Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into okr-seo-iot

Author: Phil Meadows

.openpublishing.redirection.json

@@ -770,6 +770,11 @@
       "redirect_url": "/azure/machine-learning/service",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-tutorial-prebuilt-intents-entities.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/tutorial-machine-learned-entity",
+      "redirect_document_id": false
+    },       
     {
       "source_path": "articles/cognitive-services/LUIS/luis-quickstart-intents-only.md",
       "redirect_url": "/azure/cognitive-services/LUIS/tutorial-intents-only",
@@ -1220,6 +1225,41 @@
       "redirect_url": "/azure/machine-learning/service/how-to-configure-environment",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/frontdoor/waf-faq.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-rate-limit-powershell.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-rate-limit-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-configure-ip-restriction.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-configure-custom-response-code.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-policy-configure-bot-protection.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-custom-rules-powershell.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/waf-front-door-create-portal.md",
+      "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-create-portal",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/frontdoor/waf-front-door-monitor.md",
       "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-monitor",

articles/active-directory/b2b/faq.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: reference
-ms.date: 04/10/2019
+ms.date: 11/07/2019
 
 ms.author: mimart
 author: msmimart
@@ -54,15 +54,21 @@ Absolutely. For more information, see [Adding guest users to a role](add-guest-t
 Unless a user is assigned the role of limited administrator, B2B collaboration users won't require access to the Azure portal. However, B2B collaboration users who are assigned the role of limited administrator can access the portal. Also, if a guest user who isn't assigned one of these admin roles accesses the portal, the user might be able to access certain parts of the experience. The guest user role has some permissions in the directory.
 
 ### Can I block access to the Azure portal for guest users?
-Yes! When you configure this policy, be careful to avoid accidentally blocking access to members and admins.
-To block a guest user's access to the [Azure portal](https://portal.azure.com), use a Conditional Access policy in the Windows Azure classic deployment model API:
-1. Modify the **All Users** group so that it contains only members.
-   ![Screenshot showing All Users group where UserType is not equal Guest](media/faq/modify-all-users-group.png)
-2. Create a dynamic group that contains guest users.
-   ![Screenshot showing a new All Guest Users group](media/faq/group-with-guest-users.png)
-3. Set up a Conditional Access policy to block guest users from accessing the portal, as shown in the following video:
-  
-   > [!VIDEO https://channel9.msdn.com/Blogs/Azure/b2b-block-guest-user/Player] 
+
+Yes! You can create a Conditional Access policy that blocks all guest and external users from accessing the Azure portal. When you configure this policy, be careful to avoid accidentally blocking access to members and admins.
+
+1. Sign in to your [Azure portal](https://portal.azure.com/) as a security administrator or a Conditional Access administrator.
+2. In the Azure portal, select **Azure Active Directory**. 
+3. Under **Manage**, select **Security**.
+4. Under **Protect**, select **Conditional Access**. Select **New policy**.
+5. On the **New** page, in the **Name** textbox, enter a name for the policy (for example "Block guests from accessing the portal").
+6. Under **Assignments**, select **Users and groups**.
+7. On the **Include** tab, choose **Select users and groups**, and then select **All guest and external users (Preview)**.
+9. Select **Done**.
+10. On the **New** page, in the **Assignments** section, select **Cloud apps or actions**.
+11. On the **Cloud apps or actions** page, choose **Select apps**, and then choose **Select**.
+12. On the **Select** page, choose **Microsoft Azure Management**, and then choose **Select**.
+13. On the **Cloud apps or actions** page, select **Done**.
 
