MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 21 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 21 additions & 1 deletion
diff --git a/‎articles/active-directory/TOC.md
Lines changed: 0 additions & 25 deletions b/‎articles/active-directory/TOC.md
Lines changed: 0 additions & 25 deletions
diff --git a/‎articles/active-directory/conditional-access/controls.md
Lines changed: 4 additions & 1 deletion b/‎articles/active-directory/conditional-access/controls.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/reference-app-manifest.md
Lines changed: 41 additions & 36 deletions b/‎articles/active-directory/develop/reference-app-manifest.md
Lines changed: 41 additions & 36 deletions
diff --git a/‎articles/active-directory/develop/v1-permissions-and-consent.md
Lines changed: 20 additions & 24 deletions b/‎articles/active-directory/develop/v1-permissions-and-consent.md
Lines changed: 20 additions & 24 deletions
@@ -9243,6 +9243,11 @@
             "redirect_url": "https://docs.microsoft.com/azure/log-analytics/log-analytics-quick-collect-azurevm",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/log-analytics/log-analytics-log-search-transition.md",
+            "redirect_url": "https://docs.microsoft.com/azure/log-analytics/query-language/get-started-queries",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/machine-learning/machine-learning-apps-text-analytics.md",
             "redirect_url": "/azure/cognitive-services/cognitive-services-text-analytics-quick-start",
@@ -21147,9 +21152,19 @@
             "redirect_url": "/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-powershell",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/security-center/security-center-platform-migration.md",
+            "redirect_url": "/azure/security-center/security-center-enable-data-collection",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/security-center/security-center-platform-migration-faq.md",
+            "redirect_url": "/azure/security-center/security-center-enable-data-collection",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/security-center/security-center-resolve-endpoint-protection-health-alerts.md",
-            "redirect_url": "/azure/security-center",
+            "redirect_url": "/azure/security-center-faq.md",
             "redirect_document_id": false
         },
         {
@@ -27380,6 +27395,11 @@
             "source_path": "articles/security-center/security-center-disk-encryption.md",
             "redirect_url": "/azure/security/azure-security-disk-encryption-overview",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/cognitive-services/LUIS/luis-reference-gdpr.md",
+            "redirect_url": "/azure/cognitive-services/LUIS/luis-user-privacy",
+            "redirect_document_id": true
         }
     ]
 }
@@ -128,31 +128,6 @@
 #### [Register for self-service password reset](user-help/active-directory-passwords-reset-register.md)
 
 
-## Manage devices
-### [Overview](devices/overview.md)
-
-### Quickstarts
-#### [Set up Azure AD registered Windows 10 devices](user-help/device-management-azuread-registered-devices-windows10-setup.md)
-#### [Set up Azure AD joined devices](user-help/device-management-azuread-joined-devices-setup.md)
-
-### Tutorials
-#### [Configure hybrid Azure AD join for managed domains](devices/hybrid-azuread-join-managed-domains.md)
-#### [Configure hybrid Azure AD join for federated domains](devices/hybrid-azuread-join-federated-domains.md)
-#### [Configure hybrid Azure AD join manually](devices/hybrid-azuread-join-manual-steps.md)
-#### [Configure Azure AD join during Windows 10 first-run experience](devices/azuread-joined-devices-frx.md)
-
-### How-to-guides
-#### [Plan Azure AD join](devices/azureadjoin-plan.md)
-#### [Plan your hybrid Azure AD join implementation](devices/hybrid-azuread-join-plan.md)
-#### [Control the hybrid Azure AD join of your devices](devices/hybrid-azuread-join-control.md)
-#### [Assign local admins to Azure AD joined devices](devices/assign-local-admin.md)
-#### [Troubleshoot hybrid Azure AD joined Windows current devices](devices/troubleshoot-hybrid-join-windows-current.md)
-#### [Troubleshoot hybrid Azure AD joined legacy Windows devices](devices/troubleshoot-hybrid-join-windows-legacy.md)
-
-### Concepts
-#### [Manage devices using the Azure portal](devices/device-management-azure-portal.md)
-#### [FAQs](devices/faq.md)
-
 ## Manage apps
 ### [Overview](manage-apps/what-is-application-management.md)
 ### [Getting started](manage-apps/plan-an-application-integration.md)
 
@@ -15,7 +15,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 06/13/2018
+ms.date: 08/28/2018
 ms.author: markvi
 ms.reviewer: calebb
 
@@ -118,10 +118,13 @@ Providers currently offering a compatible service include:
 
 - [Duo Security](https://duo.com/docs/azure-ca)
 
+- [Entrust Datacard](https://www.entrustdatacard.com/products/authentication/intellitrust)
+
 - RSA
 
 - [Trusona](https://www.trusona.com/docs/azure-ad-integration-guide)
 
+
 For more information on those services, contact the providers directly.
 
