MODIFIED docs/identity/hybrid/connect/reference-connect-version-history.md

Modified by Ortagus Winfrey on Feb 19, 2026 9:28 PM
📖 View on learn.microsoft.com

+45 / -0 lines changed

Commit: Updates

Changes:

Before

After

>
>If you're unable to upgrade before the deadline, all synchronization services will fail until you upgrade to the latest version. The Microsoft Entra Connect Sync .msi installation file is exclusively available on [Microsoft Entra Admin Center](https://entra.microsoft.com/#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/%7E/GetStarted). Make sure you meet the minimum requirements including .NET Framework 4.7.2 and TLS 1.2.
 
## Looking for the latest versions?
 
You can upgrade your Microsoft Entra Connect server from all supported versions with the latest versions:
 
To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
 
## 2.6.1.0
 
### Release status
 
11/19/2025: Released for download via the Microsoft Entra admin center.
 
### Added features
 
- **AAD Connector V2 API Enforcement**: The default connector API version is now V2. Using the previous V1 connector API is no longer supported.

>
>If you're unable to upgrade before the deadline, all synchronization services will fail until you upgrade to the latest version. The Microsoft Entra Connect Sync .msi installation file is exclusively available on [Microsoft Entra Admin Center](https://entra.microsoft.com/#view/Microsoft_AAD_Connect_Provisioning/AADConnectMenuBlade/%7E/GetStarted). Make sure you meet the minimum requirements including .NET Framework 4.7.2 and TLS 1.2.
 
## Known issue: Synchronization fails after upgrade if miiserver.exe.config was previously modified
Applies to
- Microsoft Entra Connect 2.5.190.0
-	Microsoft Entra Connect 2.6.1.0
### Issue
After upgrading Microsoft Entra Connect, synchronization may fail if the `miiserver.exe.config` file was previously modified.
 
### Symptom
 
 
`Synchronization fails after upgrade with the following error: System.IO.FileLoadException: Could not load file or assembly 'System.Diagnostics.DiagnosticSource, Version=6.0.0.1'
or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)`
 
 
### Cause
 
During upgrade, Microsoft Entra Connect detects that `miiserver.exe.config` has been modified and does not update the file. This results in a missing dependency binding required for synchronization.

MODIFIED docs/agent-id/identity-platform/create-blueprint.md

Modified by Sarah Lipsey on Feb 19, 2026 5:54 PM
📖 View on learn.microsoft.com

+13 / -11 lines changed

Commit: pm-updates

Changes:

Before

After

 
# Create an agent identity blueprint
 
An [agent identity blueprint](agent-blueprint.md) is used to create agent identities and request tokens using those agent identities. During the process for creating an agent identity blueprint, you set the [owner and sponsor](agent-owners-sponsors-managers.md) of that blueprint, to establish accountability and administrative relationships. You also establish the scope and authorization for agents created from this blueprint to receive incoming requests from other agents and users.
 
This guide walks you through creating an agent identity blueprint using the Microsoft Graph REST API and Microsoft Graph PowerShell.
 
## Prerequisites
 
- [Privileged Role Administrator](../../identity/role-based-access-control/permissions-reference.md#privileged-role-administrator) role is required to grant Microsoft Graph permissions.
- [Agent ID Developer](../../identity/role-based-access-control/permissions-reference.md#agent-id-developer) or [Agent ID Administrator](../../identity/role-based-access-control/permissions-reference.md#agent-id-administrator) roles are required to create agent identity blueprints.
- If using PowerShell, version 7 is required for Microsoft Entra PowerShell modules.
- In preview, all operations with the agent identity blueprint require the beta version. 
 
## Prepare your environment
 
### Authorize a client to create agent identity blueprints
 
In this article, you use Microsoft Graph PowerShell or another client to create your agent identity blueprint. You must authorize this client to create an agent identity blueprint. The client requires the following Microsoft Graph permissions:

 
# Create an agent identity blueprint
 
An [agent identity blueprint](agent-blueprint.md) is used to create agent identities and request tokens using those agent identities. During the process for creating an agent identity blueprint, you set the [owner and sponsor](agent-owners-sponsors-managers.md) of that blueprint, to establish accountability and administrative relationships. You also configure an identifier URI and define a scope for agents created from this blueprint if the agent is designed to receive incoming requests from other agents and users.
 
