Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-marmalade

Author: v-alje

articles/active-directory/b2b/add-users-administrator.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 11/12/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -41,9 +41,6 @@ To add B2B collaboration users to the directory, follow these steps:
 
    ![Shows where New guest user is in the UI](./media/add-users-administrator/new-guest-user-in-all-users.png) 
 
-   > [!NOTE]
-   > The **New guest user** option is also available on the **Organizational relationships** page. In **Azure Active Directory**, under **Manage**, select **Organizational relationships**.
-
 5. On the **New user** page, select **Invite user** and then add the guest user's information. 
 
     > [!NOTE]

articles/active-directory/b2b/auditing-and-reporting.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 12/14/2018
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 With guest users, you have auditing capabilities similar to with member users. 
 
 ## Access reviews
-You can use access reviews to periodically verify whether guest users still need access to your resources. The **Access reviews** feature is available in **Azure Active Directory** under **Manage** > **Organizational Relationships**. (You can also search for "access reviews" from **All services** in the Azure portal.) To learn how to use access reviews, see [Manage guest access with Azure AD access reviews](../governance/manage-guest-access-with-access-reviews.md).
+You can use access reviews to periodically verify whether guest users still need access to your resources. The **Access reviews** feature is available in **Azure Active Directory** under **Organizational Relationships** > **Access reviews** (or **External Identities** > **Access reviews** ). You can also search for "access reviews" from **All services** in the Azure portal. To learn how to use access reviews, see [Manage guest access with Azure AD access reviews](../governance/manage-guest-access-with-access-reviews.md).
 
 ## Audit logs
 

articles/active-directory/b2b/delegate-invitations.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/11/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -34,11 +34,9 @@ By default, all users, including guests, can invite guest users.
 ### To configure external collaboration settings:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as a tenant administrator.
-2. Select **Azure Active Directory** > **Users** > **User settings**.
-3. Under **External users**, select **Manage external collaboration settings**.
-   > [!NOTE]
-   > The **External collaboration settings** are also available from the **Organizational relationships** page. In Azure Active Directory, under **Manage**, go to **Organizational relationships** > **Settings**.
-4. On the **External collaboration settings** page, choose the policies you want to enable.
+2. Select **Azure Active Directory**.
+3. Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
+6. On the **External collaboration settings** page, choose the policies you want to enable.
 
    ![External collaboration settings](./media/delegate-invitations/control-who-to-invite.png)
 

articles/active-directory/b2b/direct-federation.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 05/07/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -143,8 +143,8 @@ Next, you'll configure federation with the identity provider configured in step
 ### To configure direct federation in the Azure AD portal
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**, and then select **New SAML/WS-Fed IdP**.
+2. Select **Organizational Relationships** > **All identity providers** (or **External Identities** > **All identity providers**).
+3. Select , and then select **New SAML/WS-Fed IdP**.
 
     ![Screenshot showing button for adding a new SAML or WS-Fed IdP](media/direct-federation/new-saml-wsfed-idp.png)
 
@@ -191,8 +191,8 @@ Now test your direct federation setup by inviting a new B2B guest user. For deta
 ## How do I edit a direct federation relationship?
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**
 4. Under **SAML/WS-Fed identity providers**, select the provider.
 5. In the identity provider details pane, update the values.
 6. Select **Save**.
@@ -203,8 +203,8 @@ You can remove your direct federation setup. If you do, direct federation guest
 To remove direct federation with an identity provider in the Azure AD portal:
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**.
 4. Select the identity provider, and then select **Delete**. 
 5. Select **Yes** to confirm deletion. 
 

articles/active-directory/b2b/google-federation.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 03/05/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -88,8 +88,8 @@ Now you'll set the Google client ID and client secret, either by entering it in
 
 #### To configure Google federation in the Azure AD portal 
 1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**, and then click the **Google** button.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**, and then click the **Google** button.
 4. Enter a name. Then enter the client ID and client secret you obtained earlier. Select **Save**. 
 
    ![Screenshot showing the Add Google identity provider page](media/google-federation/google-identity-provider.png)
@@ -111,8 +111,8 @@ You can delete your Google federation setup. If you do so, Google guest users wh
 
 ### To delete Google federation in the Azure AD portal: 
 1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**.
 4. On the **Google** line, select the context menu (**...**) and then select **Delete**. 
 
    ![Screenshot showing the Delete option for the social identity provider](media/google-federation/google-social-identity-providers.png)

articles/active-directory/b2b/one-time-passcode.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/08/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -54,7 +54,7 @@ When a guest user redeems an invitation or uses a link to a resource that has be
 
 At the time of invitation, there's no indication that the user you're inviting will use one-time passcode authentication. But when the guest user signs in, one-time passcode authentication will be the fallback method if no other authentication methods can be used. 
 
-You can view guest users who authenticate with one-time passcodes in the Azure portal by going to **Azure Active Directory** > **Organizational relationships** > **Users from other organizations**.
+You can view guest users who authenticate with one-time passcodes in the Azure portal by going to **Azure Active Directory** > **Users**.
 
 ![Screenshot showing a one-time passcode user with Source value of OTP](media/one-time-passcode/otp-users.png)
 
@@ -70,8 +70,7 @@ It might take a few minutes for the opt-in action to take effect. After that, on
 ### To opt in using the Azure AD portal
 1.	Sign in to the [Azure portal](https://portal.azure.com/) as an Azure AD global administrator.
 2.	In the navigation pane, select **Azure Active Directory**.
-3.	Under **Manage**, select **Organizational Relationships**.
-4.	Select **Settings**.
+3.	Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
 5.	Under **Enable Email One-Time Passcode for guests (Preview)**, select **Yes**.
 
 ### To opt in using PowerShell
@@ -137,8 +136,7 @@ It may take a few minutes for the opt-out action to take effect. If you turn off
 ### To turn off the preview using the Azure AD portal
 1.	Sign in to the [Azure portal](https://portal.azure.com/) as an Azure AD global administrator.
 2.	In the navigation pane, select **Azure Active Directory**.
-3.	Under **Manage**, select **Organizational Relationships**.
-4.	Select **Settings**.
+3.	Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
 5.	Under **Enable Email One-Time Passcode for guests (Preview)**, select **No**.
 
 ### To turn off the preview using PowerShell

articles/active-directory/b2b/redemption-experience.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 03/19/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -98,7 +98,7 @@ When a guest signs in to access resources in a partner organization for the firs
 
    ![Screenshot showing new terms of use](media/redemption-experience/terms-of-use-accept.png) 
 
-   You can configure see [terms of use](../governance/active-directory-tou.md) in **Manage** > **Organizational relationships** > **Terms of use**.
+   You can configure [terms of use](../governance/active-directory-tou.md) in **Organizational relationships** (or **External Identities**) > **Terms of use**.
 
 3. Unless otherwise specified, the guest is redirected to the Apps access panel, which lists the applications the guest can access.
 

articles/active-directory/develop/tutorial-v2-angular.md

@@ -339,7 +339,6 @@ If a back-end API doesn't require a scope (not recommended), you can use *client
 
 ## Next steps
 
-Next, learn how to sign in a user and acquire tokens in the Angular tutorial:
+If you're new to identity and access management, we have several articles to help you learn modern authentication concepts, starting with [authentication vs. authorization](authentication-vs-authorization.md).
 
-> [!div class="nextstepaction"]
-> [Angular tutorial](https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-angular)
+If you'd like to dive deeper into single-page application development on the Microsoft identity platform, the multi-part [Scenario: Single-page application](scenario-spa-overview.md) series of articles can help you get started.

articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md

@@ -67,6 +67,19 @@ Refer to the following list to configure managed identity for Azure App Service
 - [Azure PowerShell](/azure/app-service/overview-managed-identity#using-azure-powershell)
 - [Azure Resource Manager template](/azure/app-service/overview-managed-identity#using-an-azure-resource-manager-template)
 
+
+### Azure Kubernetes Service (AKS)
+
+| Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet |
+| --- | :-: | :-: | :-: | :-: |
+| System assigned | ![Available][check] | - | - | - | 
+| User assigned | ![Available][check] | - | - | - |
+
+
+For more information, see [Use managed identities in Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/use-managed-identity).
+
+
+
 ### Azure Blueprints
 
 |Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet |

articles/active-directory/privileged-identity-management/powershell-for-azure-ad-roles.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/28/2020
+ms.date: 05/11/2020
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
@@ -119,11 +119,10 @@ There are four main objects in the setting. Only three of these objects are curr
 
 [![](media/powershell-for-azure-ad-roles/get-update-role-settings-result.png "Get and update role settings")](media/powershell-for-azure-ad-roles/get-update-role-settings-result.png#lightbox)
 
-To update the role setting, you will need to first define a setting object as follows:
+To update the role setting, you must get the existing setting object for a particular role and make changes to it:
 
-    $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting 
-    $setting.RuleIdentifier = "JustificationRule"
-    $setting.Setting = "{'required':false}"
+    $setting = Get-AzureADMSPrivilegedRoleSetting -ProviderId 'aadRoles' -Filter "roleDefinitionId eq 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
+    $setting.UserMemberSetting.justificationRule = '{"required":false}'
 
 You can then go ahead and apply the setting to one of the objects for a particular role as shown below. The ID here is the role setting ID that can be retrieved from the result of the list role settings cmdlet.