 ### Creating custom controls
 
@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 06/25/2018
+ms.date: 08/27/2018
 ms.author: celested
 ms.reviewer: jesakowi, justhu
 ms.custom: aaddev
@@ -34,10 +34,10 @@ Effective permissions are the permissions that your app will have when making re
 
 * For delegated permissions, the effective permissions of your app will be the least privileged intersection of the delegated permissions the app has been granted (through consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user. Within organizations, the privileges of the signed-in user may be determined by policy or by membership in one or more administrator roles. For more information about administrator roles, see [Assigning administrator roles in Azure AD](../users-groups-roles/directory-assign-admin-roles.md).
     For example, assume your app has been granted the `User.ReadWrite.All` delegated permission in Microsoft Graph. This permission nominally grants your app permission to read and update the profile of every user in an organization. If the signed-in user is a global administrator, your app will be able to update the profile of every user in the organization. However, if the signed-in user is not in an administrator role, your app will be able to update only the profile of the signed-in user. It will not be able to update the profiles of other users in the organization because the user that it has permission to act on behalf of does not have those privileges.
-* For application permissions, the effective permissions of your app are the full level of privileges implied by the permission. For example, an app that has the `User.ReadWrite.All` application permission can update the profile of every user in the organization. 
+* For application permissions, the effective permissions of your app are the full level of privileges implied by the permission. For example, an app that has the `User.ReadWrite.All` application permission can update the profile of every user in the organization.
 
 ## Permission attributes
-Permissions in Azure AD have a number of properties that help users, administrators, or app developers make informed decisions about what the permission grants access to. 
+Permissions in Azure AD have a number of properties that help users, administrators, or app developers make informed decisions about what the permission grants access to.
 
 > [!NOTE]
 > You can view the permissions that an Azure AD Application or Service Principal exposes using the Azure portal, or PowerShell. Try this script to view the permissions exposed by Microsoft Graph.
@@ -51,27 +51,28 @@ Permissions in Azure AD have a number of properties that help users, administrat
 > (Get-AzureADServicePrincipal -filter "DisplayName eq 'Microsoft Graph'").AppRoles
 > ```
 
-| Property name | Description | Example | 
+| Property name | Description | Example |
 | --- | --- | --- |
-| `ID` | Is a GUID value that uniquely identifies this permission. | 570282fd-fa5c-430d-a7fd-fc8dc98a9dca | 
-| `IsEnabled` | Indicates whether this permission is available for use. | true | 
-| `Type` | Indicates whether this permission requires user consent or admin consent. | User | 
-| `AdminConsentDescription` | Is a description that's shown to administrators during the admin consent experiences | Allows the app to read email in user mailboxes. | 
-| `AdminConsentDisplayName` | Is the friendly name that's shown to administrators during the admin consent experience. | Read user mail | 
-| `UserConsentDescription` | Is a description that's shown to users during a user consent experience. |  Allows the app to read email in your mailbox. | 
-| `UserConsentDisplayName` | Is the friendly name that's shown to users during a user consent experience. | Read your mail | 
-| `Value` | Is the string that's used to identify the permission during OAuth 2.0 authorize flows. `Value` may also be combined with the App ID URI string in order to form a fully qualified permission name. | `Mail.Read` | 
+| `ID` | Is a GUID value that uniquely identifies this permission. | 570282fd-fa5c-430d-a7fd-fc8dc98a9dca |
+| `IsEnabled` | Indicates whether this permission is available for use. | true |
+| `Type` | Indicates whether this permission requires user consent or admin consent. | User |
+| `AdminConsentDescription` | Is a description that's shown to administrators during the admin consent experiences | Allows the app to read email in user mailboxes. |
+| `AdminConsentDisplayName` | Is the friendly name that's shown to administrators during the admin consent experience. | Read user mail |
+| `UserConsentDescription` | Is a description that's shown to users during a user consent experience. |  Allows the app to read email in your mailbox. |
+| `UserConsentDisplayName` | Is the friendly name that's shown to users during a user consent experience. | Read your mail |
+| `Value` | Is the string that's used to identify the permission during OAuth 2.0 authorize flows. `Value` may also be combined with the App ID URI string in order to form a fully qualified permission name. | `Mail.Read` |
 
 ## Types of consent
+
 Applications in Azure AD rely on consent in order to gain access to necessary resources or APIs. There are a number of kinds of consent that your app may need to know about in order to be successful. If you are defining permissions, you will also need to understand how your users will gain access to your app or API.
 
