Merge pull request #104844 from MicrosoftDocs/master

Merge Master to Live, 4 AM

Author: PMEds28

.openpublishing.redirection.json

@@ -41230,6 +41230,26 @@
       "redirect_url": "/azure/azure-monitor/platform/diagnostic-settings-legacy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-monitor/platform/azure-storage-iis-table.md",
+      "redirect_url": "/azure/azure-monitor/platform/diagnostics-extension-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/platform/diagnostics-extension-schema-1dot3.md",
+      "redirect_url": "/azure/azure-monitor/platform/diagnostics-extension-schema-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/platform/diagnostics-extension-schema.md",
+      "redirect_url": "/azure/azure-monitor/platform/diagnostics-extension-versions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/platform/diagnostics-extension-to-storage.md",
+      "redirect_url": "/azure/azure-monitor/cloud-services/diagnostics-extension-to-storage",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/machine-learning/service/how-to-automated-ml.md",
       "redirect_url": "/azure/machine-learning/service/concept-automated-ml",
@@ -47088,8 +47108,8 @@
     },
     {
       "source_path": "articles/terraform/terraform-vm-msi.md",
-      "redirect_url": "/azure/terraform/terraform-vm-managed-identities-for-azure-resources",
-      "redirect_document_id": true
+      "redirect_url": "/azure/terraform/terraform-create-complete-vm",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/speech-service/quickstart-csharp-dotnet-windows.md",
@@ -48534,22 +48554,37 @@
     {
       "source_path": "articles/virtual-machines/linux/ansible-install-configure.md",
       "redirect_url": "/azure/ansible/ansible-install-configure",
-      "redirect_document_id": false
+      "redirect_document_id": true
     },
     {
       "source_path": "articles/virtual-machines/linux/ansible-create-vm.md",
       "redirect_url": "/azure/ansible/ansible-create-vm",
-      "redirect_document_id": false
+      "redirect_document_id": true
     },
     {
       "source_path": "articles/virtual-machines/linux/ansible-manage-linux-vm.md",
       "redirect_url": "/azure/ansible/ansible-manage-linux-vm",
-      "redirect_document_id": false
+      "redirect_document_id": true
     },
     {
       "source_path": "articles/app-service/containers/tutorial-java-enterprise-postgresql-app.md",
       "redirect_url": "/azure/app-service/containers/configure-language-java",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/terraform-install-configure.md",
+      "redirect_url": "/azure/terraform/terraform-install-configure",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/terraform-create-complete-vm.md",
+      "redirect_url": "/azure/terraform/terraform-create-complete-vm",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/terraform/terraform-vm-managed-identities-for-azure-resources.md",
+      "redirect_url": "/azure/terraform/terraform-create-complete-vm",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/conditional-access/plan-conditional-access.md

@@ -29,6 +29,9 @@ There are two types of Conditional Access policies: baseline and standard. A [ba
 
 In a standard Conditional Access policy, you can customize all settings to adjust the policy to your business requirements. Standard policies require an Azure AD Premium P1 license.
 
+>[!NOTE]
+> We recommend using Azure AD device based Conditional Access policy to get the best enforcement after initial device authentication. This includes closing sessions if the device falls out of compliance and device code flow.
+
 ## Draft policies
 
 Azure Active Directory Conditional Access enables you to bring the protection of your cloud apps to a new level. In this new level, how you can access a cloud app is based on a dynamic policy evaluation instead of a static access configuration. With a Conditional Access policy, you define a response (**do this**) to an access condition (**when this happens**).

articles/active-directory/conditional-access/require-managed-devices.md

@@ -29,6 +29,10 @@ Requiring managed devices for cloud app access ties **Azure AD Conditional Acces
 - **[Conditional Access in Azure Active Directory](../active-directory-conditional-access-azure-portal.md)** - This article provides you with a conceptual overview of Conditional Access and the related terminology.
 - **[Introduction to device management in Azure Active Directory](../devices/overview.md)** - This article gives you an overview of the various options you have to get devices under organizational control. 
 
