Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-search

Author: HeidiSteen

articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-tools-comparison.md

@@ -11,89 +11,20 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 08/28/2018
+ms.date: 04/07/2020
 ms.subservice: hybrid
 ms.author: billmath
-
 ms.collection: M365-identity-device-management
 ---
 # Hybrid Identity directory integration tools comparison
-Over the years the directory integration tools have grown and evolved.  This document is to help provide a consolidated view of these tools and a comparison of the features that are available in each.
-
-<!-- The hardcoded link is a workaround for campaign ids not working in acom links-->
-
-> [!NOTE]
-> Azure AD Connect incorporates the components and functionality previously released as Dirsync and AAD Sync. These tools are no longer being released individually, and all future improvements will be included in updates to Azure AD Connect, so that you always know where to get the most current functionality.
-> 
-> DirSync and Azure AD Sync are deprecated. More information can be found in [here](reference-connect-dirsync-deprecated.md).
-> 
-> 
-
-Use the following key for each of the tables.
-
-●  = Available Now  
-FR = Future Release  
-PP = Public Preview  
-
-## On-Premises to Cloud Synchronization
-| Feature | Azure Active Directory Connect | Azure Active Directory Synchronization Services (AAD Sync) - NO LONGER SUPPORTED | Azure Active Directory Synchronization Tool (DirSync) - NO LONGER SUPPORTED | Forefront Identity Manager 2010 R2 (FIM) | Microsoft Identity Manager 2016 (MIM) |
-|:--- |:---:|:---:|:---:|:---:|:---:|
-| Connect to single on-premises AD forest |● |● |● |● |● |
-| Connect to multiple on-premises AD forests |● |● | |● |● |
-| Connect to multiple on-premises Exchange Orgs |● | | | | |
-| Connect to single on-premises LDAP directory |●* | | |● |● | 
-| Connect to multiple on-premises LDAP directories |●*  | | |● |● | 
-| Connect to on-premises AD and on-premises LDAP directories |●* | | |● |● | 
-| Connect to custom systems (i.e. SQL, Oracle, MySQL, etc.) |FR | | |● |● |
-| Synchronize customer defined attributes (directory extensions) |● | | | | |
-| Connect to on-premises HR (i.e., SAP, Oracle eBusiness,PeopleSoft) |FR | | |● |● |
-| Supports FIM synchronization rules and connectors for provisioning to on-premises systems. | | | |● |● |
-
- 
-&#42; Currently there are two supported options for this.  They are: 
-
-   1. You can use the generic LDAP connector and enable it outside of Azure AD Connect.  This is complex and requires a partner for on-boarding and a premier support agreement to maintain.  This option can handle both single and multiple LDAP directories. 
-
-   2. You can develop your own solution for moving objects from LDAP to Active Directory.  Then synchronize the objects with Azure AD Connect.  MIM or FIM could be used as a possible solution for moving the objects. 
-
-## Cloud to On-Premises Synchronization
-| Feature | Azure Active Directory Connect | Azure Active Directory Synchronization Services- NO LONGER SUPPORTED  | Azure Active Directory Synchronization Tool (DirSync)- NO LONGER SUPPORTED  | Forefront Identity Manager 2010 R2 (FIM) | Microsoft Identity Manager 2016 (MIM) |
-|:--- |:---:|:---:|:---:|:---:|:---:|
-| Writeback of devices |● | |● | | |
-| Attribute writeback (for Exchange hybrid deployment ) |● |● |● |● |● |
-| Writeback of groups objects |● | | | | |
-| Writeback of passwords (from self-service password reset (SSPR) and password change) |● |● | | | |
+Over the years the directory integration tools have grown and evolved.  
 
