Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: ChJenk

.openpublishing.redirection.json

@@ -245,6 +245,12 @@
       "redirect_url": "/azure/site-recovery/vmware-physical-mobility-service-overview#install-mobility-agent-through-ui",
       "redirect_document_id": false
     },
+
+    {
+      "source_path": "articles/site-recovery/scvmm-site-recovery-deprecation.md",
+      "redirect_url": "/azure/site-recovery/site-to-site-deprecation",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/machine-learning/service/quickstart-get-started.md",
       "redirect_url": "/azure/machine-learning/service/quickstart-run-cloud-notebook",
@@ -520,11 +526,16 @@
       "redirect_url": "/azure/machine-learning",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-how-to-add-example-utterances.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-how-to-add-entities",
+      "redirect_document_id": false
+    },  
     {
       "source_path": "articles/cognitive-services/LUIS/luis-tutorial-prebuilt-intents-entities.md",
       "redirect_url": "/azure/cognitive-services/LUIS/tutorial-machine-learned-entity",
       "redirect_document_id": false
-    },       
+    },
     {
       "source_path": "articles/cognitive-services/LUIS/luis-quickstart-intents-only.md",
       "redirect_url": "/azure/cognitive-services/LUIS/tutorial-intents-only",
@@ -43604,6 +43615,43 @@
       "redirect_document_id": false
     },
     {
+      "source_path": "articles/load-balancer/load-balancer-outbound-connections-classic.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-outbound-connections-classic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-multivip.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-multivip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-ilb-classic-cloud.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-ilb-classic-cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-ilb-classic-ps.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-ilb-classic-ps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-ilb-classic-cli.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-ilb-classic-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-internet-classic-ps.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-internet-classic-ps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-internet-classic-cloud.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-internet-classic-cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-get-started-internet-classic-cli.md",
+      "redirect_url": "/previous-versions/azure/load-balancer/load-balancer-get-started-internet-classic-cli",
       "source_path": "articles/cognitive-services/translator/how-to-install-containers.md",
       "redirect_url": "/azure/cognitive-services/translator/translator-info-overview",
       "redirect_document_id": false

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -214,6 +214,8 @@ Settings for app passwords, trusted IPs, verification options, and remember mult
 
 ![Azure Multi-Factor Authentication service settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-service-settings.png)
 
+The trusted IP address ranges can be private or public.
+
 ## App passwords
 
 Some applications, like Office 2010 or earlier and Apple Mail before iOS 11, don't support two-step verification. The apps aren't configured to accept a second verification. To use these applications, take advantage of the _app passwords_ feature. You can use an app password in place of your traditional password to allow an app to bypass two-step verification and continue working.

articles/active-directory/authentication/howto-mfa-reporting.md

@@ -21,16 +21,16 @@ Azure Multi-Factor Authentication provides several reports that can be used by y
 
 | Report | Location | Description |
 |:--- |:--- |:--- |
-| Blocked User History | Azure AD > MFA Server > Block/unblock users | Shows the history of requests to block or unblock users. |
+| Blocked User History | Azure AD > Security > MFA > Block/unblock users | Shows the history of requests to block or unblock users. |
 | Usage and fraud alerts | Azure AD > Sign-ins | Provides information on overall usage, user summary, and user details; as well as a history of fraud alerts submitted during the date range specified. |
-| Usage for on-premises components | Azure AD > MFA Server > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
-| Bypassed User History | Azure AD > MFA Server > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
-| Server status | Azure AD > MFA Server > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
+| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
+| Bypassed User History | Azure AD > Security > MFA > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
+| Server status | Azure AD > Security > MFA > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
 
 ## View MFA reports
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **MFA Server**.
+2. On the left, select **Azure Active Directory** > **Security** > **MFA**.
 3. Select the report that you wish to view.
 
