Merge branch 'master' into patch-70

jovanpop-msft · web-flow · commit 2cb0bc1f52c1 · 2019-06-10T16:38:13.000+02:00
diff --git a/articles/active-directory/develop/scenario-daemon-app-configuration.md b/articles/active-directory/develop/scenario-daemon-app-configuration.md
@@ -38,7 +38,9 @@ The Microsoft libraries supporting daemon apps are:
 
 Given that the daemon applications don't use delegated permissions, but application permissions, their *supported account type* cannot be *Accounts in any organizational directory and personal Microsoft accounts (for example, Skype, Xbox, Outlook.com)*. Indeed, there is no tenant admin to grant consent to the daemon application for Microsoft personal accounts. You'll need to choose *accounts in my organization* or *accounts in any organization*.
 
-Therefore the authority specified in the application configuration should be tenant-ed (specifying a Tenant ID or a domain name associated with your organization). If you are an ISV and want to provide a multi-tenant tool, you can use `organizations`. But keep in mind that you will also need to explain to your customers how to grant admin consent. See [Requesting consent for an entire tenant](v2-permissions-and-consent.md#requesting-consent-for-an-entire-tenant) for details
+Therefore the authority specified in the application configuration should be tenant-ed (specifying a Tenant ID or a domain name associated with your organization).
+
+If you are an ISV and want to provide a multi-tenant tool, you can use `organizations`. But keep in mind that you will also need to explain to your customers how to grant admin consent. See [Requesting consent for an entire tenant](v2-permissions-and-consent.md#requesting-consent-for-an-entire-tenant) for details. Also there is currently a limitation in MSAL that `organizations` is only allowed when the client credentials are an application secret (not a certificate). See [MSAL.NET bug #891](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/891)
 
 ## Application configuration and instantiation
 
diff --git a/articles/sql-database/sql-database-managed-instance-migrate.md b/articles/sql-database/sql-database-managed-instance-migrate.md
@@ -40,7 +40,7 @@ If there are some reported blocking issues that are not removed with the managed
 
 - If you require direct access to the operating system or file system, for instance to install third party or custom agents on the same virtual machine with SQL Server.
 - If you have strict dependency on features that are still not supported, such as FileStream / FileTable, PolyBase, and cross-instance transactions.
-- If absolutely you need to stay at a specific version of SQL Server (2012, for instance).
+- If absolutely need to stay at a specific version of SQL Server (2012, for instance).
 - If your compute requirements are much lower that managed instance offers (one vCore, for instance) and database consolidation is not acceptable option.
 
 If you have resolved all identified migration blockers and continuing the migration to Managed Instance, note that some of the changes might affect performance of your workload:
