAAD` app role. In the request body, provide the following values:
+Assign the test user that you created to the service principal and grant them the `Admin,WAAD` app role. In the request body, provide the following values:
 
 - **principalId** - The ID of the user account that you created.
 - **appRoleId** - The ID of the `Admin,WAAD` app role that you added.
@@ -1236,12 +1238,12 @@ The following shows an example of what you might see for your application. Save
 
 ## Step 9: Complete and test the integration 
 
-Now that you've completed the configuration steps for the application in Microsoft Entra ID and have the SAML metadata, sign in to your AWS IAM Identity Center company site as an administrator and:
-1. Complete the steps to [Configure AWS IAM Identity Center SSO](/entra/identity/saas-apps/aws-single-sign-on-tutorial#configure-aws-iam-identity-center-sso).
-1. Create a test user whose user name and email address match the user account that you created in Microsoft Entra ID.
+Now that you've configured the Microsoft Entra application and have the SAML metadata, sign in to your AWS IAM Identity Center company site as an administrator and:
+1. [Configure AWS IAM Identity Center SSO](/entra/identity/saas-apps/aws-single-sign-on-tutorial#configure-aws-iam-identity-center-sso).
+1. [Create an AWS IAM Identity Center test user whose user name and email address match the user account that you created in Microsoft Entra ID](/entra/identity/saas-apps/aws-single-sign-on-tutorial#create-aws-iam-identity-center-test-user).
 1. [Test the SSO integration](/entra/identity/saas-apps/aws-single-sign-on-tutorial#test-sso).
 
-## Step 10: Clean up resources
+## [Optional] Step 10: Clean up resources
 
 In this step, remove the resources that you created and no longer need.
 

concepts/best-practices-concept.md

@@ -159,5 +159,5 @@ To ensure reliability and facilitate support for your application:
 - Open connections to all advertised DNS answers.
 - Generate a unique GUID and send it on each Microsoft Graph REST request. This helps Microsoft investigate any errors more easily if you need to report an issue with Microsoft Graph.
   - On every request to Microsoft Graph, generate a unique GUID, send it in the `client-request-id` HTTP request header, and also log it in your application's logs.
-  - Always log the `request-id` and `Date` from the HTTP response headers. These, together with the `client-request-id`, are required when reporting issues in [Microsoft Q&A](/answers/products/m365#microsoft-graph) or to Microsoft Support.
+  - Always log the full HTTP Graph API call including the full URL, all the headers and JSON body for both the response and the request. These are required when reporting issues in [Microsoft Q&A](/answers/products/m365#microsoft-graph) or to Microsoft Support.
   - If you're using a third-party application, the app vendor needs to engage with our support team to investigate the issue.

concepts/cli/installation.md

@@ -21,10 +21,10 @@ The Microsoft Graph command-line interface (CLI) is published on [GitHub](https:
 
 ### Windows environment setup (Optional)
 
-1. Open **Settings**.
-1. Select **About**, then **Advanced system settings**.
+1. Open **Settings** > **System**.
+1. Select **About** > **Advanced system settings**.    
 1. Select **Environment Variables...**.
-1. Locate and select **Path**, then select **Edit**.
+1. Locate and select **Path** > select **Edit**.
 
     > [!NOTE]
     > The **Path** variable is present in **User variables** as well as **System variables**. Updating the variable in **User variables** will only update the current user's path. Updating the variable in **System variables** will update the path for all users on the computer.