Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into catchpoint-tutorial

Author: Jak-MS

.openpublishing.redirection.json

@@ -1995,6 +1995,26 @@
       "redirect_url": "/azure/cognitive-services/bing-video-search/quickstarts/client-libraries?pivots=programming-language-python",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-c-sharp.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-java.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-java",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-node.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-javascript",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-python.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-python",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/classic/rdma-cluster.md",
       "redirect_url": "/azure/virtual-machines/linux/sizes-hpc#rdma-capable-instances",
@@ -2902,7 +2922,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/overview-more-machine-learning.md",
-      "redirect_url": "/azure/architecture/data-guide/technology-choices/data-science-and-machine-learning",
+      "redirect_url": "https://docs.microsoft.com/azure/architecture/data-guide/technology-choices/data-science-and-machine-learning",
       "redirect_document_id": false
     },
     {
@@ -2982,7 +3002,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/support-for-aml-services.md",
-      "redirect_url": "https://aka.ms/aml-forum-service",
+      "redirect_url": "https://social.msdn.microsoft.com/Forums/home?forum=AzureMachineLearningService",
       "redirect_document_id": false
     },
     {
@@ -3072,17 +3092,17 @@
     },
     {
       "source_path": "articles/machine-learning/studio/live-chat.md",
-      "redirect_url": "https://social.msdn.microsoft.com/Forums/en-US/home?forum=MachineLearning",
+      "redirect_url": "https://social.msdn.microsoft.com/Forums/home?forum=MachineLearning",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/machine-learning/studio/datamarket-deprecation.md",
-      "redirect_url": "https://microsoft.com/cognitive",
+      "redirect_url": "https://azure.microsoft.com/services/cognitive-services/",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/machine-learning/r-developers-guide.md",
-      "redirect_url": "/azure/architecture/data-guide/technology-choices/r-developers-guide",
+      "redirect_url": "https://docs.microsoft.com/azure/architecture/data-guide/technology-choices/r-developers-guide",
       "redirect_document_id": false
     },
     {
@@ -15161,7 +15181,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/how-to-create-portal-experiments.md",
-      "redirect_url": "/azure/machine-learning/how-to-create-portal-experiments",
+      "redirect_url": "/azure/machine-learning/tutorial-first-experiment-automated-ml",
       "redirect_document_id": false
     },
     {
@@ -29744,6 +29764,26 @@
       "redirect_url": "/azure/sentinel/fusion",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-apply-system-updates.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-investigation.md",
+      "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#security-alerts-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-threat-intel.md",
+      "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#menu_securityeventsmap",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-apply-disk-encryption.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/security-center/security-center-confidence-score.md",
       "redirect_url": "/azure/security-center/security-center-intro",
@@ -47329,6 +47369,11 @@
       "redirect_url": "https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160593",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory-domain-services/compatible-software.md",
+      "redirect_url": "/azure/active-directory-domain-services/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory-domain-services/active-directory-ds-troubleshooting.md",
       "redirect_url": "/azure/active-directory-domain-services/troubleshoot",
@@ -50503,6 +50548,16 @@
     {
       "source_path": "articles/sql-database/sql-database-managed-instance-index.yml",
       "redirect_url": "/azure/sql-database/sql-database-managed-instance"
+    },
+    {
+      "source_path": "articles/aks/integrate-azure.md",
+      "redirect_url": "/azure/aks/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/use-cosmosdb-osba-mongo-app.md",
+      "redirect_url": "/azure/aks/",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/custom-policy-localization.md

@@ -17,7 +17,7 @@ ms.subservice: B2C
 
 [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
 
-Language customization in Azure Active Directory B2C (Azure AD B2C) allows you to accommodate different languages to suit your customer' needs. Microsoft provides the translations for 36 languages, but you can also provide your own translations for any language. Even if your experience is provided for only a single language, you can customize any text on the pages. 
+Language customization in Azure Active Directory B2C (Azure AD B2C) allows you to accommodate different languages to suit your customer' needs. Microsoft provides the translations for [36 languages](https://docs.microsoft.com/azure/active-directory-b2c/user-flow-language-customization#supported-languages), but you can also provide your own translations for any language. Even if your experience is provided for only a single language, you can customize any text on the pages. 
 
 This article shows you how to support multiple locales or languages in the policy for user journeys. Localization requires three steps: set-up the explicit list of supported languages, provide language-specific strings and collections, and edit the [content definition](contentdefinitions.md) for the page. 
 

articles/active-directory-domain-services/TOC.yml

@@ -145,8 +145,6 @@
       href: faqs.md
     - name: Service updates
       href: https://azure.microsoft.com/updates/?product=active-directory-ds
-    - name: Compatible third-party software
-      href: compatible-software.md
     - name: Pricing
       href: https://azure.microsoft.com/pricing/details/active-directory-ds/
     - name: Azure AD feedback forum

articles/active-directory-domain-services/compatible-software.md

@@ -56,7 +56,7 @@ Microsoft's passwordless authentication methods enable different scenarios. Cons
 | **Web app sign-in**: <br> from a mobile or non-windows device | **Yes** | **No** | **No** |
 | **Computer sign in**: <br> Non-Windows computer | **No** | **No** | **No** |
 
-For information on selecting the best method for your organization, see [Deciding a passwordless method](https://docs.microsoft.com/azure/security/fundamentals/ad-passwordless#deciding-a-passwordless-method).
+For information on selecting the best method for your organization, see [Deciding a passwordless method](https://docs.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless#choose-a-passwordless-method).
 
