Bringing even with master.

Author: v-alje

articles/active-directory/fundamentals/identity-secure-score.md

@@ -23,7 +23,7 @@ ms.reviewer: nigu
 
 How secure is your Azure AD tenant? If you don't know how to answer this question, read this article to learn how the identity secure score helps you to monitor and improve your identity security posture. 
 
-## What is a secure score?
+## What is an identity secure score?
 
 The identity secure score is number between 1 and 248 that functions as indicator for how aligned you are with Microsoft's best practices recommendations for security.
 
@@ -66,17 +66,6 @@ By following the improvement actions, you can:
 
 - Take advantage of Microsoft’s Identity features. 
 
-The improvement actions take into consideration:
-
-- Privileged accounts
-
-- App management
-
-- Conditional access policies
-
-- Authentication methods
-
-- Auditing and reporting. 
 
 
 ## How do I get my secure score?
@@ -104,19 +93,25 @@ Additionally, you also have the option to set recommendations to be ignored if t
 
 ## How does it help me?
 
-Using the secure score helps increase your organization's security by encouraging you to use the built-in security features such as:
+The secure score helps you to:
+
+- Objectively measure your identity security posture
 
+- Plan identity security improvements
 
-Learning more about these features as you use the tool will help give you piece of mind that you're taking the right steps to protect your organization from threats.
+- Review the success of your improvements
 
-Customers who are using Secure Score have seen their score increase five times more than customers who aren't using it. (The increase in score corresponds with the security features being used in their organizations.)
 
 
 ## What you should know
 
-### Who can use Secure Score?
+### Who can use the identity secure score?
+
+The identity secure score can be used by the following roles:
 
-Anyone who has admin permissions (global admin or a custom admin role) for your Azure AD tenant. Users who aren't assigned an admin role can't access the score. However, admins can use the tool to share their results with other people in their organization. 
+- Global admin
+- Security admin 
+- Security readers 
 
 ### What does [Not Scored] mean?
 
@@ -126,9 +121,6 @@ Actions labeled as [Not Scored] are ones you can perform in your organization bu
 
 The score is calculated once per day (around 1:00 AM PST). If you make a change to a measured action, the score will automatically update the next day. It takes up to 48 hours for a change to be reflected in your score.
 
-### Who can see my results?
-
-Results are filtered to show scores only to people in your organization who are assigned an admin role (global admin or a custom admin role).
 
 ### My score changed. How do I figure out why?
 
@@ -162,14 +154,6 @@ The [Office 365 secure score](https://docs.microsoft.com/office365/securitycompl
 The identity secure score represents the identity part of of the Office 365 secure score. This means that your recommendations for the identity secure score and the identity score in Office 365 are the same. 
 
 
-### I have an idea for another control. How do I let you know what it is?
-We'd love to hear from you. Post your ideas on the Office Security, Privacy & Compliance community. We're listening and want the Secure Score to include all options that are important to you.
-
-Something isn't working right. Who should I contact?
-If you have any issues, let us know by posting on the Office Security, Privacy & Compliance community. We're monitoring the community and will provide help.
-
-### My organization only has certain security features. Does this affect my score?
-The Secure Score calculates your score based on the services you purchased. For example, if you only purchased an Exchange Online plan, you won't be scored for SharePoint Online security features. The denominator of the score is the sum of all the baselines for the controls that apply to the products you purchased. The numerator is the sum of all the controls for which you completed, or partially completed, the actions to fulfill that control.
 ## Next steps
 
 If you would like to see a video about the Office 365 secure score, click [here](https://www.youtube.com/watch?v=jzfpDJ9Kg-A).

