MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 31 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 31 additions & 1 deletion
diff --git a/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md
Lines changed: 2 additions & 0 deletions b/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.md
Lines changed: 8 additions & 0 deletions b/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.md
Lines changed: 8 additions & 0 deletions
diff --git a/‎articles/active-directory/develop/scenario-spa-app-configuration.md
Lines changed: 9 additions & 9 deletions b/‎articles/active-directory/develop/scenario-spa-app-configuration.md
Lines changed: 9 additions & 9 deletions
diff --git a/‎articles/active-directory/governance/deploy-access-reviews.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/governance/deploy-access-reviews.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/hybrid/how-to-connect-health-agent-install.md
Lines changed: 1 addition & 2 deletions b/‎articles/active-directory/hybrid/how-to-connect-health-agent-install.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎articles/active-directory/manage-apps/access-panel-deployment-plan.md
Lines changed: 9 additions & 5 deletions b/‎articles/active-directory/manage-apps/access-panel-deployment-plan.md
Lines changed: 9 additions & 5 deletions
@@ -17333,6 +17333,16 @@
       "redirect_url": "/azure/machine-learning/samples-designer",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/studio/what-is-ml-studio.md",
+      "redirect_url": "/azure/machine-learning/overview-what-is-machine-learning-studio#ml-studio-classic-vs-azure-machine-learning-studio",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/compare-azure-ml-to-studio-classic.md",
+      "redirect_url": "/azure/machine-learning/overview-what-is-machine-learning-studio#ml-studio-classic-vs-azure-machine-learning-studio",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/log-analytics/log-analytics-add-solutions.md",
       "redirect_url": "/azure/monitoring/monitoring-solutions",
@@ -37194,9 +37204,19 @@
     },
     {
       "source_path": "articles/active-directory/active-directory-saas-ie-group-policy.md",
-      "redirect_url": "/azure/active-directory/manage-apps/deploy-access-panel-browser-extension",
+      "redirect_url": "/azure/active-directory/manage-apps/access-panel-deployment-plan",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/active-directory/manage-apps/deploy-access-panel-browser-extension.md",
+      "redirect_url": "/azure/active-directory/manage-apps/access-panel-deployment-plan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/manage-apps/access-panel-extension-problem-installing.md",
+      "redirect_url": "/azure/active-directory/manage-apps/access-panel-deployment-plan",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory/active-directory-saas-ie-troubleshooting.md",
       "redirect_url": "/azure/active-directory/manage-apps/manage-access-panel-browser-extension",
@@ -42493,6 +42513,16 @@
       "redirect_url": "/azure/azure-monitor/platform/resource-logs-blob-format",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-monitor/platform/log-analytics-agent.md#supported-linux-operating-systems",
+      "redirect_url": "/azure/azure-monitor/platform/agent-linux#supported-operating-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/platform/log-analytics-agent.md#supported-windows-operating-systems",
+      "redirect_url": "/azure/azure-monitor/platform/agent-windows#supported-operating-system",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-monitor/platform/template-workspace-configuration.md",
       "redirect_url": "/azure/azure-monitor/samples/resource-manager-workspace",
 
@@ -47,6 +47,8 @@ It's also possible for stronger password validation to affect your existing Acti
 
 After the feature has been running in audit mode for a reasonable period, you can switch the configuration from *Audit* to *Enforce* to require more secure passwords. Additional monitoring during this time is a good idea.
 
+It is important to note that Azure AD Password Protection can only validate passwords during password change or set operations. Passwords that were accepted and stored in Active Directory prior to the deployment of Azure AD Password Protection will never be validated and will continue working as-is. Over time, all users and accounts will eventually start using Azure AD Password Protection-validated passwords as their existing passwords expire normally. Accounts configured with "password never expires" are exempt from this.
+
 ### Multiple forest considerations
 
 There are no additional requirements to deploy Azure AD Password Protection across multiple forests.
 
@@ -45,6 +45,14 @@ A password set (sometimes called a password reset) is when an administrator repl
 
 The password validation policy behaves the same regardless of whether a password change or set is being done. The Azure AD Password Protection DC Agent service does log different events to inform you whether a password change or set operation was done.  See [Azure AD Password Protection monitoring and logging](./howto-password-ban-bad-on-premises-monitor.md).
 
