Merge branch 'master' of https://github.com/Microsoft/azure-docs-pr into azurenetwork

Author: KumudD

articles/active-directory/authentication/concept-authentication-methods.md

@@ -162,7 +162,7 @@ OATH hardware tokens are being supported as part of a public preview. For more i
 Once tokens are acquired they must be uploaded in a comma-separated values (CSV) file format including the UPN, serial number, secret key, time interval, manufacturer, and model as the example below shows.
 
 ```csv
-upn,serial number,secret key,timeinterval,manufacturer,model
+upn,serial number,secret key,time interval,manufacturer,model
 [email protected],1234567,1234567890abcdef1234567890abcdef,60,Contoso,HardwareKey
 ```
 

articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md

@@ -40,7 +40,7 @@ Complete these steps to enable combined registration:
 > Starting in March 2019, the phone call options won't be available to Multi-Factor Authentication and SSPR users in free/trial Azure AD tenants. SMS messages are not affected by this change. The phone call options will still be available to users in paid Azure AD tenants.
 
 > [!NOTE]
-> After you enable combined registration, users who register or confirm their phone number or mobile app through the new experience can use them for Multi-Factor Authentication and SSPR, if those methods are enabled in the Multi-Factor Authentication and SSPR policies. If you then disable this experience, users who go to the previous SSPR registration page at `https:/aka.ms/ssprsetup` will be required to perform multi-factor authentication before they can access the page.
+> After you enable combined registration, users who register or confirm their phone number or mobile app through the new experience can use them for Multi-Factor Authentication and SSPR, if those methods are enabled in the Multi-Factor Authentication and SSPR policies. If you then disable this experience, users who go to the previous SSPR registration page at `https://aka.ms/ssprsetup` will be required to perform multi-factor authentication before they can access the page.
 
 If you have configured the Site to Zone Assignment List in Internet Explorer, the following sites have to be in the same zone:
 
@@ -89,4 +89,4 @@ The following policy applies to all selected users, who attempt to register usin
 
 [Troubleshooting combined security info registration](howto-registration-mfa-sspr-combined-troubleshoot.md)
 
-[What is the location condition in Azure Active Directory conditional access?](../conditional-access/location-condition.md)
+[What is the location condition in Azure Active Directory conditional access?](../conditional-access/location-condition.md)

articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md

@@ -60,7 +60,7 @@ In v2.0, using the `https://login.microsoftonline.com/common` authority, will al
 
     v2.0: scope = https://graph.microsoft.com/User.Read
 
-    You can request scopes for any resource API using the URI of the API in this format: appidURI/scope For example: https://mytenant.onmicrosoft.com/myapi/api.read
+    You can request scopes for any resource API using the URI of the API in this format: appidURI/scope For example: https:\//mytenant.onmicrosoft.com/myapi/api.read
 
     Only for the MS Graph API, a scope value `user.read` maps to https://graph.microsoft.com/User.Read and can be used interchangeably.
 

articles/active-directory/develop/msal-net-user-gets-consent-for-multiple-resources.md

@@ -29,8 +29,8 @@ The Microsoft identity platform endpoint does not allow you to get a token for s
 
 For example, if you have two resources that have 2 scopes each:
 
-- https://mytenant.onmicrosoft.com/customerapi (with 2 scopes `customer.read` and `customer.write`)
-- https://mytenant.onmicrosoft.com/vendorapi (with 2 scopes `vendor.read` and `vendor.write`)
+- https:\//mytenant.onmicrosoft.com/customerapi (with 2 scopes `customer.read` and `customer.write`)
+- https:\//mytenant.onmicrosoft.com/vendorapi (with 2 scopes `vendor.read` and `vendor.write`)
 
 You should use the `.WithExtraScopeToConsent` modifier which has the *extraScopesToConsent* parameter as shown in the following example:
 

articles/active-directory/identity-protection/vulnerabilities.md

@@ -27,8 +27,6 @@ The following sections provide you with an overview of the vulnerabilities repor
 
 This vulnerability helps assess the deployment of Azure Multi-Factor Authentication in your organization.
 
-To view the count for users that are not registered for MFA, click on the vulnerability and you are redirected to statistics within Identity Secure Score.
-
 Azure Multi-Factor Authentication provides a second layer of security to user authentication. It helps safeguard access to data and applications while meeting user demand for a simple sign-in process. Azure Multi-Factor Authentication provides easy to use verification options like:
 
