Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ehubkafkaoauth0212

Author: spelluru

articles/active-directory/azuread-dev/TOC.yml

@@ -176,6 +176,8 @@
   items:
   - name: Glossary
     href: ../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
+  - name: Videos
+    href: videos.md
   - name: Azure roadmap
     href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Azure AD blog

articles/active-directory/azuread-dev/v1-overview.md

@@ -53,5 +53,8 @@ The following articles provide detailed information about APIs, protocol message
 | [Glossary](../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)                                      | Terminology and definitions of words that are used throughout this documentation. |
 |  |  |
 
+## Videos
+
+See [Azure Active Directory developer platform videos](videos.md) for help migrating to the new Microsoft identity platform.
 
 [!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/azuread-dev/videos.md

@@ -0,0 +1,71 @@
+---
+title: Azure ADAL to MSAL migration videos | Azure
+description: Videos that help you migrate from the Azure Active Directory developer platform to the Microsoft identity platform
+services: active-directory
+author: mmacy
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 02/12/2020
+ms.author: marsma
+ms.custom: aaddev
+ms.reviewer: celested
+titleSuffix: Microsoft identity platform
+---
+
+# Azure Active Directory developer platform videos
+
+Learn about the new Microsoft identity platform and how to migrate to it from the Azure Active Directory (Azure AD) developer platform. The videos are typically 1-2 minutes long.
+
+## Migrate from v1.0 to v2.0
+
+**Learn about migrating to the the latest version of the Microsoft identity platform**
+
+:::row:::
+    :::column:::
+        New Microsoft identity platform overview
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/bNlcFuIo3r8]
+    :::column-end:::
+    :::column:::
+        Introduction to the MSAL libraries
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/apbbx2n4tnU]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Endpoints and the benefits of moving to v2.0
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+     :::column:::
+        Migrating your ADAL codebase to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/xgL_z9yCnrE]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Why migrate from ADAL to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+    :::column:::
+        Advantages of MSAL over ADAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/q-TDszj2O-4]
+    :::column-end:::
+:::row-end:::
+
+## Next steps
+
+Learn about the new [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop)

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -48,6 +48,23 @@ Sign-in frequency setting works with apps that have implemented OAUTH2 or OIDC p
 - Dynamics CRM Online
 - Azure portal
 
+### User sign-in frequency and device identities
+
+If you have Azure AD joined, hybrid Azure AD joined, or Azure AD registered devices, when a user unlocks their device or signs in interactively, this event will satisfy the sign in frequency policy as well. In the following 2 examples user sign-in frequency is set to 1 hour:
+
+Example 1:
+
+- At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online.
+- The user continues working on the same document on their device for an hour.
+- At 01:00, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator.
+
+Example 2:
+
+- At 00:00, a user signs in to their Windows 10 Azure AD joined device and starts work on a document stored on SharePoint Online.
+- At 00:30, the user gets up and takes a break locking their device.
+- At 00:45, the user returns from their break and unlocks the device.
+- At 01:45, the user is prompted to sign in again based on the sign-in frequency requirement in the Conditional Access policy configured by their administrator since the last sign-in happened at 00:45.
+
 ## Persistence of browsing sessions
 
 A persistent browser session allows users to remain signed in after closing and reopening their browser window.

articles/active-directory/develop/authentication-scenarios.md

@@ -21,7 +21,7 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
 
 ## What is authentication
 
-This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md).
+This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md) or our [Microsoft identity platform videos](identity-videos.md) which cover basic concepts.
 
