Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-master

Author: HeidiSteen

articles/active-directory/manage-apps/configure-user-consent.md

@@ -27,7 +27,7 @@ To control what cases users can consent to applications, choose the consent poli
 
 * **Disable user consent** - Users cannot grant permissions to applications. Users can continue to sign in to apps they had previously consented to or which are consented to by administrators on their behalf, but they will not be allowed to consent to new permissions or to new apps on their own. Only users who have been granted a directory role that includes the permission to grant consent will be able to consent to new permissions or new apps.
 
-* **Users can consent to apps from verified publishers, but only for permissions you select (preview)** - All users can only consent to apps that were published by a [verified publisher](../develop/publisher-verification-overview.md) and apps that are registered in your tenant. Users can only consent to the permissions you have classified as "Low impact".
+* **Users can consent to apps from verified publishers, but only for permissions you select (preview)** - All users can only consent to apps that were published by a [verified publisher](../develop/publisher-verification-overview.md) and apps that are registered in your tenant. Users can only consent to the permissions you have classified as "low impact", also referred to as "low risk". What is considered low risk for one organization, such as an app viewing a users email address, might be considered high risk for another organization. For this reason, the "low risk" permissions are set by the administrator for the tenant.
 
   Make sure to [classify permissions](#configure-permission-classifications-preview) to select which permissions users are allowed to consent to.
 
@@ -51,7 +51,7 @@ To configure user consent settings through the Azure portal:
 
 ### Configure user consent settings using PowerShell
 
-You can use the latest Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview), to choose which consent policy governs user consent for applications.
+You can use the latest Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview&preserve-view=true), to choose which consent policy governs user consent for applications.
 
 * **Disable user consent** - To disable user consent, set the consent policies which govern user consent to be empty:
 
@@ -104,7 +104,7 @@ In this example, we've classified the minimum set of permission required for sin
 
 ### Classify permissions using PowerShell
 
-You can use the latest Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview), to classify permissions. Permission classifications are configured on the **ServicePrincipal** object of the API that publishes the permissions.
+You can use the latest Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview&preserve-view=true), to classify permissions. Permission classifications are configured on the **ServicePrincipal** object of the API that publishes the permissions.
 
 #### To read the current permission classifications for an API:
 
@@ -191,9 +191,9 @@ In this example, all group owners are allowed to consent to apps accessing their
 
 ### Configure group owner consent using PowerShell
 
-You can use the Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview), to enable or disable group owners' ability to consent to applications accessing your organization's data for the groups they own.
+You can use the Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview&preserve-view=true), to enable or disable group owners' ability to consent to applications accessing your organization's data for the groups they own.
 
-1. Make sure you're using the [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview) module. This step is important if you have installed both the [AzureAD](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0) module and the [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview) module).
+1. Make sure you're using the [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview&preserve-view=true) module. This step is important if you have installed both the [AzureAD](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0&preserve-view=true) module and the [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview&preserve-view=true) module).
 
     ```powershell
     Remove-Module AzureAD
@@ -275,7 +275,7 @@ In this case, an audit event will also be logged with a Category of "Application
 
 ### Disable or re-enable risk-based step-up consent using PowerShell
 
-You can use the Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview), to disable the step-up to admin consent required in cases where Microsoft detects risk or to re-enable it if it was previously disabled.
+You can use the Azure AD PowerShell Preview module, [AzureADPreview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview&preserve-view=true), to disable the step-up to admin consent required in cases where Microsoft detects risk or to re-enable it if it was previously disabled.
 
 You can do this using the same steps as shown above for [configuring group owner consent using PowerShell](#configure-group-owner-consent-using-powershell), but substituting a different settings value. There are three differences in steps: 
 

articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md

@@ -26,7 +26,7 @@ For a user to access an application, they must first be assigned to it in some w
     * An Office 365 group created in the cloud
     * The [All Users](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-dedicated-groups) group
 *  An administrator enables [Self-service Application Access](https://docs.microsoft.com/azure/active-directory/active-directory-self-service-application-access) to allow a user to add an application using [My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction) **Add App** feature **without business approval**
-*  An administrator enables [Self-service Application Access](https://docs.microsoft.com/azure/active-directory/active-directory-self-service-application-access) to allow a user to add an application using [My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction) **Add App** feature, but only w**ith prior approval from a selected set of business approvers**
+*  An administrator enables [Self-service Application Access](https://docs.microsoft.com/azure/active-directory/active-directory-self-service-application-access) to allow a user to add an application using [My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction) **Add App** feature, but only **with prior approval from a selected set of business approvers**
 *  An administrator enables [Self-service Group Management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-self-service-group-management) to allow a user to join a group that an application is assigned to **without business approval**
 *  An administrator enables [Self-service Group Management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-self-service-group-management) to allow a user to join a group that an application is assigned to, but only **with prior approval from a selected set of business approvers**
 *  An administrator assigns a license to a user directly for a first party application, like [Microsoft Office 365](https://products.office.com/)

articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-rest.md

@@ -34,8 +34,6 @@ In this article, you learn how to create, list, and delete a user-assigned manag
 - If you are using Azure CLI local console, sign in to Azure using `az login` with an account that is associated with the Azure subscription you would like to deploy or retrieve user-assigned managed identity information.
 - Retrieve a Bearer access token using `az account get-access-token` to perform the following user-assigned managed identity operations.
 
-[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
-
 ## Create a user-assigned managed identity 
 
 To create a user-assigned managed identity, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
@@ -105,4 +103,4 @@ DELETE https://management.azure.com/subscriptions/80c696ff-5efa-4909-a64d-f1b616
 
 ## Next steps
 
-For information on how to assign a user-assigned managed identity to an Azure VM/VMSS using CURL see, [Configure managed identities for Azure resources on an Azure VM using REST API calls](qs-configure-rest-vm.md#user-assigned-managed-identity) and [Configure managed identities for Azure resources on a virtual machine scale set using REST API calls](qs-configure-rest-vmss.md#user-assigned-managed-identity).
+For information on how to assign a user-assigned managed identity to an Azure VM/VMSS using CURL see, [Configure managed identities for Azure resources on an Azure VM using REST API calls](qs-configure-rest-vm.md#user-assigned-managed-identity) and [Configure managed identities for Azure resources on a virtual machine scale set using REST API calls](qs-configure-rest-vmss.md#user-assigned-managed-identity).

articles/aks/kubernetes-walkthrough-portal.md

@@ -69,7 +69,7 @@ Open Cloud Shell using the `>_` button on the top of the Azure portal.
 
 To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them. The following example gets credentials for the cluster name *myAKSCluster* in the resource group named *myResourceGroup*:
 
-```azurecli-interactive
+```azurecli
 az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
 ```
 
@@ -242,7 +242,7 @@ To see logs for the `azure-vote-front` pod, select the **View container logs** f
 
 When the cluster is no longer needed, delete the cluster resource, which deletes all associated resources. This operation can be completed in the Azure portal by selecting the **Delete** button on the AKS cluster dashboard. Alternatively, the [az aks delete][az-aks-delete] command can be used in the Cloud Shell:
 
-```azurecli-interactive
+```azurecli
 az aks delete --resource-group myResourceGroup --name myAKSCluster --no-wait
 ```
 

articles/application-gateway/quick-create-portal.md

@@ -21,8 +21,6 @@ You can also complete this quickstart using [Azure PowerShell](quick-create-powe
 
 [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
-
-
 ## Prerequisites
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
@@ -166,7 +164,7 @@ In this example, you install IIS on the virtual machines only to verify Azure cr
 
 2. Run the following command to install IIS on the virtual machine. Change the *Location* parameter if necessary: 
 
-    ```azurepowershell-interactive
+    ```azurepowershell
     Set-AzVMExtension `
       -ResourceGroupName myResourceGroupAG `
       -ExtensionName IIS `
@@ -192,7 +190,6 @@ In this example, you install IIS on the virtual machines only to verify Azure cr
 
 5. Under **Target**, select the **myVM** and **myVM2** virtual machines and their associated network interfaces from the drop-down lists.
 
-
    > [!div class="mx-imgBorder"]
    > ![Add backend servers](./media/application-gateway-create-gateway-portal/application-gateway-backend.png)
 

articles/azure-app-configuration/concept-point-time-snapshot.md

@@ -18,31 +18,29 @@ Azure App Configuration maintains a record of changes made to key-values. This r
 
 You can use Azure portal or CLI to retrieve past key-values. In Azure CLI, use `az appconfig revision list`, adding appropriate parameters to retrieve the required values.  Specify the Azure App Configuration instance by providing either the store name (`--name <app-config-store-name>`) or by using a connection string (`--connection-string <your-connection-string>`). Restrict the output by specifying a specific point in time (`--datetime`) and by specifying the maximum number of items to return (`--top`).
 
-If you don't have Azure CLI installed locally, you can optionally use Azure Cloud Shell.
-
-[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
+If you don't have Azure CLI installed locally, you can optionally use [Azure Cloud Shell](/azure/cloud-shell/overview).
 
 Retrieve all recorded changes to your key-values.
 
-```azurecli-interactive
+```azurecli
 az appconfig revision list --name <your-app-config-store-name>.
 ```
 
 Retrieve all recorded changes for the key `environment` and the labels `test` and `prod`.
 
-```azurecli-interactive
+```azurecli
 az appconfig revision list --name <your-app-config-store-name> --key environment --label test,prod
 ```
 
 Retrieve all recorded changes in the hierarchical key space `environment:prod`.
 
-```azurecli-interactive
+```azurecli
 az appconfig revision list --name <your-app-config-store-name> --key environment:prod:* 
 ```
 
 Retrieve all recorded changes for the key `color` at a specific point-in-time.
 
-```azurecli-interactive
+```azurecli
 az appconfig revision list --connection-string <your-app-config-connection-string> --key color --datetime "2019-05-01T11:24:12Z" 
 ```
 

articles/azure-resource-manager/management/move-resource-group-and-subscription.md

@@ -2,7 +2,7 @@
 title: Move resources to a new subscription or resource group
 description: Use Azure Resource Manager to move resources to a new resource group or subscription.
 ms.topic: conceptual
-ms.date: 09/11/2020 
+ms.date: 09/15/2020 
 ms.custom: devx-track-azurecli
 ---
 
@@ -167,7 +167,7 @@ When you view the resource group, the move option is disabled.
 
 :::image type="content" source="./media/move-resource-group-and-subscription/move-first-view.png" alt-text="move option disabled":::
 
-To enable the move option, select the resources you want to move. To select all of the resources, select the checkbox at the top of list. Or, select resources individually.
+To enable the move option, select the resources you want to move. To select all of the resources, select the checkbox at the top of list. Or, select resources individually. After selecting resources, the move option is enabled.
 
 :::image type="content" source="./media/move-resource-group-and-subscription/select-resources.png" alt-text="select resources":::
 

articles/azure-resource-manager/templates/deployment-history-deletions.md

@@ -2,13 +2,15 @@
 title: Deployment history deletions
 description: Describes how Azure Resource Manager automatically deletes deployments from the deployment history. Deployments are deleted when the history is close to exceeding the limit of 800.
 ms.topic: conceptual
-ms.date: 08/07/2020
+ms.date: 09/15/2020
 ---
 # Automatic deletions from deployment history
 
 Every time you deploy a template, information about the deployment is written to the deployment history. Each resource group is limited to 800 deployments in its deployment history.
 
-Azure Resource Manager automatically deletes deployments from your history as you near the limit. Automatic deletion is a change from past behavior. Previously, you had to manually delete deployments from the deployment history to avoid getting an error. **This change was implemented on August 6, 2020.**
+Azure Resource Manager automatically deletes deployments from your history as you near the limit. Automatic deletion is a change from past behavior. Previously, you had to manually delete deployments from the deployment history to avoid getting an error. This change was implemented on August 6, 2020.
+
+**Automatic deletions are supported for resource group deployments. Currently, deployments in the deployment history for [subscription](deploy-to-subscription.md), [management group](deploy-to-management-group.md), and [tenant](deploy-to-tenant.md) deployments aren't deleted.**
 
 > [!NOTE]
 > Deleting a deployment from the history doesn't affect any of the resources that were deployed.