-## Authentication Feature Support
-| Feature | Azure Active Directory Connect | Azure Active Directory Synchronization Services- NO LONGER SUPPORTED  | Azure Active Directory Synchronization Tool (DirSync)- NO LONGER SUPPORTED  | Forefront Identity Manager 2010 R2 (FIM) | Microsoft Identity Manager 2016 (MIM) |
-|:--- |:---:|:---:|:---:|:---:|:---:|
-| Password Hash Sync for single on-premises AD forest |●|●|● | | |
-| Password Hash Sync for multiple on-premises AD forests |●|● | | | |
-| Pass-Through Authentication for single on-premises AD forests |●| | | | |
-| Single Sign-on with Federation |● |● |● |● |● |
-| Seamless Single Sign-on|● |||||
-| Writeback of passwords (from SSPR and password change) |● |● | | | |
 
-## Set-up and Installation
-| Feature | Azure Active Directory Connect | Azure Active Directory Synchronization Services- NO LONGER SUPPORTED  | Azure Active Directory Synchronization Tool (DirSync)- NO LONGER SUPPORTED  | Microsoft Identity Manager 2016 (MIM) |
-|:--- |:---:|:---:|:---:|:---:|
-| Supports installation on a Domain Controller |● |● |● | |
-| Supports installation using SQL Express |● |● |● | |
-| Easy upgrade from DirSync |● | | | |
-| Localization of Admin UX to Windows Server languages |● |● |● | |
-| Localization of end user UX to Windows Server languages | | | |● |
-| Support for Windows Server 2008 and Windows Server 2008 R2 |● for Sync, No for federation |● |● |● |
-| Support for Windows Server 2012 and Windows Server 2012 R2 |● |● |● |● |
+- [FIM](https://docs.microsoft.com/previous-versions/windows/desktop/forefront-2010/ff182370%28v%3dvs.100%29) and [MIM](https://docs.microsoft.com/microsoft-identity-manager/microsoft-identity-manager-2016) are still supported and primarily enable synchronization between on-premises systems.   The [FIM Windows Azure AD Connector](https://docs.microsoft.com/previous-versions/mim/dn511001(v=ws.10)?redirectedfrom=MSDN) is supported in both FIM and MIM, but not recommended for new deployments - customers with on-premises sources such as Notes or SAP HCM should use MIM to populate Active Directory Domain Services (AD DS) and then also use either Azure AD Connect sync or Azure AD Connect cloud provisioning to synchronize from AD DS to Azure AD.
+- [Azure AD Connect sync](how-to-connect-sync-whatis.md) incorporates the components and functionality previously released in DirSync and Azure AD Sync, for synchronizing between AD DS forests and Azure AD.  
+- [Azure AD Connect cloud provisioning](../cloud-provisioning/what-is-cloud-provisioning.md) is a new Microsoft agent for synching from AD DS to Azure AD, useful for scenarios such as merger and acquisition where the acquired company's AD forests are isolated from the parent company's AD forests.
 
-## Filtering and Configuration
-| Feature | Azure Active Directory Connect | Azure Active Directory Synchronization Services- NO LONGER SUPPORTED  | Azure Active Directory Synchronization Tool (DirSync)- NO LONGER SUPPORTED  | Forefront Identity Manager 2010 R2 (FIM) | Microsoft Identity Manager 2016 (MIM) |
-|:--- |:---:|:---:|:---:|:---:|:---:|
-| Filter on Domains and Organizational Units |● |● |● |● |● |
-| Filter on objects’ attribute values |● |● |● |● |● |
-| Allow minimal set of attributes to be synchronized (MinSync) |● |● | | | |
-| Allow different service templates to be applied for attribute flows |● |● | | | |
-| Allow removing attributes from flowing from AD to Azure AD |● |● | | | |
-| Allow advanced customization for attribute flows |● |● | |● |● |
+To learn more about the differences between Azure AD Connect sync and Azure AD Connect cloud provisioning, see the article [What is Azure AD Connect cloud provisioning?](../cloud-provisioning/what-is-cloud-provisioning.md)
 
 ## Next steps
 Learn more about [Integrating your on-premises identities with Azure Active Directory](whatis-hybrid-identity.md).

