Merge pull request #89676 from MicrosoftDocs/master

9/25 OOB Publish

Author: huypub

articles/active-directory-domain-services/join-centos-linux-vm.md

@@ -65,7 +65,7 @@ In the *hosts* file, update the *localhost* address. In the following example:
 Update these names with your own values:
 
 ```console
-127.0.0.1 centos centos.contoso.com
+127.0.0.1 centos.contoso.com centos
 ```
 
 When done, save and exit the *hosts* file using the `:wq` command of the editor.

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -40,23 +40,24 @@ After the feature has been running in audit mode for a reasonable period, you ca
 ## Deployment requirements
 
 * Licensing requirements for Azure AD password protection can be found in the article [Eliminate bad passwords in your organization](concept-password-ban-bad.md#license-requirements).
-* All domain controllers that get the DC Agent service for Azure AD password protection installed must run Windows Server 2012 or later. This requirement does not imply that the Active Directory domain or forest must also be at Windows Server 2012 domain or forest functional level. As mentioned in [Design Principles](concept-password-ban-bad-on-premises.md#design-principles), there is no minimum DFL or FFL required for either the DC agent or proxy software to run.
+* All machines where the Azure AD Password Protection DC Agent software will be installed must run Windows Server 2012 or later. This requirement does not imply that the Active Directory domain or forest must also be at Windows Server 2012 domain or forest functional level. As mentioned in [Design Principles](concept-password-ban-bad-on-premises.md#design-principles), there is no minimum DFL or FFL required for either the DC agent or proxy software to run.
 * All machines that get the DC agent service installed must have .NET 4.5 installed.
-* All machines that get the proxy service for Azure AD password protection installed must run Windows Server 2012 R2 or later.
+* All machines where the Azure AD Password Protection Proxy service will be installed  must run Windows Server 2012 R2 or later.
    > [!NOTE]
-   > Proxy service deployment is a mandatory requirement for deploying Azure AD password protection even though the Domain controller may have outbound direct internet connectivity. 
+   > Proxy service deployment is a mandatory requirement for deploying Azure AD password protection even though the domain controller may have outbound direct internet connectivity. 
    >
 * All machines where the Azure AD Password Protection Proxy service will be installed must have .NET 4.7 installed.
   .NET 4.7 should already be installed on a fully updated Windows Server. If this is not the case, download and run the installer found at [The .NET Framework 4.7 offline installer for Windows](https://support.microsoft.com/help/3186497/the-net-framework-4-7-offline-installer-for-windows).
-* All machines, including domain controllers, that get Azure AD password protection components installed must have the Universal C Runtime installed. You can get the runtime by making sure you have all updates from Windows Update. Or you can get it in an OS-specific update package. For more information, see [Update for Universal C Runtime in Windows](https://support.microsoft.com/help/2999226/update-for-uniersal-c-runtime-in-windows).
+* All machines, including domain controllers, that have Azure AD password protection components installed must have the Universal C Runtime installed. You can get the runtime by making sure you have all updates from Windows Update. Or you can get it in an OS-specific update package. For more information, see [Update for Universal C Runtime in Windows](https://support.microsoft.com/help/2999226/update-for-uniersal-c-runtime-in-windows).
 * Network connectivity must exist between at least one domain controller in each domain and at least one server that hosts the proxy service for password protection. This connectivity must allow the domain controller to access RPC endpoint mapper port 135 and the RPC server port on the proxy service. By default, the RPC server port is a dynamic RPC port, but it can be configured to [use a static port](#static).
-* All machines that host the proxy service must have network access to the following endpoints:
+* All machines where the Azure AD Password Protection Proxy service will be installed must have network access to the following endpoints:
 
     |**Endpoint**|**Purpose**|
     | --- | --- |
     |`https://login.microsoftonline.com`|Authentication requests|
     |`https://enterpriseregistration.windows.net`|Azure AD password protection functionality|
 
+  You must also enable network access for the set of ports and urls specified in the [Application Proxy environment setup procedures](https://docs.microsoft.com/azure/active-directory/manage-apps/application-proxy-add-on-premises-application#prepare-your-on-premises-environment). These configuration steps are required in order for the Microsoft Azure AD Connect Agent Updater service to be able to function (this service  is installed side-by-side with the Proxy service). It is not recommended to install Azure AD Password Protection Proxy and Application Proxy side by side on the same machine, due to incompatibilities between the versions of the Microsoft Azure AD Connect Agent Updater software.
 * All machines that host the proxy service for password protection must be configured to grant domain controllers the ability to logon to the proxy service. This is controlled via the "Access this computer from the network" privilege assignment.
 * All machines that host the proxy service for password protection must be configured to allow outbound TLS 1.2 HTTP traffic.
 * A Global Administrator account to register the proxy service for password protection and forest with Azure AD.

articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.md

@@ -98,6 +98,8 @@ No. Since the proxy server is stateless, it's not important which specific proxy
 
 Yes. The Azure AD Password Protection Proxy service and Azure AD Connect should never conflict directly with each other.
 
