Merge pull request #104264 from MicrosoftDocs/master

Merge Master to Live, 4 AM

Author: PMEds28

.openpublishing.redirection.json

@@ -48520,6 +48520,21 @@
       "source_path": "articles/media-services/previous/media-services-configure-fmle-live-encoder.md",
       "redirect_url": "/azure/media-services/previous/media-services-configure-wirecast-live-encoder/",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/ansible-install-configure.md",
+      "redirect_url": "/azure/ansible/ansible-install-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/ansible-create-vm.md",
+      "redirect_url": "/azure/ansible/ansible-create-vm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/ansible-manage-linux-vm.md",
+      "redirect_url": "/azure/ansible/ansible-manage-linux-vm",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/azuread-dev/TOC.yml

@@ -176,6 +176,8 @@
   items:
   - name: Glossary
     href: ../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
+  - name: Videos
+    href: videos.md
   - name: Azure roadmap
     href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Azure AD blog

articles/active-directory/azuread-dev/v1-overview.md

@@ -53,5 +53,8 @@ The following articles provide detailed information about APIs, protocol message
 | [Glossary](../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)                                      | Terminology and definitions of words that are used throughout this documentation. |
 |  |  |
 
+## Videos
+
+See [Azure Active Directory developer platform videos](videos.md) for help migrating to the new Microsoft identity platform.
 
 [!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/azuread-dev/videos.md

@@ -0,0 +1,71 @@
+---
+title: Azure ADAL to MSAL migration videos | Azure
+description: Videos that help you migrate from the Azure Active Directory developer platform to the Microsoft identity platform
+services: active-directory
+author: mmacy
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 02/12/2020
+ms.author: marsma
+ms.custom: aaddev
+ms.reviewer: celested
+titleSuffix: Microsoft identity platform
+---
+
+# Azure Active Directory developer platform videos
+
+Learn about the new Microsoft identity platform and how to migrate to it from the Azure Active Directory (Azure AD) developer platform. The videos are typically 1-2 minutes long.
+
+## Migrate from v1.0 to v2.0
+
+**Learn about migrating to the the latest version of the Microsoft identity platform**
+
+:::row:::
+    :::column:::
+        New Microsoft identity platform overview
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/bNlcFuIo3r8]
+    :::column-end:::
+    :::column:::
+        Introduction to the MSAL libraries
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/apbbx2n4tnU]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Endpoints and the benefits of moving to v2.0
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+     :::column:::
+        Migrating your ADAL codebase to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/xgL_z9yCnrE]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Why migrate from ADAL to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+    :::column:::
+        Advantages of MSAL over ADAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/q-TDszj2O-4]
+    :::column-end:::
+:::row-end:::
+
+## Next steps
+
+Learn about the new [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop)

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -48,6 +48,23 @@ Sign-in frequency setting works with apps that have implemented OAUTH2 or OIDC p
 - Dynamics CRM Online
 - Azure portal
 
+### User sign-in frequency and device identities
+
+If you have Azure AD joined, hybrid Azure AD joined, or Azure AD registered devices, when a user unlocks their device or signs in interactively, this event will satisfy the sign in frequency policy as well. In the following 2 examples user sign-in frequency is set to 1 hour:
+
+Example 1:
+
+- At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online.
+- The user continues working on the same document on their device for an hour.
+- At 01:00, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator.
+
+Example 2:
+
+- At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online.
+- At 00:30, the user gets up and takes a break locking their device.
+- At 00:45, the user returns from their break and unlocks the device.
+- At 01:45, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator since the last sign-in happened at 00:45.
+
 ## Persistence of browsing sessions
 
 A persistent browser session allows users to remain signed in after closing and reopening their browser window.

articles/active-directory/develop/authentication-scenarios.md

@@ -21,7 +21,7 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
 
 ## What is authentication
 
-This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md).
+This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md) or our [Microsoft identity platform videos](identity-videos.md) which cover basic concepts.
 
 **Authentication** is the process of proving you are who you say you are. Authentication is sometimes shortened to AuthN.
 

articles/active-directory/develop/index.yml

@@ -27,6 +27,8 @@ landingContent:
         links:
           - text: Authentication basics
             url: authentication-scenarios.md
+          - text: Videos covering basic concepts
+            url: identity-videos.md
           - text: Authentication flows and app scenarios
             url: authentication-flows-app-scenarios.md
           - text: Best practices and recommendations

articles/active-directory/develop/v2-overview.md

@@ -39,7 +39,11 @@ With Microsoft identity platform, you can write code once and reach any user. Yo
 
 ## Getting started
 
-Working with identity doesn’t have to be hard. Choose a [scenario](authentication-flows-app-scenarios.md) that applies to you— each scenario path has a quickstart and an overview page to get you up and running in minutes:
+Working with identity doesn’t have to be hard. 
+
+Watch a [Microsoft identity platform video](identity-videos.md) to learn the basics. 
+
+Choose a [scenario](authentication-flows-app-scenarios.md) that applies to you— each scenario path has a quickstart and an overview page to get you up and running in minutes:
 
 - [Build a single-page app](scenario-spa-overview.md)
 - [Build a web app that signs in users](scenario-web-app-sign-user-overview.md)

articles/active-directory/devices/enterprise-state-roaming-enable.md

@@ -1,12 +1,12 @@
 ---
-title: Enable Enterprise State Roaming in Azure Active Directory | Microsoft Docs
+title: Enable Enterprise State Roaming in Azure Active Directory
 description: Frequently asked questions about Enterprise State Roaming settings in Windows devices.
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: conceptual
-ms.date: 06/28/2019
+ms.date: 02/12/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -16,11 +16,15 @@ ms.reviewer: na
 ms.collection: M365-identity-device-management
 ---
 # Enable Enterprise State Roaming in Azure Active Directory
+
 Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security
 (EMS) license. For more information on how to get an Azure AD subscription, see the [Azure AD product page](https://azure.microsoft.com/services/active-directory).
 
