Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-build-cosmosdb

Author: v-alje

articles/active-directory/b2b/add-users-administrator.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 11/12/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -41,9 +41,6 @@ To add B2B collaboration users to the directory, follow these steps:
 
    ![Shows where New guest user is in the UI](./media/add-users-administrator/new-guest-user-in-all-users.png) 
 
-   > [!NOTE]
-   > The **New guest user** option is also available on the **Organizational relationships** page. In **Azure Active Directory**, under **Manage**, select **Organizational relationships**.
-
 5. On the **New user** page, select **Invite user** and then add the guest user's information. 
 
     > [!NOTE]

articles/active-directory/b2b/auditing-and-reporting.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 12/14/2018
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 With guest users, you have auditing capabilities similar to with member users. 
 
 ## Access reviews
-You can use access reviews to periodically verify whether guest users still need access to your resources. The **Access reviews** feature is available in **Azure Active Directory** under **Manage** > **Organizational Relationships**. (You can also search for "access reviews" from **All services** in the Azure portal.) To learn how to use access reviews, see [Manage guest access with Azure AD access reviews](../governance/manage-guest-access-with-access-reviews.md).
+You can use access reviews to periodically verify whether guest users still need access to your resources. The **Access reviews** feature is available in **Azure Active Directory** under **Organizational Relationships** > **Access reviews** (or **External Identities** > **Access reviews** ). You can also search for "access reviews" from **All services** in the Azure portal. To learn how to use access reviews, see [Manage guest access with Azure AD access reviews](../governance/manage-guest-access-with-access-reviews.md).
 
 ## Audit logs
 

articles/active-directory/b2b/delegate-invitations.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/11/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -34,11 +34,9 @@ By default, all users, including guests, can invite guest users.
 ### To configure external collaboration settings:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as a tenant administrator.
-2. Select **Azure Active Directory** > **Users** > **User settings**.
-3. Under **External users**, select **Manage external collaboration settings**.
-   > [!NOTE]
-   > The **External collaboration settings** are also available from the **Organizational relationships** page. In Azure Active Directory, under **Manage**, go to **Organizational relationships** > **Settings**.
-4. On the **External collaboration settings** page, choose the policies you want to enable.
+2. Select **Azure Active Directory**.
+3. Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
+6. On the **External collaboration settings** page, choose the policies you want to enable.
 
    ![External collaboration settings](./media/delegate-invitations/control-who-to-invite.png)
 

articles/active-directory/b2b/direct-federation.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 05/07/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -143,8 +143,8 @@ Next, you'll configure federation with the identity provider configured in step
 ### To configure direct federation in the Azure AD portal
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**, and then select **New SAML/WS-Fed IdP**.
+2. Select **Organizational Relationships** > **All identity providers** (or **External Identities** > **All identity providers**).
+3. Select , and then select **New SAML/WS-Fed IdP**.
 
     ![Screenshot showing button for adding a new SAML or WS-Fed IdP](media/direct-federation/new-saml-wsfed-idp.png)
 
@@ -191,8 +191,8 @@ Now test your direct federation setup by inviting a new B2B guest user. For deta
 ## How do I edit a direct federation relationship?
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**
 4. Under **SAML/WS-Fed identity providers**, select the provider.
 5. In the identity provider details pane, update the values.
 6. Select **Save**.
@@ -203,8 +203,8 @@ You can remove your direct federation setup. If you do, direct federation guest
 To remove direct federation with an identity provider in the Azure AD portal:
 
 1. Go to the [Azure portal](https://portal.azure.com/). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**.
 4. Select the identity provider, and then select **Delete**. 
 5. Select **Yes** to confirm deletion. 
 

articles/active-directory/b2b/google-federation.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 03/05/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -88,8 +88,8 @@ Now you'll set the Google client ID and client secret, either by entering it in
 
 #### To configure Google federation in the Azure AD portal 
 1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**, and then click the **Google** button.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**, and then click the **Google** button.
 4. Enter a name. Then enter the client ID and client secret you obtained earlier. Select **Save**. 
 
    ![Screenshot showing the Add Google identity provider page](media/google-federation/google-identity-provider.png)
@@ -111,8 +111,8 @@ You can delete your Google federation setup. If you do so, Google guest users wh
 
 ### To delete Google federation in the Azure AD portal: 
 1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
-2. Select **Organizational Relationships**.
-3. Select **Identity providers**.
+2. Select **Organizational Relationships** (or **External Identities**).
+3. Select **All identity providers**.
 4. On the **Google** line, select the context menu (**...**) and then select **Delete**. 
 
    ![Screenshot showing the Delete option for the social identity provider](media/google-federation/google-social-identity-providers.png)

articles/active-directory/b2b/one-time-passcode.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/08/2019
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -54,7 +54,7 @@ When a guest user redeems an invitation or uses a link to a resource that has be
 
 At the time of invitation, there's no indication that the user you're inviting will use one-time passcode authentication. But when the guest user signs in, one-time passcode authentication will be the fallback method if no other authentication methods can be used. 
 
