Merge pull request #103795 from MicrosoftDocs/master

2/10 AM Publish

Author: huypub

articles/active-directory-b2c/azure-monitor.md

@@ -11,7 +11,7 @@ ms.workload: identity
 ms.topic: conceptual
 ms.author: marsma
 ms.subservice: B2C
-ms.date: 02/05/2020
+ms.date: 02/10/2020
 ---
 
 # Monitor Azure AD B2C with Azure Monitor
@@ -20,9 +20,9 @@ Use Azure Monitor to route Azure Active Directory B2C (Azure AD B2C) sign-in and
 
 You can route log events to:
 
-* An Azure storage account.
-* An Azure event hub (and integrate with your Splunk and Sumo Logic instances).
-* An Azure Log Analytics workspace (to analyze data, create dashboards, and alert on specific events).
+* An Azure [storage account](../storage/blobs/storage-blobs-introduction.md).
+* An Azure [event hub](../event-hubs/event-hubs-about.md) (and integrate with your Splunk and Sumo Logic instances).
+* An [Log Analytics workspace](../azure-monitor/platform/resource-logs-collect-workspace.md) (to analyze data, create dashboards, and alert on specific events).
 
 ![Azure Monitor](./media/azure-monitor/azure-monitor-flow.png)
 
@@ -38,15 +38,15 @@ You can also use the [Azure Cloud Shell](https://shell.azure.com), which include
 
 Azure AD B2C leverages [Azure Active Directory monitoring](../active-directory/reports-monitoring/overview-monitoring.md). To enable *Diagnostic settings* in Azure Active Directory within your Azure AD B2C tenant, you use [delegated resource management](../lighthouse/concepts/azure-delegated-resource-management.md).
 
-You authorize a user in your Azure AD B2C directory (the **Service Provider**) to configure the Azure Monitor instance within the tenant that contains your Azure subscription (the **Customer**). To create the authorization, you deploy an [Azure Resource Manager](../azure-resource-manager/index.yml) template to your Azure AD tenant containing the subscription. The following sections walk you through the process.
+You authorize a user or group in your Azure AD B2C directory (the **Service Provider**) to configure the Azure Monitor instance within the tenant that contains your Azure subscription (the **Customer**). To create the authorization, you deploy an [Azure Resource Manager](../azure-resource-manager/index.yml) template to your Azure AD tenant containing the subscription. The following sections walk you through the process.
 
-## Create a resource group
+## Create or choose resource group
 
-In the Azure Active Directory (Azure AD) tenant that contains your Azure subscription (*not* the directory that contains your Azure AD B2C tenant), [create a resource group](../azure-resource-manager/management/manage-resource-groups-portal.md#create-resource-groups). Use the following values:
+This is the resource group containing the destination Azure storage account, event hub, or Log Analytics workspace to receive data from Azure Monitor. You specify the resource group name when you deploy the Azure Resource Manager template.
 
-* **Subscription**: Select your Azure subscription.
-* **Resource group**: Enter name for the resource group. For example, *azure-ad-b2c-monitor*.
-* **Region**: Select an Azure location. For example, *Central US*.
+[Create a resource group](../azure-resource-manager/management/manage-resource-groups-portal.md#create-resource-groups) or choose an existing one the Azure Active Directory (Azure AD) tenant that contains your Azure subscription, *not* the directory that contains your Azure AD B2C tenant.
+
+This example uses a resource group named *azure-ad-b2c-monitor* in the *Central US* region.
 
 ## Delegate resource management
 
@@ -205,20 +205,42 @@ Once you've deployed the template and have waited a few minutes for the resource
 
 ## Configure diagnostic settings
 
-After you've delegated resource management and have selected your subscription, you're ready to [Create diagnostic settings](../active-directory/reports-monitoring/overview-monitoring.md) in the Azure portal.
+Diagnostic settings define where logs and metrics for a resource should be sent. Possible destinations are:
+
+- [Azure storage account](../azure-monitor/platform/resource-logs-collect-storage.md)
+- [Event hubs](../azure-monitor/platform/resource-logs-stream-event-hubs.md) solutions.
+- [Log Analytics workspace](../azure-monitor/platform/resource-logs-collect-workspace.md)
+
+If you haven't already, create an instance of your chosen destination type in the resource group you specified in the [Azure Resource Manager template](#create-an-azure-resource-manager-template).
+
+### Create diagnostic settings
+
+You're ready to [Create diagnostic settings](../active-directory/reports-monitoring/overview-monitoring.md) in the Azure portal.
 
