Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: tynevi

.openpublishing.redirection.json

@@ -15125,6 +15125,11 @@
       "redirect_url": "/azure/aks/networking-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/stream-analytics/custom-deserializer.md",
+      "redirect_url": "https://aka.ms/asapreview1",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/stream-analytics/stream-analytics-tools-for-visual-studio.md",
       "redirect_url": "/azure/stream-analytics/stream-analytics-quick-create-vs",

articles/active-directory/develop/TOC.yml

@@ -342,6 +342,8 @@
           items:
             - name: Acquire a token from the cache
               href: msal-net-acquire-token-silently.md
+            - name: Clear the token cache
+              href: msal-net-clear-token-cache.md
             - name: Instantiate a public client with options
               href: msal-net-instantiate-public-client-config-options.md
             - name: Instantiate a confidential client with options

articles/active-directory/develop/msal-net-clear-token-cache.md

@@ -0,0 +1,50 @@
+---
+title: Clear the token cache by using Microsoft Authentication Library for .NET - Azure
+description: Learn how to clear the token cache using the Microsoft Authentication Library for .NET (MSAL.NET).
+services: active-directory
+documentationcenter: dev-center-name
+author: rwike77
+manager: celested
+editor: ''
+
+ms.service: active-directory
+ms.subservice: develop
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.date: 05/07/2019
+ms.author: ryanwi
+ms.reviewer: saeeda
+ms.custom: aaddev
+#Customer intent: As an application developer, I want to learn how how to clear the token cache so I can .
+ms.collection: M365-identity-device-management
+---
+
+# Clear the token cache using MSAL.NET
+
+When you [acquire an access token](msal-acquire-cache-tokens.md) using Microsoft Authentication Library for .NET (MSAL.NET), the token is cached. When the application needs a token, it should first call the `AcquireTokenSilent` method to verify if an acceptable token is in the cache. 
+
+Clearing the cache is achieved by removing the accounts from the cache. This does not remove the session cookie which is in the browser, though.  The following example instantiates a public client application, gets the accounts for the application, and removes the accounts.
+
+```csharp
+private readonly IPublicClientApplication _app;
+private static readonly string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
+private static readonly string Authority = string.Format(CultureInfo.InvariantCulture, AadInstance, Tenant);
+
+_app = PublicClientApplicationBuilder.Create(ClientId)
+                .WithAuthority(Authority)
+                .Build();
+
+var accounts = (await _app.GetAccountsAsync()).ToList();
+
+// clear the cache
+while (accounts.Any())
+{
+   await _app.RemoveAsync(accounts.First());
+   accounts = (await _app.GetAccountsAsync()).ToList();
+}
+
+```
+
+To learn more about acquiring and caching tokens, read [acquire an access token](msal-acquire-cache-tokens.md).

articles/active-directory/fundamentals/active-directory-faq.md

@@ -206,4 +206,4 @@ For more information, see [Automate user provisioning and deprovisioning to SaaS
 - - -
 **Q:  Can I set up a secure LDAP connection with Azure AD?**
 
-**A:**  No. Azure AD does not support the LDAP protocol. However, you can configure secure LDAP with Azure AD Domain Services.
+**A:**  No. Azure AD does not support the Lightweight Directory Access Protocol (LDAP) protocol. However, it's possible to use Azure AD Domain Services (Azure AD DS) with properly configured network security groups through Azure Networking to achieve LDAP connectivity. For more information, see https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap.

articles/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md

@@ -60,8 +60,8 @@ Before you can associate or add your subscription, you must perform the followin
 
     The directory is changed for the subscription and you get a success message.
 
-    ![Success message about directory change](media/active-directory-how-subscriptions-associated-directory/edit-directory-success.png)    
-4. Use the **Directory switcher** to go to your new directory. It might take up to 10 minutes for everything to show up properly.
+    ![Success message about directory change](media/active-directory-how-subscriptions-associated-directory/edit-directory-success.png)
+4. Use the **Directory switcher** to go to your new directory. It can take several hours for everything to show up properly. If it seems to be taking too long, make sure you check the **Global subscription filter** for the moved subscription, to make sure it's not simply hidden.
 
     ![Directory switcher page, with sample information](media/active-directory-how-subscriptions-associated-directory/directory-switcher.png)
 

articles/active-directory/reports-monitoring/reference-sign-ins-error-codes.md

@@ -14,7 +14,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 04/25/2019
+ms.date: 05/08/2019
 ms.author: markvi
 ms.reviewer: dhanyahk
 
@@ -174,6 +174,7 @@ You can also programmatically access the sign-in data using the [reporting API](
 |90051|	Invalid Delegation Token. Invalid national Cloud ID ({cloudId}) is specified.|
 |90072| The account needs to be added as an external user in the tenant first. Sign-out and sign-in again with a different Azure AD account.|
 |90094| The grant requires administrator permissions. Ask your tenant administrator to provide consent for this application.|
+|500021|Tenant is restricted by company proxy. Denying the resource access.|
 |500121| Authentication failed during strong authentication request.|
 |500133| The assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token.|
 |530021|Application does not meet the conditional access approved app requirements.|

articles/active-directory/saas-apps/bluejeans-tutorial.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: tutorial
-ms.date: 12/31/2018
+ms.date: 04/16/2019
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -98,19 +98,19 @@ To configure Azure AD single sign-on with BlueJeans, perform the following steps
 
 3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
 
-	![Edit Basic SAML Configuration](common/edit-urls.png)
+	![Edit Basic SAML Configuration](media/bluejeans-tutorial/edit-urls-bluejeans.png)
 
-4. On the **Basic SAML Configuration** section, perform the following steps:
+4. In the **Basic SAML Configuration** dialog, enter the following values:
 
-    ![BlueJeans Domain and URLs single sign-on information](common/sp-identifier.png)
+    ![BlueJeans Domain and URLs single sign-on information](media/bluejeans-tutorial/tutorial_bluejeans-basic-configuration.png)
 
-    a. In the **Sign-on URL** text box, type a URL using the following pattern:
-    `https://<companyname>.BlueJeans.com`
-
-    b. In the **Identifier** text box, type a URL: `https://samlsp.bluejeans.com`
-
-	> [!NOTE]
-	> The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact [BlueJeans Client support team](https://support.bluejeans.com/contact) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+   - In the **Identifier** text box, type the following:
+    `https://samlsp.bluejeans.com`
+    
+   - In the **Sign-on URL** text box, type the landing page URL provided to you by BlueJeans (to get this value, you can contact the [BlueJeans Client support team](https://support.bluejeans.com/contact)):
+    `https://<companyname>.bluejeans.com`
+    
+   - Click **Save**.
 
 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
 

articles/active-directory/saas-apps/media/bluejeans-tutorial/edit-urls-bluejeans.png

@@ -106,10 +106,16 @@ If you use Exchange Online, some users in your tenant might be incorrectly confi
 > Run Get-Recipient | where {$_.EmailAddresses -match "[email protected]"} | fL Name, RecipientType,emailaddresses
 > ```
 > For more information about this problem, see ["Proxy address 
-> is already being used" error message in Exchange Online](https://support.microsoft.com/help/3042584/-proxy-address-address-is-already-being-used-error-message-in-exchange-online). The article also includes information on [how to connect to Exchange Online by using remote PowerShell](https://technet.microsoft.com/library/jj984289.aspx). See this article for more information [on how the proxyAddresses attribute is populated in Azure AD](https://support.microsoft.com/help/3190357/how-the-proxyaddresses-attribute-is-populated-in-azure-ad).
+> is already being used" error message in Exchange Online](https://support.microsoft.com/help/3042584/-proxy-address-address-is-already-being-used-error-message-in-exchange-online). The article also includes information on [how to connect to Exchange Online by using remote PowerShell](https://technet.microsoft.com/library/jj984289.aspx).
 
 After you resolve any proxy address problems for the affected users, make sure to force license processing on the group to make sure that the licenses can now be applied.
 
+## Azure AD Mail and ProxyAddresses attribute change
+
+**Problem:** While updating license assignment on a user or a group, you might see that the Azure AD Mail and ProxyAddresses attribute of some users are changed.
+
+Updating license assignment on a user causes the proxy address calculation to be triggered, which can change user attributes. To understand the exact reason of the change and solve the problem, see this article on [how the proxyAddresses attribute is populated in Azure AD](https://support.microsoft.com/help/3190357/how-the-proxyaddresses-attribute-is-populated-in-azure-ad).
+
 ## What happens when there's more than one product license on a group?
 
 You can assign more than one product license to a group. For example, you can assign Office 365 Enterprise E3 and Enterprise Mobility + Security to a group to easily enable all included services for users.