Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into azurecli2

Author: v-thepet

articles/active-directory-domain-services/troubleshoot.md

@@ -134,7 +134,7 @@ If one or more users in your Azure AD tenant can't sign in to the Azure AD DS ma
       * You've deployed, or updated to, the [latest recommended release of Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594).
       * You've configured Azure AD Connect to [perform a full synchronization][hybrid-phs].
       * Depending on the size of your directory, it may take a while for user accounts and credential hashes to be available in Azure AD DS. Make sure you wait long enough before trying to authenticate against the managed domain.
-      * If the issue persists after verifying the previous steps, try restarting the *Microsoft Azure AD Sync Service*. From your [management VM][management-vm], open a command prompt and run the following commands:
+      * If the issue persists after verifying the previous steps, try restarting the *Microsoft Azure AD Sync Service*. From your Azure AD Connect server, open a command prompt and run the following commands:
 
         ```console
         net stop 'Microsoft Azure AD Sync'

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -64,35 +64,7 @@ Organizations can choose to use the device identity as part of their Conditional
 
 Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution.
 
-This setting applies to the following client apps:
-
-- Microsoft Azure Information Protection
-- Microsoft Bookings
-- Microsoft Cortana
-- Microsoft Dynamics 365
-- Microsoft Edge
-- Microsoft Excel
-- Microsoft Flow
-- Microsoft Intune Managed Browser
-- Microsoft Invoicing
-- Microsoft Kaizala
-- Microsoft Launcher
-- Microsoft OneDrive
-- Microsoft OneNote
-- Microsoft Outlook
-- Microsoft Planner
-- Microsoft PowerApps
-- Microsoft Power BI
-- Microsoft PowerPoint
-- Microsoft SharePoint
-- Microsoft Skype for Business
-- Microsoft StaffHub
-- Microsoft Stream
-- Microsoft Teams
-- Microsoft To-Do
-- Microsoft Visio
-- Microsoft Word
-- Microsoft Yammer
+Supported applications can be found in the article, [Microsoft Intune protected apps](/intune/apps/apps-supported-intune-apps).
 
 **Remarks**
 
@@ -105,12 +77,7 @@ This setting applies to the following client apps:
 
 In your Conditional Access policy, you can require an [Intune app protection policy](/intune/app-protection-policy) be present on the client app before access is available to the selected cloud apps. 
 
-This setting applies to the following client apps:
-
-- Microsoft Cortana
-- Microsoft OneDrive
-- Microsoft Outlook
-- Microsoft Planner
+Supported applications can be found in the article, [Microsoft Intune protected apps](/intune/apps/apps-supported-intune-apps).
 
 **Remarks**
 

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -18,16 +18,13 @@ ms.custom: aaddev, scenarios:getting-started, languages:Java
 
 In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API.
 
-When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.
-
-![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
+When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory. (See [How the sample works](#how-the-sample-works) for an illustration.)
 
 ## Prerequisites
 
 To run this sample you will need:
 
 - [Java Development Kit (JDK)](https://openjdk.java.net/) 8 or greater, and [Maven](https://maven.apache.org/).
-- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/).
 
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
@@ -69,7 +66,7 @@ To run this sample you will need:
 >
 > For the code sample for this quickstart to work, you need to:
 >
-> 1. Add reply URLs as `https://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/me`.
+> 1. Add reply URLs as `https://localhost:8080/msal4jsample/secure/aad` and `https://localhost:8080/msal4jsample/graph/me`.
 > 1. Create a Client Secret.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
 > > [Make these changes for me]()
@@ -78,46 +75,65 @@ To run this sample you will need:
 > > ![Already configured](media/quickstart-v2-aspnet-webapp/green-check.png) Your application is configured with these attributes.
 
 #### Step 2: Download the code sample
+> [!div renderon="docs"]
+> [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
 
- [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
-
-#### Step 3: Configure the code sample
-
- 1. Extract the zip file to a local folder.
- 1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
- 1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
-
-    ```file
-    aad.clientId=Enter_the_Application_Id_here
-    aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/
-    aad.secretKey=Enter_the_Client_Secret_Here
-    aad.redirectUriSignin=https://localhost:8080/msal4jsample/secure/aad
-    aad.redirectUriGraph=https://localhost:8080/msal4jsample/graph/me
-    aad.msGraphEndpointHost="https://graph.microsoft.com/"
-    ```
-
-    > [!div renderon="docs"]
-    > Where:
-    >
-    > - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
-    > - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
-    > - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
-
- 1. To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
-
-   ```
-   Example:
-   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+> [!div class="sxs-lookup" renderon="portal"]
+> Download the project and extract the zip file to a local folder closer to the root folder - for example, **C:\Azure-Samples**
+> 
+> To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
+>
+>  ```
+>   Example:
+>   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+>
+>   server.ssl.key-store-type=PKCS12  
+>   server.ssl.key-store=classpath:keystore.p12  
+>   server.ssl.key-store-password=password  
+>   server.ssl.key-alias=testCert
+>   ```
+>   Put the generated keystore file in the "resources" folder.
+   
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
 
-   server.ssl.key-store-type=PKCS12  
-   server.ssl.key-store=classpath:keystore.p12  
-   server.ssl.key-store-password=password  
-   server.ssl.key-alias=testCert
-   ```
+> [!div renderon="docs"]
+> #### Step 3: Configure the code sample
+> 1. Extract the zip file to a local folder.
+> 1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
+> 1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
+>
+>    ```file
+>    aad.clientId=Enter_the_Application_Id_here
+>    aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/
+>    aad.secretKey=Enter_the_Client_Secret_Here
+>    aad.redirectUriSignin=https://localhost:8080/msal4jsample/secure/aad
+>    aad.redirectUriGraph=https://localhost:8080/msal4jsample/graph/me
+>    aad.msGraphEndpointHost="https://graph.microsoft.com/"
+>    ```
+> Where:
+>
+> - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
+> - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
+> - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
+> 1. To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
+>
+>  ```
+>   Example:
+>   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+>
+>   server.ssl.key-store-type=PKCS12  
+>   server.ssl.key-store=classpath:keystore.p12  
+>   server.ssl.key-store-password=password  
+>   server.ssl.key-alias=testCert
+>   ```
+>   Put the generated keystore file in the "resources" folder.
 
-   Put the generated keystore file in the "resources" folder.
 
-#### Step 4: Run the code sample
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 3: Run the code sample
+> [!div renderon="docs"]
+> #### Step 4: Run the code sample
 
 To run the project, you can either:
 
@@ -133,11 +149,16 @@ If you are running the web application from an IDE, click on run, then navigate
     - *Sign Out*: Signs the current user out of the application and redirects them to the home page.
     - *Show User Info*: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request containing the token, which returns basic information about the signed-in user.
 
+
+   
 > [!IMPORTANT]
 > This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see [Certificate credentials for application authentication](https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials).
 
 ## More information
 
+### How the sample works
+![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
+
 ### Getting MSAL
 
 MSAL for Java (MSAL4J) is the Java library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.

articles/active-directory/develop/quickstart-v2-javascript.md

@@ -25,9 +25,10 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 ## Prerequisites
 
 * Azure subscription - [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
-* [Node.js](https://nodejs.org/en/download/).
+* [Node.js](https://nodejs.org/en/download/)
 * [Visual Studio Code](https://code.visualstudio.com/download) (to edit project files)
 
+
 > [!div renderon="docs"]
 > ## Register and download your quickstart application
 > To start your quickstart application, use either of the following options.
@@ -70,38 +71,39 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 
 #### Step 2: Download the project
 
-Select the option that's suitable to your development environment:
+> [!div renderon="docs"]
+> To run the project with a web server by using Node.js, [download the core project files](https://github.com/Azure-Samples/active-directory-javascript-graphapi-v2/archive/quickstart.zip).
 
-* To run the project with a web server by using Node.js, [download the core project files](https://github.com/Azure-Samples/active-directory-javascript-graphapi-v2/archive/quickstart.zip). To open the files, use an editor such as [Visual Studio Code](https://code.visualstudio.com/).
+> [!div renderon="portal"]
+> Run the project with a web server by using Node.js
 
-#### Step 3: Configure your JavaScript app
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
 
 > [!div renderon="docs"]
+> #### Step 3: Configure your JavaScript app
+>
 > In the *JavaScriptSPA* folder, edit *authConfig.js*, and set the `clientID` and `authority` values under `msalConfig`.
+> ```javascript
+>
+>  // Config object to be passed to Msal on creation
+>  const msalConfig = {
+>    auth: {
+>      clientId: "Enter_the_Application_Id_Here",
+>      authority: "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
+>      redirectUri: "Enter_the_Redirect_Uri_Here",
+>    },
+>    cache: {
+>      cacheLocation: "sessionStorage", // This configures where your cache will be stored
+>      storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
+>      forceRefresh: false // Set this to "true" to skip a cached token and go to the server to get a new
+>    }
+>  };  
+> ```
 