 To configure monitoring settings for Azure AD B2C activity logs:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 1. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
 1. Select **Azure Active Directory**
 1. Under **Monitoring**, select **Diagnostic settings**.
-1. Select **+ Add diagnostic setting**.
+1. If there are existing settings on the resource, you will see a list of settings already configured. Either select **Add diagnostic setting** to add a new setting, or **Edit** setting to edit an existing one. Each setting can have no more than one of each of the destination types..
 
     ![Diagnostics settings pane in Azure portal](./media/azure-monitor/azure-monitor-portal-05-diagnostic-settings-pane-enabled.png)
 
+1. Give your setting a name if it doesn't already have one.
+1. Check the box for each destination to send the logs. Select **Configure** to specify their settings as described in the following table.
+
+    | Setting | Description |
+    |:---|:---|
+    | Archive to a storage account | Name of storage account. |
+    | Stream to an event hub | The namespace where the event hub is created (if this is your first time streaming logs) or streamed to (if there are already resources that are streaming that log category to this namespace).
+    | Send to Log Analytics | Name of workspace. |
+
+1. Select **AuditLogs** and **SignInLogs**.
+1. Select **Save**.
+
 ## Next steps
 
-For more information about adding and configuring diagnostic settings in Azure Monitor, see this tutorial in the Azure Monitor documentation:
+For more information about adding and configuring diagnostic settings in Azure Monitor, see [Tutorial: Collect and analyze resource logs from an Azure resource](../azure-monitor/insights/monitor-azure-resource.md).
 
-[Tutorial: Collect and analyze resource logs from an Azure resource](/azure-monitor/learn/tutorial-resource-logs.md)
+For information about streaming Azure AD logs to an event hub, see [Tutorial: Stream Azure Active Directory logs to an Azure event hub](../active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md).

articles/active-directory/develop/quickstart-v2-windows-desktop.md

@@ -46,7 +46,7 @@ In this quickstart, you'll learn how to write a Windows desktop .NET (WPF) appli
 >      - In the **Supported account types** section, select **Accounts in any organizational directory and personal Microsoft accounts (for example, Skype, Xbox, Outlook.com)**.
 >      - Select **Register** to create the application.
 > 1. In the list of pages for the app, select **Authentication**.
-> 1. In the **Redirect URIs** | **Suggested Redirect URIs for public clients (mobile, desktop)** section, check **https://login.microsoftonline.com/common/oauth2/nativeclient**.
+> 1. In the **Redirect URIs** | **Suggested Redirect URIs for public clients (mobile, desktop)** section, use **https://login.microsoftonline.com/common/oauth2/nativeclient**.
 > 1. Select **Save**.
 
 > [!div class="sxs-lookup" renderon="portal"]
@@ -110,6 +110,7 @@ Then, initialize MSAL using the following code:
 ```csharp
 public static IPublicClientApplication PublicClientApp;
 PublicClientApplicationBuilder.Create(ClientId)
+                .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
                 .WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
                 .Build();
 ```

articles/active-directory/identity-protection/howto-identity-protection-configure-notifications.md

@@ -24,6 +24,9 @@ Azure AD Identity Protection sends two types of automated notification emails to
 
 This article provides you with an overview of both notification emails.
 
+>[!NOTE]
+>Email notifications are available only in the public cloud and are not currently available in the US Government cloud.
+
 ## Users at risk detected email
 
 In response to a detected account at risk, Azure AD Identity Protection generates an email alert with **Users at risk detected** as subject. The email includes a link to the **[Users flagged for risk](../reports-monitoring/concept-user-at-risk.md)** report. As a best practice, you should immediately investigate the users at risk.

articles/active-directory/saas-apps/workday-inbound-tutorial.md

@@ -573,7 +573,7 @@ In this section, you will configure how user data flows from Workday to Active D
 | **Fax**      | facsimileTelephoneNumber     |     |    Create + update |
 | **Mobile**  |    mobile       |     |       Create + update |
 | **LocalReference** |  preferredLanguage  |     |  Create + update |                                               
-| **Switch(\[Municipality\], "OU=Standard Users,OU=Users,OU=Default,OU=Locations,DC=contoso,DC=com", "Dallas", "OU=Standard Users,OU=Users,OU=Dallas,OU=Locations,DC=contoso,DC=com", "Austin", "OU=Standard Users,OU=Users,OU=Austin,OU=Locations,DC=contoso,DC=com", "Seattle", "OU=Standard Users,OU=Users,OU=Seattle,OU=Locations,DC=contoso,DC=com", “London", "OU=Standard Users,OU=Users,OU=London,OU=Locations,DC=contoso,DC=com")**  | parentDistinguishedName     |     |  Create + update |
+| **Switch(\[Municipality\], "OU=Standard Users,OU=Users,OU=Default,OU=Locations,DC=contoso,DC=com", "Dallas", "OU=Standard Users,OU=Users,OU=Dallas,OU=Locations,DC=contoso,DC=com", "Austin", "OU=Standard Users,OU=Users,OU=Austin,OU=Locations,DC=contoso,DC=com", "Seattle", "OU=Standard Users,OU=Users,OU=Seattle,OU=Locations,DC=contoso,DC=com", "London", "OU=Standard Users,OU=Users,OU=London,OU=Locations,DC=contoso,DC=com")**  | parentDistinguishedName     |     |  Create + update |
 