This guide walks you through creating an agent identity blueprint using the Microsoft Graph REST API and Microsoft Graph PowerShell.
 
## Prerequisites
 
- [Privileged Role Administrator](../../identity/role-based-access-control/permissions-reference.md#privileged-role-administrator) role is required to grant Microsoft Graph Application permissions.
- [Cloud Application Administrator](../../identity/role-based-access-control/permissions-reference.md#cloud-application-administrator) or [Application Administrator](../../identity/role-based-access-control/permissions-reference.md#application-administrator) is required to grant Microsoft Graph delegated permissions.
- [Agent ID Developer](../../identity/role-based-access-control/permissions-reference.md#agent-id-developer) or [Agent ID Administrator](../../identity/role-based-access-control/permissions-reference.md#agent-id-administrator) roles are required to create agent identity blueprints.
- If using PowerShell, version 7 is required.
- In preview, all operations with the agent identity blueprint require the beta version for both Microsoft Graph and PowerShell. 
 
## Prepare your environment
 
### Authorize a client to create agent identity blueprints
 
In this article, you use Microsoft Graph PowerShell or another client to create your agent identity blueprint. You must authorize this client to create and configure an agent identity blueprint and create an agent identity blueprint principal. The client requires the following Microsoft Graph permissions:

MODIFIED docs/identity/saas-apps/clarizen-one-provisioning-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+4 / -4 lines changed

Commit: Fixes broken links.

Changes:

Before

After

## Step 2: Configure Clarizen One to support provisioning with Microsoft Entra ID
 
1. Select one of the four following Tenant URLs according to your Clarizen One environment and data center:
      * US Production data center: https://servicesapp2.clarizen.com/scim/v2
      * EU Production data center: https://serviceseu1.clarizen.com/scim/v2
      * US Sandbox data center: https://servicesapp.clarizentb.com/scim/v2
      * EU Sandbox data center: https://serviceseu.clarizentb.com/scim/v2
 
1. Generate an [API key](https://success.clarizen.com/hc/articles/360011833079-API-Keys-Support). This value is entered in the **Secret Token** box on the **Provisioning** tab of your Clarizen One application.
 

## Step 2: Configure Clarizen One to support provisioning with Microsoft Entra ID
 
1. Select one of the four following Tenant URLs according to your Clarizen One environment and data center:
      * US Production data center: `https://servicesapp2.clarizen.com/scim/v2`
      * EU Production data center: `https://serviceseu1.clarizen.com/scim/v2`
      * US Sandbox data center: `https://servicesapp.clarizentb.com/scim/v2`
      * EU Sandbox data center: `https://serviceseu.clarizentb.com/scim/v2`
 
1. Generate an [API key](https://success.clarizen.com/hc/articles/360011833079-API-Keys-Support). This value is entered in the **Secret Token** box on the **Provisioning** tab of your Clarizen One application.
 

MODIFIED docs/identity/managed-identities-azure-resources/how-to-view-associated-resources-for-an-identity.md

Modified by Ken Withee on Feb 19, 2026 4:37 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Metadata only. Moves metadata out of individual files and to folder level in docfx.json.

Changes:

Before

After

title: View associated resources for a user-assigned managed identity
description: Step-by-step instructions for viewing the Azure resources that are associated with a user-assigned managed identity
 
author: SHERMANOUKO
manager: CelesteDG
 
ms.service: entra-id
ms.subservice: managed-identities
 
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 03/15/2025
ms.author: shermanouko
 
---
 

title: View associated resources for a user-assigned managed identity
description: Step-by-step instructions for viewing the Azure resources that are associated with a user-assigned managed identity
 
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 03/15/2025
 
---

MODIFIED docs/identity/managed-identities-azure-resources/how-to-view-managed-identity-service-principal.md

Modified by Ken Withee on Feb 19, 2026 4:37 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Metadata only. Moves metadata out of individual files and to folder level in docfx.json.

