Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into adfssismove

Author: markingmyname

articles/active-directory/authentication/active-directory-certificate-based-authentication-android.md

@@ -24,7 +24,7 @@ Android devices can use certificate-based authentication (CBA) to authenticate t
 
 Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
 
-This topic provides you with the requirements and the supported scenarios for configuring CBA on an iOS(Android) device for users of tenants in Office 365 Enterprise, Business, Education, US Government, China, and Germany plans.
+This topic provides you with the requirements and the supported scenarios for configuring CBA on an Android device for users of tenants in Office 365 Enterprise, Business, Education, US Government, China, and Germany plans.
 
 This feature is available in preview in Office 365 US Government Defense and Federal plans.
 

articles/active-directory/hybrid/TOC.yml

@@ -210,6 +210,8 @@
       href: how-to-connect-pta-quick-start.md
     - name: Pass-through authentication FAQ
       href: how-to-connect-pta-faq.md
+    - name: Disable PTA with Azure AD Connect "Do not configure"
+      href: how-to-connect-pta-disable-do-not-configure.md
   - name: Manage Federation Services
     items:
     - name: Managing federation with Azure AD Connect

articles/active-directory/hybrid/how-to-connect-pta-disable-do-not-configure.md

@@ -0,0 +1,54 @@
+---
+title: 'Disable PTA when using Azure AD Connect "Do not configure" | Microsoft Docs'
+description: This article describes how to disable PTA with the Azure AD Connect "do not configure" feature.
+services: active-directory
+author: billmath
+manager: daveba
+ms.service: active-directory
+ms.topic: reference
+ms.workload: identity
+ms.date: 04/20/2020
+ms.subservice: hybrid
+ms.author: billmath
+ms.collection: M365-identity-device-management
+---
+
+
+# Disable PTA when using Azure AD Connect "Do not configure"
+
+If you are using Pass-through Authentication with Azure AD Connect and you have it set to "Do not configure", you can disable it. Disabling PTA can be done using the following cmdlets. 
+
+## Prerequisites
+The following prerequisites are required:
+- Any windows machine that has the PTA agent installed. 
+- Agent must be at version 1.5.1742.0 or later. 
+- An Azure global administrator account in order to run the PowerShell cmdlets to disable PTA.
+
+>[!NOTE]
+> If your agent is older then it may not have the cmdlets required to complete this operation. You can get a new agent from Azure Portal an install it on any windows machine and provide admin credentials. (Installing the agent does not affect the PTA status in the cloud)
+
+> [!IMPORTANT]
+> If you are using the Azure Government cloud then you will have to pass in the ENVIRONMENTNAME parameter with the following value. 
+>
+>| Environment Name | Cloud |
+>| - | - |
+>| AzureUSGovernment | US Gov|
+
+
+## To disable PTA
+From within a PowerShell session, use the following to disable PTA:
+1. PS C:\Program Files\Microsoft Azure AD Connect Authentication Agent> `Import-Module .\Modules\PassthroughAuthPSModule`
+2. `Get-PassthroughAuthenticationEnablementStatus -Feature PassthroughAuth` or `Get-PassthroughAuthenticationEnablementStatus -Feature PassthroughAuth -EnvironmentName <identifier>`
+3. `Disable-PassthroughAuthentication  -Feature PassthroughAuth` or `Disable-PassthroughAuthentication -Feature PassthroughAuth -EnvironmentName <identifier>`
+
+## If you don't have access to an agent
+
+If you do not have an agent machine you can use following command to install an agent.
+
+1. Download the latest Auth Agent from portal.azure.com.
+2. Install the feature: `.\AADConnectAuthAgentSetup.exe` or `.\AADConnectAuthAgentSetup.exe ENVIRONMENTNAME=<identifier>`
+
+
+## Next steps
+
+- [User sign-in with Azure Active Directory Pass-through Authentication](how-to-connect-pta.md)

articles/active-directory/hybrid/plan-connect-userprincipalname.md

@@ -88,7 +88,7 @@ On-Premises user object:
 - mailNickName		: <not set>
 - proxyAddresses		: {SMTP:us1@contoso.com}
 - mail			: [email protected]
-- userPrincipalName	: [email protected]`
+- userPrincipalName	: [email protected]
 
 Synchronized the user object to Azure AD Tenant for the first time
 - Set Azure AD MailNickName attribute to primary SMTP address prefix.

articles/active-directory/saas-apps/ally-tutorial.md

@@ -89,7 +89,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
     In the **Sign-on URL** text box, type a URL:
-    `https://app.ally.io/`
+    `https://app.ally.io/saml/consume/<CUSTOM_GUID>`
 
 	> [!NOTE]
 	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Ally Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
@@ -145,7 +145,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Ally SSO
 
-To configure single sign-on on **Ally** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Ally support team](mailto:contact@ally.io). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Ally** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Ally support team](mailto:support@ally.io). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create Ally test user
 

articles/app-service/containers/quickstart-nodejs.md

@@ -158,12 +158,12 @@ When prompted, choose to enable logging and restart the application. Once the ap
 
 After a few seconds, you'll see a message indicating that you're connected to the log-streaming service. Refresh the page a few times to see more activity.
 
-    ```bash
-    2019-09-20 20:37:39.574 INFO  - Initiating warmup request to container msdocs-vscode-node_2_00ac292a for site msdocs-vscode-node
-    2019-09-20 20:37:55.011 INFO  - Waiting for response to warmup request for container msdocs-vscode-node_2_00ac292a. Elapsed time = 15.4373071 sec
-    2019-09-20 20:38:08.233 INFO  - Container msdocs-vscode-node_2_00ac292a for site msdocs-vscode-node initialized successfully and is ready to serve requests.
-    2019-09-20T20:38:21  Startup Request, url: /Default.cshtml, method: GET, type: request, pid: 61,1,7, SCM_SKIP_SSL_VALIDATION: 0, SCM_BIN_PATH: /opt/Kudu/bin, ScmType: None
-    ```
+<pre>
+2019-09-20 20:37:39.574 INFO  - Initiating warmup request to container msdocs-vscode-node_2_00ac292a for site msdocs-vscode-node
+2019-09-20 20:37:55.011 INFO  - Waiting for response to warmup request for container msdocs-vscode-node_2_00ac292a. Elapsed time = 15.4373071 sec
+2019-09-20 20:38:08.233 INFO  - Container msdocs-vscode-node_2_00ac292a for site msdocs-vscode-node initialized successfully and is ready to serve requests.
+2019-09-20T20:38:21  Startup Request, url: /Default.cshtml, method: GET, type: request, pid: 61,1,7, SCM_SKIP_SSL_VALIDATION: 0, SCM_BIN_PATH: /opt/Kudu/bin, ScmType: None
+</pre>
 
 > [!div class="nextstepaction"]
 > [I ran into an issue](https://www.research.net/r/PWZWZ52?tutorial=node-deployment-azure-app-service&step=tailing-logs)

articles/azure-monitor/app/asp-net-core.md

@@ -158,11 +158,11 @@ The preceding steps are enough to help you start collecting server-side telemetr
 
 Alternatively to using the `FullScript` the `ScriptBody` is available starting in SDK v2.14. Use this if you need to control the `<script>` tag to set a Content Security Policy:
 
-    ```cshtml
-        <script> // apply custom changes to this script tag.
-            @Html.Raw(JavaScriptSnippet.ScriptBody)
-        </script>
-    ```
+```cshtml
+ <script> // apply custom changes to this script tag.
+     @Html.Raw(JavaScriptSnippet.ScriptBody)
+ </script>
+```
 
 The `.cshtml` file names referenced earlier are from a default MVC application template. Ultimately, if you want to properly enable client-side monitoring for your application, the JavaScript snippet must appear in the `<head>` section of each page of your application that you want to monitor. You can accomplish this goal for this application template by adding the JavaScript snippet to `_Layout.cshtml`. 
 

articles/cognitive-services/LUIS/luis-get-started-get-intent-from-browser.md

@@ -1,16 +1,8 @@
 ---
 title: "Quickstart: Get intent with browser - LUIS"
-titleSuffix: Azure Cognitive Services
 description: In this quickstart, use an available public LUIS app to determine a user's intention from conversational text in a browser.
-services: cognitive-services
-author: diberry
-manager: nitinme
-ms.custom: seodec18
-ms.service: cognitive-services
-ms.subservice: language-understanding
 ms.topic: quickstart
-ms.date: 02/03/2020
-ms.author: diberry
+ms.date: 04/20/2020
 #Customer intent: As an developer familiar with how to use a browser but new to the LUIS service, I want to query the LUIS endpoint of a published model so that I can see the JSON prediction response.
 ---
 
@@ -22,29 +14,31 @@ To understand what a LUIS prediction endpoint returns, view a prediction result
 
 In order to query a public app, you need:
 
-* Your own Language Understanding (LUIS) Authoring or Prediction key which can be obtained from [LUIS Portal (Preview)](https://preview.luis.ai/). If you do not already have a subscription to create a key, you can register for a [free account](https://azure.microsoft.com/free/).
-* The public app's ID: `df67dcdb-c37d-46af-88e1-8b97951ca1c2`.
+* Your Language Understanding (LUIS) resource information:
+    * **Prediction key** - which can be obtained from [LUIS Portal](https://www.luis.ai/). If you do not already have a subscription to create a key, you can register for a [free account](https://azure.microsoft.com/free/).
+    * **Prediction endpoint subdomain** - the subdomain is also the **name** of your LUIS resource.
+* A LUIS app ID - use the public IoT app ID of `df67dcdb-c37d-46af-88e1-8b97951ca1c2`. The user query used in the quickstart code is specific to that app.
 
 ## Use the browser to see predictions
 
 1. Open a web browser.
-1. Use the complete URLs below, replacing `YOUR-KEY` with your own LUIS Authoring or Prediction key. The requests are GET requests and include the authorization, with your LUIS Authoring or Prediction key, as a query string parameter.
+1. Use the complete URLs below, replacing `YOUR-KEY` with your own LUIS Prediction key. The requests are GET requests and include the authorization, with your LUIS Prediction key, as a query string parameter.
 
     #### [V3 prediction request](#tab/V3-1-1)
 
 
     The format of the V3 URL for a **GET** endpoint (by slots) request is:
 
     `
-    https://westus.api.cognitive.microsoft.com/luis/prediction/v3.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2/slots/production/predict?query=turn on all lights&subscription-key=YOUR-KEY
+    https://YOUR-LUIS-ENDPOINT-SUBDOMAIN.api.cognitive.microsoft.com/luis/prediction/v3.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2/slots/production/predict?query=turn on all lights&subscription-key=YOUR-LUIS-PREDICTION-KEY
     `
 
     #### [V2 prediction request](#tab/V2-1-2)
 
     The format of the V2 URL for a **GET** endpoint request is:
 
     `
-    https://westus.api.cognitive.microsoft.com/luis/v2.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2?subscription-key=YOUR-KEY&q=turn on all lights
+    https://YOUR-LUIS-ENDPOINT-SUBDOMAIN.api.cognitive.microsoft.com/luis/v2.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2?subscription-key=YOUR-LUIS-PREDICTION-KEY&q=turn on all lights
     `
 
 1. Paste the URL into a browser window and press Enter. The browser displays a JSON result that indicates that LUIS detects the `HomeAutomation.TurnOn` intent as the top intent and the `HomeAutomation.Operation` entity with the value `on`.
@@ -100,7 +94,7 @@ In order to query a public app, you need:
     Add `show-all-intents=true` to the end of the querystring to **show all intents**:
 
     `
-    https://westus.api.cognitive.microsoft.com/luis/predict/v3.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2/slots/production/predict?query=turn on all lights&subscription-key=YOUR-KEY&show-all-intents=true
+    https://YOUR-LUIS-ENDPOINT-SUBDOMAIN.api.cognitive.microsoft.com/luis/predict/v3.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2/slots/production/predict?query=turn on all lights&subscription-key=YOUR-LUIS-PREDICTION-KEY&show-all-intents=true
     `
 
     ```JSON
@@ -133,7 +127,7 @@ In order to query a public app, you need:
     Add `verbose=true` to the end of the querystring to **show all intents**:
 
     `
-    https://westus.api.cognitive.microsoft.com/luis/v2.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2?q=turn on all lights&subscription-key={your-key}&verbose=true
+    https://YOUR-LUIS-ENDPOINT-SUBDOMAIN.api.cognitive.microsoft.com/luis/v2.0/apps/df67dcdb-c37d-46af-88e1-8b97951ca1c2?q=turn on all lights&subscription-key=YOUR-LUIS-PREDICTION-KEY&verbose=true
     `
 
     ```json
@@ -169,12 +163,11 @@ In order to query a public app, you need:
     }
     ```
 
-
-<!-- FIX - is the public app getting updated for the new prebuilt domain with entities? -->
-
 ## Next steps
 
-Learn more about the [V3 prediction endpoint](luis-migration-api-v3.md).
+Learn more about:
+* [V3 prediction endpoint](luis-migration-api-v3.md)
+* [Custom subdomains](../cognitive-services-custom-subdomains.md)
 
 > [!div class="nextstepaction"]
 > [Create an app in the LUIS portal](get-started-portal-build-app.md)

articles/cognitive-services/Translator/language-support.md

@@ -58,6 +58,7 @@ The V3 Translator API is neural by default and statistical systems are only avai
 |French|	`fr`	|	Neural|
 |German|	`de`	|	Neural|
 |Greek|	`el`	|	Neural|
+|Gujarati|	`gu`	|	Neural|
 |Haitian Creole|	`ht`		|Statistical|
 |Hebrew	|`he`	|Neural
 |Hindi|	`hi`	|	Neural|
@@ -80,6 +81,7 @@ The V3 Translator API is neural by default and statistical systems are only avai
 |Malayalam| `ml` | Neural
 |Maltese|	`mt`	|	Statistical|
 |Maori| `mi`  | Neural|
+|Marathi| `mr`  | Neural|
 |Norwegian|	`nb`	|	Neural|
 |Persian|	`fa`	|	Neural|
 |Polish|	`pl`	|	Neural|

articles/governance/policy/concepts/assignment-structure.md

@@ -1,7 +1,7 @@
 ---
 title: Details of the policy assignment structure
 description: Describes the policy assignment definition used by Azure Policy to relate policy definitions and parameters to resources for evaluation.
-ms.date: 09/23/2019
+ms.date: 04/15/2020
 ms.topic: conceptual
 ---
 # Azure Policy assignment structure
@@ -17,6 +17,7 @@ You use JSON to create a policy assignment. The policy assignment contains eleme
 - description
 - metadata
 - enforcement mode
+- excluded scopes
 - policy definition
 - parameters
 
@@ -31,6 +32,7 @@ For example, the following JSON shows a policy assignment in _DoNotEnforce_ mode
             "assignedBy": "Cloud Center of Excellence"
         },
         "enforcementMode": "DoNotEnforce",
+        "notScopes": [],
         "policyDefinitionId": "/subscriptions/{mySubscriptionID}/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
         "parameters": {
             "prefix": {
@@ -72,6 +74,14 @@ If **enforcementMode** isn't specified in a policy or initiative definition, the
 used. [Remediation tasks](../how-to/remediate-resources.md) can be started for [deployIfNotExists](./effects.md#deployifnotexists)
 policies, even when **enforcementMode** is set to _DoNotEnforce_.
 
+## Excluded scopes
+
+The **scope** of the assignment includes all child resource containers and child resources. If a
+child resource container or child resource shouldn't have the definition applied, each can be
+excluded from evaluation by setting **notScopes**. This property is an array to enable excluding one
+or more resource containers or resources from evaluation. **notScopes** can be added or updated
+after creation of the initial assignment.
+
 ## Policy definition ID
 
 This field must be the full path name of either a policy definition or an initiative definition.