+**Q: Does Azure AD Password Protection validate existing passwords after being installed?**
+
+No - Azure AD Password Protection can only enforce password policy on cleartext passwords during a password change or set operation. Once a password is accepted by Active Directory, only authentication-protocol-specific hashes of that password are persisted. The clear-text password is never persisted, therefore Azure AD Password Protection cannot validate existing passwords.
+
+After initial deployment of Azure AD Password Protection, all users and accounts will eventually start using an Azure AD Password Protection-validated password as their existing passwords expire normally over time. If desired, this process can be accelerated by a one-time manual expiration of user account passwords.
+
+Accounts configured with "password never expires" will never be forced to change their password unless manual expiration is done.
+
 **Q: Why are duplicated password rejection events logged when attempting to set a weak password using the Active Directory Users and Computers management snap-in?**
 
 The Active Directory Users and Computers management snap-in will first try to set the new password using the Kerberos protocol. Upon failure, the snap-in will make a second attempt to set the password using a legacy (SAM RPC) protocol (the specific protocols used are not important). If the new password is considered weak by Azure AD Password Protection, this snap-in behavior will result in two sets of password reset rejection events being logged.
 
@@ -19,14 +19,15 @@ ms.custom: aaddev
 
 Learn how to configure the code for your single-page application (SPA).
 
-## MSAL libraries that support implicit flow
+## MSAL libraries for SPAs and supported authentication flows
 
-The Microsoft identity platform provides the following Microsoft Authentication Library (MSAL) libraries to support implicit flow by using industry-recommended security practices:
+The Microsoft identity platform provides the following Microsoft Authentication Library for JavaScript (MSAL.js) to support implicit flow and authorization code flow with PKCE by using industry-recommended security practices:
 
-| MSAL library | Description |
-|--------------|--------------|
-| ![MSAL.js](media/sample-v2-code/logo_js.png) <br/> [MSAL.js](https://github.com/AzureAD/microsoft-authentication-library-for-js)  | Plain JavaScript library for use in any client-side web app that's built through JavaScript or SPA frameworks such as Angular, Vue.js, and React.js. |
-| ![MSAL Angular](media/sample-v2-code/logo_angular.png) <br/> [MSAL Angular](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular/README.md) | Wrapper of the core MSAL.js library to simplify use in single-page apps that are built through the Angular framework. |
+| MSAL library | Flow | Description |
+|--------------|------|-------------|
+| ![MSAL.js](media/sample-v2-code/logo_js.png) <br/> [MSAL.js (2.x)](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser) | Authorization code flow (PKCE) | Plain JavaScript library for use in any client-side web app that's built through JavaScript or SPA frameworks such as Angular, Vue.js, and React.js. |
+| ![MSAL.js](media/sample-v2-code/logo_js.png) <br/> [MSAL.js (1.x)](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-core) | Implicit flow | Plain JavaScript library for use in any client-side web app that's built through JavaScript or SPA frameworks such as Angular, Vue.js, and React.js. |
+| ![MSAL Angular](media/sample-v2-code/logo_angular.png) <br/> [MSAL Angular](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular/README.md) | Implicit flow | Wrapper of the core MSAL.js library to simplify use in single-page apps that are built through the Angular framework. |
 
 ## Application code configuration
 
@@ -38,10 +39,9 @@ In an MSAL library, the application registration information is passed as config
 // Configuration object constructed.
 const config = {
     auth: {
-        clientId: 'your_app_id',
-        redirectUri: "your_app_redirect_uri" //defaults to application start page
+        clientId: 'your_client_id'
     }
-}
+};
 
 // create UserAgentApplication instance
 const userAgentApplication = new UserAgentApplication(config);
 
@@ -181,7 +181,7 @@ Typical targets for review include:
 
 * Group [membership](../fundamentals/active-directory-manage-groups.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) (synchronized to Azure AD, or created in Azure AD or Office 365, including Microsoft Teams).
 
-* [Access Package](/entitlement-management-overview.md) that group resources (groups, apps, and sites) into a single package to manage access.
+* [Access Package](/azure/active-directory/governance/entitlement-management-overview) that group resources (groups, apps, and sites) into a single package to manage access.
 
 * [Azure AD roles and Azure Resource roles](../privileged-identity-management/pim-resource-roles-assign-roles.md) as defined in Privileged Identity Management.
 