 * **Static user consent** - Occurs automatically during the [OAuth 2.0 authorize flow](v1-protocols-oauth-code.md#request-an-authorization-code) when you specify the resource that your app wants to interact with. In the static user consent scenario, your app must have already specified all the permissions it needs in the app's configuration in the Azure portal. If the user (or administrator, as appropriate) has not granted consent for this app, then Azure AD will prompt the user to provide consent at this time. 
 
     Learn more about registering an Azure AD app that requests access to a static set of APIs.
 * **Dynamic user consent** - Is a feature of the v2 Azure AD app model. In this scenario, your app requests a set of permissions that it needs in the [OAuth 2.0 authorize flow for v2 apps](/azure/active-directory/develop/active-directory-v2-scopes#requesting-individual-user-consent). If the user has not consented already, they will be prompted to consent at this time. [Learn more about dynamic consent](/azure/active-directory/develop/active-directory-v2-compare#incremental-and-dynamic-consent).
 
-    > [!NOTE]
-    > Dynamic consent can be convenient, but presents a big challenge for permissions that require admin consent, since the admin consent experience doesn't know about those permissions at consent time. If you require admin privileged permissions, your app must register them in the Azure Portal.
+    > [!IMPORTANT]
+    > Dynamic consent can be convenient, but presents a big challenge for permissions that require admin consent, since the admin consent experience doesn't know about those permissions at consent time. If you require admin privileged permissions or if your app uses dynamic consent, you must register all of the permissions in the Azure portal (not just the subset of permissions that require admin consent). This enables tenant admins to consent on behalf of all their users.
   
 * **Admin consent** - Is required when your app needs access to certain high-privilege permissions. Admin consent ensures that administrators have some additional controls before authorizing apps or users to access highly privileged data from the organization. [Learn more about how to grant admin consent](/azure/active-directory/develop/active-directory-v2-scopes#using-the-admin-consent-endpoint).
 
@@ -80,7 +81,7 @@ Applications in Azure AD rely on consent in order to gain access to necessary re
 ### Client best practices
 
 - Only request for permissions that your app needs. Apps with too many permissions are at risk of exposing user data if they are compromised.
-- Choose between delegated permissions and application permissions based on the scenario that your app supports. 
+- Choose between delegated permissions and application permissions based on the scenario that your app supports.
     - Always use delegated permissions if the call is being made on behalf of a user.
     - Only use application permissions if the app is non-interactive and not making calls on behalf of any specific user. Application permissions are highly privileged and should only be used when absolutely necessary.
 - When using an app based on the v2.0 endpoint, always set the static permissions (those specified in your application registration) to be the superset of the dynamic permissions you request at runtime (those specified in code and sent as query parameters in your authorize request) so that scenarios like admin consent works correctly.
@@ -91,16 +92,11 @@ Applications in Azure AD rely on consent in order to gain access to necessary re
 - Resources should explicitly define `Read` and `ReadWrite` permissions separately.
 - Resources should mark any permissions that allow access to data across user boundaries as `Admin` permissions.
 - Resources should follow the naming pattern `Subject.Permission[.Modifier]`, where:
-    - `Subject` corresponds with the type of data that is available,
-    - `Permission` corresponds to the action that a user may take upon that data, and 
-    - `Modifier` is used optionally to describe specializations of another permission. 
+    - `Subject` corresponds with the type of data that is available
+    - `Permission` corresponds to the action that a user may take upon that data
+    - `Modifier` is used optionally to describe specializations of another permission
     
-    For example: 
+    For example:
     * Mail.Read - Allows users to read mail.
     * Mail.ReadWrite - Allows users to read or write mail.
     * Mail.ReadWrite.All - Allows an administrator or user to access all mail in the organization.
-
-
-
-
-