Merge pull request #47072 from MicrosoftDocs/master

7/19 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -26406,9 +26406,19 @@
             "redirect_document_id": false
         },
         {
-            "source_path": "articles/cognitive-services/LUIS/traffic-manager.md",
-            "redirect_url": "/azure/cognitive-services/LUIS/luis-traffic-manager",
-            "redirect_document_id": true
-        }       
+        "source_path": "articles/cognitive-services/LUIS/traffic-manager.md",
+        "redirect_url": "/azure/cognitive-services/LUIS/luis-traffic-manager",
+        "redirect_document_id": true
+        },
+        {
+        "source_path": "articles/cognitive-services/LUIS/find-region-csharp.md",
+        "redirect_url": "/azure/cognitive-services/LUIS/luis-find-region-csharp",
+        "redirect_document_id": true
+        },
+        {
+        "source_path": "articles/cognitive-services/LUIS/find-region-nodejs.md",
+        "redirect_url": "/azure/cognitive-services/LUIS/luis-find-region-nodejs",
+        "redirect_document_id": true
+        }         
     ]
 }

articles/active-directory/active-directory-reporting-activity-sign-ins-errors.md

@@ -56,6 +56,7 @@ The following section provides you with a complete overview of all possible erro
 
 |Error|Description|
 |---|---|
+|16000|This is an internal implementation detail and not an error condition. You can safely ignore this reference.|
 |20001|There is an issue with your federated Identity Provider. Contact your IDP to resolve this issue.|
 |20012|There is an issue with your federated Identity Provider. Contact your IDP to resolve this issue.|
 |20033|There is an issue with your federated Identity Provider. Contact your IDP to resolve this issue.|
@@ -171,6 +172,7 @@ The following section provides you with a complete overview of all possible erro
 |81001|User's Kerberos ticket is too large. This can happen if the user is in too many groups and thus the Kerberos ticket contains too many group memberships. Reduce the user's group memberships and try again.|
 |81005|Authentication Package Not Supported|
 |81007|Tenant is not enabled for Seamless SSO|
+|81012|This is not an error condition. It indicates that user trying to sign in to Azure AD is different from the user signed into the device. You can safely ignore this code in the logs.|
 |90010|The request is not supported for various reasons. For example, the request is made using an unsupported request method (only POST method is supported) or the token signing algorithm that was requested is not supported. Contact the application developer.|
 |90014| A required field for a protocol message was missing, contact the application owner. If you are the application owner, ensure that you have all the necessary parameters for the login request. |
 |90072| The account needs to be added as an external user in the tenant first. Sign-out and sign-in again with a different Azure AD account.|

articles/active-directory/active-directory-reporting-api-getting-started-azure-portal.md

@@ -46,7 +46,7 @@ For detailed instructions, see the [prerequisites to access the Azure Active Dir
 
 ## APIs with Graph Explorer
 
-You can use the [MSGraph explorer](https://developer.microsoft.com/en-us/graph/graph-explorer) to verify your sign-in and audit API data. Make sure to sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set **Tasks.ReadWrite** and **Directory.ReadAll** permissions for your tenant as shown.   
+You can use the [MSGraph explorer](https://developer.microsoft.com/en-us/graph/graph-explorer) to verify your sign-in and audit API data. Make sure to sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set **AuditLog.Read.All** and **Directory.Read.All** permissions for your tenant as shown.   
 
 ![Graph Explorer](./media/active-directory-reporting-api-getting-started-azure-portal/graph-explorer.png)
 