    ![MFA Server server status report in the Azure portal](./media/howto-mfa-reporting/report.png)

articles/active-directory/authentication/howto-sspr-writeback.md

@@ -96,7 +96,7 @@ To set up the appropriate permissions for password writeback to occur, complete
     * **Write pwdLastSet**
 9. Select **Apply/OK** to apply the changes and exit any open dialog boxes.
 
-Since the source of authority is on premises, the password complexity policies apply from the same connected data source. Make sure you've changed the existing group policies for "Minimum Password Length". The group policy shouldn't be set to 1, which means password should be at least a day old before it can be updated. You need make sure it's set to 0. These settings can be found in `gpmc.msc` under **Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies**. Run `gpupdate /force` to ensure that the change takes effect. 
+Since the source of authority is on premises, the password complexity policies apply from the same connected data source. Make sure you've changed the existing group policies for "Minimum password age". The group policy shouldn't be set to 1, which means password should be at least a day old before it can be updated. You need make sure it's set to 0. These settings can be found in `gpmc.msc` under **Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies**. Run `gpupdate /force` to ensure that the change takes effect. 
 
 ## Next steps
 

articles/active-directory/b2b/troubleshoot.md

@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: troubleshooting
-ms.date: 05/25/2017
+ms.date: 11/12/2019
 tags: active-directory
 ms.author: mimart
 author: v-miegge
@@ -90,6 +90,10 @@ To resolve this problem, you must take over the abandoned tenant. Refer to  [Tak
 
 If the identity tenant is a just-in-time (JIT) or viral tenant (meaning it's a separate, unmanaged Azure tenant), only the guest user can reset their password. Sometimes an organization will [take over management of viral tenants](https://docs.microsoft.com/azure/active-directory/users-groups-roles/domains-admin-takeover) that are created when employees use their work email addresses to sign up for services. After the organization takes over a viral tenant, only an administrator in that organization can reset the user's password or enable SSPR. If necessary, as the inviting organization, you can remove the guest user account from your directory and resend an invitation.
 
+## A guest user is unable to use the AzureAD PowerShell V1 module
+
+As of November 18, 2019, guest users in your directory (defined as user accounts where the **userType** property equals **Guest**) are blocked from using the AzureAD PowerShell V1 module. Going forward, a user will need to either be a member user (where **userType** equals **Member**) or use the AzureAD PowerShell V2 module.
+
 ## Next steps
 
 [Get support for B2B collaboration](get-support.md)

articles/active-directory/develop/TOC.yml

@@ -392,9 +392,9 @@
         href: active-directory-configurable-token-lifetimes.md
     - name: Application configuration
       items:
-      - name: Azure portal app registrations training guide (legacy)
+      - name: Transitioning from App registrations (Legacy) to the new App registrations experience in the Azure portal
         href: app-registrations-training-guide-for-app-registrations-legacy-users.md
-      - name: Application Registration Portal app registration guide
+      - name: Transitioning from Application Registration Portal to the new App registrations experience in the Azure portal
         href: app-registration-portal-training-guide.md
       - name: Convert a single-tenant app to a multi-tenant app
         href: howto-convert-app-to-be-multi-tenant.md

articles/active-directory/develop/active-directory-configurable-token-lifetimes.md

@@ -49,11 +49,11 @@ Clients use access tokens to access a protected resource. An access token can be
 
 ### SAML tokens
 
-SAML tokens are used by many web based SAAS applications, and are obtained using Azure Active Directory's SAML2 protocol endpoint.  They are also consumed by applications using WS-Federation.    The default lifetime of the token is 1 hour. After  From and applications perspective the validity period of the token is specified by the NotOnOrAfter value of the <conditions …>    element in the token.  After the token validity period the client must initiate a new authentication request, which will often be satisfied without interactive sign in as a result of the Single Sign On (SSO) Session token.
+SAML tokens are used by many web based SAAS applications, and are obtained using Azure Active Directory's SAML2 protocol endpoint. They are also consumed by applications using WS-Federation. The default lifetime of the token is 1 hour. From an application's perspective, the validity period of the token is specified by the NotOnOrAfter value of the `<conditions …>` element in the token. After the validity period of the token has ended, the client must initiate a new authentication request, which will often be satisfied without interactive sign in as a result of the Single Sign On (SSO) Session token.
 