 ### Does Azure AD B2B collaboration support multi-factor authentication and consumer email accounts?
 Yes. Multi-factor authentication and consumer email accounts are both supported for Azure AD B2B collaboration.

articles/active-directory/develop/msal-net-adfs-support.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 ---
 
 # Active Directory Federation Services support in MSAL.NET
-Active Directory Federation Services (AD FS) in Windows Server enables you to add OpenID Connect and OAuth 2.0 based authentication and authorization to applications you are developing. Those applications can, then, authenticate users directly against AD FS. For more information, read [AD FS Scenarios for Developers](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios).
+Active Directory Federation Services (AD FS) in Windows Server enables you to add OpenID Connect and OAuth 2.0 based authentication and authorization to applications you are developing. Those applications can, then, authenticate users directly against AD FS. For more information, read [AD FS Scenarios for Developers](/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios).
 
 Microsoft Authentication Library for .NET (MSAL.NET) supports two scenarios for authenticating against AD FS:
 

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -15,7 +15,7 @@ ms.tgt_pltfrm: na
 ms.workload: identity
 ms.date: 10/09/2019
 ms.author: sagonzal
-ms.custom: aaddev, scenarios:getting-started, languages:Java 
+ms.custom: aaddev, scenarios:getting-started, languages:Java
 ---
 
 # Quickstart: Add sign-in with Microsoft to a Java web app
@@ -38,22 +38,22 @@ To run this sample you will need:
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
 > You have two options to start your quickstart application: express (Option 1), or manual (Option 2)
-> 
+>
 > ### Option 1: Register and auto configure your app and then download your code sample
-> 
+>
 > 1. Go to the [Azure portal - App registrations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps).
 > 1. Enter a name for your application and select **Register**.
 > 1. Follow the instructions to download and automatically configure your new application.
-> 
+>
 > ### Option 2: Register and manually configure your application and code sample
-> 
+>
 > #### Step 1: Register your application
-> 
+>
 > To register your application and manually add the app's registration information to your solution, follow these steps:
-> 
+>
 > 1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
 > 1. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.
-> 
+>
 > 1. Navigate to the Microsoft identity platform for developers [App registrations](/azure/active-directory/develop/) page.
 > 1. Select **New registration**.
 > 1. When the **Register an application** page appears, enter your application's registration information:
@@ -62,20 +62,19 @@ To run this sample you will need:
 > 1. On the **Overview** page, find the **Application (client) ID** and the **Directory (tenant) ID** values of the application. Copy these values for later.
 > 1. Select the **Authentication** from the menu, and then add the following information:
 >    - In **Redirect URIs**, add `http://localhost:8080/msal4jsamples/secure/aad` and `http://localhost:8080/msal4jsamples/graph/me`.
->    - In **Advanced settings**, add `https://localhost:8080/msal4jsample/sign-out` to **Logout URL**.
 >    - Select **Save**.
 > 1. Select the **Certificates & secrets** from the menu and in the **Client secrets** section, click on **New client secret**:
-> 
+>
 >    - Type a key description (for instance app secret).
 >    - Select a key duration **In 1 year**.
 >    - The key value will display when you select **Add**.
 >    - Copy the value of the key for later. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.
 >
 > [!div class="sxs-lookup" renderon="portal"]
 > #### Step 1: Configure your application in the Azure portal
-> 
+>
 > For the code sample for this quickstart to work, you need to:
-> 
+>
 > 1. Add reply URLs as `http://localhost:8080/msal4jsamples/secure/aad` and `http://localhost:8080/msal4jsamples/graph/me`.
 > 1. Create a Client Secret.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
@@ -141,12 +140,12 @@ Add MSAL4J to your application by using Maven or Gradle to manage your dependenc
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>0.6.0-preview</version>
+    <version>1.0.0</version>
 </dependency>
 ```
 
 ```$xslt
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '0.6.0-preview'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.0.0'
 ```
 
 ### MSAL initialization

articles/active-directory/develop/quickstart-v2-javascript.md

@@ -79,11 +79,12 @@ Select the option that's suitable to your development environment:
 
 * (Optional) To run the project with the IIS server, [download the Visual Studio project](https://github.com/Azure-Samples/active-directory-javascript-graphapi-v2/archive/vsquickstart.zip). Extract the zip file to a local folder (for example, *C:\Azure-Samples*).
 
+#### Step 3: Configure your JavaScript app
+
 > [!div renderon="docs"]
-> #### Step 3: Configure your JavaScript app
 > In the *JavaScriptSPA* folder, edit *index.html*, and set the `clientID` and `authority` values under `msalConfig`.
 
-> [!div renderon="docs"]
+> [!div class="sxs-lookup" renderon="portal"]
 > In the *JavaScriptSPA* folder, edit *index.html*, and replace `msalConfig` with the following code:
 
 ```javascript
@@ -100,6 +101,10 @@ var msalConfig = {
 };
 
 ```
+> [!div renderon="portal"]
+> > [!NOTE]
+> > This quickstart supports Enter_the_Supported_Account_Info_Here.
+
 
 > [!div renderon="docs"]
 >
@@ -114,12 +119,7 @@ var msalConfig = {
 > > To find the values of **Application (client) ID**, **Directory (tenant) ID**, and **Supported account types**, go to the app's **Overview** page in the Azure portal.
 >
 
-> [!div class="sxs-lookup" renderon="portal"]
-> #### Step 3: Your app is configured and ready to run
-> We have configured your project with values of your app's properties. 
-
-> [!div renderon="docs"]
-> #### Step 4: Run the project
+#### Step 4: Run the project
 
 * If you're using [Node.js](https://nodejs.org/en/download/):
 

articles/active-directory/develop/quickstart-v2-python-webapp.md

@@ -71,6 +71,13 @@ To run this sample, you will need:
 >      - Select a key duration of **In 1 year**.
 >      - When you click on **Add**, the key value will be displayed.
 >      - Copy the value of the key. You will need it later.
+> 1. Select the **API permissions** section
+>
+>      - Click the **Add a permission** button and then,
+>      - Ensure that the **Microsoft APIs** tab is selected
+>      - In the *Commonly used Microsoft APIs* section, click on **Microsoft Graph**
+>      - In the **Delegated permissions** section, ensure that the right permissions are checked: **User.ReadBasic.All**. Use the search box if necessary.
+>      - Select the **Add permissions** button
 >
 > [!div class="sxs-lookup" renderon="portal"]
 >
@@ -80,9 +87,10 @@ To run this sample, you will need:
 >
 > 1. Add a reply URL as `http://localhost:5000/getAToken`.
 > 1. Create a Client Secret.
+> 1. Add Microsoft Graph API's User.ReadBasic.All delegated permission.
 >
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
-> > [Make this change for me]()
+> > [Make these changes for me]()
 > > [!div id="appconfigured" class="alert alert-info"]
 > > ![Already configured](media/quickstart-v2-aspnet-webapp/green-check.png) Your application is configured with this attribute
 
@@ -123,24 +131,24 @@ AUTHORITY = "https://login.microsoftonline.com/Enter_the_Tenant_Name_Here"
    python app.py
    ```
    > [!IMPORTANT]
-   > This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons, it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see [these instructions](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials).
+   > This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons, it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see [these instructions](https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials).
 
-   ## More information
+## More information
 
-   ### Getting MSAL
-   MSAL is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.
-   You can add MSAL Python to your application using Pip.
+### Getting MSAL
+MSAL is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.
+You can add MSAL Python to your application using Pip.
 