articles/active-directory/user-help/microsoft-authenticator-app-faq.md

@@ -40,7 +40,7 @@ The Microsoft Authenticator app replaced the Azure Authenticator app, and is the
 |Why does the Microsoft Authenticator app allow you to approve a request without unlocking the device?|You don't have to unlock your device to approve verification requests because all you need to prove is that you have your phone with you. Two-step verification requires proving two things – a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with the Microsoft Authenticator app and registered as an MFA proof.) Therefore, having the phone and approving the request meets the criteria for the second factor of authentication.|
 |Why aren’t all my accounts showing up when I open the Microsoft Authenticator app on my Apple Watch?|The Microsoft Authenticator app only supports using Microsoft personal or school or work accounts with push notifications on the Apple Watch companion app. For your other accounts, like Google or Facebook, you’ll have to open the authenticator app on your phone to view your verification codes.|
 |Why can’t I approve or deny notifications on my Apple Watch?|First, make sure you’ve upgraded to the Microsoft Authenticator app, version 6.0.0 or higher on your iPhone. After that, open the Microsoft Authenticator companion app on your Apple Watch and look for any accounts with a **Set Up** button beneath them. You must complete that set up process to approve notifications for those accounts.|
-|Why am I getting the error, **Unable to communicate with the phone while using the Microsoft Authenticator companion app on the Apple Watch**?|If your phone and watch aren’t communicating, you can try the following:<ol><li>Force quit the Microsoft Authenticator phone app and open it again on your iPhone.</li><li>Force quit the companion app on your Apple Watch.<ol><li> Open the Microsoft Authenticator companion app on your Watch</li><li>Hold down the side button until the **Shutdown** screen appears.</li><li>Release the side button and hold down the Digital Crown to force quit the active app.</li></ol></li><li>Turn off both Bluetooth and Wi-Fi for both your phone and your Watch, and then turn them back on.</li><li>Restart your iPhone and your Watch.</li></ol>|
+|I’m getting a communication error between the Apple Watch and my phone. What can I do to troubleshoot?|This error happens when your Watch screen goes to sleep before it finishes communicating with your phone.<br><br><b>If this happens during setup:</b><br>Try to run setup again, making sure to keep your Watch awake until the process is done. At the same time, open the app on your phone and respond to any prompts that appear.<br><br>If your phone and Watch still aren’t communicating, you can try the following:<ol><li>Force quit the Microsoft Authenticator phone app and open it again on your iPhone.</li><li>Force quit the companion app on your Apple Watch.<ol><li> Open the Microsoft Authenticator companion app on your Watch</li><li>Hold down the side button until the **Shutdown** screen appears.</li><li>Release the side button and hold down the Digital Crown to force quit the active app.</li></ol></li><li>Turn off both Bluetooth and Wi-Fi for both your phone and your Watch, and then turn them back on.</li><li>Restart your iPhone and your Watch.</li></ol><b>If this happens when you’re trying to approve a notification:</b><br>The next time you try to approve a notification on your Apple Watch, keep the screen awake until the request is complete and you hear the sound that indicates it was successful.|
 |Why isn’t the Microsoft Authenticator companion app for Apple Watch syncing or showing up on my watch?|If the app isn’t showing up on your Watch, try the following: <ol><li>Make sure your Watch is running watchOS 4.0 or higher.</li><li>Sync your Watch again.</li></ol>|
 |My Apple Watch companion app crashed. Can I send you my crash logs so you can investigate? |You first have to make sure you’ve chosen to share your analytics with us. If you’re a TestFlight user, you’re already signed up. Otherwise, you can go to **Settings > Privacy > Analytics** and select both the **Share iPhone & Watch analytics** and the **Share with App Developers** options.<br><br>After you sign up, you can try to reproduce your crash so your crash logs are automatically sent to us for investigation. However, if you can’t reproduce your crash, you can manually copy your log files and send them to us.<ol><li>Open the Watch app on your phone, go to **Settings > General**, and then click **Copy Watch Analytics**.</li><li>Find the corresponding crash under **Settings > Privacy > Analytics > Analytics Data**, and then manually copy the entire text.</li><li>Open the Microsoft Authenticator app on your phone and paste that copied text into the **Share with App Developers** text box on the **Send logs** page.</li></ol>|
 

articles/application-insights/app-insights-diagnostic-search.md

@@ -12,7 +12,7 @@ ms.workload: tbd
 ms.tgt_pltfrm: ibiza
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 07/18/2018
+ms.date: 09/20/2018
 ms.author: mbullwin
 
 ---
@@ -119,8 +119,8 @@ Here are the search expressions you can use:
 | Sample query | Effect |
 | --- | --- |
 | `apple` |Find all events in the time range whose fields include the word "apple" |
-| `apple AND banana` |Find events that contain both words. Use capital "AND", not "and". |
-| `apple OR banana`<br/>`apple banana` |Find events that contain either word. Use "OR", not "or".<br/>Short form. |
+| `apple AND banana` <br/>`apple banana` |Find events that contain both words. Use capital "AND", not "and". |
+| `apple OR banana` |Find events that contain either word. Use "OR", not "or".<br/>Short form. |
 | `apple NOT banana` |Find events that contain one word but not the other. |
 
