Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ds-qsrt1720628

Author: davidsmatlak

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/20/2020
+ms.date: 05/18/2020
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -19,8 +19,6 @@ ms.custom: fasttrack-edit
 
 In this article, you learn how to configure Azure Active Directory B2C (Azure AD B2C) to act as a Security Assertion Markup Language (SAML) identity provider (IdP) to your applications.
 
-[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
-
 ## Scenario overview
 
 Organizations that use Azure AD B2C as their customer identity and access management solution might require interaction with identity providers or applications that are configured to authenticate using the SAML protocol.

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/28/2020
+ms.date: 05/19/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -65,7 +65,7 @@ Custom policy/Identity Experience Framework capabilities are under constant and
 | [OAuth2 implicit flow](implicit-flow-single-page-application.md) |  |  | X |  |
 | [OAuth2 resource owner password credentials](ropc-custom.md) |  | X |  |  |
 | [OIDC Connect](openid-connect.md) |  |  | X |  |
-| [SAML2](connect-with-saml-service-providers.md)  |  |X  |  | POST and Redirect bindings. |
+| [SAML2](connect-with-saml-service-providers.md)  |  |  |X  | POST and Redirect bindings. |
 | OAuth1 |  |  |  | Not supported. |
 | WSFED | X |  |  |  |
 

articles/active-directory/cloud-provisioning/how-to-install.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/26/2020
+ms.date: 05/19/2020
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -72,14 +72,7 @@ To verify the agent is being seen by Azure, follow these steps.
 
    ![On-premises provisioning agents screen](media/how-to-install/verify1.png)</br>
 
-### Verify the port
-To verify that Azure is listening on port 443 and that your agent can communicate with it, follow these steps.
 
-https://aadap-portcheck.connectorporttest.msappproxy.net/ 
-
-This test verifies that your agents can communicate with Azure over port 443. Open a browser, and go to the previous URL from the server where the agent is installed.
-
-![Verification of port reachability](media/how-to-install/verify2.png)
 
 ### On the local server
 To verify that the agent is running, follow these steps.

articles/active-directory/develop/publisher-verification-overview.md

@@ -8,15 +8,15 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 05/08/2020
+ms.date: 05/19/2020
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: jesakowi
 ---
 
 # Publisher verification (preview)
 
-Publisher verification (preview) helps admins and end users understand the authenticity of application developers integrating with the Microsoft identity platform. In other words, is the publisher a known source or a bad actor disguising themselves as a well-known publisher? When an application is marked as publisher verified, it means that the publisher has verified their identity using a [Microsoft Partner Network](https://partner.microsoft.com/membership) account that has completed the [verification](/partner-center/verification-responses) process and has associated this MPN account with their application registration. 
+Publisher verification (preview) helps admins and end users understand the authenticity of application developers integrating with the Microsoft identity platform. When an application is marked as publisher verified, it means that the publisher has verified their identity using a [Microsoft Partner Network](https://partner.microsoft.com/membership) account that has completed the [verification](/partner-center/verification-responses) process and has associated this MPN account with their application registration. 
 
 A blue "verified" badge appears on the Azure AD consent prompt and other screens:
 ![Consent prompt](./media/publisher-verification-overview/consent-prompt.png)

articles/active-directory/devices/hybrid-azuread-join-manual.md

@@ -198,7 +198,7 @@ If you have more than one verified domain name, you need to provide the followin
 
 * `http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`
 
-If you're already issuing an ImmutableID claim (for example, alternate login ID), you need to provide one corresponding claim for computers:
+If you're already issuing an ImmutableID claim (for example, using `mS-DS-ConsistencyGuid` or another attribute as the source value for the ImmutableID), you need to provide one corresponding claim for computers:
 
 * `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`
 
@@ -327,7 +327,7 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain]
 
 ![List of company domains](./media/hybrid-azuread-join-manual/01.png)
 