-   ```Shell
-   pip install msal
-   ```
+```Shell
+pip install msal
+```
 
-   ### MSAL initialization
-   You can add the reference to MSAL Python by adding the following code to the top of the file where you will be using MSAL:
+### MSAL initialization
+You can add the reference to MSAL Python by adding the following code to the top of the file where you will be using MSAL:
 
-   ```Python
-   import msal
-   ```
+```Python
+import msal
+```
 
 ## Next steps
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -163,7 +163,7 @@ After a few moments, the security principal is assigned the role at the selected
 
 ### Using the Azure Cloud Shell experience
 
-The following example uses [az role assignment create](https://docs.microsoft.com/cli/azure/role/assignment#az-role-assignment-create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your active Azure account is obtained with [az account show](https://docs.microsoft.com/cli/azure/account#az-account-show), and the scope is set to the VM created in a previous step with [az vm show](https://docs.microsoft.com/cli/azure/vm#az-vm-show). The scope could also be assigned at a resource group or subscription level, and normal RBAC inheritance permissions apply. For more information, see [Role-Based Access Controls](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-overview#access-control).
+The following example uses [az role assignment create](https://docs.microsoft.com/cli/azure/role/assignment#az-role-assignment-create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your active Azure account is obtained with [az account show](https://docs.microsoft.com/cli/azure/account#az-account-show), and the scope is set to the VM created in a previous step with [az vm show](https://docs.microsoft.com/cli/azure/vm#az-vm-show). The scope could also be assigned at a resource group or subscription level, and normal RBAC inheritance permissions apply. For more information, see [Role-Based Access Controls](../../virtual-machines/linux/login-using-aad.md).
 
 ```AzureCLI
 username=$(az account show --query user.name --output tsv)
@@ -309,7 +309,7 @@ If you see the following error message when you initiate a remote desktop connec
 
 ![Your account is configured to prevent you from using this device.](./media/howto-vm-sign-in-azure-ad-windows/rbac-role-not-assigned.png)
 
-Verify that you have [configured RBAC policies](https://docs.microsoft.com/azure/virtual-machines/linux/login-using-aad#configure-rbac-policy-for-the-virtual-machine) for the VM that grants the user either the Virtual Machine Administrator Login or Virtual Machine User Login role:
+Verify that you have [configured RBAC policies](../../virtual-machines/linux/login-using-aad.md) for the VM that grants the user either the Virtual Machine Administrator Login or Virtual Machine User Login role:
 
 #### Unauthorized client
 

articles/active-directory/fundamentals/add-users-azure-active-directory.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 
 # Add or delete users using Azure Active Directory
-Add new users or delete existing users from your Azure Active Directory (Azure AD) organization.
+Add new users or delete existing users from your Azure Active Directory (Azure AD) organization. To add or delete users you must be a User administrator or Global administrator. 
 
 ## Add a new user
 You can create a new user using the Azure Active Directory portal.

articles/active-directory/fundamentals/license-users-groups.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/18/2018
+ms.date: 09/06/2018
 ms.author: ajburnle
 ms.reviewer: jeffsta
 ms.custom: "it-pro, seodec18"
@@ -83,6 +83,8 @@ Make sure that anyone needing to use a licensed Azure AD service has the appropr
 1. Select **Assign**.
 
     The user is added to the list of licensed users and has access to the included Azure AD services.
+    > [!NOTE]
+    > Licenses can also be assigned directly to a user from the user's **Licenses** page. If a user has a license assigned through a group membership and you want to assign the same license to the user directly, it can be done only from the **Products** page mentioned in step 1 only.
 
 ### To assign a license to a group
 

articles/active-directory/governance/entitlement-management-external-users.md

@@ -112,7 +112,7 @@ To ensure people outside of your organization can request access packages and ge
 
 ### Review your Teams sharing settings
 
-- If you want to include Teams in your access packages for external users, make sure the **Allow guest access in Microsoft Teams** is set to **On** to allow guest access. For more information, see [Configure guest access in the Microsoft Teams admin center](https://docs.microsoft.com/microsoftteams/set-up-guests#configure-guest-access-in-the-microsoft-teams-admin-center).
+- If you want to include Teams in your access packages for external users, make sure the **Allow guest access in Microsoft Teams** is set to **On** to allow guest access. For more information, see [Configure guest access in the Microsoft Teams admin center](/microsoftteams/set-up-guests#configure-guest-access-in-the-teams-admin-center).
 
 ## Manage the lifecycle of external users