 ## Sampling

articles/application-insights/app-insights-profiler.md

@@ -18,7 +18,7 @@ ms.author: mbullwin
 ---
 # Profile live Azure web apps with Application Insights
 
-This feature of Azure Application Insights is generally available for the Web Apps feature of Azure App Service and is in preview for Azure compute resources. For information regarding [on premises use of profiler](https://docs.microsoft.com/azure/application-insights/enable-profiler-compute#enable-profiler-on-on-premises-servers).
+This feature of Azure Application Insights is generally available for the Web Apps feature of Azure App Service and Azure compute resources. For information regarding [on premises use of profiler](https://docs.microsoft.com/azure/application-insights/enable-profiler-compute#enable-profiler-on-on-premises-servers).
 
 This article discusses the amount of time that's spent in each method of your live web application when you use [Application Insights](app-insights-overview.md). The Application Insights Profiler tool displays detailed profiles of live requests that were served by your app. Profiler highlights the *hot path* that uses the most time. Requests with various response times are profiled on a sampling basis. By using a variety of techniques, you can minimize the overhead that's associated with the application.
 

articles/automation/automation-update-azure-modules.md

@@ -6,7 +6,7 @@ ms.service: automation
 ms.component: process-automation
 author: georgewallace
 ms.author: gwallace
-ms.date: 03/16/2018
+ms.date: 09/19/2018
 ms.topic: conceptual
 manager: carmonm
 ---
@@ -39,8 +39,10 @@ Because modules are updated regularly by the product group, changes can occur wi
 
     If the modules are already up-to-date, then the process completes in a few seconds. When the update process completes, you are notified.<br><br> ![Update Azure Modules update status](media/automation-update-azure-modules/automation-update-azure-modules-updatestatus.png)
 
+    The .NET core AzureRm modules (AzureRm.*.Core) are not supported in Azure Automation and can not be imported.
+
 > [!NOTE]
-> Azure Automation uses the latest modules in your Automation account when a new scheduled job is run.    
+> Azure Automation uses the latest modules in your Automation account when a new scheduled job is run.  
 
 If you use cmdlets from these Azure PowerShell modules in your runbooks, you want to run this update process every month or so to make sure that you have the latest modules. Azure Automation uses the AzureRunAsConnection connection to authenticate when updating the modules, if the service principal is expired or no longer exists on the subscription level, the module update will fail.
 

articles/automation/automation-update-management.md

@@ -29,7 +29,7 @@ The following diagram shows a conceptual view of the behavior and data flow with
 
 ![Update Management process flow](media/automation-update-management/update-mgmt-updateworkflow.png)
 
-Update Management can be used to natively onboard machines in multiple subscriptions in the same tenant. To manage machines in a different tenant you must onboard them as [Non-Azure machines](automation-onboard-solutions-from-automation-account.md#onboard-a-non-azure-machine).
+Update Management can be used to natively onboard machines in multiple subscriptions in the same tenant. To manage machines in a different tenant you must onboard them as [Non-Azure machines](automation-onboard-solutions-from-automation-account.md#onboard-a-non-azure-machine). 
 
 After a computer performs a scan for update compliance, the agent forwards the information in bulk to Azure Log Analytics. On a Windows computer, the compliance scan is performed every 12 hours by default.
 
@@ -50,6 +50,8 @@ Updates are installed by runbooks in Azure Automation. You can't view these runb
 
 At the date and time specified in the update deployment, the target computers execute the deployment in parallel. Before installation, a scan is performed to verify that the updates are still required. For WSUS client computers, if the updates aren't approved in WSUS, the update deployment fails.
 
+Having a machine registered for Update Management in multiple Log Analytics Workspaces (multi-homing) is not supported.
+
 ## Clients
 
 ### Supported client types
@@ -193,18 +195,6 @@ To avoid updates being applied outside of a maintenance window on Ubuntu, reconf
 
 Virtual machines that were created from the on-demand Red Hat Enterprise Linux (RHEL) images that are available in the Azure Marketplace are registered to access the [Red Hat Update Infrastructure (RHUI)](../virtual-machines/virtual-machines-linux-update-infrastructure-redhat.md) that's deployed in Azure. Any other Linux distribution must be updated from the distribution's online file repository by following the distribution's supported methods.
 