articles/active-directory/authentication/TOC.yml

@@ -0,0 +1,208 @@
+- name: Authentication Documentation
+  href: index.yml
+- name: Overview
+  items:
+  - name: What is authentication?
+    href: overview-authentication.md
+- name: Quickstart
+  items:
+  - name: Configure password reset
+    href: quickstart-sspr.md
+- name: Tutorials
+  items:
+  - name: 1 Enable MFA for Applications
+    href: tutorial-mfa-applications.md
+  - name: 2 Enable a SSPR pilot
+    href: tutorial-sspr-pilot.md
+  - name: Enable SSPR on-premises integration
+    href: tutorial-enable-writeback.md
+  - name: Enable Windows 10 password reset
+    href: tutorial-sspr-windows.md
+  - name: Integrate Azure Identity Protection
+    href: tutorial-risk-based-sspr-mfa.md
+- name: Concepts
+  expanded: true
+  items:
+  - name: Authentication methods
+    href: concept-authentication-methods.md
+  - name: Self-service password reset
+    items:
+    - name: How password reset works
+      href: concept-sspr-howitworks.md
+    - name: Password reset options
+      href: concept-sspr-customization.md
+    - name: Password reset policies
+      href: concept-sspr-policy.md
+    - name: What license do I need?
+      href: concept-sspr-licensing.md
+    - name: On-premises integration
+      href: concept-sspr-writeback.md
+  - name: Multi-Factor Authentication
+    items:
+    - name: How MFA works
+      href: concept-mfa-howitworks.md
+    - name: What version is right?
+      href: concept-mfa-whichversion.md
+    - name: License your users
+      href: concept-mfa-licensing.md
+    - name: Create an Auth Provider
+      href: concept-mfa-authprovider.md
+    - name: Security guidance
+      href: multi-factor-authentication-security-best-practices.md
+    - name: MFA for Office 365
+      href: https://support.office.com/article/Plan-for-multi-factor-authentication-for-Office-365-Deployments-043807b2-21db-4d5c-b430-c8a6dee0e6ba
+    - name: MFA FAQ
+      href: multi-factor-authentication-faq.md
+  - name: Azure AD password protection
+    items:
+    - name: Eliminate weak passwords in the cloud
+      href: concept-password-ban-bad.md
+    - name: Eliminate weak passwords on-premises
+      href: concept-password-ban-bad-on-premises.md
+- name: How-to guides
+  items:
+  - name: Password reset
+    items:
+    - name: Deploy password reset
+      href: howto-sspr-deployment.md
+    - name: Pre-register authentication data
+      href: howto-sspr-authenticationdata.md
+    - name: Enable password writeback
+      href: howto-sspr-writeback.md
+  - name: Cloud-based MFA
+    items:
+    - name: Deploy cloud-based MFA
+      href: howto-mfa-getstarted.md
+    - name: Per user MFA
+      href: howto-mfa-userstates.md
+    - name: User and device settings
+      href: howto-mfa-userdevicesettings.md
+    - name: Configure settings
+      href: howto-mfa-mfasettings.md
+    - name: Directory Federation
+      items:
+      - name: Windows Server 2016 AD FS Adapter
+        href: https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa
+      - name: Federation Services
+        href: multi-factor-authentication-get-started-adfs.md
+      - name: Use AD FS
+        href: howto-mfa-adfs.md
+    - name: RADIUS Integration
+      items:
+      - name: Use existing network policy servers
+        href: howto-mfa-nps-extension.md
+      - name: Advanced configuration for NPS extension
+        href: howto-mfa-nps-extension-advanced.md
+      - name: Remote Desktop Gateway
+        href: howto-mfa-nps-extension-rdg.md
+      - name: VPN
+        href: howto-mfa-nps-extension-vpn.md
+  - name: Banned password lists
+    items:
+    - name: Configure the banned password list
+      href: howto-password-ban-bad.md
+    - name: Deploy Azure AD password protection
+      href: howto-password-ban-bad-on-premises.md
+    - name: Configure Azure AD password protection
+      href: howto-password-ban-bad-on-premises-operations.md
+    - name: Monitor Azure AD password protection
+      href: howto-password-ban-bad-on-premises-troubleshoot.md
+  - name: Azure AD smart lockout
+    href: howto-password-smart-lockout.md
+  - name: Windows Hello for Business
+    href: https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification
+  - name: Certificate-based authentication
+    items:
+    - name: Get started with certificate auth
+      href: ../active-directory-certificate-based-authentication-get-started.md
+      items:
+      - name: CBA on Android Devices
+        href: ../active-directory-certificate-based-authentication-android.md
+      - name: CBA on iOS Devices
+        href: ../active-directory-certificate-based-authentication-ios.md
+  - name: Develop
+    items:
+    - name: Build MFA into custom apps
+      href: howto-mfa-sdk.md
+  - name: Reporting
+    items:
+    - name: SSPR Reports
+      href: howto-sspr-reporting.md
+    - name: MFA Reports
+      href: howto-mfa-reporting.md
+    - name: Data collection
+      href: howto-mfa-reporting-datacollection.md
+  - name: MFA Server
+    items:
+    - name: Deploy MFA on-premises
+      href: howto-mfaserver-deploy.md
+    - name: Install the user portal
+      href: howto-mfaserver-deploy-userportal.md
+    - name: Mobile App Web Service
+      href: howto-mfaserver-deploy-mobileapp.md
+    - name: Configure high availability
+      href: howto-mfaserver-deploy-ha.md
+    - name: Upgrade MFA Server
+      href: howto-mfaserver-deploy-upgrade.md
+    - name: Upgrade from PhoneFactor
+      href: howto-mfaserver-deploy-upgrade-pf.md
+    - name: Windows Authentication
+      href: howto-mfaserver-windows.md
+    - name: IIS web apps
+      href: howto-mfaserver-iis.md
+    - name: Directory Integration
+      items:
+      - name: LDAP Authentication
+        href: howto-mfaserver-dir-ldap.md
+      - name: RADIUS Authentication
+        href: howto-mfaserver-dir-radius.md
+      - name: Active Directory
+        href: howto-mfaserver-dir-ad.md
+    - name: Directory Federation
+      items:
+      - name: Use AD FS 2.0
+        href: howto-mfaserver-adfs-2.md
+      - name: Use Windows Server 2012 R2 AD FS
+        href: howto-mfaserver-adfs-2012.md
+    - name: RADIUS Integration
+      items:
+      - name: Remote Desktop Gateway
+        href: howto-mfaserver-nps-rdg.md
+      - name: Advanced VPN Configurations
+        href: howto-mfaserver-nps-vpn.md
+      - name: NPS extension errors
+        href: howto-mfa-nps-extension-errors.md
+  - name: Troubleshoot
+    items:
+    - name: Troubleshoot SSPR
+      href: active-directory-passwords-troubleshoot.md
+    - name: SSPR FAQ
+      href: active-directory-passwords-faq.md
+    - name: MFA FAQ
+      href: multi-factor-authentication-faq.md
+    - name: NPS extension
+      href: howto-mfa-nps-extension-errors.md
+- name: Reference
+  items:
+  - name: MFA user guide
+    href: ./end-user/current/multi-factor-authentication-end-user.md
+  - name: Code samples
+    href: https://azure.microsoft.com/resources/samples/?service=active-directory
+  - name: Azure PowerShell cmdlets
+    href: /powershell/azure/overview
+  - name: Service limits and restrictions
+    href: ../users-groups-roles/directory-service-limits-restrictions.md
+- name: Resources
+  items:
+  - name: Azure feedback forum
+    href: https://feedback.azure.com/forums/169401-azure-active-directory
+  - name: MSDN forum
+    href: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD
+  - name: Pricing
+    href: https://azure.microsoft.com/pricing/details/active-directory/
+  - name: Service updates
+    href: ../fundamentals/whats-new.md
+  - name: Stack Overflow
+    href: http://stackoverflow.com/questions/tagged/azure-active-directory
+  - name: Videos
+    href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory

articles/active-directory/authentication/active-directory-passwords-faq.md

@@ -5,8 +5,8 @@ description: Frequently asked questions about Azure AD self-service password res
 services: active-directory
 ms.service: active-directory
 ms.component: authentication
-ms.topic: article
-ms.date: 01/11/2018
+ms.topic: conceptual
+ms.date: 07/11/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -112,7 +112,7 @@ This FAQ is split into the following sections:
   >
 * **Q:  How can I educate my users about where to go to reset their passwords?**
 
-  > **A:** Try some of the suggestions in our [SSPR deployment](howto-sspr-deployment.md#email-based-rollout) article.
+  > **A:** Try some of the suggestions in our [SSPR deployment](howto-sspr-deployment.md#sample-communication) article.
   >
   >
 * **Q:  Can I use this page from a mobile device?**
@@ -167,7 +167,7 @@ This FAQ is split into the following sections:
   >
 * **Q:  I configured my policy to require users to use security questions for reset, but the Azure administrators seem to be configured differently.**
 
-  > **A:** This is the expected behavior. Microsoft enforces a strong default two-gate password reset policy for any Azure administrator role. This prevents administrators from using security questions. You can find more information about this policy in the [Password policies and restrictions in Azure Active Directory](concept-sspr-policy.md#administrator-password-policy-differences) article.
+  > **A:** This is the expected behavior. Microsoft enforces a strong default two-gate password reset policy for any Azure administrator role. This prevents administrators from using security questions. You can find more information about this policy in the [Password policies and restrictions in Azure Active Directory](concept-sspr-policy.md) article.
   >
   >
 * **Q:  If a user has registered more than the maximum number of questions required to reset, how are the security questions selected during reset?**
@@ -271,7 +271,7 @@ This FAQ is split into the following sections:
   >
 * **Q:  Is password writeback secure?  How can I be sure I won’t get hacked?**
 
-  > **A:** Yes, password writeback is secure. To read more about the four layers of security implemented by the password writeback service, check out the [Password writeback security model](howto-sspr-writeback.md#password-writeback-security-model) section in the [Password writeback overview](howto-sspr-writeback.md) article.
+  > **A:** Yes, password writeback is secure. To read more about the multiple layers of security implemented by the password writeback service, check out the [Password writeback security](concept-sspr-writeback.md#password-writeback-security) section in the [Password writeback overview](howto-sspr-writeback.md) article.
   >
   >
 

articles/active-directory/authentication/active-directory-passwords-overview.md

@@ -5,8 +5,8 @@ description: What can Azure AD self-service password reset do for your organizat
 services: active-directory
 ms.service: active-directory
 ms.component: authentication
-ms.topic: article
-ms.date: 01/11/2018
+ms.topic: conceptual
+ms.date: 07/11/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo

articles/active-directory/authentication/active-directory-passwords-troubleshoot.md