Changes:

Before

After

---
title: View service principal for a managed identity
description: Step-by-step instructions for viewing the service principal of a managed identity.
 
author: SHERMANOUKO
manager: CelesteDG
 
ms.service: entra-id
ms.subservice: managed-identities
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 03/14/2025
ms.author: shermanouko
ms.custom: devx-track-azurecli, devx-track-azurepowershell
 
appliesto:

---
title: View service principal for a managed identity
description: Step-by-step instructions for viewing the service principal of a managed identity.
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 03/14/2025
ms.custom: devx-track-azurecli, devx-track-azurepowershell
 
appliesto:

MODIFIED docs/identity/saas-apps/abstract-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

>[!Note]
>you need to authenticate with an organization Admin account to access the SSO settings on Abstract.
 
1. Open the [Abstract web app](https://app.abstract.com/).
2. Go to the **Permissions** page in the left side bar.
3. In the **Configure SSO** section, enter your **Metadata URL** and **Entity ID**.
4. Enter any manual exceptions you might have. Emails listed in the manual exceptions section bypass SSO and be able to log in with email and password. 
 
To test SSO on Abstract:
 
1. Open the [Abstract web app](https://app.abstract.com/).
2. Go to the **Permissions** page in the left side bar.
3. Select **Test with my Account**. If the test fails, please [contact our support team](https://help.abstract.com/hc/).
 
>[!Note]
>you need to authenticate with an organization Admin account to access the SSO settings on Abstract. This organization Admin account needs to be assigned to Abstract.

>[!Note]
>you need to authenticate with an organization Admin account to access the SSO settings on Abstract.
 
1. Open the Abstract web app.
2. Go to the **Permissions** page in the left side bar.
3. In the **Configure SSO** section, enter your **Metadata URL** and **Entity ID**.
4. Enter any manual exceptions you might have. Emails listed in the manual exceptions section bypass SSO and be able to log in with email and password. 
 
To test SSO on Abstract:
 
1. Open the Abstract web app.
2. Go to the **Permissions** page in the left side bar.
3. Select **Test with my Account**. If the test fails, please contact the Abstract support team.
 
>[!Note]
>you need to authenticate with an organization Admin account to access the SSO settings on Abstract. This organization Admin account needs to be assigned to Abstract.

MODIFIED docs/identity/saas-apps/achieve3000-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

    `https://saml.achieve3000.com/district/<District Identifier>`
 
	> [!NOTE]
	> The Sign-On URL value isn't  real. Update the value with the actual Sign-On URL. Contact [Achieve3000 Client support team](https://www.achieve3000.com/contact-us/) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
5. Achieve3000 application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes..
 
## Configure Achieve3000 SSO
 
To configure single sign-on on **Achieve3000** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the application configuration to [Achieve3000 support team](https://www.achieve3000.com/contact-us/). They set this setting to have the SAML SSO connection set properly on both sides.
 
### Create Achieve3000 test user
 
In this section, you create a user called B.Simon in Achieve3000. Work with [Achieve3000 support team](https://www.achieve3000.com/contact-us/) to add the users in the Achieve3000 platform. Users must be created and activated before you use single sign-on.
 
## Test SSO

    `https://saml.achieve3000.com/district/<District Identifier>`
 
	> [!NOTE]
	> The Sign-On URL value isn't  real. Update the value with the actual Sign-On URL. Contact Achieve3000 Client support team to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
5. Achieve3000 application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes..
 
## Configure Achieve3000 SSO
 
To configure single sign-on on **Achieve3000** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the application configuration to Achieve3000 support team. They set this setting to have the SAML SSO connection set properly on both sides.
 
### Create Achieve3000 test user
 
In this section, you create a user called B.Simon in Achieve3000. Work with Achieve3000 support team to add the users in the Achieve3000 platform. Users must be created and activated before you use single sign-on.
 
## Test SSO

MODIFIED docs/identity/saas-apps/concur-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

    | `https://<customer-domain>.concursolutions.com` | 
 
    > [!NOTE]
    > These values aren't real. Update these values with the actual Sign-on URL, Identifier and Reply URL. Contact [Concur Client support team](https://www.concur.co.in/contact) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
4. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
## Configure Concur SSO
 
To configure single sign-on on **Concur** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the application configuration to [Concur support team](https://www.concur.co.in/contact). They set this setting to have the SAML SSO connection set properly on both sides.
 
  > [!NOTE]
  > The configuration of your Concur subscription for federated SSO via SAML is a separate task, which you must contact [Concur Client support team](https://www.concur.co.in/contact) to perform.
 
