Merge branch 'main' into user/satpatel/docChangesRS

Author: mnorman-ms

.openpublishing.publish.config.json

@@ -102,8 +102,8 @@
       "branch_mapping": {}
     },
     {
-      "path_to_root": "api-reference/reusable-content",
-      "url": "https://github.com/MicrosoftDocs/reusable-content",
+      "path_to_root": "reusable-content",
+      "url": "https://github.com/MicrosoftDocs/reusable-content/",
       "branch": "main",
       "branch_mapping": {}
     }

api-reference/beta/api/accesspackageassignmentresourcerole-get.md

@@ -5,6 +5,7 @@ ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
 doc_type: "apiPageType"
+ms.date: 04/05/2024
 ---
 
 # Get accessPackageAssignmentResourceRole
@@ -24,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "accesspackageassignmentresourcerole_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/accesspackageassignmentresourcerole-get-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/domain-post-federationconfiguration.md

@@ -66,7 +66,7 @@ You can specify the following properties when creating an **internalDomainFedera
 |signOutUri|String|URI that clients are redirected to when they sign out of Microsoft Entra services. Corresponds to the **LogOffUri** property of the [Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet](/powershell/module/msonline/set-msoldomainfederationsettings).|
 |signingCertificateUpdateStatus|[signingCertificateUpdateStatus](../resources/signingcertificateupdatestatus.md)|Provides status and timestamp of the last update of the signing certificate.|
 
-[!INCLUDE [Azure AD PowerShell deprecation note](~/../api-reference/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]
+[!INCLUDE [Azure AD PowerShell deprecation note](~/../reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]
 
 ### federatedIdpMfaBehavior values
 

api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentresourceroles.md

@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "entitlementmanagement_list_accesspackageassignmentresourceroles" } -->
 [!INCLUDE [permissions-table](../includes/permissions/entitlementmanagement-list-accesspackageassignmentresourceroles-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/internaldomainfederation-update.md

@@ -65,7 +65,7 @@ PATCH /domains/{domainsId}/federationConfiguration/{internalDomainFederationId}
 |signingCertificateUpdateStatus|[signingCertificateUpdateStatus](../resources/signingcertificateupdatestatus.md)|Provides status and timestamp of the last update of the signing certificate.|
 |signOutUri|String|URI that clients are redirected to when they sign out of Microsoft Entra services. Corresponds to the **LogOffUri** property of the [Set-MsolDomainFederationSettings MSOnline v1 PowerShell cmdlet](/powershell/module/msonline/set-msoldomainfederationsettings).|
 
-[!INCLUDE [Azure AD PowerShell deprecation note](~/../api-reference/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]
+[!INCLUDE [Azure AD PowerShell deprecation note](~/../reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]
 
 ### federatedIdpMfaBehavior values
 

api-reference/beta/resources/appmanagementpolicyactorexemptions.md

@@ -0,0 +1,38 @@
+---
+title: "appManagementPolicyActorExemptions resource type"
+description: "Represents a collection of exemptions from the enforcement of identifierUri restrictions on an app management policy."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# appManagementPolicyActorExemptions resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a collection of exemptions from the enforcement of [identifierUri restrictions](../resources/identifierurirestriction.md) on an app management policy.
+
+## Properties
+None.
+
+## Relationships
+|Relationship|Type|Description|
+|:---|:---|:---|
+|customSecurityAttributes|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection| The collection of [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) to exempt from the policy enforcement. Limit of 5. |
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.appManagementPolicyActorExemptions"
+}
+```