articles/app-service/configure-ssl-certificate-in-code.md

@@ -54,25 +54,32 @@ In C# code, you access the certificate by the certificate thumbprint. The follow
 
 ```csharp
 using System;
+using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 
-...
-X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-certStore.Open(OpenFlags.ReadOnly);
-X509Certificate2Collection certCollection = certStore.Certificates.Find(
-                            X509FindType.FindByThumbprint,
-                            // Replace below with your certificate's thumbprint
-                            "E661583E8FABEF4C0BEF694CBC41C28FB81CD870",
-                            false);
-// Get the first cert with the thumbprint
-if (certCollection.Count > 0)
+string certThumbprint = "E661583E8FABEF4C0BEF694CBC41C28FB81CD870";
+bool validOnly = false;
+
+using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
 {
-    X509Certificate2 cert = certCollection[0];
-    // Use certificate
-    Console.WriteLine(cert.FriendlyName);
+  certStore.Open(OpenFlags.ReadOnly);
+
+  X509Certificate2Collection certCollection = certStore.Certificates.Find(
+                              X509FindType.FindByThumbprint,
+                              // Replace below with your certificate's thumbprint
+                              certThumbprint,
+                              validOnly);
+  // Get the first cert with the thumbprint
+  X509Certificate2 cert = certCollection.OfType<X509Certificate>().FirstOrDefault();
+
+  if (cert is null)
+      throw new Exception($"Certificate with thumbprint {certThumbprint} was not found");
+
+  // Use certificate
+  Console.WriteLine(cert.FriendlyName);
+  
+  // Consider to call Dispose() on the certificate after it's being used, avaliable in .NET 4.6 and later
 }
-certStore.Close();
-...
 ```
 
 In Java code, you access the certificate from the "Windows-MY" store using the Subject Common Name field (see [Public key certificate](https://en.wikipedia.org/wiki/Public_key_certificate)). The following code shows how to load a private key certificate:
@@ -107,10 +114,11 @@ The certificate file names are the certificate thumbprints. The following C# cod
 
 ```csharp
 using System;
+using System.IO;
 using System.Security.Cryptography.X509Certificates;
 
 ...
-var bytes = System.IO.File.ReadAllBytes("/var/ssl/certs/<thumbprint>.der");
+var bytes = File.ReadAllBytes("/var/ssl/certs/<thumbprint>.der");
 var cert = new X509Certificate2(bytes);
 
 // Use the loaded certificate
@@ -135,10 +143,11 @@ The following C# example loads a public certificate from a relative path in your
 
 ```csharp
 using System;
+using System.IO;
 using System.Security.Cryptography.X509Certificates;
 
 ...
-var bytes = System.IO.File.ReadAllBytes("~/<relative-path-to-cert-file>");
+var bytes = File.ReadAllBytes("~/<relative-path-to-cert-file>");
 var cert = new X509Certificate2(bytes);
 
 // Use the loaded certificate

articles/application-gateway/features.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: vhorne
 ms.service: application-gateway
 ms.topic: conceptual
-ms.date: 03/04/2020
+ms.date: 04/07/2020
 ms.author: victorh
 ---
 
@@ -157,6 +157,10 @@ The following table shows an average performance throughput for each application
 > [!NOTE]
 > These values are approximate values for an application gateway throughput. The actual throughput depends on various environment details, such as average page size, location of back-end instances, and processing time to serve a page. For exact performance numbers, you should run your own tests. These values are only provided for capacity planning guidance.
 
+## Version feature comparison
+
+For an Application Gateway v1-v2 feature comparison, see [Autoscaling and Zone-redundant Application Gateway v2](application-gateway-autoscaling-zone-redundant.md#feature-comparison-between-v1-sku-and-v2-sku)
+
 ## Next steps
 
 - Learn how Application Gateway works - [How an application gateway works](how-application-gateway-works.md)

articles/cost-management-billing/costs/assign-access-acm-data.md

@@ -3,7 +3,7 @@ title: Assign access to Azure Cost Management data
 description: This article walks you though assigning permission to Azure Cost Management data for various access scopes.
 author: bandersmsft
 ms.author: banders
-ms.date: 03/19/2020
+ms.date: 04/07/2020
 ms.topic: conceptual
 ms.service: cost-management-billing
 ms.reviewer: adwise
@@ -16,9 +16,9 @@ For users with Azure Enterprise agreements, a combination of permissions granted
 
 The scope that a user selects is used throughout Cost Management to provide data consolidation and to control access to cost information. When using scopes, users don't multi-select them. Instead, they select a larger scope that child scopes roll up to and then they filter-down to what they want to view. Data consolidation is important to understand because some people shouldn't access a parent scope that child scopes roll up to.
 
-Watch the [How to assign access with Azure Cost Management](https://www.youtube.com/watch?v=J997ckmwTa8) video to learn about assigning access to view costs and charges with Azure role-based access control.
+Watch the [Cost Management controlling access](https://www.youtube.com/watch?v=_uQzQ9puPyM) video to learn about assigning access to view costs and charges with Azure role-based access control.
 