-## View missing updates
-
-Select **Missing updates** to view the list of updates that are missing from your machines. Each update is listed and can be selected. Information about the number of machines that require the update, the operating system, and a link for more information is shown. The **Log search** pane shows more details about the updates.
-
-## View update deployments
-
-Select the **Update Deployments** tab to view the list of existing update deployments. Select any of the update deployments in the table to open the **Update Deployment Run** pane for that update deployment.
-
-![Overview of update deployment results](./media/automation-update-management/update-deployment-run.png)
-
-## Create or edit an update deployment
-
 To create a new update deployment, select **Schedule update deployment**. The **New Update Deployment** pane opens. Enter values for the properties described in the following table and then click **Create**:
 
 | Property | Description |
@@ -220,6 +210,20 @@ To create a new update deployment, select **Schedule update deployment**. The **
 | Maintenance window |Number of minutes set for updates. The value can be not be less than 30 minutes and no more than 6 hours |
 | Reboot control| Determines how reboots should be handled. Available options are:</br>Reboot if required (Default)</br>Always reboot</br>Never reboot</br>Only reboot - will not install updates|
 
+Update Deployments can also be created programmatically. To learn how to create an Update Deployment with the REST API, see [Software Update Configurations - Create](/rest/api/automation/softwareupdateconfigurations/create). There is also a sample runbook that can be used to create a weekly Update Deployment. To learn more about this runbook, see [Create a weekly update deployment for one or more VMs in a resource group](https://gallery.technet.microsoft.com/scriptcenter/Create-a-weekly-update-2ad359a1).
+
+## View missing updates
+
+Select **Missing updates** to view the list of updates that are missing from your machines. Each update is listed and can be selected. Information about the number of machines that require the update, the operating system, and a link for more information is shown. The **Log search** pane shows more details about the updates.
+
+## View update deployments
+
+Select the **Update Deployments** tab to view the list of existing update deployments. Select any of the update deployments in the table to open the **Update Deployment Run** pane for that update deployment.
+
+![Overview of update deployment results](./media/automation-update-management/update-deployment-run.png)
+
+To view an update deployment from the REST API, see [Software Update Configuration Runs](/rest/api/automation/softwareupdateconfigurationruns).
+
 ## Update classifications
 
 The following tables list the update classifications in Update Management, with a definition for each classification.
@@ -544,3 +548,5 @@ Continue to the tutorial to learn how to manage updates for your Windows virtual
 
 * Use log searches in [Log Analytics](../log-analytics/log-analytics-log-searches.md) to view detailed update data.
 * [Create alerts](../log-analytics/log-analytics-alerts.md) when critical updates are detected as missing from computers or if a computer has automatic updates disabled.
+
+* To learn how to interact with Update Management through the REST API, see [Software Update Configurations](/rest/api/automation/softwareupdateconfigurations)

articles/azure-stack/azure-stack-csp-howto-register-tenants.md

@@ -12,7 +12,7 @@ ms.workload: na
 pms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 07/12/2018
+ms.date: 09/19/2018
 ms.author: sethm
 ms.reviewer: alfredo
 
@@ -66,9 +66,9 @@ Update your registration with the new customer’s subscription. Azure reports t
 ### New-AzureRmResource PowerShell parameters
 | Parameter | Description |
 | --- | --- | 
-|registrationSubscriptionID | The Azure subscription that was used for the initial registration of the Azure Stack. |
-| customerSubscriptionID | The Azure subscription (not Azure Stack) belonging to the customer to be registered. Must be created in the CSP offer; in practice, this means through Partner Center. If a customer has more than one Azure Active Directory tenant, this subscription must be created in the tenant that will be used to log into Azure Stack.
-| resourceGroup | The resource group in Azure in which your registration is stored. 
+|registrationSubscriptionID | The Azure subscription that was used for the initial registration of the Azure Stack.|
+| customerSubscriptionID | The Azure subscription (not Azure Stack) belonging to the customer to be registered. Must be created in the CSP offer; in practice, this means through Partner Center. If a customer has more than one Azure Active Directory tenant, this subscription must be created in the tenant that will be used to log into Azure Stack. The customer subscription ID must use lowercase letters. |
+| resourceGroup | The resource group in Azure in which your registration is stored. |
 | registrationName | The name of the registration of your Azure Stack. It is an object stored in Azure. | 
 | Properties | Specifies properties for the resource. Use this parameter to specify the values of properties that are specific to the resource type.