-The value of NotOnOrAfter can be changed using the AccessTokenLifetime parameter in a TokenLifetimePolicy.  It will be set to the lifetime configured in the policy if any, plus a clock skew factor of five minutes.
+The value of NotOnOrAfter can be changed using the `AccessTokenLifetime` parameter in a `TokenLifetimePolicy`. It will be set to the lifetime configured in the policy if any, plus a clock skew factor of five minutes.
 
-Note that the subject confirmation NotOnOrAfter specified in the <SubjectConfirmationData> element is not affected by the Token Lifetime configuration. 
+Note that the subject confirmation NotOnOrAfter specified in the `<SubjectConfirmationData>` element is not affected by the Token Lifetime configuration. 
 
 ### Refresh tokens
 

articles/active-directory/develop/active-directory-saml-claims-customization.md

@@ -60,6 +60,7 @@ From the **Choose name identifier format** dropdown, you can select one of the f
 | **Persistent** | Azure AD will use Persistent as the NameID format. |
 | **EmailAddress** | Azure AD will use EmailAddress as the NameID format. |
 | **Unspecified** | Azure AD will use Unspecified as the NameID format. |
+| **Windows domain qualified name** | Azure AD will use WindowsDomainQualifiedName as the NameID format. |
 
 Transient NameID is also supported, but is not available in the dropdown and cannot be configured on Azure's side. To learn more about the NameIDPolicy attribute, see [Single Sign-On SAML protocol](single-sign-on-saml-protocol.md).
 

articles/active-directory/develop/app-registration-portal-training-guide.md

@@ -1,6 +1,7 @@
 ---
-title: Application Registration Portal app registrations training guide - Microsoft identity platform | Azure
-description: App registrations in the Azure portal for users familiar with Application registration portal
+title: Transitioning from Application Registration Portal to the new App registrations experience in the Azure portal
+titleSuffix: Microsoft identity platform
+description: An introduction to the new App registration experience in the Azure portal
 services: active-directory
 documentationcenter: ''
 author: archieag
@@ -20,7 +21,7 @@ ms.custom: aaddev
 ms.collection: M365-identity-device-management
 ---
 
-# Training guide: Using App registrations in the Azure portal instead of Application Registration Portal
+# Transitioning from Application Registration Portal to the new App registrations experience in the Azure portal
 
 There are many improvements in the new [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience in the Azure portal. If you're more familiar with the Application registration portal (apps.dev.microsoft.com) experience for registering or managing converged applications, referred to as the old experience, this training guide will get you started using the new experience.
 
@@ -113,15 +114,15 @@ separate pages. Here's where you can find the equivalent functionality:
 
 -   Advanced option - Live SDK support is on the Authentication page.
 
-## Application Secrets/Certificates & secrets
+## Application secrets/Certificates & secrets
 
 In the new experience, **Application secrets** have been renamed to
 **Certificates & secrets**. In addition, **Public keys** are referred to as
 **Certificates** and **Passwords** are referred to as **Client secrets**. We
 chose to not bring this functionality along in the new experience for
 security reasons, hence, you can no longer generate a new key pair.
 
-## Platforms/Authentication - Reply URLs/Redirect URIs
+## Platforms/Authentication: Reply URLs/redirect URIs
 In the old experience, an app had Platforms section for Web, native, and
 Web API to configure Redirect URLs, Logout URL and Implicit flow.
 
@@ -138,7 +139,7 @@ Web APIs are configured in Expose an API page.
 configure settings for your application based on the platform or device
 that you want to target. [Learn more](quickstart-configure-app-access-web-apis.md#configure-platform-settings-for-your-application)
 
-## Microsoft Graph Permissions/API permissions
+## Microsoft Graph permissions/API permissions
 
 -   When selecting an API in the old experience, you could choose from
     Microsoft Graph APIs only. In the new experience, you can choose
@@ -172,7 +173,7 @@ the manifest editor or the API, or didn't exist.
 
