MicrosoftDocs
diff --git a/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/access-reviews-overview.md
Lines changed: 6 additions & 0 deletions b/‎articles/active-directory/governance/access-reviews-overview.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎articles/active-directory/hybrid/how-to-connect-sso-quick-start.md
Lines changed: 7 additions & 6 deletions b/‎articles/active-directory/hybrid/how-to-connect-sso-quick-start.md
Lines changed: 7 additions & 6 deletions
diff --git a/‎articles/active-directory/saas-apps/trelica-tutorial.md
Lines changed: 8 additions & 6 deletions b/‎articles/active-directory/saas-apps/trelica-tutorial.md
Lines changed: 8 additions & 6 deletions
diff --git a/‎articles/application-gateway/configuration-overview.md
Lines changed: 1 addition & 3 deletions b/‎articles/application-gateway/configuration-overview.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎articles/azure-monitor/app/app-insights-overview.md
Lines changed: 3 additions & 3 deletions b/‎articles/azure-monitor/app/app-insights-overview.md
Lines changed: 3 additions & 3 deletions
@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 # What's new in Azure Active Directory?
 
->Get notified about when to revisit this page for updates by copying and pasting this URL: `https://docs.microsoft.com/api/search/rss?search=%22release+notes+for+azure+AD%22&locale=en-us` into your ![RSS feed reader icon](./media/whats-new/feed-icon-16x16.png) feed reader.
+>Get notified about when to revisit this page for updates by copying and pasting this URL: `https://docs.microsoft.com/api/search/rss?search=%22Release+notes+-+Azure+Active+Directory%22&locale=en-us` into your ![RSS feed reader icon](./media/whats-new/feed-icon-16x16.png) feed reader.
 
 Azure AD receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:
 
 
@@ -73,6 +73,12 @@ To create an access reviews, follow these steps:
 
    ![Access reviews start page](./media/access-reviews-overview/access-reviews-overview-create-access-reviews.png) 
 
+### Creating access review on a group that can be assigned to Azure AD role
+If you are on the newest version of Access Reviews (your reviewers are directed to **My Access** by default) , then only Global Administrator can create access review on role-assignable groups. However, if you are on older version of Access Reviews (your reviewers are directed to the **Access Panel** by default), then both Global Administrator and User Administrator can create access review on role-assignable groups.  
+
+The new experience will be rolled out to all customers on August 1st, 2020 but if you’d like to upgrade sooner, please make a request here - [Azure AD Access Reviews - Updated reviewer experience in My Access Signup](https://forms.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR5dv-S62099HtxdeKIcgO-NUOFJaRDFDWUpHRk8zQ1BWVU1MMTcyQ1FFUi4u).
+
+[Learn more about assigning groups to Azure AD roles](https://go.microsoft.com/fwlink/?linkid=2103037).
 
 ## Learn about access reviews
 
 
@@ -1,5 +1,5 @@
 ---
-title: 'Azure AD Connect: Seamless Single Sign-On - quick start | Microsoft Docs'
+title: 'Azure AD Connect: Seamless Single Sign-On - quickstart | Microsoft Docs'
 description: This article describes how to get started with Azure Active Directory Seamless Single Sign-On
 services: active-directory
 keywords: what is Azure AD Connect, install Active Directory, required components for Azure AD, SSO, Single Sign-on
@@ -18,7 +18,7 @@ ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Azure Active Directory Seamless Single Sign-On: Quick start
+# Azure Active Directory Seamless Single Sign-On: Quickstart
 
 ## Deploy Seamless Single Sign-On
 
@@ -32,7 +32,7 @@ Ensure that the following prerequisites are in place:
 
 * **Set up your Azure AD Connect server**: If you use [Pass-through Authentication](how-to-connect-pta.md) as your sign-in method, no additional prerequisite check is required. If you use [password hash synchronization](how-to-connect-password-hash-synchronization.md) as your sign-in method, and if there is a firewall between Azure AD Connect and Azure AD, ensure that:
    - You use version 1.1.644.0 or later of Azure AD Connect. 
-   - If your firewall or proxy allows DNS whitelisting, whitelist the connections to the **\*.msappproxy.net** URLs over port 443. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly. This prerequisite is applicable only when you enable the feature. It is not required for actual user sign-ins.
+   - If your firewall or proxy allows, add the connections to the allowed list for **\*.msappproxy.net** URLs over port 443. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly. This prerequisite is applicable only when you enable the feature. It is not required for actual user sign-ins.
 
     >[!NOTE]
     >Azure AD Connect versions 1.1.557.0, 1.1.558.0, 1.1.561.0, and 1.1.614.0 have a problem related to password hash synchronization. If you _don't_ intend to use password hash synchronization in conjunction with Pass-through Authentication, read the [Azure AD Connect release notes](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-version-history#116470) to learn more.
@@ -95,8 +95,9 @@ Follow these instructions to verify that you have enabled Seamless SSO correctly
 
 ## Step 3: Roll out the feature
 
-You can gradually roll out Seamless SSO to your users using the instructions provided below. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory:
+You can gradually roll out Seamless SSO to your users using the instructions provided below. You start by adding the following Azure AD URLs to all or selected users' Intranet zone settings by using Group Policy in Active Directory:
 
+- `https://aadg.windows.net.nsatc.net`
 - `https://autologon.microsoftazuread-sso.com`
 
 In addition, you need to enable an Intranet zone policy setting called **Allow updates to status bar via script** through Group Policy. 
@@ -186,15 +187,15 @@ If you have overridden the [AuthNegotiateDelegateAllowlist](https://docs.microso
 
 #### Microsoft Edge based on Chromium (macOS and other non-Windows platforms)
 
-For Microsoft Edge based on Chromium on Mac OS and other non-Windows platforms, refer to [the Microsoft Edge based on Chromium Policy List](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#authserverallowlist) for information on how to add the Azure AD URL for integrated authentication to your allow-list.
+For Microsoft Edge based on Chromium on macOS and other non-Windows platforms, refer to [the Microsoft Edge based on Chromium Policy List](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#authserverallowlist) for information on how to add the Azure AD URL for integrated authentication to your allow-list.
 
 #### Google Chrome (all platforms)
 
 If you have overridden the [AuthNegotiateDelegateWhitelist](https://www.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist) or the [AuthServerWhitelist](https://www.chromium.org/administrators/policy-list-3#AuthServerWhitelist) policy settings in your environment, ensure that you add Azure AD's URL (`https://autologon.microsoftazuread-sso.com`) to them as well.
 
 #### Google Chrome (macOS and other non-Windows platforms)
 
-For Google Chrome on Mac OS and other non-Windows platforms, refer to [The Chromium Project Policy List](https://dev.chromium.org/administrators/policy-list-3#AuthServerWhitelist) for information on how to whitelist the Azure AD URL for integrated authentication.
+For Google Chrome on macOS and other non-Windows platforms, refer to [The Chromium Project Policy List](https://dev.chromium.org/administrators/policy-list-3#AuthServerWhitelist) for information on how to control the allow list for the Azure AD URL for integrated authentication.
 
 The use of third-party Active Directory Group Policy extensions to roll out the Azure AD URL to Firefox and Google Chrome on Mac users is outside the scope of this article.
 
 
@@ -87,10 +87,12 @@ Follow these steps to enable Azure AD SSO in the Azure portal:
     1. In the **Reply URL** box, enter a URL having the pattern
     `https://app.trelica.com/Id/Saml2/<CUSTOM_IDENTIFIER>/Acs`.
 
-    > [!NOTE]
-    > The **Reply URL** value isn't real. Update this value with the actual reply URL. Contact the [Trelica Client support team](mailto:[email protected]) to get this value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> [!NOTE]
+	> The Reply URL value is not real. Update this value with the actual Reply URL (also known as the ACS).
+    > You can find this by logging in to Trelica and going to the [SAML identity providers configuration page](https://app.trelica.com/Admin/Profile/SAML) (Admin > Account > SAML). Click on the copy button next to the **Assertion Consumer Service (ACS) URL** to put this onto the clipboard, ready for pasting into the **Reply URL** text box in Azure AD.
+    > Read the [Trelica help documentation](https://docs.trelica.com/admin/saml/azure-ad) or contact the [Trelica Client support team](mailto:[email protected]) if you have questions.
 
-1. On the **Set up Single Sign-on with SAML** page, go to the **SAML Signing Certificate** section. To the right of **App Federation Metadata Url**, select the copy button to copy the URL. Save the URL on your computer.
+1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click the copy button to copy **App Federation Metadata Url** and save it on your computer.
 
     ![The SAML Signing Certificate section, with the copy button highlighted next to App Federation Metadata Url](common/copy-metadataurl.png)
 
@@ -126,11 +128,11 @@ In this section, you enable B.Simon to use Azure single sign-on by granting acce
 
 ## Configure Trelica SSO
 
-To configure single sign-on on the **Trelica** side, send the copied **App Federation Metadata Url** value to the [Trelica support team](mailto:[email protected]). They configure this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on the **Trelica** side, go to the [SAML identity providers configuration page](https://app.trelica.com/Admin/Profile/SAML) (Admin > Account > SAML). Click on the **New** button. Enter **Azure AD** as the Name and choose **Metadata from url** for the Metadata type. Paste the **App Federation Metadata Url** you took from Azure AD into the **Metadata url** field in Trelica.
 
-### Create a Trelica test user
+Read the [Trelica help documentation](https://docs.trelica.com/admin/saml/azure-ad) or contact the [Trelica Client support team](mailto:[email protected]) if you have questions.
 
-In this section, you create a user called B.Simon in Trelica.
+### Create a Trelica test user
 
 Trelica supports just-in-time user provisioning, which is enabled by default. There's no action for you to take in this section. If a user doesn't already exist in Trelica, a new one is created after authentication.
 
 
@@ -219,9 +219,7 @@ When you create a rule, you choose between [*basic* and *path-based*](https://do
 
 #### Order of processing rules
 
-For the v1 SKU, pattern matching of incoming requests is processed in the order that the paths are listed in the URL path map of the path-based rule. If a request matches the pattern in two or more paths in the path map, the path that's listed first is matched. And the request is forwarded to the back end that's associated with that path.
-
-For the v2 SKU, an exact match is higher priority than path order in the URL path map. If a request matches the pattern in two or more paths, the request is forwarded to the back end that's associated with the path that exactly matches the request. If the path in the incoming request doesn't exactly match any path in the map, pattern matching of the request is processed in the path map order list for the path-based rule.
+For the v1 and v2 SKU, pattern matching of incoming requests is processed in the order that the paths are listed in the URL path map of the path-based rule. If a request matches the pattern in two or more paths in the path map, the path that's listed first is matched. And the request is forwarded to the back end that's associated with that path.
 
 ### Associated listener
 
 
@@ -11,7 +11,7 @@ ms.custom: mvc
 Application Insights, a feature of [Azure Monitor](../overview.md), is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.  It's designed to help you continuously improve  performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.
 
 ## How does Application Insights work?
-You install a small instrumentation package (SDK) in your application or enable Application Insights codelessly when [supported](../../azure-monitor/app/platforms.md). The instrumentation monitors your app and directs the telemetry data to an Azure Application Insights Resource using a unique GUID that we refer to as an Instrumentation Key.
+You install a small instrumentation package (SDK) in your application or enable Application Insights using the Application Insights Agent when [supported](../../azure-monitor/app/platforms.md). The instrumentation monitors your app and directs the telemetry data to an Azure Application Insights Resource using a unique GUID that we refer to as an Instrumentation Key.
 
 You can instrument not only the web service application, but also any background components, and the JavaScript in the web pages themselves. The application and its components can run anywhere - it doesn't have to be hosted in Azure.
 
@@ -22,7 +22,7 @@ In addition, you can pull in telemetry from the host environments such as perfor
 All these telemetry streams are integrated into Azure Monitor. In the Azure portal, you can apply powerful analytic and search tools to the raw data.
 
 ### What's the overhead?
-The impact on your app's performance is very small. Tracking calls are non-blocking, and are batched and sent in a separate thread.
+The impact on your app's performance is small. Tracking calls are non-blocking, and are batched and sent in a separate thread.
 
 ## What does Application Insights monitor?
 
@@ -65,7 +65,7 @@ There are plenty of ways to explore your data. Check out these articles:
 ### Monitor
 Install Application Insights in your app, set up [availability web tests](../../azure-monitor/app/monitor-web-app-availability.md), and:
 
-* Check-out the default [application dashboard](../../azure-monitor/app/overview-dashboard.md) for your team room to keep an eye on load, responsiveness, and the performance of your dependencies, page loads, and AJAX calls.
+* Check out the default [application dashboard](../../azure-monitor/app/overview-dashboard.md) for your team room to keep an eye on load, responsiveness, and the performance of your dependencies, page loads, and AJAX calls.
 * Discover which are the slowest and most failing requests.
 * Watch [Live Stream](../../azure-monitor/app/live-stream.md) when you deploy a new release, to know immediately about any degradation.