-### Issue ImmutableID for the computer when one for users exists (for example, an alternate login ID is set)
+### Issue ImmutableID for the computer when one for users exists (for example, using mS-DS-ConsistencyGuid as the source for ImmutableID)
 
 The `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID` claim must contain a valid value for computers. In AD FS, you can create an issuance transform rule as follows:
 

articles/backup/azure-file-share-support-matrix.md

@@ -14,10 +14,10 @@ You can use the [Azure Backup service](https://docs.microsoft.com/azure/backup/b
 Backup for Azure file shares is available in the following GEOS:
 
 **GA regions**:<br>
-Australia South East (ASE), Canada Central (CNC), West Central US (WCUS), West US 2 (WUS 2), India South (INS), North Central US (NCUS), Japan East (JPE), Brazil South (BRS), South East Asia (SEA),Switzerland West (SZW), UAE Central (UAC), Norway East (NWE),India West (INW), Australia Central (ACL), Korea Central (KRC), Japan West (JPW), South Africa North (SAN), UK West (UKW), Korea South (KRS), Germany North (GN), Norway West (NWW), South Africa West (SAW), Switzerland North (SZN), Germany West Central (GWC), UAE North(UAN), France Central (FRC), India Central (INC), Canada East (CNE), East Asia (EA), Australia East (AE),  Central US (CUS), West US (WUS), US Gov Arizona (UGA), US Gov Texas (UGT), US Gov Virginia (UGV), US DoD Central (UDC), US DoD East (UDE)
+Australia South East (ASE), Canada Central (CNC), West Central US (WCUS), South Central US (SCUS), West US 2 (WUS 2), India South (INS), North Central US (NCUS), Japan East (JPE), Brazil South (BRS), South East Asia (SEA),Switzerland West (SZW), UAE Central (UAC), Norway East (NWE),India West (INW), Australia Central (ACL), Korea Central (KRC), Japan West (JPW), South Africa North (SAN), UK South (UKS), UK West (UKW), Korea South (KRS), North Europe (NE), Germany North (GN), Norway West (NWW), South Africa West (SAW), Switzerland North (SZN), Germany West Central (GWC), UAE North(UAN), France Central (FRC), India Central (INC), Canada East (CNE), East Asia (EA), Australia East (AE),  Central US (CUS), West US (WUS), US Gov Arizona (UGA), US Gov Texas (UGT), US Gov Virginia (UGV), US DoD Central (UDC), US DoD East (UDE)
 
 **Supported regions (as part of preview) but not yet GA**:<br>
-East US (EUS), East US 2 (EUS2), North Europe (NE), South Central US (SCUS), UK South (UKS), West Europe (WE)
+East US (EUS), East US 2 (EUS2), West Europe (WE)
 
 ## Supported storage accounts
 

articles/backup/backup-azure-files-faq.md

@@ -75,9 +75,80 @@ All snapshots taken by Azure Backup can be accessed by viewing snapshots in the
 
 Refer to the [support matrix](azure-file-share-support-matrix.md) for details on maximum retention. Azure Backup does a real-time calculation of the number of snapshots when you enter the retention values while configuring backup policy. As soon as the number of snapshots corresponding to your defined retention values exceeds 200, the portal will show a warning requesting you to adjust your retention values. This is so you don’t exceed the limit of maximum number of snapshots supported by Azure Files for any file share at any point in time.
 
-### What happens when I change the Backup policy for an Azure file share?
+### What is the impact on existing recovery points and snapshots when I modify the Backup policy for an Azure file share to switch from “Daily Policy" to "GFS Policy”?
 
-When a new policy is applied on file share(s), schedule and retention of the new policy is followed. If retention is extended, existing recovery points are marked to keep them as per new policy. If retention is reduced, they're marked for pruning in the next cleanup job and deleted.
+When you modify a Daily backup policy to GFS policy (adding weekly/monthly/yearly retention), the behavior is as follows:
+
+- **Retention**: If you're adding weekly/monthly/yearly retention as part of modifying the policy, all the future recovery points created as part of the scheduled backup will be tagged according to the new policy. All the existing recovery points will still be considered as daily recovery points and so won’t be tagged as weekly/monthly/yearly.
+
+- **Snapshots and recovery points cleanup**:
+
+  - If daily retention is extended, the expiration date of the existing recovery points is updated according to the daily retention value configured in the new policy.
+  - If daily retention is reduced, the existing recovery points and snapshots are marked for deletion in the next cleanup run job according to the daily retention value configured in the new policy, and then deleted.
+
+Here's an example of how this works:
+
+#### Existing Policy [P1]
+
+|Retention Type |Schedule |Retention  |
+|---------|---------|---------|
+|Daily    |    Every day at 8 PM    |  100 days       |
+
+#### New Policy [Modified P1]
+
+| Retention Type | Schedule                       | Retention |
+| -------------- | ------------------------------ | --------- |
+| Daily          | Every day at 9 PM              | 50 days   |
+| Weekly         | On Sunday at 9 PM              | 3 weeks   |
+| Monthly        | On Last Monday at 9 PM         | 1 month   |
+| Yearly         | In Jan on Third Sunday at 9 PM | 4 years   |
+
+#### Impact
+
+1. The expiration date of existing recovery points will be adjusted according to the daily retention value of the new policy:  that is, 50 days. So any recovery point that’s older than 50 days will be marked for deletion.
+
+2. The existing recovery points won’t be tagged as weekly/monthly/yearly based on new policy.
+
+3. All the future backups will be triggered according to the new schedule: that is, at 9 PM.
+
+4. The expiration date of all future recovery points will be aligned with the new policy.
+
+>[!NOTE]
+>The policy changes will affect only the recovery points created as part of the scheduled backup job run. For on-demand backups, retention is determined by the **Retain Till** value specified at the time of taking backup.
+
+### What is the impact on existing recovery points when I modify an existing GFS Policy?
+
+When a new policy is applied on file shares, all the future scheduled backups will be taken according to the schedule configured in the modified policy.  The retention of all existing recovery points is aligned according to the new retention values configured. So if the retention is extended, existing recovery points are marked to be retained according to the new policy. If the retention is reduced, they're marked for clean-up in the next cleanup job and then deleted.
+
+Here's an example of how this works:
+
+#### Existing Policy [P2]
+
+| Retention Type | Schedule           | Retention |
+| -------------- | ------------------ | --------- |
+| Daily          | Every day at 8 PM | 50 days   |
+| Weekly         | On Monday at 8 PM  | 3 weeks   |
+
+#### New Policy [Modified P2]
+
+| Retention Type | Schedule               | Retention |
+| -------------- | ---------------------- | --------- |
+| Daily          | Every day at 9 PM     | 10 days   |
+| Weekly         | On Monday at 9 PM      | 2 weeks   |
+| Monthly        | On Last Monday at 9 PM | 2 months  |
+
+#### Impact of change
+
+1. The expiration date of existing daily recovery points will be aligned according to the new daily retention value, that is 10 days. So any daily recovery point older than 10 days will be deleted.
+
+2. The expiration date of existing weekly recovery points will be aligned according to the new weekly retention value, that is two weeks. So any weekly recovery point older than two weeks will be deleted.
+
+3. The monthly recovery points will only be created as part of future backups based on the new policy configuration.
+
+4. The expiration date of all future recovery points will be aligned with the new policy.
+
+>[!NOTE]
+>The policy changes will affect only the recovery points created as part of the scheduled backup. For on-demand backups, retention is determined by the **Retain Till** value specified at the time of taking the backup.
 
 ## Next steps
 

articles/batch/TOC.yml

@@ -15,6 +15,9 @@
     href: quick-run-dotnet.md
   - name: Run a Batch job - Python
     href: quick-run-python.md
+  - name: Create a Batch account - ARM template
+    href: quick-create-template.md
+    displayName: Resource Manager
 - name: Tutorials
   items:
   - name: Parallel file processing - .NET

articles/batch/media/quick-create-template/batch-template.png

@@ -0,0 +1,73 @@
+---
+title: Azure Quickstart - Create a Batch account - Azure Resource Manager template
+description: Quickly learn to run a Batch job with the Azure CLI. Create and manage Azure resources from the command line or in scripts.
+ms.topic: quickstart
+ms.date: 05/19/2020
+ms.custom: subject-armqs
+---
+
+# Quickstart: Create a Batch account by using Azure Resource Manager template
+
+You need a Batch account to create compute resources (pools of compute nodes) and Batch jobs. You can link an Azure Storage account with your Batch account, which is useful to deploy applications and store input and output data for most real-world workloads.
+
+This quickstart shows how to use an Azure Resource Manager template to create a Batch account, including storage. After completing this quickstart, you will understand the key concepts of the Batch service and be ready to try Batch with more realistic workloads at larger scale.
+
+[!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)]
+
+## Prerequisites
+
+You must have an active Azure subscription.
+
+- [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
+
+## Create a storage account
+
+### Review the template
+
+The template used in this quickstart is from [Azure Quickstart templates](https://github.com/Azure/azure-quickstart-templates/tree/master/101-batchaccount-with-storage).
+
+:::code language="json" source="~/quickstart-templates/101-batchaccount-with-storage/azuredeploy.json":::
+
+Two Azure resources are defined in the template:
+
+- [Microsoft.Storage/storageAccounts](https://docs.microsoft.com/azure/templates/microsoft.storage/storageaccounts): Creates a storage account.
+- [Microsoft.Batch/batchAccounts](https://docs.microsoft.com/azure/templates/microsoft.batch/batchaccounts): Creates a Batch account.
+
+### Deploy the template
+
+1. Select the following image to sign in to Azure and open a template. The template creates an Azure Batch account and a storage account.
+
+   [![Deploy to Azure](../media/template-deployments/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-batchaccount-with-storage%2Fazuredeploy.json)
+
+1. Select or enter the following values.
+
+   ![Resource Manager template, Batch account creation, deploy portal](media/quick-create-template/batch-template.png)
+
+   - **Subscription**: select an Azure subscription.
+   - **Resource group**: select **Create new**, enter a unique name for the resource group, and then click **OK**.
+   - **Location**: select a location. For example, **Central US**.
+   - **Batch Account Name**: Leave the default value.
+   - **Storage Accountsku**: select a storage account type. For example, **Standard_LRS**.
+   - **Location**: Leave the default so that the resources will be in the same location as your resource group.
+   - I agree to the terms and conditions state above: **Select**.
+
+1. Select **Purchase**.
+
+After a few minutes, you should see a notification that the Batch account was successfully created.
+
+In this example, the Azure portal is used to deploy the template. In addition to the Azure portal, you can also use the Azure PowerShell, Azure CLI, and REST API. To learn other deployment methods, see [Deploy templates](../azure-resource-manager/templates/deploy-powershell.md).
+
+## Validate the deployment
+
+You can validate the deployment in the Azure portal by navigating to the resource group you created. In the **Overview** screen, confirm that the Batch account and the storage account are present.
+
+## Clean up resources
+
+If you plan to continue on to work with subsequent [tutorials](./tutorial-parallel-dotnet.md), you may wish to leave these resources in place. Or, if you no longer need them, you can [delete the resource group](../azure-resource-manager/management/delete-resource-group.md?tabs=azure-portal#delete-resource-group), which will also delete the Batch account and the storage account that you created.
+
+## Next steps
+
+In this quickstart, you created a Batch account and a storage account. To learn more about Azure Batch, continue to the Azure Batch tutorials.
+
+> [!div class="nextstepaction"]
+> [Azure Batch tutorials](./tutorial-parallel-dotnet.md)