 **Authentication** is the process of proving you are who you say you are. Authentication is sometimes shortened to AuthN.
 

articles/active-directory/develop/index.yml

@@ -27,6 +27,8 @@ landingContent:
         links:
           - text: Authentication basics
             url: authentication-scenarios.md
+          - text: Videos covering basic concepts
+            url: identity-videos.md
           - text: Authentication flows and app scenarios
             url: authentication-flows-app-scenarios.md
           - text: Best practices and recommendations

articles/active-directory/develop/v2-overview.md

@@ -39,7 +39,11 @@ With Microsoft identity platform, you can write code once and reach any user. Yo
 
 ## Getting started
 
-Working with identity doesn’t have to be hard. Choose a [scenario](authentication-flows-app-scenarios.md) that applies to you— each scenario path has a quickstart and an overview page to get you up and running in minutes:
+Working with identity doesn’t have to be hard. 
+
+Watch a [Microsoft identity platform video](identity-videos.md) to learn the basics. 
+
+Choose a [scenario](authentication-flows-app-scenarios.md) that applies to you— each scenario path has a quickstart and an overview page to get you up and running in minutes:
 
 - [Build a single-page app](scenario-spa-overview.md)
 - [Build a web app that signs in users](scenario-web-app-sign-user-overview.md)

articles/active-directory/saas-apps/coda-tutorial.md

@@ -34,7 +34,7 @@ To learn more about SaaS app integration with Azure AD, see [What is application
 To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Coda single sign-on (SSO) enabled subscription.
+* Coda single sign-on (SSO) enabled subscription (Enterprise) with GDrive integration disabled. Contact [Coda support team](mailto:[email protected]) to disable GDrive integration for your Organization if it is currently enabled.
 
 ## Scenario description
 
@@ -44,7 +44,7 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
 
 * Coda supports **Just In Time** user provisioning
 
-* Once you configure the Coda you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+* Once you configure Coda, you can enforce session controls which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
 
 ## Adding Coda from the gallery
 
@@ -64,13 +64,34 @@ Configure and test Azure AD SSO with Coda using a test user called **B.Simon**.
 
 To configure and test Azure AD SSO with Coda, complete the following building blocks:
 
+1. **[Begin configuration of Coda SSO](#begin-configuration-of-coda-sso)** - to begin configuration of SSO in Coda.
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-    * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
-    * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Coda SSO](#configure-coda-sso)** - to configure the single sign-on settings on application side.
-    * **[Create Coda test user](#create-coda-test-user)** - to have a counterpart of B.Simon in Coda that is linked to the Azure AD representation of user.
+   * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+   * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Coda SSO](#configure-coda-sso)** - to complete configuration of single sign-on settings in Coda.
+   * **[Create Coda test user](#create-coda-test-user)** - to have a counterpart of B.Simon in Coda that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
+## Begin configuration of Coda SSO
+
+Follow these steps in Coda to begin.
+
+1. In Coda, open your **Organization settings** panel.
+
+   ![Open Organization Settings](media/coda-tutorial/org-settings.png)
+
+1. Ensure that your organization has GDrive Integration turned off. If it is currently enabled, contact the [Coda support team](mailto:[email protected]) to help you migrate off GDrive.
+
+   ![GDrive Disabled](media/coda-tutorial/gdrive-off.png)
+
+1. Under **Authenticate with SSO (SAML)**, select the **Configure SAML** option.
+
+   ![Saml Settings](media/coda-tutorial/saml-settings-link.png)
+
+1. Note the values for **Entity ID** and **SAML Response URL**, which you'll need in subsequent steps.
+
+   ![Entity ID and SAML Response URL to use in Azure](media/coda-tutorial/azure-settings.png)
+
 ## Configure Azure AD SSO
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
@@ -83,22 +104,22 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
 
-    a. In the **Identifier** text box, type a URL using the following pattern:
-    `https://coda.io/samlId/<CUSTOMID>`
+   a. In the **Identifier** text box, enter the "Entity ID" from above. It should follow the pattern:
+   `https://coda.io/samlId/<CUSTOMID>`
 
-    b. In the **Reply URL** text box, type a URL using the following pattern:
-    `https://coda.io/samlId/<CUSTOMID>/consume`
+   b. In the **Reply URL** text box, enter the "SAML Response URL" from above. It should follow the pattern:
+   `https://coda.io/login/sso/saml/<CUSTOMID>/consume`
 
-	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Coda Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+   > [!NOTE]
+   > Your values will differ from the above; you can find your values in Coda's "Configure SAML" console. Update these values with the actual Identifier and Reply URL.
 
-1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
 
-	![The Certificate download link](common/certificatebase64.png)
+   ![The Certificate download link](common/certificatebase64.png)
 
 1. On the **Set up Coda** section, copy the appropriate URL(s) based on your requirement.
 
-	![Copy configuration URLs](common/copy-configuration-urls.png)
+   ![Copy configuration URLs](common/copy-configuration-urls.png)
 
 ### Create an Azure AD test user
 
@@ -107,7 +128,7 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
 1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
 1. Select **New user** at the top of the screen.
 1. In the **User** properties, follow these steps:
-   1. In the **Name** field, enter `B.Simon`.  
+   1. In the **Name** field, enter `B.Simon`.
    1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
    1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
    1. Click **Create**.
@@ -124,21 +145,31 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
 
-	![The Add User link](common/add-assign-user.png)
+   ![The Add User link](common/add-assign-user.png)
 
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
 ## Configure Coda SSO
 
-To configure single sign-on on **Coda** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Coda support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+To complete the setup, you'll enter values from Azure Active Directory in the Coda **Configure Saml** panel.
+
+1. In Coda, open your **Organization settings** panel.
+1. Under **Authenticate with SSO (SAML)**, select the **Configure SAML** option.
+1. Set **SAML Provider** to **Azure Active Directory**.
+1. In **Identity Provider Login URL**, paste the **Login URL** from the Azure console.
+1. In **Identity Provider Issuer**, paste the **Azure AD Identifier** from the Azure console.
+1. In **Identity Provider Public Certificate**, select the **Upload Certificate** option and select the certificate file you downloaded earlier.
+1. Select **Save**.
+
+This completes the work necessary for the SAML SSO connection setup.
 
 ### Create Coda test user
 
 In this section, a user called Britta Simon is created in Coda. Coda supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Coda, a new one is created after authentication.
 
-## Test SSO 
+## Test SSO
 
 In this section, you test your Azure AD single sign-on configuration using the Access Panel.
 
@@ -156,4 +187,4 @@ When you click the Coda tile in the Access Panel, you should be automatically si
 
 - [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
 
-- [How to protect Coda with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+- [How to protect Coda with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)

articles/active-directory/saas-apps/contractsafe-saml2-sso-tutorial.md

@@ -84,7 +84,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal:
     `https://app.contractsafe.com/saml2_auth/<UNIQUEID>/acs/`
 
 	> [!NOTE]
-	> These values aren't real. Update these values with the actual identifier and reply URL. Contact the [ContractSafe Saml2 SSO Client support team](mailto:donne@contractsafe.com) to get these values. You can also refer to the formats shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values aren't real. Update these values with the actual identifier and reply URL. Contact the [ContractSafe Saml2 SSO Client support team](mailto:support@contractsafe.com) to get these values. You can also refer to the formats shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. ContractSafe Saml2 SSO expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
@@ -137,11 +137,11 @@ In this section, you'll enable **B.Simon** to use Azure SSO by granting access t
 
 ## Configure ContractSafe Saml2 SSO
 
-To configure SSO on the **ContractSafe Saml2 SSO** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the Azure portal to the [ContractSafe Saml2 SSO support team](mailto:donne@contractsafe.com). The team is responsible for setting the SAML SSO connection properly on both sides.
+To configure SSO on the **ContractSafe Saml2 SSO** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from the Azure portal to the [ContractSafe Saml2 SSO support team](mailto:support@contractsafe.com). The team is responsible for setting the SAML SSO connection properly on both sides.
 
 ## Create a ContractSafe Saml2 SSO test user
 
-Create a user called B.Simon in ContractSafe Saml2 SSO. Work with the [ContractSafe Saml2 SSO support team](mailto:donne@contractsafe.com) to add the users in the ContractSafe Saml2 SSO platform. Users must be created and activated before you use SSO.
+Create a user called B.Simon in ContractSafe Saml2 SSO. Work with the [ContractSafe Saml2 SSO support team](mailto:support@contractsafe.com) to add the users in the ContractSafe Saml2 SSO platform. Users must be created and activated before you use SSO.
 
 ## Test SSO