-You can view guest users who authenticate with one-time passcodes in the Azure portal by going to **Azure Active Directory** > **Organizational relationships** > **Users from other organizations**.
+You can view guest users who authenticate with one-time passcodes in the Azure portal by going to **Azure Active Directory** > **Users**.
 
 ![Screenshot showing a one-time passcode user with Source value of OTP](media/one-time-passcode/otp-users.png)
 
@@ -70,8 +70,7 @@ It might take a few minutes for the opt-in action to take effect. After that, on
 ### To opt in using the Azure AD portal
 1.	Sign in to the [Azure portal](https://portal.azure.com/) as an Azure AD global administrator.
 2.	In the navigation pane, select **Azure Active Directory**.
-3.	Under **Manage**, select **Organizational Relationships**.
-4.	Select **Settings**.
+3.	Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
 5.	Under **Enable Email One-Time Passcode for guests (Preview)**, select **Yes**.
 
 ### To opt in using PowerShell
@@ -137,8 +136,7 @@ It may take a few minutes for the opt-out action to take effect. If you turn off
 ### To turn off the preview using the Azure AD portal
 1.	Sign in to the [Azure portal](https://portal.azure.com/) as an Azure AD global administrator.
 2.	In the navigation pane, select **Azure Active Directory**.
-3.	Under **Manage**, select **Organizational Relationships**.
-4.	Select **Settings**.
+3.	Select **Organizational Relationships** > **Settings** (or select **External Identities** > **External collaboration settings**).
 5.	Under **Enable Email One-Time Passcode for guests (Preview)**, select **No**.
 
 ### To turn off the preview using PowerShell

articles/active-directory/b2b/redemption-experience.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 03/19/2020
+ms.date: 05/11/2020
 
 ms.author: mimart
 author: msmimart
@@ -98,7 +98,7 @@ When a guest signs in to access resources in a partner organization for the firs
 
    ![Screenshot showing new terms of use](media/redemption-experience/terms-of-use-accept.png) 
 
-   You can configure see [terms of use](../governance/active-directory-tou.md) in **Manage** > **Organizational relationships** > **Terms of use**.
+   You can configure [terms of use](../governance/active-directory-tou.md) in **Organizational relationships** (or **External Identities**) > **Terms of use**.
 
 3. Unless otherwise specified, the guest is redirected to the Apps access panel, which lists the applications the guest can access.
 

articles/active-directory/develop/tutorial-v2-angular.md

@@ -339,7 +339,6 @@ If a back-end API doesn't require a scope (not recommended), you can use *client
 
 ## Next steps
 
-Next, learn how to sign in a user and acquire tokens in the Angular tutorial:
+If you're new to identity and access management, we have several articles to help you learn modern authentication concepts, starting with [authentication vs. authorization](authentication-vs-authorization.md).
 
-> [!div class="nextstepaction"]
-> [Angular tutorial](https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-angular)
+If you'd like to dive deeper into single-page application development on the Microsoft identity platform, the multi-part [Scenario: Single-page application](scenario-spa-overview.md) series of articles can help you get started.

articles/active-directory/privileged-identity-management/powershell-for-azure-ad-roles.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/28/2020
+ms.date: 05/11/2020
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
@@ -119,11 +119,10 @@ There are four main objects in the setting. Only three of these objects are curr
 
 [![](media/powershell-for-azure-ad-roles/get-update-role-settings-result.png "Get and update role settings")](media/powershell-for-azure-ad-roles/get-update-role-settings-result.png#lightbox)
 
-To update the role setting, you will need to first define a setting object as follows:
+To update the role setting, you must get the existing setting object for a particular role and make changes to it:
 
-    $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting 
-    $setting.RuleIdentifier = "JustificationRule"
-    $setting.Setting = "{'required':false}"
+    $setting = Get-AzureADMSPrivilegedRoleSetting -ProviderId 'aadRoles' -Filter "roleDefinitionId eq 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
+    $setting.UserMemberSetting.justificationRule = '{"required":false}'
 
 You can then go ahead and apply the setting to one of the objects for a particular role as shown below. The ID here is the role setting ID that can be retrieved from the result of the list role settings cmdlet.
 

articles/active-directory/user-help/multi-factor-authentication-end-user-troubleshoot.md

@@ -97,7 +97,7 @@ App passwords replace your normal password for older desktop applications that d
 
 If you're using two-factor verification with your work or school account (for example, [email protected]), it most likely means that your organization has decided you must use this added security feature. Because your organization has decided you must use this feature, there is no way for you to individually turn it off. If, however, you're using two-factor verification with a personal account, like [email protected], you have the ability to turn the feature on and off. For instructions about how to control two-factor verification for your personal accounts, see [Turning two-factor verification on or off for your Microsoft account](https://support.microsoft.com/help/4028586/microsoft-account-turning-two-step-verification-on-or-off).
 
-If you can't turn off two-factor verification, it could also be because of the security defaults that have been applied at the organization level. For more information about security defaults, see [What are security defulta?](../fundamentals/concept-fundamentals-security-defaults.md)
+If you can't turn off two-factor verification, it could also be because of the security defaults that have been applied at the organization level. For more information about security defaults, see [What are security defaults?](../fundamentals/concept-fundamentals-security-defaults.md)
 
 ## I didn't find an answer to my problem