### Create Concur test user

    | `https://<customer-domain>.concursolutions.com` | 
 
    > [!NOTE]
    > These values aren't real. Update these values with the actual Sign-on URL, Identifier and Reply URL. Contact Concur Client support team to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
4. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
## Configure Concur SSO
 
To configure single sign-on on **Concur** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the application configuration to Concur support team. They set this setting to have the SAML SSO connection set properly on both sides.
 
  > [!NOTE]
  > The configuration of your Concur subscription for federated SSO via SAML is a separate task, which you must contact Concur Client support team to perform.
 
### Create Concur test user

MODIFIED docs/identity/saas-apps/formcom-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

    ```
 
	> [!NOTE]
	> These values aren't real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact [Form.com Client support team](https://form.com/about/company/contact-us/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select **Download** to download the **Certificate (Base64)** and select the copy **icon** to copy **App Federation Metadata Url** from the given options as per your requirement and save it on your computer.
 
## Configure Form.com SSO
 
To configure single sign-on on **Form.com** side, you need to send the downloaded **Certificate (Base64)**, **App Federation Metadata Url** and appropriate copied URLs from the application configuration to [Form.com support team](https://form.com/about/company/contact-us/). They set this setting to have the SAML SSO connection set properly on both sides.
 
### Create Form.com test user
 
In this section, you create a user called Britta Simon in Form.com. Work with [Form.com support team](https://form.com/about/company/contact-us/) to add the users in the Form.com platform. Users must be created and activated before you use single sign-on.
 
## Test SSO

    ```
 
	> [!NOTE]
	> These values aren't real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact Form.com Client support team to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section.
 
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select **Download** to download the **Certificate (Base64)** and select the copy **icon** to copy **App Federation Metadata Url** from the given options as per your requirement and save it on your computer.
 
## Configure Form.com SSO
 
To configure single sign-on on **Form.com** side, you need to send the downloaded **Certificate (Base64)**, **App Federation Metadata Url** and appropriate copied URLs from the application configuration to Form.com support team. They set this setting to have the SAML SSO connection set properly on both sides.
 
### Create Form.com test user
 
In this section, you create a user called Britta Simon in Form.com. Work with Form.com support team to add the users in the Form.com platform. Users must be created and activated before you use single sign-on.
 
## Test SSO

MODIFIED docs/identity/saas-apps/lensesio-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

    c. **Sign on URL**: Enter a URL that has the following pattern: `https://<CUSTOMER_LENSES_BASE_URL>`. An example is `https://lenses.my.company.com`.
 
    > [!NOTE]
    > These values aren't real. Update them with the actual Identifier,Reply URL and Sign on URL of the base URL of your Lenses portal instance. See the [Lenses.io SSO documentation](https://docs.lenses.io/install_setup/configuration/security.html#single-sign-on-sso-saml-2-0) for more information.
 
1. On the **Set up single sign-on with SAML** page, go to the **SAML Signing Certificate** section. Find **Federation Metadata XML**, and then select **Download** to download and save the certificate on your computer.
 
## Configure Lenses.io SSO
 
To configure SSO on the **Lenses.io** portal, install the downloaded **Federation Metadata XML** on your Lenses instance and [configure Lenses to enable SSO](https://docs.lenses.io/install_setup/configuration/security.html#configure-lenses).
 
### Create Lenses.io test group permissions
 
1. To create a group in Lenses, use the **Object ID** of the **LensesUsers** group. This is the ID that you copied in the user [creation section](#create-an-azure-ad-test-user-and-group).
1. Assign the desired permissions for B.Simon.
 
For more information, see [Azure - Lenses group mapping](https://docs.lenses.io/install_setup/configuration/security.html#azure-groups).
 
## Test SSO

    c. **Sign on URL**: Enter a URL that has the following pattern: `https://<CUSTOMER_LENSES_BASE_URL>`. An example is `https://lenses.my.company.com`.
 
    > [!NOTE]
    > These values aren't real. Update them with the actual Identifier,Reply URL and Sign on URL of the base URL of your Lenses portal instance. See the Lenses.io SSO documentation for more information.
 
1. On the **Set up single sign-on with SAML** page, go to the **SAML Signing Certificate** section. Find **Federation Metadata XML**, and then select **Download** to download and save the certificate on your computer.
 
## Configure Lenses.io SSO
 
To configure SSO on the **Lenses.io** portal, install the downloaded **Federation Metadata XML** on your Lenses instance and configure Lenses to enable SSO.
 
### Create Lenses.io test group permissions
 
1. To create a group in Lenses, use the **Object ID** of the **LensesUsers** group. This is the ID that you copied in the user [creation section](#create-an-azure-ad-test-user-and-group).
1. Assign the desired permissions for B.Simon.
 
For more information, see Azure - Lenses group mapping.
 
## Test SSO

MODIFIED docs/identity/saas-apps/predictixordering-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

    `https://<companyname-pricing>.ordering.predictix.com/sso/request`
 
	> [!NOTE]
	> These values are placeholders. Update these values with the actual Identifier and Sign on URL. Contact the [Predictix Ordering support team](https://www.predix.io/support/) to get the values. You can also refer to the patterns shown in the **Basic SAML Configuration** dialog box.
 
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link next to **Certificate (Base64)**, per your requirements, and save the certificate on your computer:
 
## Configure Predictix Ordering SSO
 
To configure single sign-on on the Predictix Ordering side, you need to send the certificate that you downloaded and the URLs that you copied to the [Predictix Ordering support team](https://www.predix.io/support/). This team ensures the SAML SSO connection is set properly on both sides.
 
### Create a Predictix Ordering test user
 
Next, you need to create a user named Britta Simon in Predictix Ordering. Work with the [Predictix Ordering support team](https://www.predix.io/support/) to add users. Users need to be created and activated before you use single sign-on.
 
## Test SSO

    `https://<companyname-pricing>.ordering.predictix.com/sso/request`
 
	> [!NOTE]
	> These values are placeholders. Update these values with the actual Identifier and Sign on URL. Contact the Predictix Ordering support team to get the values. You can also refer to the patterns shown in the **Basic SAML Configuration** dialog box.
 
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link next to **Certificate (Base64)**, per your requirements, and save the certificate on your computer:
 
## Configure Predictix Ordering SSO
 
To configure single sign-on on the Predictix Ordering side, you need to send the certificate that you downloaded and the URLs that you copied to the Predictix Ordering support team. This team ensures the SAML SSO connection is set properly on both sides.
 
### Create a Predictix Ordering test user
 
Next, you need to create a user named Britta Simon in Predictix Ordering. Work with the Predictix Ordering support team to add users. Users need to be created and activated before you use single sign-on.
 
## Test SSO

MODIFIED docs/identity/saas-apps/workplace-from-meta-provisioning-tutorial.md

Modified by Ken Withee on Feb 19, 2026 8:19 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Fixes broken links.

Changes:

Before

After

 
	![Screenshot of the Provisioning Mode dropdown list with the Automatic option called out.](common/provisioning-automatic.png)
 
1. Ensure the "Tenant URL" section is populated with the correct endpoint: https://scim.workplace.com/. Under the **Admin Credentials** section, select **Authorize**. You're redirected to Workplace from Meta's authorization page. Input your Workplace from Meta username and select the **Continue** button. Select **Test Connection** to ensure Microsoft Entra ID can connect to Workplace from Meta. If the connection fails, ensure your Workplace from Meta account has Admin permissions and try again.
 
 	![Screenshot shows Admin Credentials dialog box with an Authorize option.](./media/workplace-by-facebook-provisioning-tutorial/provisionings.png)
 
 	![Authorize](./media/workplace-by-facebook-provisioning-tutorial/workplace-login.png)
 
   > [!NOTE]
   > Failure to change the URL to https://scim.workplace.com/ results in a failure when trying to save the configuration 
 
1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
 
1. Return to the first web browser window and select the Provisioning tab for your application. Your configuration is reset. You can confirm the upgrade is successful by confirming the Job ID starts with "FacebookWorkplace."
 
1. Update the tenant URL in the Admin Credentials section to the following URL: https://scim.workplace.com/  
 
   ![Screenshot of Admin Credentials in the Workplace from Meta app in the Azure portal](./media/workplace-by-facebook-provisioning-tutorial/provisionings.png)

 
	![Screenshot of the Provisioning Mode dropdown list with the Automatic option called out.](common/provisioning-automatic.png)
 
1. Ensure the "Tenant URL" section is populated with the correct endpoint: `https://scim.workplace.com/`. Under the **Admin Credentials** section, select **Authorize**. You're redirected to Workplace from Meta's authorization page. Input your Workplace from Meta username and select the **Continue** button. Select **Test Connection** to ensure Microsoft Entra ID can connect to Workplace from Meta. If the connection fails, ensure your Workplace from Meta account has Admin permissions and try again.
 