+Unfortunately, an incompatibility has been found between the version of the Microsoft Azure AD Connect Agent Updater service that is installed by the Azure AD Password Protection Proxy software and the version of the service that is installed by the [Azure Active Directory Application Proxy](https://docs.microsoft.com/azure/active-directory/manage-apps/application-proxy) software. This incompatibility may result in the Agent Updater service being unable to contact Azure for software updates. It is not recommended to install Azure AD Password Protection Proxy and Azure Active Directory Application Proxy on the same machine.
+
 **Q: In what order should the DC agents and proxies be installed and registered?**
 
 Any ordering of Proxy agent installation, DC agent installation, forest registration, and Proxy registration  is supported.

articles/active-directory/develop/TOC.yml

@@ -9,7 +9,7 @@
     href: v2-overview.md
   - name: Quickstarts
     items:
-    - name: Set up a dev environment
+    - name: Set up a tenant
       href: quickstart-create-new-tenant.md
     - name: Configure an application
       items:
@@ -49,7 +49,7 @@
       items:
       - name: Android
         href: quickstart-v2-android.md
-      - name: iOS
+      - name: iOS and macOS
         href: quickstart-v2-ios.md
       - name: Universal Windows Platform
         href: quickstart-v2-uwp.md
@@ -75,7 +75,7 @@
       items:
       - name: Android
         href: tutorial-v2-android.md
-      - name: iOS
+      - name: iOS and macOS
         href: tutorial-v2-ios.md
       - name: Universal Windows Platform
         href: tutorial-v2-windows-uwp.md
@@ -223,12 +223,14 @@
       items:
         - name: Overview
           href: msal-overview.md
-        - name: Migration
+        - name: Migration from ADAL
           items:
           - name: Migrate to MSAL.NET
             href: msal-net-migration.md
           - name: Migrate to MSAL.js
             href: msal-compare-msal-js-and-adal-js.md
+          - name: Migrate to MSAL for iOS and MacOS
+            href: migrate-objc-adal-msal.md
           - name: Migrate Xamarin apps using brokers from ADAL.NET to MSAL.NET
             href: msal-net-migration-ios-broker.md
         - name: Supported authentication flows
@@ -239,8 +241,6 @@
             href: msal-acquire-cache-tokens.md
           - name: Scopes for v1.0 apps
             href: msal-v1-app-scopes.md
-          - name: Token cache serialization (.NET)
-            href: msal-net-token-cache-serialization.md
         - name: Client applications
           items:
           - name: Client applications
@@ -257,18 +257,28 @@
           href: msal-handling-exceptions.md        
         - name: Logging
           href: msal-logging.md
-        - name: Single sign-on (JS)
-          href: msal-js-sso.md
-        - name: Prompt behavior (JS)
-          href: msal-js-prompt-behavior.md 
-        - name: ADFS support (.NET)
-          href: msal-net-adfs-support.md
+        - name: Single sign-on
+          items:
+          - name: Single sign-on with MSAL.js
+            href: msal-js-sso.md
+          - name: Single sign-on with MSAL for iOS and macOS
+            items:
+            - name: SSO between MSAL apps
+              href: single-sign-on-macos-ios.md
+            - name: SSO between ADAL and MSAL apps
+              href: sso-between-adal-msal-apps-macos-ios.md
+        - name: Integrate with ADFS
+          items:
+          - name: ADFS support in MSAL.NET
+            href: msal-net-adfs-support.md
         - name: Integrate with Azure AD B2C
           items:
           - name: JavaScript
             href: msal-b2c-overview.md
           - name: .NET
             href: msal-net-aad-b2c-considerations.md
+          - name: iOS and macOS
+            href: config-authority.md#b2c
         - name: Considerations and known issues
           items:
             - name: MSAL.NET
@@ -283,6 +293,10 @@
                 href: msal-js-known-issues-ie-edge-browsers.md
               - name: Known issues- Safari 
                 href: msal-js-known-issues-safari-browser.md
+            - name: MSAL for iOS and macOS
+              items:
+              - name: SSL issues
+                href: ssl-issues.md
     - name: Authentication protocol
       items:
       - name: Application types and OAuth2.0
@@ -378,6 +392,8 @@
           items:
             - name: Acquire a token from the cache
               href: msal-net-acquire-token-silently.md
+            - name: Token cache serialization
+              href: msal-net-token-cache-serialization.md
             - name: Clear the token cache
               href: msal-net-clear-token-cache.md
             - name: Instantiate a public client with options
@@ -393,7 +409,21 @@
             - name: Avoid page reloads
               href: msal-js-avoid-page-reloads.md
             - name: Pass custom state in authentication requests
-              href:  msal-js-pass-custom-state-authentication-request.md
+              href: msal-js-pass-custom-state-authentication-request.md
+            - name: Prompt behavior
+              href: msal-js-prompt-behavior.md 
+        - name: MSAL for iOS and macOS
+          items:
+            - name: Microsoft Authentication Library for iOS and macOS differences
+              href: msal-differences-ios-macos.md
+            - name: Configure keychain
+              href: howto-v2-keychain-objc.md
+            - name: Customize browsers and WebViews
+              href: customize-webviews.md
+            - name: Request custom claims
+              href: request-custom-claims.md
+            - name: Redirect URI configuration
+              href: redirect-uris-ios.md
     - name: Work with Visual Studio
       items:
       - name: Use the Active Directory connected service
@@ -428,7 +458,7 @@
     href: v1-overview.md
   - name: Quickstarts
     items:
-    - name: Set up a dev environment
+    - name: Set up a tenant
       href: quickstart-create-new-tenant.md
     - name: Configure an application
       items:
@@ -468,7 +498,7 @@
       items:
       - name: Android
         href: quickstart-v1-android.md
-      - name: iOS
+      - name: iOS and MacOS
         href: quickstart-v1-ios.md
       - name: Windows Desktop .NET
         href: quickstart-v1-dotnet.md