Merge pull request #157982 from MicrosoftDocs/master

5/10 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -5240,6 +5240,11 @@
       "redirect_url": "/azure/architecture/vdc/networking-virtual-datacenter",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/automation/how-to/remove-desired-state-configuration-package.md",
+      "redirect_url": "/azure/automation/state-configuration/remove-node-and-configuration-package",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/automation/automation-watchers-tutorial.md",
       "redirect_url": "/azure/automation/automation-scenario-using-watcher-task",

.openpublishing.redirection.media-services.json

@@ -607,7 +607,7 @@
         },
         {
             "source_path_from_root": "/articles/media-services/video-indexer/observed-people-tracing.md",
-            "redirect_url": "azure/media-services/",
+            "redirect_url": "../../media-services/",
             "redirect_document_id": false
         },
         {

articles/active-directory/develop/howto-configure-publisher-domain.md

@@ -82,14 +82,16 @@ If your app isn't registered in a tenant, you'll only see the option to verify a
 
 1. Click the **Verify and save domain** button.
 
+You're not required to maintain the resources that are used for verification after a domain has been verified. When the verification is finished, you can remove the hosted file.
+
 ### To select a verified domain
 
-- If your tenant has verified domains, select one of the domains from the **Select a verified domain** dropdown.
+If your tenant has verified domains, select one of the domains from the **Select a verified domain** dropdown.
 
->[!Note]
-> The expected 'Content-Type' header that should be returned is `application/json`. You may get an error as mentioned below if you use anything else like `application/json; charset=utf-8` 
+> [!NOTE]
+> The expected `Content-Type` header that should be returned is `application/json`. You may get an error as mentioned below if you use anything else, like `application/json; charset=utf-8`:
 > 
->``` "Verification of publisher domain failed. Error getting JSON file from https:///.well-known/microsoft-identity-association. The server returned an unexpected content type header value. " ```
+> `Verification of publisher domain failed. Error getting JSON file from https:///.well-known/microsoft-identity-association. The server returned an unexpected content type header value.`
 >
 
 ## Implications on the app consent prompt

articles/active-directory/develop/quickstart-v2-android.md

@@ -109,12 +109,6 @@ We'll now look at these files in more detail and call out the MSAL-specific code
 
 MSAL ([com.microsoft.identity.client](https://javadoc.io/doc/com.microsoft.identity.client/msal)) is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. Gradle 3.0+ installs the library when you add the following to **Gradle Scripts** > **build.gradle (Module: app)** under **Dependencies**:
 
