Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-azuresql

Author: v-alje

.openpublishing.publish.config.json

@@ -515,6 +515,11 @@
       "url": "https://github.com/Azure-Samples/azure-cosmos-java-getting-started",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-cosmos-java-sql-api-samples",
+      "url": "https://github.com/Azure-Samples/azure-cosmos-java-sql-api-samples",
+      "branch": "master"
+    },    
     {
       "path_to_root": "azure-storage-snippets",
       "url": "https://github.com/azure-samples/AzureStorageSnippets",

.openpublishing.redirection.json

@@ -39856,6 +39856,11 @@
       "redirect_url": "/azure/dev-spaces/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/dev-spaces/how-to/helm-3.md",
+      "redirect_url": "/azure/dev-spaces/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/monitoring/monitoring-overview.md",
       "redirect_url": "/azure/azure-monitor/overview",
@@ -48505,6 +48510,11 @@
       "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/python-receipts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/form-recognizer/quickstarts/dotnet-sdk.md",
+      "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/client-library?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Upload-Images.md",
       "redirect_url": "/azure/cognitive-services/content-moderator",
@@ -52494,6 +52504,16 @@
       "redirect_url": "/azure/batch/error-handling",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/batch/batch-api-differences.md",
+      "redirect_url": "/azure/batch/batch-apis-tools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/batch/batch-integration-policies.md",
+      "redirect_url": "/azure/batch/policy-samples",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/troubleshooting/troubleshoot-vm-unresponsive-group-policy-local-users.md",
       "redirect_url": "/azure/virtual-machines/troubleshooting/unresponsive-vm-apply-group-policy",

articles/active-directory-b2c/configure-tokens.md

@@ -50,7 +50,7 @@ You can configure the token lifetime on any user flow.
 
 ## Next steps
 
-Learn more about how to [use access tokens](access-tokens.md).
+Learn more about how to [request access tokens](access-tokens.md).
 
 
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -202,9 +202,12 @@ If your previous computer certificate has expired, and a new certificate has bee
 
 ### Microsoft Azure Government additional steps
 
-For customers that use Azure Government cloud, the following additional configuration steps are required on each NPS server:
+For customers that use Azure Government cloud, the following additional configuration steps are required on each NPS server.
 
-1. Open **Registry Editor** on the NPS server.
+> [!IMPORTANT]
+> Only configure these registry settings if you're an Azure Government customer.
+
+1. If you're an Azure Government customer, open **Registry Editor** on the NPS server.
 1. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa`. Set the following key values:
 
     | Registry key       | Value |

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -106,7 +106,7 @@ Note: For users who have [Password hash synchronization (PHS)](https://docs.micr
 
 You can help users register quickly by deploying SSPR alongside another popular application or service in the organization. This action will generate a large volume of sign-ins and will drive registration.
 
-Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. YOU can use this data post deployment to show the value SSPR is bringing to the organization.
+Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. You can use this data post deployment to show the value SSPR is bringing to the organization.
 
 #### Enable combined registration for SSPR and MFA
 
@@ -344,4 +344,4 @@ Audit logs for registration and password reset are available for 30 days. If sec
 
 * [Consider implementing Azure AD password protection](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad)
 
-* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)
+* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)

articles/active-directory/cloud-provisioning/how-to-prerequisites.md

@@ -59,14 +59,9 @@ Run the [IdFix tool](https://docs.microsoft.com/office365/enterprise/prepare-dir
    - Your agents need access to login.windows.net and login.microsoftonline.com for initial registration. Open your firewall for those URLs as well.
    - For certificate validation, unblock the following URLs: mscrl.microsoft.com:80, crl.microsoft.com:80, ocsp.msocsp.com:80, and www\.microsoft.com:80. These URLs are used for certificate validation with other Microsoft products, so you might already have these URLs unblocked.
 
-### Verify the port
-To verify that Azure is listening on port 443 and that your agent can communicate with it, use the following URL:
-
-https://aadap-portcheck.connectorporttest.msappproxy.net/ 
-
-This test verifies that your agents can communicate with Azure over port 443. Open a browser, and go to the previous URL from the server where the agent is installed.
+>[!NOTE]
+> Installing the cloud provisioning agent on Windows Server Core is not supported.
 
-![Verification of port reachability](media/how-to-install/verify2.png)
 
 ### Additional requirements
 - [Microsoft .NET Framework 4.7.1](https://www.microsoft.com/download/details.aspx?id=56116) 

articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md

@@ -96,6 +96,19 @@ You can also investigate the sign-ins of a specific user by searching for sign-i
 
 ## Troubleshooting
 
+### Why are queries failing due to a permissions error?
+
+In order to access the workbook, you need the proper Azure AD permissions as well as Log Analytics workspace permissions. To test whether you have the proper workspace permissions by running a sample log analytics query:
+
+1. Sign in to the **Azure portal**.
+1. Browse to **Azure Active Directory** > **Logs**.
+1. Type `SigninLogs` into the query box and select **Run**.
+1. If the query does not return any results, your workspace may not have been configured correctly. 
+
+![Troubleshoot failing queries](./media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png)
+
+For more information about how to stream Azure AD sign-in logs to a Log Analytics workspace, see the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
+
 ### Why is the workbook taking a long time to load?  
 
 Depending on the time range selected and the size of your tenant, the workbook may be evaluating an extraordinarily large number of sign-in events. For large tenants, the volume of sign-ins may exceed the query capacity of Log Analytics. Try shortening the time range to 4 hours to see if the workbook loads.  

articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md

@@ -50,7 +50,7 @@ The following steps will help create a Conditional Access policy to require All
    1. Select **Done**.
 1. Under **Cloud apps or actions** > **Include**, select **All cloud apps**.
    1. Under **Exclude**, select any applications that do not require multi-factor authentication.
-1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**, and select **Done**.
+1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**. Under **Select the client apps this policy will apply to** leave all defaults selected and select **Done**.
 1. Under **Access controls** > **Grant**, select **Grant access**, **Require multi-factor authentication**, and select **Select**.
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create to enable your policy.

articles/active-directory/conditional-access/media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png

@@ -81,7 +81,6 @@ These claims are always included in v1.0 Azure AD tokens, but not included in v2
 | `pwd_exp`     | Password Expiration Time        | The datetime at which the password expires. |       |
 | `pwd_url`     | Change Password URL             | A URL that the user can visit to change their password.   |   |
 | `in_corp`     | Inside Corporate Network        | Signals if the client is logging in from the corporate network. If they're not, the claim isn't included.   |  Based off of the [trusted IPs](../authentication/howto-mfa-mfasettings.md#trusted-ips) settings in MFA.    |
-| `nickname`    | Nickname                        | An additional name for the user. The nickname is separate from first or last name. Requires the `profile` scope.|
 | `family_name` | Last Name                       | Provides the last name, surname, or family name of the user as defined in the user object. <br>"family_name":"Miller" | Supported in MSA and Azure AD. Requires the `profile` scope.   |
 | `given_name`  | First name                      | Provides the first or "given" name of the user, as set on the user object.<br>"given_name": "Frank"                   | Supported in MSA and Azure AD .  Requires the `profile` scope. |
 | `upn`         | User Principal Name | An identifer for the user that can be used with the username_hint parameter.  Not a durable identifier for the user and should not be used to key data. | See [additional properties](#additional-properties-of-optional-claims) below for configuration of the claim. Requires the `profile` scope.|