 * Phone call

articles/active-directory/manage-apps/application-proxy-debug-apps.md

@@ -0,0 +1,54 @@
+---
+title: Debug Application Proxy applications - Azure Active Directory | Microsoft Docs
+description: Debug issues with Azure Active Directory (Azure AD) Application Proxy applications.
+services: active-directory
+author: msmimart
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: app-mgmt
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 05/21/2019
+ms.author: mimart
+ms.reviewer: japere
+---
+
+# Debug Application Proxy application issues 
+
+This article helps you troubleshoot issues with Azure Active Directory (Azure AD) Application Proxy applications. If you're using the Application Proxy service for remote access to an on-premises web application, but you're having trouble connecting to the application, use this flowchart to debug application issues. 
+
+## Before you begin
+
+When troubleshooting Application Proxy issues, we recommend you start with the connectors. First, follow the troubleshooting flow in [Debug Application Proxy Connector issues](application-proxy-debug-connectors.md) to make sure Application Proxy connectors are configured correctly. If you're still having issues, return to this article to troubleshoot the application.  
+
+For more information about Application Proxy, see:
+
+- [Remote access to on-premises applications through Application Proxy](application-proxy.md)
+- [Application Proxy connectors](application-proxy-connectors.md)
+- [Install and register a connector](application-proxy-add-on-premises-application.md)
+- [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md)
+
+## Flowchart for application issues
+
+This flowchart walks you through the steps for debugging some of the more common issues with connecting to the application. For details about each step, see the table following the flowchart.
+
+![Flowchart showing steps for debugging an application](media/application-proxy-debug-apps/application-proxy-apps-debugging-flowchart.png)
+
+|  | Action | Description | 
+|---------|---------|---------|
+|1 | Open a browser, access the app, and enter your credentials | Try using your credentials to sign in to the app, and check for any user-related errors, like [This corporate app can't be accessed](application-proxy-sign-in-bad-gateway-timeout-error.md). |
+|2 | Verify user assignment to the app | Make sure your user account has permission to access the app from inside the corporate network, and then test signing in to the app by following the steps in [Test the application](application-proxy-add-on-premises-application.md#test-the-application). If sign-in issues persist, see [How to troubleshoot sign-in errors](https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-troubleshoot-sign-in-errors).  |
+|3 | Open a browser and try to access the app | If an error appears immediately, check to see that Application Proxy is configured correctly. For details about specific error messages, see [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md).  |
+|4 | Check your custom domain setup or troubleshoot the error | If the page doesn't display at all, make sure your custom domain is configured correctly by reviewing [Working with custom domains](application-proxy-configure-custom-domain.md).<br></br>If the page doesn't load and an error message appears, troubleshoot the error by referring to  [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md). <br></br>If it takes longer than 20 seconds for an error message to appear, there could be connectivity issue. Go to the [Debug Application Proxy connectors](application-proxy-debug-connectors.md) troubleshooting article.  |
+|5 | If issues persist, go to connector debugging | There could be a connectivity issue between the proxy and the connector or between the connector and the back end. Go to the [Debug Application Proxy connectors](application-proxy-debug-connectors.md) troubleshooting article. |
+|6 | Publish all resources, check browser developer tools, and fix links | Make sure the publishing path includes all the necessary images, scripts, and style sheets for your application. For details, see [Add an on-premises app to Azure AD](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad). <br></br>Use the browser's developer tools (F12 tools in Internet Explorer or Microsoft Edge) and check for publishing issues as described in [Application page does not display correctly](application-proxy-page-appearance-broken-problem.md). <br></br>Review options for resolving broken links in [Links on the page don't work](application-proxy-page-links-broken-problem.md). |
+|7 | Check for network latency | If the page loads slowly, learn about ways to minimize network latency in [Considerations for reducing latency](application-proxy-network-topology.md#considerations-for-reducing-latency). | 
+|8 | See additional troubleshooting help | If issues persist, find additional troubleshooting articles in the [Application Proxy troubleshooting documentation](application-proxy-page-appearance-broken-problem.md). |
+
+## Next steps
+
+
+* [Publish applications on separate networks and locations using connector groups](application-proxy-connector-groups.md)
+* [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md)
+* [Troubleshoot Application Proxy and connector errors](application-proxy-troubleshoot.md)
+* [How to silently install the Azure AD Application Proxy Connector](application-proxy-register-connector-powershell.md)