 When you enable Enterprise State Roaming, your organization is automatically granted a free, limited-use license for Azure Rights Management protection from Azure Information Protection. This free subscription is limited to encrypting and decrypting enterprise settings and application data synced by Enterprise State Roaming. You must have [a paid subscription](https://azure.microsoft.com/pricing/details/information-protection/) to use the full capabilities of the Azure Rights Management service.
 
+> [!NOTE]
+> This article applies to the Microsoft Edge Legacy HTML-based browser launched with Windows 10 in July 2015. The article does not apply to the new Microsoft Edge Chromium-based browser released on January 15, 2020. For more information on the Sync behavior for the new Microsoft Edge, see the article [Microsoft Edge Sync](https://docs.microsoft.com/deployedge/microsoft-edge-enterprise-sync).
+
 ## To enable Enterprise State Roaming
 
 1. Sign in to [Azure AD admin center](https://aad.portal.azure.com/).
@@ -32,6 +36,7 @@ When you enable Enterprise State Roaming, your organization is automatically gra
 For a Windows 10 device to use the Enterprise State Roaming service, the device must authenticate using an Azure AD identity. For devices that are joined to Azure AD, the user’s primary sign-in identity is their Azure AD identity, so no additional configuration is required. For devices that use on-premises Active Directory, the IT admin must [Configure hybrid Azure Active Directory joined devices](hybrid-azuread-join-manual-steps.md). 
 
 ## Data storage
+
 Enterprise State Roaming data is hosted in one or more [Azure regions](https://azure.microsoft.com/regions/) that best align with the country/region value set in the Azure Active Directory instance. Enterprise State Roaming data is partitioned based on three major geographic regions: North America, EMEA, and APAC. Enterprise State Roaming data for the tenant is locally located with the geographical region, and is not replicated across regions.  For example:
 
 | Country/region value | has their data hosted in |
@@ -44,6 +49,7 @@ Enterprise State Roaming data is hosted in one or more [Azure regions](https://a
 The country/region value is set as part of the Azure AD directory creation process and cannot be subsequently modified. If you need more details on your data storage location, file a ticket with [Azure support](https://azure.microsoft.com/support/options/).
 
 ## View per-user device sync status
+
 Follow these steps to view a per-user device sync status report.
 
 1. Sign in to [Azure AD admin center](https://aad.portal.azure.com/).
@@ -58,23 +64,27 @@ Follow these steps to view a per-user device sync status report.
    ![image of device sync columnar data](./media/enterprise-state-roaming-enable/device-status-row.png)
 
 ## Data retention
+
 Data synced to the Microsoft cloud using Enterprise State Roaming is retained until it is manually deleted or until the data in question is determined to be stale. 
 
 ### Explicit deletion
+
 Explicit deletion is when an Azure admin deletes a user or a directory or otherwise requests explicitly that data is to be deleted.
 
 * **User deletion**: When a user is deleted in Azure AD, the user account roaming data is deleted after 90 to 180 days. 
 * **Directory deletion**: Deleting an entire directory in Azure AD is an immediate operation. All the settings data associated with that directory is deleted after 90 to 180 days. 
 * **On request deletion**: If the Azure AD admin wants to manually delete a specific user’s data or settings data, the admin can file a ticket with [Azure support](https://azure.microsoft.com/support/). 
 
 ### Stale data deletion
+
 Data that has not been accessed for one year (“the retention period”) will be treated as stale and may be deleted from the Microsoft cloud. The retention period is subject to change but will not be less than 90 days. The stale data may be a specific set of Windows/application settings or all settings for a user. For example:
 
 * If no devices access a particular settings collection (for example, an application is removed from the device, or a settings group such as “Theme” is disabled for all of a user’s devices), then that collection becomes stale after the retention period and may be deleted. 
 * If a user has turned off settings sync on all their devices, then none of the settings data will be accessed, and all the settings data for that user will become stale and may be deleted after the retention period. 
 * If the Azure AD directory admin turns off Enterprise State Roaming for the entire directory, then all users in that directory will stop syncing settings, and all settings data for all users will become stale and may be deleted after the retention period. 
 
 ### Deleted data recovery
+
 The data retention policy is not configurable. Once the data is permanently deleted, it is not recoverable. However, The settings data is deleted only from the Microsoft cloud, not from the end-user device. If any device later reconnects to the Enterprise State Roaming service, the settings are again synced and stored in the Microsoft cloud.
 
 ## Next steps