@@ -421,7 +421,7 @@ To reduce the risk of stale access, administrators can enable periodic reviews o
 | How-to articles| Description |
 | - | - |
 | [Create Access Reviews](entitlement-management-access-reviews-create.md)| Enable reviews of Access Package. |
-| [Perform Access Reviews](/entitlement-management-access-reviews-review-access.md)| Perform access reviews for other users that are assigned to an Access Package. |
+| [Perform Access Reviews](entitlement-management-access-reviews-review-access.md)| Perform access reviews for other users that are assigned to an Access Package. |
 | [Self-review assigned Access Package(s)](entitlement-management-access-reviews-self-review.md)| Self-review of assigned Access Package(s) |
 
 
 
@@ -36,7 +36,7 @@ The following table is a list of requirements for using Azure AD Connect Health.
 | TLS Inspection for outbound traffic is filtered or disabled | The agent registration step or data upload operations may fail if there is TLS inspection or termination for outbound traffic at the network layer. Read more about [how to setup TLS inspection](https://technet.microsoft.com/library/ee796230.aspx) |
 | Firewall ports on the server running the agent |The agent requires the following firewall ports to be open in order for the agent to communicate with the Azure AD Health service endpoints.<br /><br /><li>TCP port 443</li><li>TCP port 5671</li> <br />Note that port 5671 is no longer required for the latest version of agent. Upgrade to the latest version so only port 443 is required. Read more about [enable firewall ports](https://technet.microsoft.com/library/ms345310(v=sql.100).aspx) |
 | Allow the following websites if IE Enhanced Security is enabled |If IE Enhanced Security is enabled, then the following websites must be allowed on the server that is going to have the agent installed.<br /><br /><li>https:\//login.microsoftonline.com</li><li>https:\//secure.aadcdn.microsoftonline-p.com</li><li>https:\//login.windows.net</li><li>https:\//aadcdn.msftauth.net</li><li>The federation server for your organization trusted by Azure Active Directory. For example: https:\//sts.contoso.com</li> Read more about [how to configure IE](https://support.microsoft.com/help/815141/internet-explorer-enhanced-security-configuration-changes-the-browsing). In case you have a proxy within your network , please see note below.|
-| Ensure PowerShell v4.0 or newer is installed | <li>Windows Server 2008 R2 ships with PowerShell v2.0, which is insufficient for the agent. Update PowerShell as explained below under [Agent installation on Windows Server 2008 R2 Servers](#agent-installation-on-windows-server-2008-r2-servers).</li><li>Windows Server 2012 ships with PowerShell v3.0, which is insufficient for the agent.  [Update](https://www.microsoft.com/download/details.aspx?id=40855) the Windows Management Framework.</li><li>Windows Server 2012 R2 and later ship with a sufficiently recent version of PowerShell.</li>|
+| Ensure PowerShell v4.0 or newer is installed | <li>Windows Server 2008 R2 ships with PowerShell v2.0, which is insufficient for the agent. Update PowerShell as explained below under [Agent installation on Windows Server 2008 R2 Servers](#agent-installation-on-windows-server-2008-r2-servers).</li><li>Windows Server 2012 ships with PowerShell v3.0, which is insufficient for the agent.</li><li>Windows Server 2012 R2 and later ship with a sufficiently recent version of PowerShell.</li>|
 |Disable FIPS|FIPS is not supported by Azure AD Connect Health agents.|
 
 
@@ -111,7 +111,6 @@ Steps for Windows Server 2008 R2 servers:
 3. Install Windows PowerShell 4.0 on each of the servers ahead of installing the AD Health agent. To install Windows PowerShell 4.0:
    * Install [Microsoft .NET Framework 4.5](https://www.microsoft.com/download/details.aspx?id=40779) using the following link to download the offline installer.
    * Install PowerShell ISE (From Windows Features)
-   * Install the [Windows Management Framework 4.0.](https://www.microsoft.com/download/details.aspx?id=40855)
    * Install Internet Explorer version 10 or above on the server. (Required by the Health Service to authenticate, using your Azure Admin credentials.)
 4. For more information on installing Windows PowerShell 4.0 on Windows Server 2008 R2, see the wiki article [here](https://social.technet.microsoft.com/wiki/contents/articles/20623.step-by-step-upgrading-the-powershell-version-4-on-2008-r2.aspx).
 
 
@@ -14,7 +14,7 @@ ms.author: kenwith
 
 # Plan an Azure Active Directory My Apps deployment
 
-Azure Active Directory (Azure AD) My Apps is a web-based portal that helps lower support costs, increase productivity and security, and reduce user frustration. The system includes detailed reporting that tracks when you access the system and notifies administrators of misuse or abuse.
+Azure Active Directory (Azure AD) My Apps is a web-based portal that helps lower support costs, increase productivity and security, and reduce user frustration. The system includes detailed reporting that tracks when you access the system and notifies administrators of misuse or abuse. To learn about using My Apps from an end-user perspective, see [My Apps portal help](../user-help/my-apps-portal-end-user-access.md).
 
