MicrosoftDocs
diff --git a/‎articles/active-directory/develop/reference-aadsts-error-codes.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/develop/reference-aadsts-error-codes.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/reports-monitoring/concept-sign-ins.md
Lines changed: 6 additions & 2 deletions b/‎articles/active-directory/reports-monitoring/concept-sign-ins.md
Lines changed: 6 additions & 2 deletions
diff --git a/‎articles/automation/shared-resources/variables.md
Lines changed: 39 additions & 25 deletions b/‎articles/automation/shared-resources/variables.md
Lines changed: 39 additions & 25 deletions
@@ -270,6 +270,7 @@ Search on the numeric part of the returned error code.  For example, if you rece
 | AADSTS1000000 | UserNotBoundError - The Bind API requires the Azure AD user to also authenticate with an external IDP, which hasn't happened yet. |
 | AADSTS1000002 | BindCompleteInterruptError - The bind completed successfully, but the user must be informed. |
 | AADSTS7000112 | UnauthorizedClientApplicationDisabled - The application is disabled. |
+| AADSTS7500529 | The value ‘SAMLId-Guid’ is not a valid SAML ID - Azure AD uses this attribute to populate the InResponseTo attribute of the returned response. ID must not begin with a number, so a common strategy is to prepend a string like "id" to the string representation of a GUID. For example, id6c1c178c166d486687be4aaf5e482730 is a valid ID. |
 
 ## Next steps
 
 
@@ -14,7 +14,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 02/26/2020
+ms.date: 03/24/2020
 ms.author: markvi
 ms.reviewer: dhanyahk
 
@@ -43,7 +43,11 @@ This article gives you an overview of the sign-ins report.
 
 ### What Azure AD license do you need to access sign-in activity?
 
-* Your tenant must have an Azure AD Premium license associated with it to see the all up sign-in activity report. See [Getting started with Azure Active Directory Premium](../fundamentals/active-directory-get-started-premium.md) to upgrade your Azure Active Directory edition. It will take a couple of days for the data to show up in the reports after you upgrade to a premium license with no data activities before the upgrade.
+- The sign-in activity report is available in all editions of Azure AD.
+
+- If you want to access the sign-in data using an API, your tenant must have an [Azure Active Directory Premium](../fundamentals/active-directory-get-started-premium.md) license associated with it.
+
+
 
 ## Sign-ins report
 
 
@@ -22,11 +22,9 @@ Automation variables are useful for the following scenarios:
 
 - Managing a value used by runbooks or DSC configurations from the portal or from the PowerShell command line. An example is a set of common configuration items, such as a specific list of VM names, a specific resource group, an AD domain name, and more.  
 
-Since Automation variables are persisted, they are available even if the runbook or DSC configuration fails. This behavior allows one runbook or DSC configuration to set a value that is then used by another runbook, or by the same runbook or DSC configuration the next time it runs.
+Azure Automation persists variables and makes them available even if a runbook or DSC configuration fails. This behavior allows one runbook or DSC configuration to set a value that is then used by another runbook, or by the same runbook or DSC configuration the next time it runs.
 
-When creating a variable, you can specify its encryption and storage by Azure Automation as a secure asset. Other secure assets include credentials, certificates, and connections. Azure Automation encrypts these assets and stores them using a unique key that is generated for each Automation account. The key is stored in a system-managed Key Vault. Before storing a secure asset, Azure Automation loads the key from the Key Vault and then uses it to encrypt the asset. 
-
-Azure Automation stores each encrypted variable securely. Its value can't be retrieved using the [Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) cmdlet that ships as part of the Azure PowerShell module. The only way to retrieve an encrypted value is by using the `Get-AutomationVariable` activity in a runbook or DSC configuration.
+Azure Automation stores each encrypted variable securely. When creating a variable, you can specify its encryption and storage by Azure Automation as a secure asset. Other secure assets include credentials, certificates, and connections. Azure Automation encrypts these assets and stores them using a unique key that is generated for each Automation account. The key is stored in a system-managed Key Vault. Before storing a secure asset, Azure Automation loads the key from the Key Vault and then uses it to encrypt the asset. 
 
