Merge branch 'master' of https://github.com/microsoftdocs/azure-docs-pr into asb-migration

Author: msmbaldwin

.openpublishing.redirection.json

@@ -60465,6 +60465,16 @@
       "redirect_url": "/azure/cognitive-services/LinguisticAnalysisAPI/Home",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/cognitive-services/LUIS/get-started-portal-build-app.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-create-app",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/LUIS/get-started-portal-deploy-app.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-create-app",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/cognitive-services/LUIS/luis-get-started-javascript-add-utterance.md",
       "redirect_url": "/azure/cognitive-services/LUIS/",

articles/active-directory/conditional-access/location-condition.md

@@ -44,7 +44,7 @@ Named locations defined by IPv4/IPv6 address ranges are subject to the following
 - Configure up to 195 named locations
 - Configure up to 2000 IP ranges per named location
 - Both IPv4 and IPv6 ranges are supported
-- Private IP ranges connot be configured
+- Private IP ranges cannot be configured
 - The number of IP addresses contained in a range is limited. Only CIDR masks greater than /8 are allowed when defining an IP range. 
 
 ### Trusted locations
@@ -53,7 +53,7 @@ Administrators can designate named locations defined by IP address ranges to be
 
 ![Trusted locations in the Azure portal](./media/location-condition/new-trusted-location.png)
 
-Sign-ins from trusted named locations improve the accuracy of Azure AD Identity Protection's risk calculation, lowering a users' sign-in risk when they authenticate from a location marked as trusted. Additionally, trusted named locations can be targeted in Conditional Access policies. For example, you may require restrict multi-factor authentication registration to trusted named locations only. 
+Sign-ins from trusted named locations improve the accuracy of Azure AD Identity Protection's risk calculation, lowering a user's sign-in risk when they authenticate from a location marked as trusted. Additionally, trusted named locations can be targeted in Conditional Access policies. For example, you may require restrict multi-factor authentication registration to trusted named locations only. 
 
 ### Countries and regions
 
@@ -72,13 +72,13 @@ Some IP addresses are not mapped to a specific country or region, including all
 
 You can also configure IP address ranges representing your organization's local intranet in the [multi-factor authentication service settings](https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx). This feature enables you to configure up to 50 IP address ranges. The IP address ranges are in CIDR format. For more information, see [Trusted IPs](../authentication/howto-mfa-mfasettings.md#trusted-ips).  
 
-If you have Trusted IPs configured, they show up as **MFA Trusted IPS** in the list of locations for the location condition.
+If you have Trusted IPs configured, they show up as **MFA Trusted IPs** in the list of locations for the location condition.
 
 ### Skipping multi-factor authentication
 
 On the multi-factor authentication service settings page, you can identify corporate intranet users by selecting  **Skip multi-factor authentication for requests from federated users on my intranet**. This setting indicates that the inside corporate network claim, which is issued by AD FS, should be trusted and used to identify the user as being on the corporate network. For more information, see [Enable the Trusted IPs feature by using Conditional Access](../authentication/howto-mfa-mfasettings.md#enable-the-trusted-ips-feature-by-using-conditional-access).
 
-After checking this option, including the named location **MFA Trusted IPS** will apply to any policies with this option selected.
+After checking this option, including the named location **MFA Trusted IPs** will apply to any policies with this option selected.
 
 For mobile and desktop applications, which have long lived session lifetimes, Conditional Access is periodically reevaluated. The default is once an hour. When the inside corporate network claim is only issued at the time of the initial authentication, Azure AD may not have a list of trusted IP ranges. In this case, it is more difficult to determine if the user is still on the corporate network:
 
@@ -104,7 +104,7 @@ By default, selecting **Any location** causes a policy to be applied to all IP a
 This option applies to:
 
 - All locations that have been marked as trusted location
-- **MFA Trusted IPS** (if configured)
+- **MFA Trusted IPs** (if configured)
 
 ### Selected locations
 
@@ -126,7 +126,7 @@ Most of the IPv6 traffic that gets proxied to Azure AD comes from Microsoft Exch
 These are the most common reasons you may need to configure IPv6 ranges in your named locations. In addition, if you are using Azure VNets, you will have traffic coming from an IPv6 address. If you have VNet traffic blocked by a Conditional Access policy, check your Azure AD sign-in log. Once you’ve identified the traffic, you can get the IPv6 address being used and exclude it from your policy. 
 
 > [!NOTE]
-> If you want to specify an IP CIDR range for a single address, apply the /128 bit mask. If you say the IPv6 address 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a and wanted to exclude that single address as a range, you would use 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a/128.
+> If you want to specify an IP CIDR range for a single address, apply the /128 bit mask. If you see the IPv6 address 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a and wanted to exclude that single address as a range, you would use 2607:fb90:b27a:6f69:f8d5:dea0:fb39:74a/128.
 
 ### Identifying IPv6 traffic in the Azure AD Sign-in activity reports
 
@@ -143,7 +143,7 @@ Conditional Access policies are evaluated when:
 - A user initially signs in to a web app, mobile or desktop application.
 - A mobile or desktop application that uses modern authentication, uses a refresh token to acquire a new access token. By default this check is once an hour.
 
-This check means for mobile and desktop applications using modern authentication, a change in location would be detected within an hour of changing the network location. For mobile and desktop applications that don’t use modern authentication, the policy is applied on each token request. The frequency of the request can vary based on the application. Similarly, for web applications, the policy is applied at initial sign-in and is good for the lifetime of the session at the web application. Due to differences in session lifetimes across applications, the time between policy evaluation will also vary. Each time the application requests a new sign-in token, the  policy is applied.
+This check means for mobile and desktop applications using modern authentication, a change in location would be detected within an hour of changing the network location. For mobile and desktop applications that don’t use modern authentication, the policy is applied on each token request. The frequency of the request can vary based on the application. Similarly, for web applications, the policy is applied at initial sign-in and is good for the lifetime of the session at the web application. Due to differences in session lifetimes across applications, the time between policy evaluation will also vary. Each time the application requests a new sign-in token, the policy is applied.
 
 By default, Azure AD issues a token on an hourly basis. After moving off the corporate network, within an hour the policy is enforced for applications using modern authentication.