Merge branch 'master' into automation-articles-jd-batch1

Author: ShawnJackson

.openpublishing.redirection.json

@@ -1,4 +1,11 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
+
+# Horizontals
+
+## Azure Policy: Samples
+articles/**/policy-samples.md @DCtheGeek
+includes/policy/ @DCtheGeek
+
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 
@@ -9,7 +16,7 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @martinekuan @syntaxc4 @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek

CODEOWNERS

@@ -11,7 +11,7 @@ For more information, see the [Code of Conduct FAQ](https://opensource.microsoft
 
 ## How can I contribute?
 
-There are a variety of ways to contribute to the documentation, review the sections below to find out which one is right for you.
+There are many ways to contribute to the documentation, review the sections below to find out which one is right for you.
 
 ### Reporting Bugs and Suggesting Enhancements
 

CONTRIBUTING.md

@@ -1198,8 +1198,8 @@ The SCIM spec does not define a SCIM-specific scheme for authentication and auth
 [!NOTE] It's not recommended to leave the token field blank in the Azure AD provisioning configuration custom app UI. The token generated is primarily available for testing purposes.
 
 **OAuth authorization code grant flow:** The provisioning service supports the [authorization code grant](https://tools.ietf.org/html/rfc6749#page-24). After submitting your request for publishing your app in the gallery, our team will work with you to collect the following information:
-*  Authorization URL: A URL by the client to obtain authorization from the resource owner via user-agent redirection. The user is redirected to this URL to authorize access. 
-*  Token exchange URL: A URL by the client to exchange an authorization grant for an access token, typically with client authentication.
+*  Authorization URL: A URL by the client to obtain authorization from the resource owner via user-agent redirection. The user is redirected to this URL to authorize access. Note that this URL is currently not configurable per tenant.
+*  Token exchange URL: A URL by the client to exchange an authorization grant for an access token, typically with client authentication. Note that this URL is currently not configurable per tenant.
 *  Client ID: The authorization server issues the registered client a client identifier, which is a unique string representing the registration information provided by the client.  The client identifier is not a secret; it is exposed to the resource owner and **must not** be used alone for client authentication.  
 *  Client secret: The client secret is a secret generated by the authorization server. It should be a unique value known only to the authorization server. 
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -85,14 +85,14 @@ Azure AD provides ways to natively authenticate using passwordless methods to si
 
 ## Next steps
 
-To get started, see the [quickstart for self-service password reset][quickstart-sspr] and [Azure Multi-Factor Authentication tutorial][tutorial-mfa-applications].
+To get started, see the [tutorial for self-service password reset (SSPR)][tutorial-sspr] and [Azure Multi-Factor Authentication][tutorial-azure-mfa].
 
 To learn more about self-service password reset concepts, see [How Azure AD self-service password reset works][concept-sspr].
 
 To learn more about multi-factor authentication concepts, see [How Azure Multi-Factor Authentication works][concept-mfa].
 
 <!-- INTERNAL LINKS -->
-[quickstart-sspr]: quickstart-sspr.md
-[tutorial-mfa-applications]: tutorial-mfa-applications.md
+[tutorial-sspr]: tutorial-enable-sspr.md
+[tutorial-azure-mfa]: tutorial-enable-azure-mfa.md
 [concept-sspr]: concept-sspr-howitworks.md
 [concept-mfa]: concept-mfa-howitworks.md

articles/active-directory/authentication/overview-authentication.md

@@ -43,6 +43,8 @@ Run the [IdFix tool](https://docs.microsoft.com/office365/enterprise/prepare-dir
 
 1. Identify a domain-joined host server running Windows Server 2012 R2 or greater with a minimum of 4-GB RAM and .NET 4.7.1+ runtime.
 
+1. The PowerShell execution policy on the local server must be set to Undefined or RemoteSigned.
+
 1. If there's a firewall between your servers and Azure AD, configure the following items:
    - Ensure that agents can make *outbound* requests to Azure AD over the following ports:
 

articles/active-directory/cloud-provisioning/how-to-prerequisites.md

@@ -68,7 +68,7 @@ Administrators can assign a Conditional Access policy to the following cloud app
 
 Office 365 provides cloud-based productivity and collaboration services like Exchange, SharePoint, and Microsoft Teams. Office 365 cloud services are deeply integrated to ensure smooth and collaborative experiences. This integration can cause confusion when creating policies as some apps such as Microsoft Teams have dependencies on others such as SharePoint or Exchange.
 
-The Office 365 (preview) app makes it possible to target these services all at once. We recommend using the new Office 365 (preview) app, instead of targeting individual cloud apps. Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.
+The Office 365 (preview) app makes it possible to target these services all at once. We recommend using the new Office 365 (preview) app, instead of targeting individual cloud apps to avoid issues with [service dependencies](service-dependencies.md). Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.
 
 Administrators can choose to exclude specific apps from policy if they wish by including the Office 365 (preview) app and excluding the specific apps of their choice in policy.
 

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 05/01/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -23,7 +23,7 @@ Report-only mode is a new Conditional Access policy state that allows administra
 
 - Conditional Access policies can be enabled in report-only mode.
 - During sign-in, policies in report-only mode are evaluated but not enforced.
-- Results are logged in the **Conditional Access** and **Report-only (Preview)** tabs of the Sign-in log details.
+- Results are logged in the **Conditional Access** and **Report-only** tabs of the Sign-in log details.
 - Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.
 
 > [!WARNING]

articles/active-directory/conditional-access/concept-conditional-access-report-only.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: article
-ms.date: 04/30/2020
+ms.date: 05/01/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo

articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 05/01/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -15,7 +15,7 @@ ms.reviewer: dawoo
 
 ms.collection: M365-identity-device-management
 ---
-# Configure a Conditional Access policy in report-only mode (Preview)
+# Configure a Conditional Access policy in report-only mode
 
 To configure a Conditional Access policy in report-only mode:
 
@@ -39,7 +39,7 @@ To view the result of a report-only policy for a particular sign-in:
 1. Sign into the **Azure portal** as a reports reader, security reader, security administrator, or global administrator.
 1. Browse to **Azure Active Directory** > **Sign-ins**.
 1. Select a sign-in or add filters to narrow results.
-1. In the **Details** drawer, select the **Report-only (Preview)** tab to view the policies evaluated during sign-in.
+1. In the **Details** drawer, select the **Report-only** tab to view the policies evaluated during sign-in.
 
 > [!NOTE]
 > When downloading the Sign-ins logs, choose JSON format to include Conditional Access report-only result data.
@@ -59,7 +59,7 @@ Once you've integrated your Azure AD logs with Azure Monitor, you can monitor th
 
 1. Sign into the **Azure portal** as a security administrator or global administrator.
 1. Browse to **Azure Active Directory** > **Workbooks**.
-1. Select **Conditional Access Insights (Preview)**.
+1. Select **Conditional Access Insights**.
 1. Select one or more policies from the **Conditional Access Policy** dropdown. All enabled policies are selected by default.
 1. Select a time range (if the time range exceeds the available dataset, the report will show all available data). Once you have set the **Conditional Access Policy** and **Time Range** parameters, the report will load.
    1. Optionally, search for individual **Users** or **Apps** to narrow the scope of the report.