 	![Screenshot shows Admin Credentials dialog box with an Authorize option.](./media/workplace-by-facebook-provisioning-tutorial/provisionings.png)
 
 	![Authorize](./media/workplace-by-facebook-provisioning-tutorial/workplace-login.png)
 
   > [!NOTE]
   > Failure to change the URL to `https://scim.workplace.com/` results in a failure when trying to save the configuration 
 
1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
 
1. Return to the first web browser window and select the Provisioning tab for your application. Your configuration is reset. You can confirm the upgrade is successful by confirming the Job ID starts with "FacebookWorkplace."
 
1. Update the tenant URL in the Admin Credentials section to the following URL: `https://scim.workplace.com/`  
 
   ![Screenshot of Admin Credentials in the Workplace from Meta app in the Azure portal](./media/workplace-by-facebook-provisioning-tutorial/provisionings.png)

MODIFIED docs/identity/role-based-access-control/groups-concept.md

Modified by Ken Withee on Feb 19, 2026 6:22 PM
📖 View on learn.microsoft.com

+0 / -6 lines changed

Commit: [BULK UPDATE] Updates metadata only. Moves values to folder level in docfx.json.

Changes:

Before

After

---
title: Use Microsoft Entra groups to manage role assignments
description: Use Microsoft Entra groups to simplify role assignment management in Microsoft Entra ID.
 
author: barclayn
manager: pmwongera
ms.service: entra-id
ms.subservice: role-based-access-control
ms.topic: article
ms.date: 01/03/2025
ms.author: barclayn
ms.reviewer: vincesm
ms.custom: it-pro
 

---
title: Use Microsoft Entra groups to manage role assignments
description: Use Microsoft Entra groups to simplify role assignment management in Microsoft Entra ID.
ms.topic: article
ms.date: 01/03/2025
ms.reviewer: vincesm
ms.custom: it-pro

MODIFIED docs/identity/role-based-access-control/groups-create-eligible.md

Modified by Ken Withee on Feb 19, 2026 6:22 PM
📖 View on learn.microsoft.com

+0 / -6 lines changed

Commit: [BULK UPDATE] Updates metadata only. Moves values to folder level in docfx.json.

Changes:

Before

After

---
title: Create a role-assignable group in Microsoft Entra ID
description: Learn how to a role-assignable group in Microsoft Entra ID using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.
 
author: barclayn
manager: pmwongera
ms.service: entra-id
ms.subservice: role-based-access-control
ms.topic: how-to
ms.date: 01/03/2025
ms.author: barclayn
ms.reviewer: vincesm
ms.custom: it-pro, no-azure-ad-ps-ref
 

---
title: Create a role-assignable group in Microsoft Entra ID
description: Learn how to a role-assignable group in Microsoft Entra ID using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.
ms.topic: how-to
ms.date: 01/03/2025
ms.reviewer: vincesm
ms.custom: it-pro, no-azure-ad-ps-ref

MODIFIED docs/identity/role-based-access-control/groups-remove-assignment.md

Modified by Ken Withee on Feb 19, 2026 6:22 PM
📖 View on learn.microsoft.com

+0 / -6 lines changed

Commit: [BULK UPDATE] Updates metadata only. Moves values to folder level in docfx.json.

Changes:

Before

After

---
title: Remove Microsoft Entra role assignments
description: Remove role assignments in Microsoft Entra ID using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.
 
author: barclayn
manager: pmwongera
ms.service: entra-id
ms.subservice: role-based-access-control
ms.topic: how-to
ms.date: 05/25/2025
ms.author: barclayn
ms.reviewer: vincesm
ms.custom: it-pro, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 

---
title: Remove Microsoft Entra role assignments
description: Remove role assignments in Microsoft Entra ID using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.
ms.topic: how-to
ms.date: 05/25/2025
ms.reviewer: vincesm
ms.custom: it-pro, has-azure-ad-ps-ref, azure-ad-ref-level-one-done

📋 Microsoft Entra Documentation Changes

📊 Summary

📝 Modified Documentation Files