Skip to content

Commit

Permalink
Merge pull request #6622 from MicrosoftDocs/main
Browse files Browse the repository at this point in the history
1/21/2025 PM Publish
  • Loading branch information
Taojunshen authored Jan 21, 2025
2 parents 685269e + a624c79 commit aaeb42f
Show file tree
Hide file tree
Showing 21 changed files with 45 additions and 45 deletions.
2 changes: 1 addition & 1 deletion docs/global-secure-access/how-to-compliant-network.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ ms.reviewer: smistry
---
# Enable compliant network check with Conditional Access

Organizations who use Conditional Access along with the Global Secure Access, can prevent malicious access to Microsoft apps, third-party SaaS apps, and private line-of-business (LoB) apps using multiple conditions to provide defense-in-depth. These conditions might include device compliance, location, and more to provide protection against user identity or token theft. Global Secure Access introduces the concept of a compliant network within Microsoft Entra ID Conditional Access. This compliant network check ensures users connect from a verified network connectivity model for their specific tenant and are compliant with security policies enforced by administrators.
Organizations who use Conditional Access along with the Global Secure Access, can prevent malicious access to Microsoft apps, third-party SaaS apps, and private line-of-business (LoB) apps using multiple conditions to provide defense-in-depth. These conditions might include device compliance, location, and more to provide protection against user identity or token theft. Global Secure Access introduces the concept of a compliant network within Microsoft Entra ID Conditional Access. This compliant network check ensures users connect via the Global Secure Access service for their specific tenant and are compliant with security policies enforced by administrators.


The Global Secure Access Client installed on devices or users behind configured remote networks allows administrators to secure resources behind a compliant network with advanced Conditional Access controls. This compliant network feature makes it easier for administrators to manage access policies, without having to maintain a list of egress IP addresses. This removes the requirement to hairpin traffic through organization's VPN.
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/administration-concepts.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: conceptual
ms.date: 08/25/2024
ms.date: 01/21/2025
ms.author: justinha
---

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/alert-ldaps.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 81208c0b-8d41-4f65-be15-42119b1b5957
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
---
# Known issues: Secure LDAP alerts in Microsoft Entra Domain Services
Expand Down
12 changes: 6 additions & 6 deletions docs/identity/domain-services/alert-nsg.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 95f970a7-5867-4108-a87e-471fa0910b8c
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
---
# Known issues: Network configuration alerts in Microsoft Entra Domain Services
Expand All @@ -21,7 +21,7 @@ This article helps you understand and resolve common alerts for network security

### Alert message

*Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there is a user-defined route that blocks incoming traffic from the internet.*
*Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there's a user-defined route that blocks incoming traffic from the internet.*

Invalid network security group rules are the most common cause of network errors for Domain Services. The network security group for the virtual network must allow access to specific ports and protocols. If these ports are blocked, the Azure platform can't monitor or update the managed domain. The synchronization between the Microsoft Entra directory and Domain Services is also impacted. Make sure you keep the default ports open to avoid interruption in service.

Expand All @@ -43,7 +43,7 @@ The following default inbound and outbound security rules are applied to the net
<sup>1</sup>Optional for debugging but change the default to deny when not needed. Allow the rule when required for advanced troubleshooting.

> [!NOTE]
> You may also have an additional rule that allows inbound traffic if you [configure secure LDAP][configure-ldaps]. This additional rule is required for the correct LDAPS communication.
> You may also have a rule that allows inbound traffic if you [configure secure LDAP][configure-ldaps]. This rule is required for the correct LDAPS communication.
### Outbound security rules

Expand All @@ -54,7 +54,7 @@ The following default inbound and outbound security rules are applied to the net
| 65500 | DenyAllOutBound | Any | Any | Any | Any | Deny |

>[!NOTE]
> Domain Services needs unrestricted outbound access from the virtual network. We don't recommend that you create any additional rules that restrict outbound access for the virtual network.
> Domain Services needs unrestricted outbound access from the virtual network. We don't recommend that you create any other rules that restrict outbound access for the virtual network.
## Verify and edit existing security rules

Expand All @@ -74,14 +74,14 @@ To add a missing security rule, complete the following steps:

1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **Network security groups**.
1. Choose the network security group associated with your managed domain, such as *AADDS-contoso.com-NSG*.
1. Under **Settings** in the left-hand panel, click *Inbound security rules* or *Outbound security rules* depending on which rule you need to add.
1. Under **Settings** in the left-hand panel, select *Inbound security rules* or *Outbound security rules* depending on which rule you need to add.
1. Select **Add**, then create the required rule based on the port, protocol, direction, and so on. When ready, select **OK**.

It takes a few moments for the security rule to be added and show in the list.

## Next steps

If you still have issues, [open an Azure support request][azure-support] for additional troubleshooting assistance.
If you still have issues, [open an Azure support request][azure-support] for more troubleshooting assistance.

<!-- INTERNAL LINKS -->
[azure-support]: /azure/active-directory/fundamentals/how-to-get-support
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/alert-service-principal.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ ms.service: entra-id
ms.subservice: domain-services
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.topic: troubleshooting
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
---
# Known issues: Service principal alerts in Microsoft Entra Domain Services
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/change-sku.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
#Customer intent: As an identity administrator, I want to change the SKU for my Microsoft Entra Domain Services managed domain to use different features as my business requirements change.
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/check-health.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 8999eec3-f9da-40b3-997a-7a2587911e96
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
---
# Check the health of a Microsoft Entra Domain Services managed domain
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: overview
ms.date: 10/11/2024
ms.date: 01/21/2025
ms.author: justinha
#Customer intent: As an IT administrator or decision maker, I want to understand the differences between Active Directory Domain Services (AD DS), Microsoft Entra ID, and Domain Services so I can choose the most appropriate identity solution for my organization.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 12/02/2024
ms.date: 01/21/2025
ms.author: justinha
---
# Custom attributes for Microsoft Entra Domain Services
Expand Down
Loading

0 comments on commit aaeb42f

Please sign in to comment.