 Once your attribute mapping configuration is complete, you can now [enable and launch the user provisioning service](#enable-and-launch-user-provisioning).
 

articles/active-directory/saas-apps/workplacebyfacebook-provisioning-tutorial.md

@@ -40,7 +40,9 @@ If your Workplace integration is in quarantine, you will need to supply a valid
 
 https://portal.azure.com/?Microsoft_AAD_IAM_userProvisioningEnableCredentialsOverride=true
 
- 
+#### How can I tell if my application has been migrated? 
+When your application is migrated, the banner in the authorization section about upcomming changes will be removed and the secret token field will be replaced with a blue authorize button. 
+
 #### The admin credentials section is greyed out on my application and I can't save. Why?
 We have locked down the admin credentials section for existing Workplace customers. When your tenant has been migrated to the new Workplace application you will be able to update the admin credentials section again. If you can't wait, you can use the URL above to edit your application. 
 

articles/aks/kubernetes-walkthrough-portal.md

@@ -25,7 +25,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 ## Sign in to Azure
 
-Sign in to the Azure portal at https://portal.azure.com.
+Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
 
 ## Create an AKS cluster
 

articles/aks/use-managed-identity.md

@@ -40,7 +40,7 @@ You must have the following resources installed:
 To install the aks-preview 0.4.14 extension or later, use the following Azure CLI commands:
 
 ```azurecli
-az extension update --name aks-preview
+az extension add --name aks-preview
 az extension list
 ```
 

articles/automation/automation-windows-hrw-install.md

@@ -10,8 +10,7 @@ ms.topic: conceptual
 
 You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the computer that's hosting the role and against resources in the environment to manage those local resources. Runbooks are stored and managed in Azure Automation and then delivered to one or more designated computers. This article describes how to install the Hybrid Runbook Worker on a Windows machine.
 
-> [!NOTE]
-This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [Introducing the new Azure PowerShell Az module](https://docs.microsoft.com/powershell/azure/new-azureps-module-az?view=azps-3.3.0). For Az module installation instructions, see [Install the Azure PowerShell module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-3.4.0).
+[!INCLUDE [azure-monitor-log-analytics-rebrand](../../includes/azure-monitor-log-analytics-rebrand.md)]
 
 ## Installing the Windows Hybrid Runbook Worker
 

articles/azure-functions/disable-function.md

@@ -11,6 +11,9 @@ This article explains how to disable a function in Azure Functions. To *disable*
 
 The recommended way to disable a function is by using an app setting in the format `AzureWebJobs.<FUNCTION_NAME>.Disabled`. You can create and modify this application setting in a number of ways, including by using the [Azure CLI](/cli/azure/) and from your function's **Manage** tab in the [Azure portal](https://portal.azure.com). 
 
+> [NOTE]  
+> When you disable an HTTP triggered function by using the methods described in this article, the endpoint may still by accessible when running on your local computer.  
+
 ## Use the Azure CLI
 
 In the Azure CLI, you use the [`az functionapp config appsettings set`](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-set) command to create and modify the app setting. The following command disables a function named `QueueTrigger` by creating an app setting named `AzureWebJobs.QueueTrigger.Disabled` set it to `true`. 

articles/azure-functions/functions-networking-options.md

@@ -106,7 +106,7 @@ To provide a higher level of security, you can restrict a number of Azure servic
 
 ### Restricting your storage account to a virtual network
 
-When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can't currently use any virtual network restrictions on this account. If you configure a virtual network service endpoint on the storage account you're using for your function app, that will break your app.This functionality is currently available using the Premium Plan and a virtual network integration.
+When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can't currently use any virtual network restrictions on this account. If you configure a virtual network service endpoint on the storage account you're using for your function app, that will break your app.
 
 [Learn more about storage account requirements.](./functions-create-function-app-portal.md#storage-account-requirements)