api-reference/beta/resources/customsecurityattributeexemption.md

@@ -0,0 +1,62 @@
+---
+title: "customSecurityAttributeExemption resource type"
+description: "Configuration object to configure a custom security attribute exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+This resource is an abstract type from which the [customSecurityAttributeStringValueExemption](../resources/customSecurityAttributeStringValueExemption.md) derives.
+
+
+Inherits from [entity](../resources/entity.md).
+
+
+## Methods
+None.
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/appmanagementpolicyactorexemptions-list-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection|Get a list of the [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) objects and their properties.|
+|[Create](../api/appmanagementpolicyactorexemptions-post-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Create a new [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Get](../api/customsecurityattributeexemption-get.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Read the properties and relationships of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Update](../api/customsecurityattributeexemption-update.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Update the properties of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Delete](../api/appmanagementpolicyactorexemptions-delete-customsecurityattributes.md)|None|Delete a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | String                                         | Unique identifier with combination of the custom security attribute set name and attribute name. For example, `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeExemption",
+  "baseType": "microsoft.graph.entity",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeExemption",
+  "id": "String (identifier)",
+  "operator": "String"
+}
+```

api-reference/beta/resources/customsecurityattributestringvalueexemption.md

@@ -0,0 +1,61 @@
+---
+title: "customSecurityAttributeStringValueExemption resource type"
+description: "Configuration object to configure a custom security attribute string value exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeStringValueExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+
+Inherits from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).
+
+## Methods
+None.
+
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/customsecurityattributestringvalueexemption-list.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) collection|Get a list of the [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) objects and their properties.|
+|[Get](../api/customsecurityattributestringvalueexemption-get.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Read the properties and relationships of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Update](../api/customsecurityattributestringvalueexemption-update.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Update the properties of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Delete](../api/customsecurityattributestringvalueexemption-delete.md)|None|Delete a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | string                                         | Unique identifier with combination of the custom security attribute set name and attribute name. , `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | Inherited from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+| value                     | string                                         | Value representing custom security attribute value to compare against while evaluating the exemption. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeStringValueExemption",
+  "baseType": "microsoft.graph.customSecurityAttributeExemption",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeStringValueExemption",
+  "id": "String (identifier)",
+  "operator": "String",
+  "value": "String"
+}
+```

api-reference/beta/resources/enums.md

@@ -756,6 +756,13 @@ Namespace: microsoft.graph
 | trustedCertificateAuthority |
 | unknownFutureValue |
 
+### customSecurityAttributeComparisonOperator values 
+
+| Member |
+| ---- |
+| equals |
+| unknownFutureValue |
+
 ### synchronizationSecret values
 
 | Member |

api-reference/beta/resources/identifierurirestriction.md

@@ -5,7 +5,7 @@ author: "yogesh-randhawa"
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: resourcePageType
-ms.date: 09/13/2024
+ms.date: 11/17/2024
 ---
 
 # identifierUriRestriction resource type
@@ -19,7 +19,8 @@ Configuration object to configure a restriction for identifier URIs on applicati
 ## Properties
 | Property                                    | Type                            | Description                 |
 | :------------------------------------------ | :------------------------------ | :-------------------------- |
-| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Entra ID; else, the restriction isn't enforced for those applications.|
+| excludeActors                | [appManagementPolicyActorExemptions](appmanagementpolicyactorexemptions.md)                         | Collection of custom security attribute exemptions. If an actor user or service principal has the custom security attribute, they're exempted from the restriction. |
+| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Microsoft Entra ID; else, the restriction isn't enforced for those applications.|
 | excludeSaml                                 | Boolean                         | If `true`, the restriction isn't enforced for SAML applications in Microsoft Entra ID; else, the restriction is enforced for those applications.|
 | restrictForAppsCreatedAfterDateTime         | String                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
 | state                                       | appManagementRestrictionState   |  String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
@@ -40,7 +41,10 @@ The following JSON representation shows the resource type.
   "state": "String",
   "restrictForAppsCreatedAfterDateTime": "String (timestamp)",
   "excludeAppsReceivingV2Tokens": "Boolean",
-  "excludeSaml": "Boolean"
+  "excludeSaml": "Boolean",
+  "excludeActors": {
+      "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+    }
 }
 ```