 -   Implicit grant flow (oauth2AllowImplicitFlow) can be found on the
     Authentication page. Unlike the old experience, you can enable
-    access tokens or id tokens, or both.
+    access tokens or ID tokens, or both.
 
 -   Scopes defined by this API (oauth2Permissions) and Authorized client
     applications (preAuthorizedApplications) can be configured through
@@ -202,4 +203,4 @@ The new experience has the following limitations:
     between Azure AD single-tenant and multi-tenant.
 
    > [!NOTE]
-   > If you're a personal Microsoft account user in Azure AD tenant, and the tenant admin has restricted access to Azure portal, you may get an access denied. However, if you come through the shortcut by typing App registrations in the search bar or pinning it, you'll be able to access the new experience.
+   > If you're a personal Microsoft account user in Azure AD tenant, and the tenant admin has restricted access to Azure portal, you may get an access denied. However, if you come through the shortcut by typing App registrations in the search bar or pinning it, you'll be able to access the new experience.

articles/active-directory/manage-apps/application-proxy-configure-cookie-settings.md

@@ -29,9 +29,9 @@ Azure Active Directory (Azure AD) has access and session cookies for accessing o
 | Use Persistent Cookie | **No** | **Yes** allows Application Proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies. | Use **No** because of the security risk associated with keeping users authenticated.<br></br><br></br>We suggest only using **Yes** for older applications that can't share cookies between processes. It's better to update your application to handle sharing cookies between processes instead of using persistent cookies. For example, you might need persistent cookies to allow a user to open Office documents in explorer view from a SharePoint site. Without persistent cookies, this operation might fail if the access cookies aren't shared between the browser, the explorer process, and the Office process. |
 
 ## SameSite Cookies
-Starting in version [Chrome 80](https://support.google.com/chrome/a/answer/7679408?hl=en) and eventually in browsers leveraging [Chromium](https://blog.chromium.org/2019/10/developers-get-ready-for-new.html), cookies that do not specify the [SameSite](https://web.dev/samesite-cookies-explained) attribute will be treated as if they were set to **SameSite=Lax**. The SameSite attribute declares how cookies should be restricted to a same-site context. When set to Lax, the cookie is only to sent to same-site requests or top-level navigation. However, Application Proxy requires these cookies to be preserved in the third-party context in order to keep users properly signed in during their session. Due to this, we are making updates to the Application Proxy access and session cookies to avoid adverse impact from this change. The updates include:
+Starting in version Chrome 80 and eventually in browsers leveraging Chromium, cookies that do not specify the [SameSite](https://web.dev/samesite-cookies-explained) attribute will be treated as if they were set to **SameSite=Lax**. The SameSite attribute declares how cookies should be restricted to a same-site context. When set to Lax, the cookie is only to sent to same-site requests or top-level navigation. However, Application Proxy requires these cookies to be preserved in the third-party context in order to keep users properly signed in during their session. Due to this, we are making updates to the Application Proxy access and session cookies to avoid adverse impact from this change. The updates include:
 
-* Setting the **SameSite** attribute to **None**- This allows Application Proxy access and sessions cookies to be properly sent in the third-party context.
+* Setting the **SameSite** attribute to **None**. This allows Application Proxy access and sessions cookies to be properly sent in the third-party context.
 * Setting the **Use Secure Cookie** setting to use **Yes** as the default. Chrome also requires the cookies to specify the Secure flag or it will be rejected. This change will apply to all existing applications published through Application Proxy. Note that Application Proxy access cookies have always been set to Secure and only transmitted over HTTPS. This change will only apply to the session cookies.
 
 These changes to Application Proxy cookies will roll out over the course of the next several weeks before the Chrome 80 release date.