+>[!IMPORTANT] 
+> We recommend using Azure AD device based Conditional Access policy to get the best enforcement after initial device authentication. This includes closing sessions if the device falls out of compliance and device code flow.
+
+
 ## Scenario description
 
 Mastering the balance between security and productivity is a challenge. The proliferation of supported devices to access your cloud resources helps to improve the productivity of your users. On the flip side, you probably don't want certain resources in your environment to be accessed by devices with an unknown protection level. For the affected resources, you should require that users can only access them using a managed device. 

articles/active-directory/develop/howto-convert-app-to-be-multi-tenant.md

@@ -11,9 +11,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 12/10/2019
+ms.date: 02/19/2020
 ms.author: ryanwi
-ms.reviewer: jmprieur, lenalepa, sureshja
+ms.reviewer: jmprieur, lenalepa, sureshja, kkrishna
 ms.custom: aaddev
 ---
 
@@ -33,7 +33,7 @@ There are four simple steps to convert your application into an Azure AD multi-t
 3. [Update your code to handle multiple issuer values](#update-your-code-to-handle-multiple-issuer-values)
 4. [Understand user and admin consent and make appropriate code changes](#understand-user-and-admin-consent)
 
-Let’s look at each step in detail. You can also jump straight to [this list of multi-tenant samples](https://docs.microsoft.com/samples/browse/?products=azure-active-directory).
+Let’s look at each step in detail. You can also jump straight to the sample [Build a multi-tenant SaaS web application that calls Microsoft Graph using Azure AD and OpenID Connect](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/2-WebApp-graph-user/2-3-Multi-Tenant/README.md).
 
 ## Update registration to be multi-tenant
 

articles/active-directory/managed-identities-azure-resources/overview.md

@@ -19,7 +19,7 @@ ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
 
-# What is managed identities for Azure resources?
+# What are managed identities for Azure resources?
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 

articles/active-directory/reports-monitoring/reference-sign-ins-error-codes.md

@@ -14,7 +14,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/08/2019
+ms.date: 02/19/2020
 ms.author: markvi
 ms.reviewer: dhanyahk
 
@@ -130,6 +130,7 @@ You can also programmatically access the sign-in data using the [reporting API](
 |50178|Session Control  is not supported for passthrough users.|
 |50180|Windows Integrated authentication is needed. Enable the tenant for Seamless SSO.|
 |50181|OTP related failure during sign-in. |
+|50194|Application '{appId}'({appName}) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '{time}'. Use a tenant-specific endpoint or configure the application to be multi-tenant.|
 |50201|This message prompt interrupt will be shown to the user during login when additional information should be provided to user.|
 |51001|Domain Hint is not present with On-Premises Security Identifier - On-Premises UPN.|
 |51004|User account doesn’t exist in the directory.|
@@ -185,13 +186,19 @@ You can also programmatically access the sign-in data using the [reporting API](
 |90072| The account needs to be added as an external user in the tenant first. Sign-out and sign-in again with a different Azure AD account.|
 |90094| The app has requested permissions which the signed-in user is not allowed to consent to, and the user was blocked. |
 |90095| The app has requested permissions which the signed-in user is not allowed to consent to, and the user was shown the [admin consent request](../manage-apps/configure-admin-consent-workflow.md) form. |
+|130500|Phone sign in was blocked due to User Credential Policy.|
 |500011| The resource principal named <site address> was not found in the tenant named <tenant ID>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.|
+|500014|Resource '{identifier}' is disabled.|
 |500021| Tenant is restricted by company proxy. Denying the resource access.|
 |500121| Authentication failed during strong authentication request.|
 |500133| The assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token.|
+|500172|Certificate '{name}' issued by '{issuer}' is not valid. Current time: '{curTime}'. Certificate NotBefore: '{startTime}'. Certificate NotAfter: '{endTime}'.|
+|501291|Client app is a Mam app, device is not registered and request is sent using a broker. Work place join needs to be done to register the device before the app can be accessed.|
+|530003|Your device is required to be managed to access this resource.|
 |530021|Application does not meet the Conditional Access approved app requirements.|
 |530032|Blocked by security policy.| 
 |700016|Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.|
+|700051|Response_type 'token' is not enabled for the application. The application requested an unsupported response type due to the following reasons: response_type 'token' is not enabled for the application. Application owner should go to the Azure portal or call MS Graph to enable the implicit access token grant.|
 |900432|Confidential Client is not supported in Cross Cloud request.|
 |5000811|Unable to verify SAML token signature. The signing key identifier does not match any valid registered keys.|
 |7000215|Invalid client secret was provided.|