-> [!div class="sxs-lookup" renderon="portal"]
-> In the *JavaScriptSPA* folder, edit *authConfig.js*, and replace `msalConfig` with the following code:
-
-```javascript
-
-  // Config object to be passed to Msal on creation
-  const msalConfig = {
-    auth: {
-      clientId: "Enter_the_Application_Id_Here",
-      authority: "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
-      redirectUri: "Enter_the_Redirect_Uri_Here",
-    },
-    cache: {
-      cacheLocation: "sessionStorage", // This configures where your cache will be stored
-      storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
-      forceRefresh: false // Set this to "true" to skip a cached token and go to the server to get a new
-    }
-  };  
-
-```
 > [!div renderon="portal"]
 > > [!NOTE]
-> > This quickstart supports Enter_the_Supported_Account_Info_Here.
+> > Enter_the_Supported_Account_Info_Here
 
 > [!div renderon="docs"]
 >
@@ -116,19 +118,22 @@ Select the option that's suitable to your development environment:
 > > [!TIP]
 > > To find the values of **Application (client) ID**, **Directory (tenant) ID**, and **Supported account types**, go to the app's **Overview** page in the Azure portal.
 >
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 3: Your app is configured and ready to run
+> We have configured your project with values of your app's properties. 
 
-#### Step 4: Run the project
+> [!div renderon="docs"]
+> #### Step 4: Run the project
 
-If you're using [Node.js](https://nodejs.org/en/download/):
+Run the project with a web server by using [Node.js](https://nodejs.org/en/download/):
 
 1. To start the server, run the following command from the project directory:
-
-   ```batch
-   npm install
-   npm start
-   ```
-
+    ```batch
+    npm install
+    npm start
+    ```
 1. Open a web browser and go to `http://localhost:3000/`.
+
 1. Select **Sign In** to start the sign-in, and then call Microsoft Graph API.
 
 After the browser loads the application, select **Sign In**. The first time that you sign in, you're prompted to provide your consent to allow the application to access your profile and to sign you in. After you're signed in successfully, your user profile information should be displayed on the page.

articles/active-directory/hybrid/reference-connect-accounts-permissions.md

@@ -50,11 +50,10 @@ In addition to these three accounts used to run Azure AD Connect, you will also
 > [!NOTE]
 > It is supported to manage the administrative accounts used in Azure AD Connect from an ESAE Administrative Forest (also know as "Red forest").
 > Dedicated administrative forests allow organizations to host administrative accounts, workstations, and groups in an environment that has stronger security controls than the production environment.
-> To learn more about dedicated administrative forests please refer to [ESAE Administrative Forest Design Approach](https://docs.microsoft.com/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#esae-administrative-forest-design-approach)
->>>>>>> e683a61b0ed62ae739941410f658a127534e2481
+> To learn more about dedicated administrative forests please refer to [ESAE Administrative Forest Design Approach](https://docs.microsoft.com/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#esae-administrative-forest-design-approach).
 
 > [!NOTE]
-> The Global Administrator role is not required after the initial setup and the only required account will be the **Directory Synchronization Accounts** role account. That does not necssarily mean that you will want to just remove the account with the Global Administrator role. It is better to change the role to a less powerful role, as totally removing the account may introduce issues if you ever need to re-run the wizard again. By reducing the privilege of the role you can always re-elevate the priviliges if you have to utilize the Azure AD Connect wizard again. 
+> The Global Administrator role is not required after the initial setup and the only required account will be the **Directory Synchronization Accounts** role account. That does not necessarily mean that you will want to just remove the account with the Global Administrator role. It is better to change the role to a less powerful role, as totally removing the account may introduce issues if you ever need to re-run the wizard again. By reducing the privilege of the role you can always re-elevate the privileges if you have to utilize the Azure AD Connect wizard again. 
 
 ## Installing Azure AD Connect
 The Azure AD Connect installation wizard offers two different paths:

articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md

@@ -127,9 +127,9 @@ There's no restriction on the certificate signature methods. Elliptic Curve Cryp
 
 You can use wildcard certificates as long as the wildcard matches the external URL. You must use wildcard certificates for [wildcard applications](application-proxy-wildcard.md). If you want to use the certificate to also access subdomains, you must add the subdomain wildcards as subject alternative names in the same certificate. For example, a certificate for *\*.adventure-works.com* won't work for *\*.apps.adventure-works.com* unless you add *\*.apps.adventure-works.com* as a subject alternative name. 
 
-You can use certificates issued by your own public key infrastructure (PKI) if the certificate chain is installed on your client devices. Intune can deploy these certificates to managed devices. For non-managed devices, you must manually install these certificates.
+You can use certificates issued by your own public key infrastructure (PKI) if the certificate chain is installed on your client devices. Intune can deploy these certificates to managed devices. For non-managed devices, you must manually install these certificates. 
 
-It's not a good idea to use a private root CA. The private root CA would also need to be pushed to client machines, which introduces many challenges. 
+We do not recommend using a private root CA since the private root CA would also need to be pushed to client machines, which may introduce many challenges.
 
 ### Certificate management