 By using Azure AD My Apps, you can:
 
@@ -37,7 +37,7 @@ Azure AD My Apps benefits businesses in the following ways:
 
 **Provides intuitive user experience**: My Apps provides you with a single platform for all of your Azure single sign-on (SSO)-connected applications. You have a unified portal to find existing settings and new capabilities, like group management and self-service password reset, as they're added. The intuitive experience allows users to return to work faster and be more productive, while reducing their frustration.
 
-**Increases productivity**: All user applications in My Apps have SSO enabled. Enabling SSO across enterprise applications and Microsoft 365 creates a superior sign-in experience by reducing or eliminating additional sign-in prompts. My Apps uses self-service and dynamic membership and improves the overall security of your identity system. It does this by ensuring that the right people manage access to the applications. My Apps serves as a coherent landing page for you to quickly find resources and continue work tasks.
+**Increases productivity**: All user applications in My Apps have SSO enabled. Enabling SSO across enterprise applications and Microsoft 365 creates a superior sign-in experience by reducing or eliminating additional sign-in prompts. My Apps uses self-service and dynamic membership and improves the overall security of your identity system. My Apps ensures that the right people manage access to the applications. My Apps serves as a coherent landing page for you to quickly find resources and continue work tasks.
 
 **Manages cost**: Enabling My Apps with Azure AD can help with the divestment of on-premises infrastructures. It reduces support costs by providing you with a consistent portal to find all of your apps, request access to resources, and manage accounts.
 
@@ -85,6 +85,10 @@ The following table outlines the key use cases for a My Apps deployment:
 | User Experience| Users are aware of browser compatibility. |
 | Support| Users can find support for My Apps issues. |
 
+
+> [!TIP]
+> My Apps can be used with internal company URLs while remote using Application Proxy. To learn more, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](application-proxy-add-on-premises-application.md).
+
 ### Best practices for deploying Azure AD My Apps
 
 The functionality of My Apps can be enabled gradually. We recommend the following order of deployment:
@@ -184,7 +188,7 @@ A browser protected with Intune policy (Microsoft Edge or Intune Managed Browser
 
 ## Plan your My Apps Deployment
 
-The foundation of My Apps is the application launcher portal, which users access at [https://myapps.microsoft.com](https://myapps.microsoft.com/). The My Apps page give users a single place to start their work and get to their necessary applications. Here, users find a list of all the applications they have single sign-on access to. 
+The foundation of My Apps is the application launcher portal, which users access at [https://myapps.microsoft.com](https://myapps.microsoft.com/). The My Apps page gives users a single place to start their work and get to their necessary applications. Here, users find a list of all the applications they have single sign-on access to. 
 
 > [!NOTE]
 > The same applications will be shown in the Microsoft 365 app launcher.
@@ -250,7 +254,7 @@ See [Assign users and groups to an application in Active Directory](methods-for-
 
 If during testing or deployment you want to add the groups but not yet allow the applications to show in My Apps, see [Hide an application from user’s experience in Azure Active Directory](hide-application-from-user-portal.md).
 
-### Deploy Microsoft Microsoft 365 applications to My Apps
+### Deploy Microsoft 365 applications to My Apps
 
 For Microsoft 365 applications, users receive a copy of Office based on licenses assigned to them. A prerequisite for access to Office applications is for users to be assigned the correct licenses tied to the Office applications. When you assign a user a license, they'll automatically see the applications that are associated with the license in their My Apps page and in the Microsoft 365 app launcher.
 
@@ -298,7 +302,7 @@ It’s important to plan what to do if your deployment doesn’t go as planned.
 
 ## Manage your implementation
 
-You should use the least privileged role to accomplish a required task within Azure Active Directory. [Review the different roles that are available](../users-groups-roles/directory-assign-admin-roles.md) and choose the right one to solve your needs for each persona for this application. Some roles might need to be applied temporarily and removed after the deployment is completed.
+Use the least privileged role to accomplish a required task within Azure Active Directory. [Review the different roles that are available](../users-groups-roles/directory-assign-admin-roles.md) and choose the right one to solve your needs for each persona for this application. Some roles might need to be applied temporarily and removed after the deployment is completed.
 
 | Personas| Roles| Azure AD role  |
 | - | -| -|