Merge pull request #42270 from MicrosoftDocs/master

5/25 AM Publish

Author: huypub

.openpublishing.publish.config.json

@@ -155,6 +155,12 @@
       "branch": "GuidedSetup",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "iot-samples-node",
+      "url": "https://github.com/Azure-Samples/azure-iot-samples-node",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-cognitive-services-speech-sdk",
       "url": "https://github.com/Azure-Samples/cognitive-services-speech-sdk",

.openpublishing.redirection.json

@@ -2490,6 +2490,11 @@
             "redirect_url": "/azure/automation/automation-create-runas-account",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/automation/automation-alert-activity-log.md",
+            "redirect_url": "/azure/automation/automation-alert-metric",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/automation/automation-remove-hrw.md",
             "redirect_url": "/azure/automation/automation-hybrid-runbook-worker",
@@ -17952,7 +17957,7 @@
         },
         {
             "source_path": "articles/virtual-machines/windows/ps-extensions-diagnostics.md",
-            "redirect_url": "/azure/virtual-machines/extensions/diagnostics-powershell",
+            "redirect_url": "/azure/virtual-machines/extensions/diagnostics-windows",
             "redirect_document_id": false
         },
         {
@@ -18175,6 +18180,31 @@
             "redirect_url": "https://github.com/Azure/iot-edge/tree/master/v1/doc/module_development/iot-hub-iot-edge-create-module-java.md",
             "redirect_document_id": false
         },
+        {
+          "source_path": "articles/iot-hub/iot-hub-node-node-twin-how-to-configure.md",
+          "redirect_url": "/azure/iot-hub/tutorial-routing",
+          "redirect_document_id": false
+        },
+        {
+          "source_path": "articles/iot-hub/iot-hub-java-java-twin-how-to-configure.md",
+          "redirect_url": "/azure/iot-hub/tutorial-routing",
+          "redirect_document_id": false
+        },
+        {
+          "source_path": "articles/iot-hub/iot-hub-csharp-node-twin-how-to-configure.md",
+          "redirect_url": "/azure/iot-hub/tutorial-routing",
+          "redirect_document_id": false
+        },
+        {
+          "source_path": "articles/iot-hub/iot-hub-csharp-csharp-twin-how-to-configure.md",
+          "redirect_url": "/azure/iot-hub/tutorial-routing",
+          "redirect_document_id": false
+        },
+        {
+          "source_path": "articles/iot-hub/iot-hub-python-python-twin-how-to-configure.md",
+          "redirect_url": "/azure/iot-hub/tutorial-routing",
+          "redirect_document_id": false
+        },
         {
             "source_path": "articles/iot-suite/iot-suite-gateway-kit-get-started-sensortag.md",
             "redirect_url": "https://github.com/Azure/iot-edge/tree/master/v1/doc/connect_to_preconfigured_solutions/iot-suite-gateway-kit-get-started-sensortag.md",
@@ -21883,6 +21913,16 @@
             "source_path": "articles/application-gateway/create-waf-portal.md",
             "redirect_url": "/azure/application-gateway/application-gateway-web-application-firewall-portal",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/application-gateway/application-gateway-web-application-firewall-powershell.md",
+            "redirect_url": "/azure/application-gateway/tutorial-restrict-web-traffic-powershell",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/application-gateway/application-gateway-web-application-firewall-cli.md",
+            "redirect_url": "/azure/application-gateway/tutorial-restrict-web-traffic-cli",
+            "redirect_document_id": false
         },
 	    {
             "source_path": "articles/active-directory/active-directory-conditional-access-vpn-connectivity-windows10.md",

articles/active-directory/active-directory-conditional-access-conditions.md

@@ -185,6 +185,65 @@ Applying this condition only to supported platforms is the equivalent to all dev
 - [Azure Active Directory app-based conditional access](active-directory-conditional-access-mam.md) 
 
 
+### Legacy authentication  
+
+Conditional access now applies to older Office clients that do not support modern authentication as well as clients that use mail protocols like POP, IMAP, SMTP, etc. This allows you to configure policies like “block access from other clients”. 
+
+
+#### How to get started
+
+ To enforce policies for legacy authentication flows, follow the steps below:
+1.	Go to Conditional access and create a new policy.
+
+2.	Select the users and cloud apps and conditions as appropriate. We recommend testing the policy with a small set of users to understand the usage of “Other clients” in your organization.
+
+3.	Navigate to the client app condition and select "Other clients"
+
+ 
+ 
+4.	Select the access control you want to enforce for "Other clients". (Any control selection will lead to block access since the other clients are not able to enforce controls like MFA, device compliance, etc.).
+
+
+#### Known issues
+
+- Configuring policy for “Other clients” will lead to blocking the entire organization from certain clients like SPConnect. This is due to these older clients authenticating in unexpected ways. This issue does not apply to the major Office applications like the older Office clients. 
+
+- It can take up to 24 hours for the policy to take effect. 
+
+
+#### Frequently asked questions
+
+**Will this block Exchange Web Services (EWS)?**
+
+It depends on the authentication protocol that EWS is using. If the EWS application is using modern authentication, it will be covered by the "Mobile apps and desktop clients" client app. If the EWS application is using basic authentication, it will be covered by the “Other clients” client app.
+
+
+**What controls can I use for "Other clients**
+
+Any control can be configured for "Other clients". However, the end user experience will be block access for all cases. "Other clients" do not support controls like MFA, compliant device, domain join, etc. 
+ 
+**What conditions can I use for "Other clients?"**
+
+Any conditions can be configured for "Other clients".
+
+**Does Exchange ActiveSync support all conditions and controls?**
+
+No. Here is the summary of Exchange ActiveSync (EAS) support:
+
+- EAS only supports user and group targeting. It doesn’t support guest, roles. If guest/role condition is configured, all users will get blocked since we cannot determine if the policy should apply to the user or not.
+
+- EAS only works with Exchange as the cloud app. 
+
+- EAS does not support any condition except client app itself.
+
+- EAS can be configured with any control (all except device compliance will lead to block).
+
+**Do the policies apply to all client apps by default going forward?**
+
+No. There is no change in the default policy behavior. The policies will continue to apply to browser and mobile applications/desktop clients by default.
+
+
+
 ## Next steps
 
 - If you want to know how to configure a conditional access policy, see [get started with conditional access in Azure Active Directory](active-directory-conditional-access-azure-portal-get-started.md).