Merge pull request #101167 from MicrosoftDocs/master

1/14 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -139,6 +139,6 @@ In this article, you used the Azure portal to configure and deploy resources usi
 [create-azure-ad-tenant]: ../active-directory/fundamentals/sign-up-organization.md
 [associate-azure-ad-tenant]: ../active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md
 [create-azure-ad-ds-instance]: tutorial-create-instance.md
-[template-overview]: ../azure-resource-manager/template-deployment-overview.md
-[deploy-powershell]: ../azure-resource-manager/resource-group-template-deploy.md
-[deploy-cli]: ../azure-resource-manager/resource-group-template-deploy-cli.md
+[template-overview]: ../azure-resource-manager/templates/overview.md
+[deploy-powershell]: ../azure-resource-manager/templates/deploy-powershell.md
+[deploy-cli]: ../azure-resource-manager/templates/deploy-cli.md

articles/active-directory-domain-services/join-windows-vm-template.md

@@ -52,7 +52,7 @@ In this example deployment scenario, the Contoso Azure AD DS managed domain is e
 The following two options resolve the mismatched directory error:
 
 * [Delete the Azure AD DS managed domain](delete-aadds.md) from your existing Azure AD directory. [Create a replacement Azure AD DS managed domain](tutorial-create-instance.md) in the same Azure AD directory as the virtual network you wish to use. When ready, join all machines previously joined to the deleted domain to the recreated managed domain.
-* [Move the Azure subscription](../billing/billing-subscription-transfer.md) containing the virtual network to the same Azure AD directory as the Azure AD DS managed domain.
+* [Move the Azure subscription](../cost-management-billing/manage/billing-subscription-transfer.md) containing the virtual network to the same Azure AD directory as the Azure AD DS managed domain.
 
 ## Next steps
 

articles/active-directory-domain-services/mismatched-tenant-error.md

@@ -122,7 +122,7 @@ To enable Azure AD DS security audit events using Azure PowerShell, complete the
 
 1. Create the target resource for the security audit events.
 
-    * **Azure storage** - [Create a storage account using Azure PowerShell](../storage/common/storage-quickstart-create-account.md?tabs=azure-powershell)
+    * **Azure storage** - [Create a storage account using Azure PowerShell](../storage/common/storage-account-create.md?tabs=azure-powershell)
     * **Azure event hubs** - [Create an event hub using Azure PowerShell](../event-hubs/event-hubs-quickstart-powershell.md). You may also need to use the [New-AzEventHubAuthorizationRule](/powershell/module/az.eventhub/new-azeventhubauthorizationrule) cmdlet to create an authorization rule that grants Azure AD DS permissions to the event hub *namespace*. The authorization rule must include the **Manage**, **Listen**, and **Send** rights.
 
         > [!IMPORTANT]

articles/active-directory-domain-services/security-audit-events.md

@@ -88,7 +88,7 @@ The Azure AD DS managed domain's health automatically updates itself within two
 
 Azure AD DS requires an active subscription, and can't be moved to a different subscription. If the Azure subscription that the Azure AD DS managed domain was associated with is deleted, you must recreate an Azure subscription and Azure AD DS managed domain.
 
-1. [Create an Azure subscription](../billing/billing-create-subscription.md).
+1. [Create an Azure subscription](../cost-management-billing/manage/create-subscription.md).
 1. [Delete the Azure AD DS managed domain](delete-aadds.md) from your existing Azure AD directory.
 1. [Create a replacement Azure AD DS managed domain](tutorial-create-instance.md).
 

articles/active-directory-domain-services/troubleshoot-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: Azure MFA versions and consumption plans - Azure Active Directory
-description: Information about the Multi-factor Authentication client and the different methods and versions available. 
+description: Information about the Multi-factor Authentication client and the different methods and versions available.
 
 services: multi-factor-authentication
 ms.service: active-directory
@@ -28,7 +28,7 @@ The following table describes the differences between versions of multi-factor a
 
 | Version | Description |
 | --- | --- |
-| Free option | Customers who are utilizing the free benefits of Azure AD can use [security defaults](../conditional-access/concept-conditional-access-security-defaults.md) to enable multi-factor authentication in their environment. |
+| Free option | Customers who are utilizing the free benefits of Azure AD can use [security defaults](../fundamentals/concept-fundamentals-security-defaults.md) to enable multi-factor authentication in their environment. |
 | Multi-Factor Authentication for Office 365 | This version is managed from the Office 365 or Microsoft 365 portal. Administrators can [secure Office 365 resources with two-step verification](https://support.office.com/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6). This version is part of an Office 365 subscription. |
 | Multi-Factor Authentication for Azure AD Administrators | Users assigned the Azure AD Global Administrator role in Azure AD tenants can enable two-step verification at no additional cost. |
 | Azure Multi-Factor Authentication | Often referred to as the "full" version, Azure Multi-Factor Authentication offers the richest set of capabilities. It provides additional configuration options via the [Azure portal](https://portal.azure.com), advanced reporting, and support for a range of on-premises and cloud applications. Azure Multi-Factor Authentication is a feature of [Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory-features) and [Microsoft 365 Business](https://www.microsoft.com/microsoft-365/business). |
@@ -44,7 +44,7 @@ The following table provides a list of the features that are available in the va
 > This comparison table discusses the features that are part of each version of Multi-Factor Authentication. If you have the full Azure Multi-Factor Authentication service, some features may not be available depending on whether you use [MFA in the cloud or MFA on-premises](concept-mfa-whichversion.md).
 >
 
-| Feature | Multi-Factor Authentication for Office 365 | Multi-Factor Authentication for Azure AD Administrators | Azure Multi-Factor Authentication | Security defaults | 
+| Feature | Multi-Factor Authentication for Office 365 | Multi-Factor Authentication for Azure AD Administrators | Azure Multi-Factor Authentication | Security defaults |
 | --- |:---:|:---:|:---:|:---:|
 | Protect Azure AD admin accounts with MFA |● |● (Azure AD Global Administrator accounts only) |● |● |
 | Mobile app as a second factor |● |● |● |● |

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 12/10/2019
+ms.date: 01/14/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -30,15 +30,17 @@ More information about emergency access accounts and why they are important can
 
 ## Typical policies deployed by organizations
 
-* [Require MFA for administrators](howto-conditional-access-policy-admin-mfa.md)
-* [Require MFA for Azure management](howto-conditional-access-policy-azure-management.md)
-* [Require MFA for all users](howto-conditional-access-policy-all-users-mfa.md)
-* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)
+* [Require MFA for administrators](howto-conditional-access-policy-admin-mfa.md)\*
+* [Require MFA for Azure management](howto-conditional-access-policy-azure-management.md)\*
+* [Require MFA for all users](howto-conditional-access-policy-all-users-mfa.md)\*
+* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)\*
 * [Risk-based Conditional Access (Requires Azure AD Premium P2)](howto-conditional-access-policy-risk.md)
 * [Require trusted location for MFA registration](howto-conditional-access-policy-registration.md)
 * [Block access by location](howto-conditional-access-policy-location.md)
 * [Require compliant device](howto-conditional-access-policy-compliant-device.md)
 
+\* These four policies when configured together, would mimic functionality enabled by [security defaults](../fundamentals/concept-fundamentals-security-defaults.md).
+
 ## Next steps
 
 - [Simulate sign in behavior using the Conditional Access What If tool.](troubleshoot-conditional-access-what-if.md)

articles/active-directory/conditional-access/concept-conditional-access-policy-common.md

@@ -60,7 +60,7 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 
 > [!div class="sxs-lookup" renderon="portal"]
 > #### Step 1: Configure your application in the Azure portal
-> For the code sample for this quickstart to work, you need to add a redirect URI as `http://localhost:30662/` and enable **Implicit grant**.
+> For the code sample for this quickstart to work, you need to add a `redirectUri` as `http://localhost:30662/` and enable **Implicit grant**.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
 > > [Make these changes for me]()
 >
@@ -166,7 +166,7 @@ var msalConfig = {
     auth: {
         clientId: "Enter_the_Application_Id_here",
         authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
-        redirectURI: "http://localhost:30662/"
+        redirectUri: "http://localhost:30662/"
     },
     cache: {
         cacheLocation: "localStorage",
@@ -181,7 +181,7 @@ var myMSALObj = new Msal.UserAgentApplication(msalConfig);
 > |---------|---------|
 > |`clientId`     | The application ID of the application that's registered in the Azure portal.|
 > |`authority`    | (Optional) The authority URL that supports account types, as described previously in the configuration section. The default authority is `https://login.microsoftonline.com/common`. |
-> |`redirectURI`     | The application registration's configured reply/redirect URI. In this case, `http://localhost:30662/`. |
+> |`redirectUri`     | The application registration's configured reply/redirectUri. In this case, `http://localhost:30662/`. |
 > |`cacheLocation`  | (Optional) Sets the browser storage for the auth state. The default is sessionStorage.   |
 > |`storeAuthStateInCookie`  | (Optional) The library that stores the authentication request state that's required for validation of the authentication flows in the browser cookies. This cookie is set for IE and Edge browsers to mitigate certain [known issues](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Known-issues-on-IE-and-Edge-Browser#issues). |
 

articles/active-directory/develop/quickstart-v2-javascript.md

@@ -75,7 +75,7 @@ Use **Switch directory** to go to your new directory. It can take several hours
 
 ![Directory switcher page, with sample information](media/active-directory-how-subscriptions-associated-directory/directory-switcher.png)
 
-Changing the subscription directory is a service-level operation, so it doesn't affect subscription billing ownership. The Account Admin can still change the Service Admin from the [Account Center](https://account.azure.com/subscriptions). To delete the original directory, you must transfer the subscription billing ownership to a new Account Admin. To learn more about transferring billing ownership, see [Transfer ownership of an Azure subscription to another account](../../billing/billing-subscription-transfer.md).
+Changing the subscription directory is a service-level operation, so it doesn't affect subscription billing ownership. The Account Admin can still change the Service Admin from the [Account Center](https://account.azure.com/subscriptions). To delete the original directory, you must transfer the subscription billing ownership to a new Account Admin. To learn more about transferring billing ownership, see [Transfer ownership of an Azure subscription to another account](../../cost-management-billing/manage/billing-subscription-transfer.md).
 
 ## Post-association steps
 

articles/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 12/06/2019
+ms.date: 01/14/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -25,7 +25,10 @@ Microsoft is making security defaults available to everyone. The goal is to ensu
 
 ![Screenshot of the Azure portal with the toggle to enable security defaults](./media/concept-fundamentals-security-defaults/security-defaults-azure-ad-portal.png)
 
-The following security configurations will be turned on in your tenant. 
+> [!TIP]
+> If your tenant was created on or after October 22nd, 2019, it’s possible you are experiencing the new secure-by-default behavior and already have security defaults enabled in your tenant. In an effort to protect all of our users, security defaults is being rolled out to all new tenants created.
+
+More details on why security defaults are being made available can be found in Alex Weinert's blog post, [Introducing security defaults](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414).
 
 ## Unified Multi-Factor Authentication registration