Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: tynevi

.openpublishing.redirection.json

@@ -15155,6 +15155,11 @@
       "redirect_url": "/azure/aks/networking-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/stream-analytics/vs-code-how-to.md",
+      "redirect_url": "/azure/stream-analytics/vscode-explore-jobs",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/stream-analytics/custom-deserializer.md",
       "redirect_url": "https://aka.ms/asapreview1",

articles/active-directory/authentication/concept-sspr-policy.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/31/2018
+ms.date: 05/16/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -77,8 +77,8 @@ The following table describes the password policy settings applied to user accou
 
 | Property | Requirements |
 | --- | --- |
-| Characters allowed |<ul><li>A – Z</li><li>a - z</li><li>0 – 9</li> <li>@ # $ % ^ & * - _ ! + = [ ] { } &#124; \ : ‘ , . ? / \` ~ " ( ) ;</li></ul> blank space |
-| Characters not allowed |<ul><li>Unicode characters.</li><li>Spaces.</li><li> Cannot contain a dot character "." immediately preceding the "\@\" symbol”.</li></ul> |
+| Characters allowed |<ul><li>A – Z</li><li>a - z</li><li>0 – 9</li> <li>@ # $ % ^ & * - _ ! + = [ ] { } &#124; \ : ‘ , . ? / \` ~ " ( ) ;</li> <li>blank space</li></ul> |
+| Characters not allowed |<ul><li>Unicode characters.</li><li> Cannot contain a dot character "." immediately preceding the "\@\" symbol”.</li></ul> |
 | Password restrictions |<ul><li>A minimum of 8 characters and a maximum of 256 characters.</li><li>Requires three out of four of the following:<ul><li>Lowercase characters.</li><li>Uppercase characters.</li><li>Numbers (0-9).</li><li>Symbols (see the previous password restrictions).</li></ul></li></ul> |
 | Password expiry duration |<ul><li>Default value: **90** days.</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet from the Azure Active Directory Module for Windows PowerShell.</li></ul> |
 | Password expiry notification |<ul><li>Default value: **14** days (before password expires).</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet.</li></ul> |
@@ -95,7 +95,6 @@ This guidance applies to other providers, such as Intune and Office 365, which a
 
 > [!NOTE]
 > Only passwords for user accounts that are not synchronized through directory synchronization can be configured to not expire. For more information about directory synchronization, see [Connect AD with Azure AD](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect).
->
 
 ## Set or check the password policies by using PowerShell
 
@@ -153,7 +152,7 @@ To get started, you need to [download and install the Azure AD PowerShell module
    ```
 
    > [!WARNING]
-   > Passwords set to `-PasswordPolicies DisablePasswordExpiration` still age based on the `pwdLastSet` attribute. If you set the user passwords to never expire and then 90+ days go by, the passwords expire. Based on the `pwdLastSet` attribute, if you change the expiration to `-PasswordPolicies None`, all passwords that have a `pwdLastSet` older than 90 days require the user to change them the next time they sign in. This change can affect a large number of users. 
+   > Passwords set to `-PasswordPolicies DisablePasswordExpiration` still age based on the `pwdLastSet` attribute. If you set the user passwords to never expire and then 90+ days go by, the passwords expire. Based on the `pwdLastSet` attribute, if you change the expiration to `-PasswordPolicies None`, all passwords that have a `pwdLastSet` older than 90 days require the user to change them the next time they sign in. This change can affect a large number of users.
 
 ## Next steps
 

articles/active-directory/authentication/concept-sspr-writeback.md

@@ -38,9 +38,8 @@ Password writeback provides:
 * **Supports password writeback when an admin resets them from the Azure portal**: Whenever an admin resets a user’s password in the [Azure portal](https://portal.azure.com), if that user is federated or password hash synchronized, the password is written back to on-premises. This functionality is currently not supported in the Office admin portal.
 * **Doesn’t require any inbound firewall rules**: Password writeback uses an Azure Service Bus relay as an underlying communication channel. All communication is outbound over port 443.
 
-> [!Note]
+> [!NOTE]
 > User accounts that exist within protected groups in on-premises Active Directory cannot be used with password writeback. Administrator accounts that exist within protected groups in on-premises AD can be used with password writeback. For more information about protected groups, see [Protected accounts and groups in Active Directory](https://technet.microsoft.com/library/dn535499.aspx).
->
 
 ## Licensing requirements for password writeback
 
@@ -59,7 +58,6 @@ To use password writeback, you must have one of the following licenses assigned
 
 > [!WARNING]
 > Standalone Office 365 licensing plans *don't support "Self-Service Password Reset/Change/Unlock with on-premises writeback"* and require that you have one of the preceding plans for this functionality to work.
->
 
 ## How password writeback works
 
@@ -86,7 +84,6 @@ When a federated or password hash synchronized user attempts to reset or change
 1. If the password set operation is successful, the user is told their password has been changed.
    > [!NOTE]
    > If the user's password hash is synchronized to Azure AD by using password hash synchronization, there is a chance that the on-premises password policy is weaker than the cloud password policy. In this case, the on-premises policy is enforced. This policy ensures that your on-premises policy is enforced in the cloud, no matter if you use password hash synchronization or federation to provide single sign-on.
-   >
 
 1. If the password set operation fails, an error prompts the user to try again. The operation might fail because:
     * The service was down.
@@ -151,6 +148,7 @@ Passwords are written back in all the following situations:
    * Any administrator self-service force change password operation, for example, password expiration
    * Any administrator self-service password reset that originates from the [password reset portal](https://passwordreset.microsoftonline.com)
    * Any administrator-initiated end-user password reset from the [Azure portal](https://portal.azure.com)
+   * Any administrator-initiated end-user password reset from the [Microsoft 365 admin center](https://admin.microsoft.com)
 
 ## Unsupported writeback operations
 
@@ -159,11 +157,10 @@ Passwords are *not* written back in any of the following situations:
 * **Unsupported end-user operations**
    * Any end user resetting their own password by using PowerShell version 1, version 2, or the Azure AD Graph API
 * **Unsupported administrator operations**
-   * Any administrator-initiated end-user password reset from the [Office management portal](https://portal.office.com)
    * Any administrator-initiated end-user password reset from PowerShell version 1, version 2, or the Azure AD Graph API
 
 > [!WARNING]
-> Use of the checkbox "User must change password at next logon" in on-premises Active Directory administrative tools like Active Directory Users and Computers or the Active Directory Administrative Center is not supported. When changing a password on-premises do not check this option. 
+> Use of the checkbox "User must change password at next logon" in on-premises Active Directory administrative tools like Active Directory Users and Computers or the Active Directory Administrative Center is not supported. When changing a password on-premises do not check this option.
 
 ## Next steps
 

articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 05/1/2019
+ms.date: 05/16/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo

articles/active-directory/conditional-access/technical-reference.md

@@ -46,7 +46,6 @@ You can assign a conditional access policy to the following cloud apps from Micr
 - Microsoft Application Insights Analytics
 - Microsoft Azure Information Protection - [Learn more](https://docs.microsoft.com/azure/information-protection/faqs#i-see-azure-information-protection-is-listed-as-an-available-cloud-app-for-conditional-accesshow-does-this-work)
 - Microsoft Azure Management - [Learn more](https://docs.microsoft.com/azure/role-based-access-control/conditional-access-azure-management)
-- Microsoft Azure RemoteApp
 - Microsoft Azure Subscription Management
 - Microsoft Cloud App Security
 - Microsoft Commerce Tools Access Control Portal
@@ -165,7 +164,6 @@ This setting has an impact on access attempts made from the following mobile app
 
 | Client apps | Target Service | Platform |
 | --- | --- | --- |
-| Azure Remote app | Azure Remote App service | Windows 10, Windows 8.1, Windows 7, iOS, Android, and macOS |
 | Dynamics CRM app | Dynamics CRM | Windows 10, Windows 8.1, iOS, and Android |
 | Mail/Calendar/People app, Outlook 2016, Outlook 2013 (with modern authentication)| Office 365 Exchange Online | Windows 10 |
 | MFA and location policy for apps. Device based policies are not supported.| Any My Apps app service| Android and iOS |

articles/active-directory/conditional-access/terms-of-use.md

@@ -12,7 +12,7 @@ ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
 ms.subservice: compliance
-ms.date: 04/03/2019
+ms.date: 05/15/2019
 ms.author: rolyon
 
 ms.collection: M365-identity-device-management
@@ -380,6 +380,9 @@ A: You can [review previously accepted Terms of use](#how-users-can-review-their
 **Q: What happens if I'm also using Intune terms and conditions?**<br />
 A: If you have configured both Azure AD Terms of use and [Intune terms and conditions](/intune/terms-and-conditions-create), the user will be required to accept both. For more information, see the [Choosing the right Terms solution for your organization blog post](https://go.microsoft.com/fwlink/?linkid=2010506&clcid=0x409).
 
+**Q: What endpoints does the Terms of use service use for authentication?**<br />
+A: Terms of use utilizes the following endpoints for authentication: https://tokenprovider.termsofuse.identitygovernance.azure.com and https://account.activedirectory.windowsazure.com. If your organization has an allow list of URLs for enrollment, you will need to add these endpoints to your allow list, along with the Azure AD endpoints for sign in.
+
 ## Next steps
 
 - [Quickstart: Require terms of use to be accepted before accessing cloud apps](require-tou.md)