Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into work01

Author: Virginia001

.openpublishing.redirection.json

@@ -24605,6 +24605,16 @@
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-java",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-nodejs-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-legacy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/blobs/storage-nodejs-how-to-use-blob-storage.md",
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs",

CODEOWNERS

@@ -1,24 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
-# articles/storage/  @tamram @robinsh
-# articles/virtual-machines/  @iainfoulds @cynthn
-# articles/virtual-machines/linux/  @iainfoulds @cynthn
-# articles/virtual-machines/windows/  @iainfoulds @cynthn
-# articles/application-insights/  @SergeyKanzhelev
-# articles/cosmos-db/ @mimig1
-
-# All Articles
-articles/ @apex-docs-pr-reviewers
-
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf, @nitinme
 
 # DevOps
-
 articles/ansible/ @TomArcherMsft
 articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Governance
-
 articles/governance/ @DCtheGeek
+
+# Configuration
+*.json @SyntaxC4 @snoviking @arob98
+.acrolinx-config.edn @MonicaRush @arob98
+articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @arob98

articles/active-directory/b2b/direct-federation.md

@@ -80,8 +80,7 @@ First, your partner organization needs to configure their identity provider with
 Azure AD B2B can be configured to federate with identity providers that use the SAML protocol with specific requirements listed below. For more information about setting up a trust between your SAML identity provider and Azure AD, see  [Use a SAML 2.0 Identity Provider (IdP) for Single Sign-On](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-fed-saml-idp).  
 
 > [!NOTE]
-> NOTE
-The target domain for direct federation must not be DNS-verified on Azure AD. The authentication URL domain must match the target domain or it must be the domain of an allowed identity provider. See the [Limitations](#limitations) section for details. 
+> The target domain for direct federation must not be DNS-verified on Azure AD. The authentication URL domain must match the target domain or it must be the domain of an allowed identity provider. See the [Limitations](#limitations) section for details. 
 
 #### Required SAML 2.0 attributes and claims
 The following tables show requirements for specific attributes and claims that must be configured at the third-party identity provider. To set up direct federation, the following attributes must be received in the SAML 2.0 response from the identity provider. These attributes can be configured by linking to the online security token service XML file or by entering them manually.

articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md

@@ -33,9 +33,9 @@ These application roles are defined in the [Azure portal](https://portal.azure.c
 ### Declare app roles using Azure portal
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. On the top bar, select your account, and then **Switch Directory**.
-1. Once the **Directory + subscription** pane opens, choose the Active Directory tenant where you wish to register your application, from the **Favorites** or **All Directories** list.
-1. Select **All services** in the left-hand nav, and choose **Azure Active Directory**.
+1. Select the **Directory + Subscription** icon in the portal toolbar.
+1. In the **Favorites** or **All Directories** list, choose the Active Directory tenant where you wish to register your application.
+1. In the Azure portal, search for and select **Azure Active Directory**.
 1. In the  **Azure Active Directory** pane, select **App registrations** to view a list of all your applications.
 1. Select the application you want to define app roles in. Then select **Manifest**.
 1. Edit the app manifest by locating the `appRoles` setting and adding all your Application Roles.

articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-datalake.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 11/20/2017
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -34,9 +34,9 @@ In this tutorial, you learn how to:
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Grant your VM access to Azure Data Lake Store
+## Grant access
 
-Now you can grant your VM access to files and folders in Azure Data Lake Store. For this step, you can use an existing Data Lake Store instance or create a new one. To create a Data Lake Store instance by using the Azure portal, follow the [Azure Data Lake Store quickstart](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-get-started-portal). There are also quickstarts that use Azure CLI and Azure PowerShell in the [Azure Data Lake Store documentation](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-overview).
+This section shows how to grant your VM access to files and folders in Azure Data Lake Store. For this step, you can use an existing Data Lake Store instance or create a new one. To create a Data Lake Store instance by using the Azure portal, follow the [Azure Data Lake Store quickstart](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-get-started-portal). There are also quickstarts that use Azure CLI and Azure PowerShell in the [Azure Data Lake Store documentation](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-overview).
 
 In Data Lake Store, create a new folder and grant our Linux VM system-assigned managed identity permission to read, write, and execute files in that folder:
 
@@ -54,9 +54,9 @@ In Data Lake Store, create a new folder and grant our Linux VM system-assigned m
 
 Managed identities for Azure resources can now perform all operations on files in the folder that you created. For more information on managing access to Data Lake Store, see [Access Control in Data Lake Store](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-access-control).
 
-## Get an access token and call the Data Lake Store file system
+## Get an access token 
 
-Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained via using managed identities for Azure resources. To authenticate to the Data Lake Store file system, you send an access token issued by Azure AD to your Data Lake Store file system endpoint. The access token is in an authorization header in the format "Bearer \<ACCESS_TOKEN_VALUE\>".  To learn more about Data Lake Store support for Azure AD authentication, see [Authentication with Data Lake Store using Azure Active Directory](https://docs.microsoft.com/azure/data-lake-store/data-lakes-store-authentication-using-azure-active-directory).
+This section shows how to obtain an access token and call the Data Lake Store file system. Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained via using managed identities for Azure resources. To authenticate to the Data Lake Store file system, you send an access token issued by Azure AD to your Data Lake Store file system endpoint. The access token is in an authorization header in the format "Bearer \<ACCESS_TOKEN_VALUE\>".  To learn more about Data Lake Store support for Azure AD authentication, see [Authentication with Data Lake Store using Azure Active Directory](https://docs.microsoft.com/azure/data-lake-store/data-lakes-store-authentication-using-azure-active-directory).
 
 In this tutorial, you authenticate to the REST API for the Data Lake Store file system by using cURL to make REST requests.
 

articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/12/2018
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -36,7 +36,7 @@ This tutorial shows you how to use a system-assigned managed identity for a Wind
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Create a storage account
+## Create account
 
 In this section, you create a storage account.
 
@@ -65,9 +65,9 @@ Files require blob storage so you need to create a blob container in which to st
 7. In the **Upload blob** pane, under **Files**, click the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then click **Upload**.
     ![Upload text file](./media/msi-tutorial-linux-vm-access-storage/upload-text-file.png)
 
-## Grant your VM access to an Azure Storage container
+## Grant access
 
-You can use the VM's system-assigned managed identity to retrieve the data in the Azure storage blob.
+This section shows how to grant your VM access to an Azure Storage container. You can use the VM's system-assigned managed identity to retrieve the data in the Azure storage blob.
 
 1. Navigate back to your newly created storage account.
 2. Click the **Access control (IAM)** link in the left panel.
@@ -79,7 +79,7 @@ You can use the VM's system-assigned managed identity to retrieve the data in th
 
     ![Assign permissions](./media/tutorial-linux-vm-access-storage/access-storage-perms.png)
 
-## Get an access token and use it to call Azure Storage 
+## Get an access token 
 
 Azure Storage natively supports Azure AD authentication, so it can directly accept access tokens obtained using a managed identity. This is part of Azure Storage's integration with Azure AD, and is different from supplying credentials on the connection string.
 

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/10/2018
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -46,27 +46,27 @@ If you don't already have one, create a Cosmos DB account. You can skip this ste
 5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step.  Select a **Location** where Cosmos DB is available.
 6. Click **Create**.
 
-## Create a collection in the Cosmos DB account
+## Create a collection 
 
 Next, add a data collection in the Cosmos DB account that you can query in later steps.
 
 1. Navigate to your newly created Cosmos DB account.
 2. On the **Overview** tab click the **+/Add Collection** button, and an "Add Collection" panel slides out.
 3. Give the collection a database ID, collection ID, select a storage capacity, enter a partition key, enter a throughput value, then click **OK**.  For this tutorial, it is sufficient to use "Test" as the database ID and collection ID, select a fixed storage capacity and lowest throughput (400 RU/s).  
 
-## Grant Windows VM system-assigned managed identity access to the Cosmos DB account access keys
+## Grant access
 
-Cosmos DB does not natively support Azure AD authentication. However, you can use a system-assigned managed identity to retrieve a Cosmos DB access key from the Resource Manager, and use the key to access Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Cosmos DB account.
+This section shows how to grant Windows VM system-assigned managed identity access to the Cosmos DB account access keys. Cosmos DB does not natively support Azure AD authentication. However, you can use a system-assigned managed identity to retrieve a Cosmos DB access key from the Resource Manager, and use the key to access Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Cosmos DB account.
 
 To grant the Windows VM system-assigned managed identity access to the Cosmos DB account in Azure Resource Manager using PowerShell, update the values for `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` for your environment. Cosmos DB supports two levels of granularity when using access keys:  read/write access to the account, and read-only access to the account.  Assign the `DocumentDB Account Contributor` role if you want to get read/write keys for the account, or assign the `Cosmos DB Account Reader Role` role if you want to get read-only keys for the account.  For this tutorial, assign the `Cosmos DB Account Reader Role`:
 
 ```azurepowershell
 $spID = (Get-AzVM -ResourceGroupName myRG -Name myVM).identity.principalid
 New-AzRoleAssignment -ObjectId $spID -RoleDefinitionName "Cosmos DB Account Reader Role" -Scope "/subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>/providers/Microsoft.DocumentDb/databaseAccounts/<COSMOS DB ACCOUNT NAME>"
 ```
-## Get an access token using the Windows VM system-assigned managed identity to call Azure Resource Manager
+## Get an access token
 
-For the remainder of the tutorial, we will work from the VM we created earlier. 
+This section shows how to get an access token using the Windows VM system-assigned managed identity to call Azure Resource Manager. For the remainder of the tutorial, we will work from the VM we created earlier. 
 
 You will need to install the latest version of [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) on your Windows VM.
 
@@ -93,9 +93,9 @@ You will need to install the latest version of [Azure CLI](https://docs.microsof
    $ArmToken = $content.access_token
    ```
 
-## Get access keys from Azure Resource Manager to make Cosmos DB calls
+## Get access keys 
 
-Now use PowerShell to call Resource Manager using the access token retrieved in the previous section to retrieve the Cosmos DB account access key. Once we have the access key, we can query Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier.  If you want to retrieve read/write keys, use key operation type `listKeys`.  If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
+This section shows how to get access keys from Azure Resource Manager to make Cosmos DB calls. Now use PowerShell to call Resource Manager using the access token retrieved in the previous section to retrieve the Cosmos DB account access key. Once we have the access key, we can query Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier.  If you want to retrieve read/write keys, use key operation type `listKeys`.  If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
 
 ```powershell
 Invoke-WebRequest -Uri 'https://management.azure.com/subscriptions/<SUBSCRIPTION-ID>/resourceGroups/<RESOURCE-GROUP>/providers/Microsoft.DocumentDb/databaseAccounts/<COSMOS DB ACCOUNT NAME>/listKeys/?api-version=2016-03-31' -Method POST -Headers @{Authorization="Bearer $ARMToken"}

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 11/20/2017
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -35,9 +35,9 @@ You learn how to:
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Grant your VM access to a Secret stored in a Key Vault 
+## Grant access  
 
-Using managed identities for Azure resources, your code can get access tokens to authenticate to resources that support Azure AD authentication.  However, not all Azure services support Azure AD authentication. To use managed identities for Azure resources with those services, store the service credentials in Azure Key Vault, and use the VM's managed identity to access Key Vault to retrieve the credentials. 
+This section shows how to grant your VM access to a Secret stored in a Key Vault. Using managed identities for Azure resources, your code can get access tokens to authenticate to resources that support Azure AD authentication.  However, not all Azure services support Azure AD authentication. To use managed identities for Azure resources with those services, store the service credentials in Azure Key Vault, and use the VM's managed identity to access Key Vault to retrieve the credentials. 
 
 First, we need to create a Key Vault and grant our VM’s system-assigned managed identity access to the Key Vault.   
 
@@ -62,9 +62,9 @@ Next, add a secret to the Key Vault, so that later you can retrieve the secret u
 5. Leave the activation date and expiration date clear, and leave **Enabled** as **Yes**. 
 6. Click **Create** to create the secret. 
 
-## Get an access token using the VM identity and use it to retrieve the secret from the Key Vault  
+## Get an access token  
 
-If you don’t have PowerShell 4.3.1 or greater installed, you'll need to [download and install the latest version](https://docs.microsoft.com/powershell/azure/overview).
+This section shows how to get an access token using the VM identity and use it to retrieve the secret from the Key Vault. If you don’t have PowerShell 4.3.1 or greater installed, you'll need to [download and install the latest version](https://docs.microsoft.com/powershell/azure/overview).
 
 First, we use the VM’s system-assigned managed identity to get an access token to authenticate to Key Vault: