Merge pull request #108161 from MicrosoftDocs/master

3/18 AM Publish

Author: huypub

articles/active-directory/develop/quickstart-v2-aspnet-core-webapp.md

@@ -65,7 +65,7 @@ In this quickstart, you use a code sample to learn how an ASP.NET Core web app c
 > [!div class="sxs-lookup" renderon="portal"]
 > Run the project using Visual Studio 2019.
 > [!div renderon="portal" id="autoupdate" class="nextstepaction"]
-> [Download the code sample]()
+> [Download the code sample](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore2-2.zip)
 
 > [!div class="sxs-lookup" renderon="portal"]
 > #### Step 3: Your app is configured and ready to run

articles/active-directory/develop/quickstart-v2-aspnet-webapp.md

@@ -63,7 +63,7 @@ In this quickstart, you use a code sample to learn how an ASP.NET web app to sig
 > [!div renderon="portal"]
 > Run the project using Visual Studio 2019.
 > [!div renderon="portal" id="autoupdate" class="nextstepaction"]
-> [Download the code sample]()
+> [Download the code sample](https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-DotNet/archive/master.zip)
 
 > [!div class="sxs-lookup" renderon="portal"]
 > #### Step 3: Your app is configured and ready to run

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -95,7 +95,7 @@ To run this sample you will need:
 >   Put the generated keystore file in the "resources" folder.
    
 > [!div renderon="portal" id="autoupdate" class="nextstepaction"]
-> [Download the code sample]()
+> [Download the code sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
 
 > [!div renderon="docs"]
 > #### Step 3: Configure the code sample

articles/active-directory/develop/quickstart-v2-javascript.md

@@ -78,7 +78,7 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 > Run the project with a web server by using Node.js
 
 > [!div renderon="portal" id="autoupdate" class="nextstepaction"]
-> [Download the code sample]()
+> [Download the code sample](https://github.com/Azure-Samples/active-directory-javascript-graphapi-v2/archive/quickstart.zip)
 
 > [!div renderon="docs"]
 

articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md

@@ -1,12 +1,12 @@
 ---
-title: Enable Multi-Factor Authentication for your organization - Azure Active Directory
-description: Enable Azure MFA for your organization based on your license
+title: Azure Multi-Factor Authentication for your organization - Azure Active Directory
+description: Learn about the available features of Azure Multi-Factor Authentication for your organization based on your license model
 
 services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 12/06/2019
+ms.date: 03/18/2020
 
 ms.author: iainfou
 author: iainfoulds
@@ -15,38 +15,38 @@ ms.reviewer: michmcla
 
 ms.collection: M365-identity-device-management
 ---
-# Enable Multi-Factor Authentication for your organization
+# Overview of Azure Multi-Factor Authentication for your organization
 
-There are multiple ways to enable Azure Multi-Factor Authentication (MFA) for your Azure Active Directory (AD) users based on the licenses that your organization owns. 
+There are multiple ways to enable Azure Multi-Factor Authentication for your Azure Active Directory (AD) users based on the licenses that your organization owns. 
 
 ![Investigate signals and enforce MFA if needed](./media/concept-fundamentals-mfa-get-started/verify-signals-and-perform-mfa-if-required.png)
 
-Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.
+Based on our studies, your account is more than 99.9% less likely to be compromised if you use multi-factor authentication (MFA).
 
-So how does your organization turn on multi-factor authentication even for free, before becoming a statistic?
+So how does your organization turn on MFA even for free, before becoming a statistic?
 
 ## Free option
 
 Customers who are utilizing the free benefits of Azure AD can use [security defaults](../fundamentals/concept-fundamentals-security-defaults.md) to enable multi-factor authentication in their environment.
 
-## Office 365
+## Office 365 Business Premium, E3, or E5
 
 For customers with Office 365, there are two options:
 
-- [Security defaults](concept-fundamentals-security-defaults.md) can be enabled through Azure AD to protect all of your users with Azure Multi-Factor Authentication.
-- If your organization requires more granularity in providing multi-factor authentication, your Office licenses include [per-user MFA](../authentication/howto-mfa-userstates.md) capabilities. Per-user MFA is enabled and enforced on each user individually by administrators.
+* Azure Multi-Factor Authentication is either enabled or disabled for all users, for all sign-in events. There is no ability to only enable multi-factor authentication for a subset of users, or only under certain scenarios. Management is through the Office 365 portal. 
+* For an improved user experience, upgrade to Azure AD Premium P1 or P2 and use Conditional Access. For more information, see secure Office 365 resources with multi-factor authentication.
 
 ## Azure AD Premium P1
 
 For customers with Azure AD Premium P1 or similar licenses that include this functionality such as Enterprise Mobility + Security E3, Microsoft 365 F1, or Microsoft 365 E3: 
 
-The recommendation is to use [Conditional Access policies](../conditional-access/concept-conditional-access-policy-common.md) for the best user experience.
+Use [Azure AD Conditional Access](../conditional-access/overview.md) to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements.
 
 ## Azure AD Premium P2
 
 For customers with Azure AD Premium P2 or similar licenses that include this functionality such as Enterprise Mobility + Security E5 or Microsoft 365 E5: 
 
-The recommendation is to use [Conditional Access policies](../conditional-access/concept-conditional-access-policy-common.md) along with [Identity Protection](../identity-protection/overview-v2.md) risk policies for the best user experience and enforcement flexibility.
+Provides the strongest security position and improved user experience. Adds [risk-based Conditional Access](../conditional-access/howto-conditional-access-policy-risk.md) to the Azure AD Premium P1 features that adapts to user's patterns and minimizes multi-factor authentication prompts.
 
 ## Authentication methods
 
@@ -56,10 +56,9 @@ The recommendation is to use [Conditional Access policies](../conditional-access
 | Verification code from mobile app or hardware token |   | X |
 | Text message to phone |   | X |
 | Call to phone |   | X |
-| App passwords |   | X** |
-
-** App passwords are only available in per-user MFA with legacy authentication scenarios only if enabled by administrators.
 
 ## Next steps
 
-[Azure AD pricing page](https://azure.microsoft.com/pricing/details/active-directory/)
+To get started, see the tutorial to [secure user sign-in events with Azure Multi-Factor Authentication](../authentication/tutorial-enable-azure-mfa.md).
+
+For more information on licensing, see [Features and licenses for Azure Multi-Factor Authentication](../authentication/concept-mfa-licensing.md).

articles/active-directory/hybrid/plan-migrate-adfs-pass-through-authentication.md

@@ -71,7 +71,7 @@ To understand which method you should use, complete the steps in the following s
 2. On the **Additional tasks** page, select **View current configuration**, and then select **Next**.<br />
 
    ![Screenshot of the View current configuration option on the Additional tasks page](media/plan-migrate-adfs-pass-through-authentication/migrating-adfs-to-pta_image2.png)<br />
-3. On the **Review your solution** page, scroll to **Active Directory Federation Services (AD FS)**.<br />
+3. Under **Additional Tasks > Manage Federation**, scroll to **Active Directory Federation Services (AD FS)**.<br />
 
    * If the AD FS configuration appears in this section, you can safely assume that AD FS was originally configured by using Azure AD Connect. You can convert your domains from federated identity to managed identity by using the Azure AD Connect **Change user sign-in** option. For more information about the process, see the section **Option A: Configure pass-through authentication by using Azure AD Connect**.
    * If AD FS isn't listed in the current settings, you must manually convert your domains from federated identity to managed identity by using PowerShell. For more information about this process, see the section **Option B: Switch from federation to pass-through authentication by using Azure AD Connect and PowerShell**.

articles/app-service/networking/private-endpoint.md

@@ -4,7 +4,7 @@ description: Connect privately to a Web App using Azure Private Endpoint
 author: ericgre
 ms.assetid: 2dceac28-1ba6-4904-a15d-9e91d5ee162c
 ms.topic: article
-ms.date: 03/12/2020
+ms.date: 03/18/2020
 ms.author: ericg
 ms.service: app-service
 ms.workload: web
@@ -15,7 +15,7 @@ ms.custom: fasttrack-edit
 # Using Private Endpoints for Azure Web App (Preview)
 
 > [!Note]
-> The preview is available in East US region for all PremiumV2 Windows and Linux Web Apps and Elastic Premium Functions. 
+> The preview is available in East US and West US 2 regions for all PremiumV2 Windows and Linux Web Apps and Elastic Premium Functions. 
 
 You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access the app over Private Link. The Private Endpoint uses an IP address from your Azure VNet address space. Network traffic between a client on your private network and the Web App traverses over the VNet and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.
 
@@ -48,7 +48,7 @@ From a security perspective:
 - The NIC of the Private Endpoint cannot have an NSG associated.
 - The Subnet that hosts the Private Endpoint can have an NSG associated, but you must disable the network policies enforcement for the Private Endpoint: see [Disable network policies for private endpoints][disablesecuritype]. As a result, you cannot filter by any NSG the access to your Private Endpoint.
 - When you enable Private Endpoint to your Web App, the [access restrictions][accessrestrictions] configuration of the Web App is not evaluated.
-- You can reduce the data exfiltration risk from the VNet by removing all NSG rules where destination is tag Internet or Azure services. But adding a Web App Service Endpoint in your subnet will let you reach any Web App hosted in the same deployment stamp and exposed to the Internet.
+- You can reduce the data exfiltration risk from the VNet by removing all NSG rules where destination is tag Internet or Azure services. But adding a Web App Private Endpoint in your subnet will let you reach any Web App hosted in the same deployment stamp and exposed to the Internet.
 
 In the Web HTTP logs of your Web App, you will find the client source IP. This is implemented using the TCP Proxy protocol, forwarding the client IP property up to the Web App. For more information, see [Getting connection Information using TCP Proxy v2][tcpproxy].
 

articles/automation/automation-first-runbook-graphical.md

@@ -72,7 +72,9 @@ Before you publish the runbook to make it available in production, you should te
 
    The job status starts as `Queued`, indicating that the job is waiting for a runbook worker in the cloud to become available. The status changes to `Starting` when a worker claims the job. Finally, the status becomes `Running` when the runbook actually starts to run.
 
-1. When the runbook job completes, the Test pane displays its output. In this case, you see `Hello World`.<br> ![Hello World](media/automation-first-runbook-graphical/runbook-test-results.png)
+1. When the runbook job completes, the Test pane displays its output. In this case, you see `Hello World`.
+
+    ![Hello World](media/automation-first-runbook-graphical/runbook-test-results.png)
 1. Close the Test pane to return to the canvas.
 
 ## Step 4 - Publish and start the runbook
@@ -152,9 +154,9 @@ Now that you have a variable to hold the subscription ID, you can configure the
 1. The `Set-AzContext` cmdlet has multiple parameter sets, and you need to select one before providing parameter values. Click **Parameter Set** and then select **SubscriptionId**.
 1. The parameters for this parameter set are displayed on the Activity Parameter Configuration page. Click **SubscriptionID**.
 1. On the Parameter Value page, select **Variable Asset** for the **Data source** field and select **AzureSubscriptionId** from the source list. When finished, click **OK** twice.
-1. Hover over `Login to Azure` until a circle appears on the bottom of the shape. Click the circle and drag the arrow to `Specify Subscription Id`. 
+1. Hover over `Login to Azure` until a circle appears on the bottom of the shape. Click the circle and drag the arrow to `Specify Subscription Id`. Your runbook should look like the following at this point.
 
-Your runbook should look like the following at this point: <br>![Runbook authentication configuration](media/automation-first-runbook-graphical/runbook-auth-config.png)
+    ![Runbook authentication configuration](media/automation-first-runbook-graphical/runbook-auth-config.png)
 
 ## Step 7 - Add activity to start a virtual machine
 
@@ -168,9 +170,9 @@ Now you must add a `Start-AzVM` activity to start a virtual machine. You can pic
 1. Select **Name**. Choose **PowerShell expression** for the **Data source** field. For the VM that you use to start this runbook, type in the machine name surrounded with double quotes. Click **OK**.
 1. Select **ResourceGroupName**. Use the value **PowerShell expression** for the **Data source** field, and type in the name of the resource group surrounded with double quotes. Click **OK**.
 1. Click **Test pane** so that you can test the runbook.
-1. Click **Start** to begin the test. Once it completes, make sure that the VM has started. 
+1. Click **Start** to begin the test. Once it completes, make sure that the VM has started. Your runbook should look like the following at this point.
 
-Your runbook should look like the following at this point: <br>![Runbook authentication configuration](media/automation-first-runbook-graphical/runbook-startvm.png)
+    ![Runbook authentication configuration](media/automation-first-runbook-graphical/runbook-startvm.png)
 
 ## Step 8 - Add additional input parameters
 
@@ -224,7 +226,9 @@ You can now modify the runbook so that it only attempts to start the VM if it is
      $StatusOut
      ```
 
-1. Create a link from `Get Status` to `Start-AzVM`.<br> ![Runbook with Code Module](media/automation-first-runbook-graphical/runbook-startvm-get-status.png)  
+1. Create a link from `Get Status` to `Start-AzVM`.
+
+    ![Runbook with Code Module](media/automation-first-runbook-graphical/runbook-startvm-get-status.png)  
 1. Select the link and, in the Configuration pane, change **Apply condition** to **Yes**. Note that the link becomes a dashed line, indicating that the target activity only runs if the condition resolves to true.  
 1. For **Condition expression**, type `$ActivityOutput['Get Status'] -eq "Stopped"`. `Start-AzVM` now only runs if the VM is stopped.
 1. In the Library control, expand **Cmdlets** and then **Microsoft.PowerShell.Utility**.
@@ -237,7 +241,9 @@ You can now modify the runbook so that it only attempts to start the VM if it is
 1. Select the link to `Notify VM Started` and change **Apply condition** to true.
 1. For the **Condition expression**, type `$ActivityOutput['Start-AzVM'].IsSuccessStatusCode -eq $true`. This `Write-Output` control now only runs if the VM starts successfully.
 1. Select the link to `Notify VM Start Failed` and change **Apply condition** to true.
-1. For the **Condition expression** field, type `$ActivityOutput['Start-AzVM'].IsSuccessStatusCode -ne $true`. This `Write-Output` control now only runs if the VM is not successfully started. Your runbook should look like the following image: <br> ![Runbook with Write-Output](media/automation-first-runbook-graphical/runbook-startazurermvm-complete.png)
+1. For the **Condition expression** field, type `$ActivityOutput['Start-AzVM'].IsSuccessStatusCode -ne $true`. This `Write-Output` control now only runs if the VM is not successfully started. Your runbook should look like the following image.
+
+    ![Runbook with Write-Output](media/automation-first-runbook-graphical/runbook-startazurermvm-complete.png)
 1. Save the runbook and open the Test pane.
 1. Start the runbook with the VM stopped, and the machine should start.