@@ -5,8 +5,8 @@ description: Troubleshooting Azure AD self-service password reset
 services: active-directory
 ms.service: active-directory
 ms.component: authentication
-ms.topic: article
-ms.date: 01/11/2018
+ms.topic: conceptual
+ms.date: 07/11/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -77,7 +77,7 @@ Are you having a problem with Azure Active Directory (Azure AD) self-service pas
 
 | Error | Solution |
 | --- | --- |
-| The password reset service does not start on-premises. Error 6800 appears in the Azure AD Connect machine’s application event log. <br> <br> After onboarding, federated, pass-through authentication, or password-hash-synchronized users can't reset their passwords. | When password writeback is enabled, the sync engine calls the writeback library to perform the configuration (onboarding) by communicating to the cloud onboarding service. Any errors encountered during onboarding or while starting the Windows Communication Foundation (WCF) endpoint for password writeback results in errors in the event sign in your Azure AD Connect machine. <br> <br> During restart of the Azure AD Sync (ADSync) service, if writeback was configured, the WCF endpoint starts up. But, if the startup of the endpoint fails, we will log event 6800 and let the sync service start up. The presence of this event means that the password writeback endpoint did not start up. Event log details for this event 6800, along with event log entries generate by the PasswordResetService component, indicate why you can't start up the endpoint. Review these event log errors and try to restart the Azure AD Connect if password writeback still isn’t working. If the problem persists, try to disable and then re-enable password writeback.
+| The password reset service does not start on-premises. Error 6800 appears in the Azure AD Connect machine’s application event log. <br> <br> After onboarding, federated, pass-through authentication, or password-hash-synchronized users can't reset their passwords. | When password writeback is enabled, the sync engine calls the writeback library to perform the configuration (onboarding) by communicating to the cloud onboarding service. Any errors encountered during onboarding or while starting the Windows Communication Foundation (WCF) endpoint for password writeback results in errors in the event log, on your Azure AD Connect machine. <br> <br> During restart of the Azure AD Sync (ADSync) service, if writeback was configured, the WCF endpoint starts up. But, if the startup of the endpoint fails, we will log event 6800 and let the sync service start up. The presence of this event means that the password writeback endpoint did not start up. Event log details for this event 6800, along with event log entries generate by the PasswordResetService component, indicate why you can't start up the endpoint. Review these event log errors and try to restart the Azure AD Connect if password writeback still isn’t working. If the problem persists, try to disable and then re-enable password writeback.
 | When a user attempts to reset a password or unlock an account with password writeback enabled, the operation fails. <br> <br> In addition, you see an event in the Azure AD Connect event log that contains: “Synchronization Engine returned an error hr=800700CE, message=The filename or extension is too long” after the unlock operation occurs. | Find the Active Directory account for Azure AD Connect and reset the password so that it contains no more than 127 characters. Then open the **Synchronization Service** from the **Start** menu. Browse to **Connectors** and find the **Active Directory Connector**. Select it and then select **Properties**. Browse to the **Credentials** page and enter the new password. Select **OK** to close the page. |
 | At the last step of the Azure AD Connect installation process, you see an error indicating that password writeback couldn't be configured. <br> <br> The Azure AD Connect application event log contains error 32009 with the text “Error getting auth token.” | This error occurs in the following two cases: <br><ul><li>You have specified an incorrect password for the global administrator account specified at the beginning of the Azure AD Connect installation process.</li><li>You have attempted to use a federated user for the global administrator account specified at the beginning of the Azure AD Connect installation process.</li></ul> To fix this problem, ensure that you're not using a federated account for the global administrator you specified at the beginning of the installation process. Also ensure that the password specified is correct. |
 | The Azure AD Connect machine event log contains error 32002 that is thrown by running PasswordResetService. <br> <br> The error reads: “Error Connecting to ServiceBus. The token provider was unable to provide a security token.” | Your on-premises environment isn't able to connect to the Azure Service Bus endpoint in the cloud. This error is normally caused by a firewall rule blocking an outbound connection to a particular port or web address. See [Connectivity prerequisites](./../connect/active-directory-aadconnect-prerequisites.md) for more info. After you have updated these rules, reboot the Azure AD Connect machine and password writeback should start working again. |