articles/aks/certificate-rotation.md

@@ -38,7 +38,7 @@ AKS generates and uses the following certificates, Certificate Authorities, and
 > 
 > Additionally, you can check the expiration date of your cluster's certificate. For example, the following command displays the certificate details for the *myAKSCluster* cluster.
 > ```console
-> kubectl config view --raw -o jsonpath='{.clusters[?(@.name == "myAKSCluster")].cluster.certificate-authority-data}' | base64 -d > my-cert.crt
+> kubectl config view --raw -o jsonpath="{.clusters[?(@.name == 'myAKSCluster')].cluster.certificate-authority-data}" | base64 -d > my-cert.crt
 > openssl x509 -in my-cert.crt -text
 > ```
 

articles/aks/quotas-skus-regions.md

@@ -28,7 +28,7 @@ All other network, compute, and storage limitations apply to the provisioned inf
 
 ## Restricted VM sizes
 
-Each node in an AKS cluster contains a fixed amount of compute resources such as vCPU and memory. If an AKS node contains insufficient compute resources, pods might fail to run correctly. To ensure that the required *kube-system* pods and your applications can reliably be scheduled, don't use the following VM SKUs in AKS:
+Each node in an AKS cluster contains a fixed amount of compute resources such as vCPU and memory. If an AKS node contains insufficient compute resources, pods might fail to run correctly. To ensure that the required *kube-system* pods and your applications can reliably be scheduled, **don't use the following VM SKUs in AKS**:
 
 - Standard_A0
 - Standard_A1

articles/api-management/import-api-from-oas.md

@@ -20,7 +20,7 @@ ms.author: apimpm
 This article shows how to import an "OpenAPI specification" back-end API residing at https://conferenceapi.azurewebsites.net?format=json. This back-end API is provided by Microsoft and hosted on Azure. The article also shows how to test the APIM API.
 
 > [!IMPORTANT]
-> See this [document](https://blogs.msdn.microsoft.com/apimanagement/2018/04/11/important-changes-to-openapi-import-and-export/) for important information and tips related to OpenAPI import.
+> See this [document](https://azure.microsoft.com/blog/announcing-the-preview-of-openapi-specification-v3-support-in-azure-api-management/) for important information and tips related to OpenAPI import.
 
 In this article, you learn how to:
 

articles/azure-app-configuration/TOC.yml

@@ -1,4 +1,4 @@
-- name: Azure App Configuration Preview documentation
+- name: Azure App Configuration documentation
   href: index.yml
 - name: Overview
   items:
@@ -59,6 +59,8 @@
   items:
     - name: Key-value store
       href: concept-key-value.md
+    - name: Encrypt using customer-managed keys
+      href: concept-customer-managed-keys.md
     - name: Point-in-time snapshot
       href: concept-point-time-snapshot.md
     - name: Feature management
@@ -67,14 +69,18 @@
       href: concept-github-action.md
     - name: Event handling
       href: concept-app-configuration-event.md
+    - name: Authentication
+      items:
+        - name: Integrate with Azure Managed Identity
+          href: howto-integrate-azure-managed-service-identity.md
+        - name: Enable access using Azure Active Directory
+          href: concept-enable-rbac.md
     - name: High availability
       items:
         - name: Resiliency and disaster recovery
           href: concept-disaster-recovery.md
 - name: How-to guides
   items:
-    - name: Integrate with Azure Managed Identity
-      href: howto-integrate-azure-managed-service-identity.md
     - name: Import or export configuration data
       href: howto-import-export-data.md
     - name: Route events to a custom endpoint
@@ -86,12 +92,12 @@
     - name: Configuration
       items:
         - name: Azure CLI
-          href: https://docs.microsoft.com/cli/azure/ext/appconfig/appconfig?view=azure-cli-latest
+          href: https://docs.microsoft.com/cli/azure/appconfig?view=azure-cli-latest
         - name: .NET Core provider
           href: https://go.microsoft.com/fwlink/?linkid=2074664
         - name: .NET Framework builder
           href: https://go.microsoft.com/fwlink/?linkid=2074663
-        - name: Azure SDK for .Net
+        - name: Azure SDK for .NET
           href: https://go.microsoft.com/fwlink/?linkid=2092056
         - name: Java Spring provider
           href: https://go.microsoft.com/fwlink/?linkid=2074659