 >[!NOTE]
 >This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [Introducing the new Azure PowerShell Az module](https://docs.microsoft.com/powershell/azure/new-azureps-module-az?view=azps-3.5.0). For Az module installation instructions on your Hybrid Runbook Worker, see [Install the Azure PowerShell Module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-3.5.0). For your Automation account, you can update your modules to the latest version using [How to update Azure PowerShell modules in Azure Automation](../automation-update-azure-modules.md).
@@ -41,26 +39,26 @@ When you create a variable with the Azure portal, you must specify a data type f
 * Boolean
 * Null
 
-The variable isn't restricted to the designated data type. You must set the variable using Windows PowerShell if you want to specify a value of a different type. If you indicate **Not defined**, the value of the variable is set to Null, and you must set the value with the [Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0) cmdlet or the `Set-AutomationVariable` activity.
+The variable isn't restricted to the designated data type. You must set the variable using Windows PowerShell if you want to specify a value of a different type. If you indicate `Not defined`, the value of the variable is set to Null, and you must set the value with the [Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0) cmdlet or the `Set-AutomationVariable` activity.
 
 You can't use the portal to create or change the value for a complex variable type. However, you can provide a value of any type using Windows PowerShell. Complex types are retrieved as a [PSCustomObject](/dotnet/api/system.management.automation.pscustomobject).
 
-You can store multiple values to a single variable by creating an array or hashtable and saving it to a variable.
+You can store multiple values to a single variable by creating an array or hashtable and saving it to the variable.
 
 ## PowerShell cmdlets that create and manage variable assets
 
 For the Az module, the cmdlets in the following table are used to create and manage Automation variable assets with Windows PowerShell. They ship as part of the [Az.Automation module](/powershell/azure/overview), which is available for use in Automation runbooks and DSC configurations.
 
 | Cmdlet | Description |
 |:---|:---|
-|[Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) | Retrieves the value of an existing variable.|
+|[Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0) | Retrieves the value of an existing variable. You can't use this cmdlet to retrieve the value of an encrypted variable. The only way to do this is by using the `Get-AutomationVariable` activity in a runbook or DSC configuration. |
 |[New-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/new-azautomationvariable?view=azps-3.5.0) | Creates a new variable and sets its value.|
 |[Remove-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/remove-azautomationvariable?view=azps-3.5.0)| Removes an existing variable.|
-|[Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0)| Sets the value for an existing variable.|
+|[Set-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/set-azautomationvariable?view=azps-3.5.0)| Sets the value for an existing variable. |
 
-## Activities to access variables
+## Activities to access variables in runbooks and DSC configurations
 
-The activities in the following table are used to access variables in runbooks and DSC configurations. The difference between `Get-AzAutomationVariable` and `Get-AutomationVariable` is explained for encrypted variables at the start of this article.
+The activities in the following table are used to access variables in runbooks and DSC configurations. The cmdlets for these activities come with the global module `Orchestrator.AssetManagement.Cmdlets`.
 
 | Activity | Description |
 |:---|:---|
@@ -70,30 +68,47 @@ The activities in the following table are used to access variables in runbooks a
 > [!NOTE]
 > Avoid using variables in the `Name` parameter of `Get-AutomationVariable` in a runbook or DSC configuration. Use of this parameter can complicate the discovery of dependencies between runbooks or DSC configurations and Automation variables at design time.
 
-The functions in the following table are used to access and retrieve variables in a Python2 runbook.
+Note that `Get-AutomationVariable` does not work in PowerShell, but only in a runbook or DSC configuration. For example, to see the value of an encrypted variable, you might create a runbook to get the variable and then write it to the output stream:
+ 
+```powershell
+$testEncryptVar = Get-AutomationVariable -Name TestVariable
+Write-output "The encrypted variable value is: $testEncryptVar"
+```
+
+## Functions to access variables in Python 2 runbooks
 
-|Python2 Functions|Description|
+The functions in the following table are used to access variables in a Python 2 runbook.
+
+|Python 2 Functions|Description|
 |:---|:---|
 |`automationassets.get_automation_variable`|Retrieves the value of an existing variable. |
 |`automationassets.set_automation_variable`|Sets the value for an existing variable. |
 
 > [!NOTE]
 > You must import the `automationassets` module at the top of your Python runbook to access the asset functions.
 
-## Creating a new Automation variable
+## Working with Automation variables
+
+>[!NOTE]
+>If you want to remove the encryption for a variable, you must delete the variable and recreate it as unencrypted.
 
 ### Create a new variable using the Azure portal
 
 1. From your Automation account, click the **Assets** tile, then the **Assets** blade, and select **Variables**.
 2. On the **Variables** tile, select **Add a variable**.
 3. Complete the options on the **New Variable** blade and then click **Create** to save the new variable.
 
->[!NOTE]
->If you want to remove the encryption for a variable, you must delete the variable and recreate it as unencrypted.
+> [!NOTE]
+> Once you have saved an encrypted variable, it can't be viewed in the portal. It can only be updated.
+
+### Create and use a variable in Windows PowerShell
 
-### Create a new variable with Windows PowerShell
+A PowerShell script uses the `New-AzAutomationVariable` cmdlet, or its AzureRM module equivalent, to create a new variable and set its initial value. If the variable is encrypted, the call should use the `Encrypted` parameter.
 
-The script uses the `New-AzAutomationVariable` cmdlet to create a new variable and set its initial value. It can then retrieve the value using `Get-AzAutomationVariable`. If the value is a simple type, then that same type is retrieved. If it's a complex type, then a `PSCustomObject` type is retrieved.
+The script retrieves the value of the variable using [Get-AzAutomationVariable](https://docs.microsoft.com/powershell/module/az.automation/get-azautomationvariable?view=azps-3.5.0). If the value is a simple type, the cmdlet retrieves that same type. If it's a complex type, a `PSCustomObject` type is retrieved.
+
+>[!NOTE]
+>A PowerShell script can't retrieve an encrypted value. The only way to do this is to use a `Get-AutomationVariable` activity in a runbook or DSC configuration.
 
 The following example shows how to create a variable of type String and then return its value.
 
@@ -105,7 +120,7 @@ $string = (Get-AzAutomationVariable -ResourceGroupName "ResourceGroup01" `
 –AutomationAccountName "MyAutomationAccount" –Name 'MyStringVariable').Value
 ```
 
-The following example shows how to create a variable with a complex type and then retrieves its properties. In this case, a virtual machine object from [Get-AzVM](https://docs.microsoft.com/powershell/module/Az.Compute/Get-AzVM?view=azps-3.5.0) is used.
+The following example shows how to create a variable with a complex type and then retrieve its properties. In this case, a virtual machine object from [Get-AzVM](https://docs.microsoft.com/powershell/module/Az.Compute/Get-AzVM?view=azps-3.5.0) is used.
 
 ```powershell
 $vm = Get-AzVM -ResourceGroupName "ResourceGroup01" –Name "VM01"
@@ -117,13 +132,12 @@ $vmName = $vmValue.Name
 $vmIpAddress = $vmValue.IpAddress
 ```
 
-## Using a variable in a runbook or DSC configuration
+### Create and use a variable in a runbook or DSC configuration
 
-Use the `Set-AutomationVariable` activity to set the value of an Automation variable in a PowerShell runbook or DSC configuration, and the `Get-AutomationVariable` to retrieve it. You shouldn't use the `Set-AzAutomationVariable` and `Get-AzAutomationVariable` cmdlets or their AzureRM module equivalents in a runbook or DSC configuration, since they are less efficient than the workflow activities. 
+The only way to create a new variable from within a runbook or DSC configuration is to use the `New-AzAutomationVariable` cmdlet, or its AzureRM module equivalent. The script uses this cmdlet to set the initial value of the variable. The script can then retrieve the value using `Get-AzAutomationVariable`. If the value is a simple type, that same type is retrieved. If it's a complex type, then a `PSCustomObject` type is retrieved.
 
-Note that you can't retrieve the value of a secure variable with `Get-AzAutomationVariable` or its AzureRM module equivalent. 
-
-The only way to create a new variable from within a runbook or DSC configuration is to use the `New-AzAutomationVariable` cmdlet.
+>[!NOTE]
+>The only way to retrieve an encrypted value is by using the `Get-AutomationVariable` activity in the runbook or DSC configuration. 
 
 ### Textual runbook samples
 
@@ -144,9 +158,9 @@ for ($i = 1; $i -le $NumberOfIterations; $i++) {
 Set-AzAutomationVariable -ResourceGroupName "ResourceGroup01" –AutomationAccountName "MyAutomationAccount" –Name NumberOfRunnings –Value ($NumberOfRunnings += 1)
 ```
 
-#### Set and retrieve a variable in a Python2 runbook
+#### Set and retrieve a variable in a Python 2 runbook
 
-The following sample shows how to use a variable, set a variable, and handle an exception for a nonexistent variable in a Python2 runbook.
+The following sample shows how to use a variable, set a variable, and handle an exception for a nonexistent variable in a Python 2 runbook.
 
 ```python
 import automationassets