-```gradle
-implementation 'com.microsoft.identity.client:msal:2.+'
-```
-
-You can see this in the sample project in build.gradle (Module: app):
-
 ```java
 dependencies {
     ...
@@ -125,6 +119,30 @@ dependencies {
 
 This instructs Gradle to download and build MSAL from maven central.
 
+You must also add references to maven to the **allprojects** > **repositories** portion of the **build.gradle (Module: app)** like so:
+
+```java
+allprojects {
+    repositories {
+        mavenCentral()
+        google()
+        mavenLocal()
+        maven {
+            url 'https://pkgs.dev.azure.com/MicrosoftDeviceSDK/DuoSDK-Public/_packaging/Duo-SDK-Feed/maven/v1'
+        }
+        maven {
+            name "vsts-maven-adal-android"
+            url "https://identitydivision.pkgs.visualstudio.com/_packaging/AndroidADAL/maven/v1"
+            credentials {
+                username System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") : project.findProperty("vstsUsername")
+                password System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") : project.findProperty("vstsMavenAccessToken")
+            }
+        }
+        jcenter()
+    }
+}
+```
+
 ### MSAL imports
 
 The imports that are relevant to the MSAL library are `com.microsoft.identity.client.*`.  For example, you'll see `import com.microsoft.identity.client.PublicClientApplication;` which is the namespace for the `PublicClientApplication` class, which represents your public client application.

articles/active-directory/develop/tutorial-v2-android.md

@@ -148,18 +148,36 @@ If you do not already have an Android application, follow these steps to set up
 
 ### Add MSAL to your project
 
-1. In the Android Studio project window, navigate to **app** > **src** > **build.gradle** and add the following:
+1. In the Android Studio project window, navigate to **app** > **build.gradle** and add the following:
 
     ```gradle
-    repositories{
+    apply plugin: 'com.android.application'
+   
+    allprojects {
+     repositories {
+        mavenCentral()
+        google()
+        mavenLocal()
+        maven {
+            url 'https://pkgs.dev.azure.com/MicrosoftDeviceSDK/DuoSDK-Public/_packaging/Duo-SDK-Feed/maven/v1'
+        }
+        maven {
+            name "vsts-maven-adal-android"
+            url "https://identitydivision.pkgs.visualstudio.com/_packaging/AndroidADAL/maven/v1"
+            credentials {
+                username System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") : project.findProperty("vstsUsername")
+                password System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") : project.findProperty("vstsMavenAccessToken")
+            }
+        }
         jcenter()
+     }
     }
     dependencies{
-        implementation 'com.microsoft.identity.client:msal:2.+'
-        implementation 'com.microsoft.graph:microsoft-graph:1.5.+'
-    }
+     implementation 'com.microsoft.identity.client:msal:2.+'
+     implementation 'com.microsoft.graph:microsoft-graph:1.5.+'
+     }
     packagingOptions{
-        exclude("META-INF/jersey-module-version")
+     exclude("META-INF/jersey-module-version")
     }
     ```
     [More on the Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-java/)

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -58,24 +58,24 @@ This feature is now available in the following Azure clouds:
 To enable Azure AD authentication for your Windows VMs in Azure, you need to ensure your VMs network configuration permits outbound access to the following endpoints over TCP port 443:
 
 For Azure Global
-- https://enterpriseregistration.windows.net For device registration.
-- http://169.254.169.254 For Azure Instance Metadata Service endpoint.
-- https://login.microsoftonline.com For authentication flows.
-- https://pas.windows.net For Azure RBAC flows.
+- `https://enterpriseregistration.windows.net` - For device registration.
+- `http://169.254.169.254` - Azure Instance Metadata Service endpoint.
+- `https://login.microsoftonline.com` - For authentication flows.
+- `https://pas.windows.net` - For Azure RBAC flows.
 
 
 For Azure Government
-- https://enterpriseregistration.microsoftonline.us For device registration.
-- http://169.254.169.254 For Azure Instance Metadata Service.
-- https://login.microsoftonline.us For authentication flows.
-- https://pasff.usgovcloudapi.net For Azure RBAC flows.
+- `https://enterpriseregistration.microsoftonline.us` - For device registration.
+- `http://169.254.169.254` - Azure Instance Metadata Service.
+- `https://login.microsoftonline.us` - For authentication flows.
+- `https://pasff.usgovcloudapi.net` - For Azure RBAC flows.
 
 
 For Azure China
-- https://enterpriseregistration.partner.microsoftonline.cn For device registration.
-- http://169.254.169.254 Azure Instance Metadata Service endpoint.
-- https://login.chinacloudapi.cn For authentication flows.
-- https://pas.chinacloudapi.cn For Azure RBAC flows.
+- `https://enterpriseregistration.partner.microsoftonline.cn` - For device registration.
+- `http://169.254.169.254` - Azure Instance Metadata Service endpoint.
+- `https://login.chinacloudapi.cn` - For authentication flows.
+- `https://pas.chinacloudapi.cn' - For Azure RBAC flows.
 
 
 ## Enabling Azure AD login in for Windows VM in Azure
@@ -239,6 +239,10 @@ You are now signed in to the Windows Server 2019 Azure virtual machine with the
 > [!NOTE]
 > You can save the .RDP file locally on your computer to launch future remote desktop connections to your virtual machine instead of having to navigate to virtual machine overview page in the Azure portal and using the connect option.
 
