Merge pull request #78921 from MicrosoftDocs/master

6/6 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -140,6 +140,11 @@
       "redirect_url": "https://docs.microsoft.com/azure/architecture/topics/high-performance-computing/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/workloads/oracle/oracle-considerations.md",
+      "redirect_url": "/azure/virtual-machines/workloads/oracle/oracle-overview/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/machine-learning/studio/consume-web-service-with-web-app-template.md",
       "redirect_url": "/azure/machine-learning/studio/consume-web-services",

articles/active-directory/authentication/howto-password-ban-bad-configure.md

@@ -21,7 +21,7 @@ Many organizations find their users create passwords using common local words su
 
 ## Add to the custom list
 
-Configuring the custom banned password list requires an Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).|
+Configuring the custom banned password list requires an Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and browse to **Azure Active Directory**, **Authentication methods**, then **Password protection**.
 1. Set the option **Enforce custom list**, to **Yes**.

articles/active-directory/hybrid/cloud-governed-management-for-on-premises.md

@@ -64,7 +64,7 @@ After a single sign-on to Azure AD, users can access both cloud and on-premises
 
 Identity governance helps organizations achieve a balance between *productivity* --- how quickly can a person have access to the resources they need, such as when they join the organization? --- and *security* --- how should their access change over time, such as when that person's employment status changes? Identity lifecycle management is the foundation for identity governance, and effective governance at scale requires modernizing the identity lifecycle management infrastructure for applications.
 
-For many organizations, identity lifecycle for employees is tied to the representation of that user in a human capital management (HCM) system. For organizations using Workday as their HCM system, Azure AD can ensure user accounts in AD are [automatically provisioned and deprovisioned for workers in Workday](https://docs.microsoft.com/azure/active-directory/saas-apps/workday-inbound-tutorial). Doing so leads to improved user productivity through automation of birthright accounts and manages risk by ensuring application access is automatically updated when a user changes roles or leaves the organization. The Workday-driven user provisioning deployment plan (<https://aka.ms/WorkdayDeploymentPlan>) is a step-by-step guide that walks organizations through the best practices implementation of Workday to Active Directory User Provisioning solution in a five-step process.
+For many organizations, identity lifecycle for employees is tied to the representation of that user in a human capital management (HCM) system. For organizations using Workday as their HCM system, Azure AD can ensure user accounts in AD are [automatically provisioned and deprovisioned for workers in Workday](https://docs.microsoft.com/azure/active-directory/saas-apps/workday-inbound-tutorial). Doing so leads to improved user productivity through automation of birthright accounts and manages risk by ensuring application access is automatically updated when a user changes roles or leaves the organization. The Workday-driven user provisioning [deployment plan](https://aka.ms/WorkdayDeploymentPlan) is a step-by-step guide that walks organizations through the best practices implementation of Workday to Active Directory User Provisioning solution in a five-step process.
 
 Azure AD Premium also includes Microsoft Identity Manager, which can import records from other on-premises HCM systems, including SAP, Oracle eBusiness, and Oracle PeopleSoft.
 
@@ -73,7 +73,7 @@ Business-to-business collaboration increasingly requires granting access to peop
 Azure AD can [automatically create accounts in AD for guest users](https://docs.microsoft.com/azure/active-directory/b2b/hybrid-cloud-to-on-premises) as needed, enabling business guests to access on-premises AD-integrated applications without needing another password. Organizations can set up [multi-factor authentication (MFA) policies for guest user](https://docs.microsoft.com/azure/active-directory/b2b/conditional-access)s so MFA checks are done during application proxy authentication. Also, any [access reviews](https://docs.microsoft.com/azure/active-directory/governance/manage-guest-access-with-access-reviews) that are done on cloud B2B users apply to on-premises users. For example, if the cloud user is deleted through lifecycle management policies, the on-premises user is also deleted.
 
 **Credential management for Active Directory accounts**
-Azure AD's self-service password reset allows users who have forgotten their passwords to be reauthenticated and reset their passwords, with the changed passwords [written to on-premises Active Directory](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-writeback). The password reset process can also use the on-premises Active Directory password policies: When a user resets their password, it's checked to ensure it meets the on-premises Active Directory policy before committing it to that directory. The self-service password reset deployment plan at <https://aka.ms/deploymentplans/sspr> outlines best practices to roll out self-service password reset to users via web and Windows-integrated experiences.
+Azure AD's self-service password reset allows users who have forgotten their passwords to be reauthenticated and reset their passwords, with the changed passwords [written to on-premises Active Directory](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-writeback). The password reset process can also use the on-premises Active Directory password policies: When a user resets their password, it's checked to ensure it meets the on-premises Active Directory policy before committing it to that directory. The self-service password reset [deployment plan](https://aka.ms/deploymentplans/sspr) outlines best practices to roll out self-service password reset to users via web and Windows-integrated experiences.
 
 ![Azure AD SSPR architecture](media/cloud-governed-management-for-on-premises/image3.png)
 
@@ -83,13 +83,13 @@ When an organization is ready to move an AD-integrated application to the cloud
 
 ![Azure AD Domain Services](media/cloud-governed-management-for-on-premises/image4.png)
 
-## [Cloud governed management for on-premises federation-based applications]{.underline}
+## Cloud governed management for on-premises federation-based applications
 
 For an organization that already uses an on-premises identity provider, moving applications to Azure AD enables more secure access and an easier administrative experience for federation management. Azure AD enables configuring granular per-application access controls, including Azure Multi-Factor Authentication, by using Azure AD conditional access. Azure AD supports more capabilities, including application-specific token signing certificates and configurable certificate expiration dates. These capabilities, tools, and guidance enable organizations to retire their on-premises identity providers. Microsoft's own IT, for one example, has moved 17,987 applications from Microsoft's internal Active Directory Federation Services (AD FS) to Azure AD.
 
 ![Azure AD evolution](media/cloud-governed-management-for-on-premises/image5.png)
 
-To begin migrating federated applications to Azure AD as the identity provider, refer to,  that, includes links to:
+To begin migrating federated applications to Azure AD as the identity provider, refer to https://aka.ms/migrateapps that includes links to:
 
 * The white paper [Migrating Your Applications to Azure Active Directory](https://aka.ms/migrateapps/whitepaper), which presents the benefits of migration and describes how to plan for migration in four clearly-outlined phases: discovery, classification, migration, and ongoing management. You'll be guided through how to think about the process and break down your project into easy-to-consume pieces. Throughout the document are links to important resources that will help you along the way.
 
@@ -107,7 +107,7 @@ Organizations can automate the access lifecycle process through technologies suc
 
 ## Future directions
 
-In hybrid environments, Microsoft's strategy is to enable deployments where the cloud is the control plane for identity**,** and on-premises directories and other identity systems, such as Active Directory and other on-premises applications, are the target for provisioning users with access. This strategy will continue to ensure the rights, identities, and access in those applications and workloads that rely upon them. At this end state, organizations will be able to drive end-user productivity entirely from the cloud.
+In hybrid environments, Microsoft's strategy is to enable deployments where the **cloud is the control plane for identity**, and on-premises directories and other identity systems, such as Active Directory and other on-premises applications, are the target for provisioning users with access. This strategy will continue to ensure the rights, identities, and access in those applications and workloads that rely upon them. At this end state, organizations will be able to drive end-user productivity entirely from the cloud.
 
 ![Azure AD architecture](media/cloud-governed-management-for-on-premises/image6.png)
 

articles/active-directory/manage-apps/application-sign-in-problem-application-error.md

@@ -68,7 +68,7 @@ Next time the user signs in to the application, Azure AD send the new attribute
 
 The sign-in to the application is failing because the SAML response is missing attributes such as roles or because the application is expecting a different format or value for the EntityID attribute.
 
-If you're using [Azure AD automated user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/user-provisioning) to create, maintain, and remove users in the application. Then, verify that the user has been successfully provisioned to the SaaS application. For more information, see [No users are being provisioned to an Azure AD Gallery application](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-provisioning-config-problem-no-users-provisioned)
+If you're using [Azure AD automated user provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning) to create, maintain, and remove users in the application. Then, verify that the user has been successfully provisioned to the SaaS application. For more information, see [No users are being provisioned to an Azure AD Gallery application](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-config-problem-no-users-provisioned)
 
 ## Add an attribute in the Azure AD application configuration:
 

articles/active-directory/manage-apps/media/use-scim-to-provision-users-and-groups/scim-figure-2b.png

@@ -78,7 +78,7 @@ Applications that support the SCIM profile described in this article can be conn
    *Figure 3: Configuring provisioning in the Azure portal*
 
 1. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/v2/
-1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD includes an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD-issued token.
+1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. 
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
     >[!NOTE]
@@ -664,8 +664,7 @@ The easiest way to implement a SCIM endpoint that can accept provisioning reques
 
 1. In the **Tenant URL** field, enter the internet-exposed URL and port of your SCIM endpoint. The entry is something like http://testmachine.contoso.com:9000 or http://\<ip-address>:9000/, where \<ip-address> is the internet exposed IP address. 
 
-1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD will include an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD -issued token.
-
+1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. 
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
     >[!NOTE]

articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md

@@ -64,6 +64,7 @@ Virtual Nodes functionality is heavily dependent on ACI's feature set. The follo
 * [Host aliases](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
 * [Arguments](../container-instances/container-instances-exec.md#restrictions) for exec in ACI
 * [Daemonsets](concepts-clusters-workloads.md#statefulsets-and-daemonsets) will not deploy pods to the virtual node
+* [Windows Server nodes (currently in preview in AKS)](windows-container-cli.md) are not supported alongside virtual nodes. You can use virtual nodes to schedule Windows Server containers without the need for Windows Server nodes in an AKS cluster.
 
 ## Launch Azure Cloud Shell
 

articles/aks/virtual-nodes-cli.md

@@ -64,6 +64,7 @@ Virtual Nodes functionality is heavily dependent on ACI's feature set. The follo
 * [Host aliases](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
 * [Arguments](../container-instances/container-instances-exec.md#restrictions) for exec in ACI
 * [Daemonsets](concepts-clusters-workloads.md#statefulsets-and-daemonsets) will not deploy pods to the virtual node
+* [Windows Server nodes (currently in preview in AKS)](windows-container-cli.md) are not supported alongside virtual nodes. You can use virtual nodes to schedule Windows Server containers without the need for Windows Server nodes in an AKS cluster.
 
 ## Sign in to Azure
 

articles/aks/virtual-nodes-portal.md

@@ -121,6 +121,8 @@
               href: api-management-howto-manage-protocols-ciphers.md
       - name: Customize the developer experience
         items:
+            - name: Access and customize the new developer portal
+              href: api-management-howto-developer-portal.md
             - name: Modify page content and layout
               href: api-management-modify-content-layout.md
             - name: Customize system pages using templates

articles/api-management/TOC.yml

@@ -0,0 +1,65 @@
+---
+title: Access and customize the new developer portal - Azure API Management | Microsoft Docs
+description: Learn how to use the new developer portal in API Management.
+services: api-management
+documentationcenter: API Management
+author: mikebudzynski
+manager: cfowler
+editor: ''
+
+ms.service: api-management
+ms.workload: mobile
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 06/12/2019
+ms.author: apimpm
+---
+
+# Access and customize the new developer portal in Azure API Management
+
+This article shows you how to access the new Azure API Management developer portal. It walks you through the visual editor experience - adding and editing content - as well as customizing the look of the website.
+
+![New API Management developer portal](media/api-management-howto-developer-portal/cover.png)
+
+## Prerequisites
+
+- Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).
+- Import and publish an Azure API Management instance. For more information, see [Import and publish](import-and-publish.md).
+
+[!INCLUDE [premium-dev-standard-basic.md](../../includes/api-management-availability-premium-dev-standard-basic.md)]
+
+> [!NOTE]
+> The new developer portal is currently in preview.
+
+## Managed and self-hosted versions
+
+You can build your developer portal in two ways:
+
+- **Managed version** - by editing and customizing the portal built-into your API Management instance and accessible through the URL `<your-api-management-instance-name>.developer.azure-api.net`.
+- **Self-hosted version** - by deploying and self-hosting your portal outside of an API Management instance. This approach allows you to edit the portal's codebase and extend the provided core functionality. For details and instructions, refer to the [GitHub repository with the source code of the portal][1].
+
+## Access the managed version of the portal
+
+Follow the steps below to access the managed version of the portal.
+
+1. Go to your API Management service instance in the Azure portal.
+1. Click on the **New developer portal (preview)** button in the top navigation bar. A new browser tab with an administrative version of the portal will open. If you're accessing the portal for the first time, the default content will be automatically provisioned.
+
+## Edit and customize the managed version of the portal
+
+In the video below we demonstrate how to edit the content of the portal, customize the website's look, and publish the changes.
+
+> [!VIDEO https://www.youtube.com/embed/5mMtUSmfUlw]
+
+## Next steps
+
+Learn more about the new developer portal:
+
+- [GitHub repository with the source code][1]
+- [Instructions on self-hosting the portal][2]
+- [Public roadmap of the project][3]
+
+[1]: https://aka.ms/apimdevportal
+[2]: https://github.com/Azure/api-management-developer-portal/wiki
+[3]: https://github.com/Azure/api-management-developer-portal/projects