articles/active-directory/manage-apps/application-proxy-debug-connectors.md

@@ -0,0 +1,57 @@
+---
+title: Debug Application Proxy connectors - Azure Active Directory | Microsoft Docs
+description: Debug issues with Azure Active Directory (Azure AD) Application Proxy connectors.
+services: active-directory
+author: msmimart
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: app-mgmt
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 05/21/2019
+ms.author: mimart
+ms.reviewer: japere
+---
+
+# Debug Application Proxy connector issues 
+
+This article helps you troubleshoot issues with Azure Active Directory (Azure AD) Application Proxy connectors. If you're using the Application Proxy service for remote access to an on-premises web application, but you're having trouble connecting to the application, use this flowchart to debug connector issues. 
+
+## Before you begin
+
+This article assumes you have installed the Application Proxy connector and are having an issue. When troubleshooting Application Proxy issues, we recommend you start with this troubleshooting flow to determine if Application Proxy connectors are configured correctly. If you're still having trouble connecting to the application, follow the troubleshooting flow in [Debug Application Proxy application issues](application-proxy-debug-apps.md).  
+
+
+For more information about Application Proxy and using its connectors, see:
+
+- [Remote access to on-premises applications through Application Proxy](application-proxy.md)
+- [Application Proxy connectors](application-proxy-connectors.md)
+- [Install and register a connector](application-proxy-add-on-premises-application.md)
+- [Troubleshoot Application Proxy problems and error messages](application-proxy-troubleshoot.md)
+
+## Flowchart for connector issues
+
+This flowchart walks you through the steps for debugging some of the more common connector issues. For details about each step, see the table following the flowchart.
+
+![Flowchart showing steps for debugging a connector](media/application-proxy-debug-connectors/application-proxy-connector-debugging-flowchart.png)
+
+|  | Action | Description | 
+|---------|---------|---------|
+|1 | Find the connector group assigned to the app | You probably have a connector installed on multiple servers, in which case the connectors should be [assigned to connector groups](application-proxy-connector-groups.md#assign-applications-to-your-connector-groups). To learn more about connector groups, see [Publish applications on separate networks and locations using connector groups](application-proxy-connector-groups.md). |
+|2 | Install the connector and assign a group | If you don't have a connector installed, see [Install and register a connector](application-proxy-add-on-premises-application.md#install-and-register-a-connector).<br></br>If the connector isn't assigned to a group, see [Assign the connector to a group](application-proxy-connector-groups.md#create-connector-groups).<br></br>If the application isn't assigned to a connector group, see [Assign the application to a connector group](application-proxy-connector-groups.md#assign-applications-to-your-connector-groups).|
+|3 | Run a port test on the connector server | On the connector server, run a port test by using [telnet](https://docs.microsoft.com/windows-server/administration/windows-commands/telnet) or other port testing tool to check if ports 443 and 80 are open.|
+|4 | Configure the domains and ports | [Make sure that your domains and ports are configured correctly](application-proxy-add-on-premises-application.md#prepare-your-on-premises-environment) For the connector to work properly, there are certain ports that must be open and URLs that your server must be able to access. |
+|5 | Check if a back-end proxy is in use | Check to see if the connectors are using back-end proxy servers or bypassing them. For details, see [Troubleshoot connector proxy problems and service connectivity issues](application-proxy-configure-connectors-with-proxy-servers.md#troubleshoot-connector-proxy-problems-and-service-connectivity-issues). |
+|6 | Update the connector and updater to use the back-end proxy | If a back-end proxy is in use, you'll want to make sure the connector is using the same proxy. For details about troubleshooting and configuring connectors to work with proxy servers, see [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md). |
+|7 | Load the app's internal URL on the connector server | On the connector server, load the app's internal URL. |
+|8 | Check internal network connectivity | There's a connectivity issue in your internal network that this debugging flow is unable to diagnose. The application must be accessible internally for the connectors to work. You can enable and view connector event logs as described in [Application Proxy connectors](application-proxy-connectors.md#under-the-hood). |
+|9 | Lengthen the time-out value on the back end | In the **Additional Settings** for your application, change the **Backend Application Timeout** setting to **Long**. See [Add an on-premises app to Azure AD](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad). |
+|10 | If issues persist, target specific flow issues, review app and SSO debugging flows | Use the [Debug Application Proxy application issues](application-proxy-debug-apps.md) troubleshooting flow. |
+
+## Next steps
+
+
+* [Publish applications on separate networks and locations using connector groups](application-proxy-connector-groups.md)
+* [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md)
+* [Troubleshoot Application Proxy and connector errors](application-proxy-troubleshoot.md)
+* [How to silently install the Azure AD Application Proxy Connector](application-proxy-register-connector-powershell.md)

articles/active-directory/manage-apps/media/application-proxy-debug-apps/application-proxy-apps-debugging-flowchart.png

@@ -111,8 +111,6 @@
         href: application-proxy-remove-personal-data.md
       - name: Configure custom domain
         href: application-proxy-configure-custom-domain.md
-      - name: Configuration errors
-        href: application-proxy-troubleshoot.md
       - name: Publishing walkthroughs
         items:
         - name: Integrate with Cloud App Security
@@ -129,6 +127,12 @@
           href: application-proxy-qlik.md
       - name: Application Proxy troubleshooting
         items:
+        - name: Connector troubleshooting flowchart
+          href: application-proxy-debug-connectors.md
+        - name: Application troubleshooting flowchart
+          href: application-proxy-debug-apps.md
+        - name: Configuration errors
+          href: application-proxy-troubleshoot.md
         - name: Problem displaying app page
           href: application-proxy-page-appearance-broken-problem.md
         - name: Application load is too long