+## Using Azure Policy to ensure standards and assess compliance
+
+Use Azure policy to ensure Azure AD login is enabled for your new and existing Windows virtual machines and assess compliance of your environment at scale on your Azure policy compliance dashboard. With this capability, you can use many levels of enforcement: you can flag new and existing Windows VMs within your environment that do not have Azure AD login enabled. You can also use Azure policy to deploy the Azure AD extension on new Windows VMs that do not have Azure AD login enabled, as well as remediate existing Windows VMs to the same standard. In addition to these capabilities, you can also use policy to detect and flag VMs have non-approved local accounts on their machines. To learn more, review [Azure policy](https://www.aka.ms/AzurePolicy).
+
 ## Troubleshoot
 
 ### Troubleshoot deployment issues

articles/active-directory/external-identities/external-identities-pricing.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 09/21/2020
+ms.date: 05/05/2021
 
 ms.author: mimart
 author: msmimart
@@ -35,8 +35,8 @@ To take advantage of MAU billing, your Azure AD tenant must be linked to an Azur
 ## About monthly active users (MAU) billing
 
 In your Azure AD tenant, guest user collaboration usage is billed based on the count of unique guest users with authentication activity within a calendar month. This model replaces the 1:5 ratio billing model, which allowed up to five guest users for each Azure AD Premium license in your tenant. When your tenant is linked to a subscription and you use External Identities features to collaborate with guest users, you'll be automatically billed using the MAU-based billing model.
-  
-The pricing tier that applies to your guest users is based on the highest pricing tier assigned to your Azure AD tenant. For example, if the highest pricing tier in your tenant is Azure AD Premium P1, the Premium P1 pricing tier also applies to your guest users. If the highest pricing is Azure AD Free, you'll be asked to upgrade to a premium pricing tier when you try to use premium features for guest users.
+
+The pricing tier that applies to your guest users is based on the highest pricing tier assigned to your Azure AD tenant. For more information, see [Azure Active Directory External Identities Pricing](https://azure.microsoft.com/en-us/pricing/details/active-directory/external-identities/).
 
 ## Link your Azure AD tenant to a subscription
 

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

@@ -50,7 +50,7 @@ For a demonstration of how to add a multi-stage approval to a request policy, wa
 
 Follow these steps to specify the approval settings for requests for the access package:
 
-**Prerequisite role:** Global administrator, User administrator, Catalog owner, or Access package manager
+**Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
 
 1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
 

articles/active-directory/governance/entitlement-management-access-package-assignments.md

@@ -34,7 +34,7 @@ To use Azure AD entitlement management and assign users to access packages, you
 
 ## View who has an assignment
 
-**Prerequisite role:** Global administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager
+**Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager
 
 1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
 

articles/active-directory/governance/entitlement-management-access-package-create.md

@@ -53,7 +53,7 @@ Here are the high-level steps to create a new access package.
 
 ## Start new access package
 
-**Prerequisite role:** Global administrator, User administrator, Catalog owner, or Access package manager
+**Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -73,11 +73,11 @@ On the **Basics** tab, you give the access package a name and specify which cata
 
 1. In the **Catalog** drop-down list, select the catalog you want to create the access package in. For example, you might have a catalog owner that manages all the marketing resources that can be requested. In this case, you could select the marketing catalog.
 
-    You will only see catalogs you have permission to create access packages in. To create an access package in an existing catalog, you must be a Global administrator or User administrator, or you must be a catalog owner or access package manager in that catalog.
+    You will only see catalogs you have permission to create access packages in. To create an access package in an existing catalog, you must be a Global administrator, Identity Governance administrator or User administrator, or you must be a catalog owner or access package manager in that catalog.
 
     ![Access package - Basics](./media/entitlement-management-access-package-create/basics.png)
 
-    If you are a Global administrator, a User administrator, or catalog creator and you would like to create your access package in a new catalog that's not listed, click **Create new catalog**. Enter the Catalog name and description and then click **Create**.
+    If you are a Global administrator, an Identity Governance administrator, a User administrator, or catalog creator and you would like to create your access package in a new catalog that's not listed, click **Create new catalog**. Enter the Catalog name and description and then click **Create**.
 
     The access package you are creating and any resources included in it will be added to the new catalog. You can also  add additional catalog owners later.