 ## Prerequisites
 
@@ -130,7 +130,7 @@ See [Best practices for a pilot](https://aka.ms/deploymentplans) on the deployme
 
 The Microsoft Authenticator app is a free download from Google Play or the Apple App Store. [Learn more about downloading the Microsoft Authenticator app](https://www.microsoft.com/p/microsoft-authenticator/9nblgggzmcj6). Have users download the Microsoft Authenticator app. and follow the directions to enable phone sign in. 
 
-It turns any iOS or Android phone into a strong, passwordless credential. Users sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using biometrics or a PIN to confirm. [See details on how the Microsoft Authenticator app works](https://docs.microsoft.com/azure/security/fundamentals/ad-passwordless#user-using-microsoft-authenticator-for-passwordless-sign-in). 
+It turns any iOS or Android phone into a strong, passwordless credential. Users sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using biometrics or a PIN to confirm. [See details on how the Microsoft Authenticator app works](https://docs.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless#microsoft-authenticator-app).
 
 ![sign in with the Authenticator app](./media/howto-authentication-passwordless-deployment/passwordless-dp-sign-in.png)
 

articles/active-directory/authentication/howto-authentication-passwordless-deployment.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: article
-ms.date: 03/04/2020
+ms.date: 04/02/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -56,7 +56,7 @@ Organizations must complete the following steps in order to require the use of a
 1. Under **Access controls** > **Grant**, select the following options:
    - **Require approved client app**
    - **Require app protection policy (preview)**
-   - **Require one of the selected controls**
+   - **Require all the selected controls**
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create and enable your policy.
 

articles/active-directory/conditional-access/app-protection-based-conditional-access.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/11/2020
+ms.date: 04/02/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -41,7 +41,7 @@ The following options are available to include when creating a Conditional Acces
 
 ## Exclude users
 
-Exclusions are commonly used for emergency access or break-glass accounts. More information about emergency access accounts and why they are important can be found in the following articles: 
+When organizations both include and exclude a user or group the user or group is excluded from the policy, as an exclude action overrides an include in policy. Exclusions are commonly used for emergency access or break-glass accounts. More information about emergency access accounts and why they are important can be found in the following articles: 
 
 * [Manage emergency access accounts in Azure AD](../users-groups-roles/directory-emergency-access.md)
 * [Create a resilient access control management strategy with Azure Active Directory](../authentication/concept-resilient-controls.md)
@@ -55,6 +55,16 @@ The following options are available to exclude when creating a Conditional Acces
 - Users and groups
    - Allows targeting of specific sets of users. For example, organizations can select a group that contains all members of the HR department when an HR app is selected as the cloud app. A group can be any type of group in Azure AD, including dynamic or assigned security and distribution groups.
 
+### Preventing administrator lockout
+
+To prevent an administrator from locking themselves out of their directory when creating a policy applied to **All users** and **All apps**, they will see the following warning.
+
+> Don't lock yourself out! We recommend applying a policy to a small set of users first to verify it behaves as expected. We also recommend excluding at least one administrator from this policy. This ensures that you still have access and can update a policy if a change is required. Please review the affected users and apps.
+
+By default the policy will provide an option to exclude the current user from the policy, but this default can be overridden by the administrator as shown in the following image. 
+
+![Warning, don't lock yourself out!](./media/concept-conditional-access-users-groups/conditional-access-users-and-groups-lockout-warning.png)
+
 ## Next steps
 
 - [Conditional Access: Cloud apps or actions](concept-conditional-access-cloud-apps.md)

articles/active-directory/conditional-access/concept-conditional-access-users-groups.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 04/02/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -39,7 +39,7 @@ Conditional Access policies are powerful tools, we recommend excluding the follo
 
 * **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant take steps to recover access.
    * More information can be found in the article, [Manage emergency access accounts in Azure AD](../users-groups-roles/directory-emergency-access.md).
-* **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services and allow programmatic access to applications. Service accounts should be excluded since MFA can't be completed programmatically.
+* **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Service accounts like these should be excluded since MFA can't be completed programmatically.
    * If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
 
 ## Create a Conditional Access policy

articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 04/02/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -29,7 +29,7 @@ Conditional Access policies are powerful tools, we recommend excluding the follo
 
 * **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant take steps to recover access.
    * More information can be found in the article, [Manage emergency access accounts in Azure AD](../users-groups-roles/directory-emergency-access.md).
-* **Service accounts** and **service principles**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services and allow programmatic access to applications. Service accounts should be excluded since MFA can't be completed programmatically.
+* **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Service accounts like these should be excluded since MFA can't be completed programmatically.
    * If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
 
 ## Application exclusions