->[!VIDEO https://www.youtube.com/embed/J997ckmwTa8]
+>[!VIDEO https://www.youtube.com/embed/_uQzQ9puPyM]
 
 ## Cost Management scopes
 

articles/cost-management-billing/costs/cost-mgt-best-practices.md

@@ -3,7 +3,7 @@ title: Optimize your cloud investment with Azure Cost Management
 description: This article helps get the most value out of your cloud investments, reduce your costs, and evaluate where your money is being spent.
 author: bandersmsft
 ms.author: banders
-ms.date: 03/24/2020
+ms.date: 04/07/2020
 ms.topic: conceptual
 ms.service: cost-management-billing
 ms.reviewer: adwise
@@ -32,6 +32,10 @@ Three key groups, outlined below, must be aligned in your organization to make s
 
 Use the principles outlined below to position your organization for success in cloud cost management.
 
+To learn more, watch the [Cost Management setting up for success](https://www.youtube.com/watch?v=dVuwITdSAZ4) video.
+
+>[!VIDEO https://www.youtube.com/embed/dVuwITdSAZ4]
+
 #### Planning
 
 Comprehensive, up-front planning allows you to tailor cloud usage to your specific business requirements. Ask yourself:

articles/cost-management-billing/costs/quick-acm-cost-analysis.md

@@ -3,7 +3,7 @@ title: Quickstart - Explore Azure costs with cost analysis
 description: This quickstart helps you use cost analysis to explore and analyze your Azure organizational costs.
 author: bandersmsft
 ms.author: banders
-ms.date: 03/24/2020
+ms.date: 04/07/2020
 ms.topic: quickstart
 ms.service: cost-management-billing
 ms.reviewer: micflan
@@ -139,6 +139,10 @@ You can view the full dataset for any view. Whichever selections or filters that
 
 ## Understanding grouping and filtering options
 
+Cost analysis has many grouping and filtering options. To watch a video about grouping and filtering options, watch the [Cost Management reporting by dimensions and tags](https://www.youtube.com/watch?v=2Vx7V17zbmk) video.
+
+>[!VIDEO https://www.youtube.com/embed/2Vx7V17zbmk]
+
 The following table lists some of the most common grouping and filtering options and when you should use them.
 
 | Property | When to use | Notes |

articles/cost-management-billing/costs/understand-work-scopes.md

@@ -22,6 +22,10 @@ A _scope_ is a node in the Azure resource hierarchy where Azure AD users access
 
 Scopes are where you manage billing data, have roles specific to payments, view invoices, and conduct general account management. Billing and account roles are managed separately from those used for resource management, which use [Azure RBAC](../../role-based-access-control/overview.md). To clearly distinguish the intent of the separate scopes, including the access control differences, these are referred to as _billing scopes_ and _RBAC scopes_, respectively.
 
+To learn more about scopes, watch the [Cost Management setting up hierarchies](https://www.youtube.com/watch?v=n3TLRaYJ1NY) video.
+
+>[!VIDEO https://www.youtube.com/embed/n3TLRaYJ1NY]
+
 ## How Cost Management uses scopes
 
 Cost Management works at all scopes above resources to allow organizations to manage costs at the level at which they have access, whether that's the entire billing account or a single resource group. Although billing scopes differ based on your Microsoft agreement (subscription type), the RBAC scopes do not.

articles/key-vault/quick-create-python.md

@@ -63,7 +63,7 @@ az keyvault create --name <your-unique-keyvault-name> -g "myResourceGroup"
 
 ### Create a service principal
 
-The simplest way to authenticate a cloud-based .NET application is with a managed identity; see [Use an App Service managed identity to access Azure Key Vault](managed-identity.md) for details. For the sake of simplicity however, this quickstart creates a .NET console application. Authenticating a desktop application with Azure requires the use of a service principal and an access control policy.
+The simplest way to authenticate a cloud-based Python application is with a managed identity; see [Use an App Service managed identity to access Azure Key Vault](managed-identity.md) for details. For the sake of simplicity however, this quickstart creates a Python console application. Authenticating a desktop application with Azure requires the use of a service principal and an access control policy.
 
 Create a service principle using the Azure CLI [az ad sp create-for-rbac](/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac) command: