Merge pull request #105789 from MicrosoftDocs/master

Merge Master to Live, 4 AM

Author: PMEds28

.openpublishing.redirection.json

@@ -3666,6 +3666,11 @@
       "redirect_url": "/azure/architecture",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-monitor/azure-monitor-log-hub.md",
+      "redirect_url": "/azure/azure-monitor/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cloud-services/cloud-services-dotnet-diagnostics-storage.md",
       "redirect_url": "/azure/azure-monitor/platform/diagnostics-extension-to-storage",
@@ -48976,6 +48981,11 @@
       "source_path": "articles/aks/acs-aks-migration.md",
       "redirect_url": "/azure/aks/aks-migration",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/service-fabric/service-fabric-cicd-your-linux-applications-with-jenkins.md",
+      "redirect_url": "/azure/jenkins/service-fabric-cicd-your-linux-applications-with-jenkins",
+      "redirect_document_id": true
     }
   ]
 }

articles/active-directory-b2c/stringcollection-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/03/2020
+ms.date: 02/27/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -22,13 +22,13 @@ This article provides examples for using the string collection claims transforma
 
 ## AddItemToStringCollection
 
-Adds a string claim to a new stringCollection claim.
+Adds a string claim to a new unique values stringCollection claim. 
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
 | InputClaim | item | string | The ClaimType to be added to the output claim. |
 | InputClaim | collection | stringCollection | [Optional] If specified, the claims transformation copies the items from this collection, and adds the item to the end of the output collection claim. |
-| OutputClaim | collection | stringCollection | The ClaimTypes that are produced after this ClaimsTransformation has been invoked. |
+| OutputClaim | collection | stringCollection | The ClaimType that is produced after this claims transformation has been invoked, with the value specified in the input claim. |
 
 Use this claims transformation to add a string to a new or existing stringCollection. It's commonly used in a **AAD-UserWriteUsingAlternativeSecurityId** technical profile. Before a new social account is created, **CreateOtherMailsFromEmail** claims transformation reads the ClaimType and adds the value to the **otherMails** ClaimType.
 
@@ -56,13 +56,13 @@ The following claims transformation adds the **email** ClaimType to **otherMails
 
 ## AddParameterToStringCollection
 
-Adds a string parameter to a new stringCollection claim.
+Adds a string parameter to a new unique values stringCollection claim.
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
 | InputClaim | collection | stringCollection | [Optional] If specified, the claims transformation copies the items from this collection, and adds the item to the end of the output collection claim. |
 | InputParameter | item | string | The value to be added to the output claim. |
-| OutputClaim | collection | stringCollection | The ClaimTypes that will be produced after this ClaimsTransformation has been invoked. |
+| OutputClaim | collection | stringCollection | The ClaimType that is produced after this claims transformation has been invoked, with the value specified in the input parameter. |
 
 Use this claims transformation to add a string value to a new or existing stringCollection. The following example adds a constant email address ([email protected]) to the **otherMails** claim.
 

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/21/2020
+ms.date: 02/26/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -52,7 +52,7 @@ Selecting this checkbox will require users to perform Azure Multi-Factor Authent
 
 Organizations who have deployed Microsoft Intune can use the information returned from their devices to identify devices that meet specific compliance requirements. This policy compliance information is forwarded from Intune to Azure AD where Conditional Access can make decisions to grant or block access to resources. For more information about compliance policies, see the article [Set rules on devices to allow access to resources in your organization using Intune](https://docs.microsoft.com/intune/protect/device-compliance-get-started).
 
-A device can be marked as compliant by Intune (for any device OS) or by third-party MDM system for Windows 10 devices. Third-party MDM systems for device OS types other than Windows 10 are not supported.
+A device can be marked as compliant by Intune (for any device OS) or by third-party MDM system for Windows 10 devices. Jamf pro is the only supported third-party MDM system. More information about integration can be found in the article, [Integrate Jamf Pro with Intune for compliance](/intune/protect/conditional-access-integrate-jamf).
 
 Devices must be registered in Azure AD before they can be marked as compliant. More information about device registration can be found in the article, [What is a device identity](../devices/overview.md).
 

articles/active-directory/develop/howto-create-service-principal-portal.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
-ms.date: 10/14/2019
+ms.date: 02/26/2020
 ms.author: ryanwi
 ms.reviewer: tomfitz
 ms.custom: aaddev, seoapril2019, identityplatformtop40
@@ -81,16 +81,26 @@ Daemon applications can use two forms of credentials to authenticate with Azure
 
 ### Upload a certificate
 
-You can use an existing certificate if you have one.  Optionally, you can create a self-signed certificate for testing purposes. Open PowerShell and run [New-SelfSignedCertificate](/powershell/module/pkiclient/new-selfsignedcertificate) with the following parameters to create a self-signed certificate in the user certificate store on your computer: 
+You can use an existing certificate if you have one.  Optionally, you can create a self-signed certificate for *testing purposes only*. Open PowerShell and run [New-SelfSignedCertificate](/powershell/module/pkiclient/new-selfsignedcertificate) with the following parameters to create a self-signed certificate in the user certificate store on your computer: 
 
 ```powershell
 $cert=New-SelfSignedCertificate -Subject "CN=DaemonConsoleCert" -CertStoreLocation "Cert:\CurrentUser\My"  -KeyExportPolicy Exportable -KeySpec Signature
 ```
 
 Export this certificate to a file using the [Manage User Certificate](/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-the-mmc-snap-in) MMC snap-in accessible from the Windows Control Panel.
 
+1. Select **Run** from the **Start** menu, and then enter **certmgr.msc**.
+
+   The Certificate Manager tool for the current user appears.
+
+1. To view your certificates, under **Certificates - Current User** in the left pane, expand the **Personal** directory.
+1. Right-click on the cert you created, select **All tasks->Export**.
+1. Follow the Certificate Export wizard.  Export the private key, specify a password for the cert file, and export to a file.
+
 To upload the certificate:
 
+1. Select **Azure Active Directory**.
+1. From **App registrations** in Azure AD, select your application.
 1. Select **Certificates & secrets**.
 1. Select **Upload certificate** and select the certificate (an existing certificate or the self-signed certificate you exported).
 
@@ -142,15 +152,21 @@ In your Azure subscription, your account must have `Microsoft.Authorization/*/Wr
 
 To check your subscription permissions:
 
-1. Select your account in the upper right corner, and select **... -> My permissions**.
+1. Search for and select **Subscriptions**, or select **Subscriptions** on the **Home** page.
 
-   ![Select your account and your user permissions](./media/howto-create-service-principal-portal/select-my-permissions.png)
+   ![Search](./media/howto-create-service-principal-portal/select-subscription.png)
+
+1. Select the subscription you want to create the service principal in.
+
+   ![Select subscription for assignment](./media/howto-create-service-principal-portal/select-one-subscription.png)
+
+   If you don't see the subscription you're looking for, select **global subscriptions filter**. Make sure the subscription you want is selected for the portal.
 
-1. From the drop-down list, select the subscription you want to create the service principal in. Then, select **Click here to view complete access details for this subscription**.
+1. Select **My permissions**. Then, select **Click here to view complete access details for this subscription**.
 
    ![Select the subscription you want to create the service principal in](./media/howto-create-service-principal-portal/view-details.png)
 
-1. Select **Role assignments** to view your assigned roles, and determine if you have adequate permissions to assign a role to an AD app. If not, ask your subscription administrator to add you to User Access Administrator role. In the following image, the user is assigned the Owner role, which means that user has adequate permissions.
+1. Select **View** in **Role assignments** to view your assigned roles, and determine if you have adequate permissions to assign a role to an AD app. If not, ask your subscription administrator to add you to User Access Administrator role. In the following image, the user is assigned the Owner role, which means that user has adequate permissions.
 
    ![This example shows the user is assigned the Owner role](./media/howto-create-service-principal-portal/view-user-role.png)
 

articles/active-directory/develop/media/howto-create-service-principal-portal/view-details.png

@@ -49,7 +49,7 @@ The Azure AD application model doesn't support wildcard URIs for apps that are c
 > [!NOTE]
 > The new [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience doesn't allow developers to add wildcard URIs on the UI. Adding wilcard URI for apps that sign in work or school accounts is supported only through the app manifest editor. Going forward, new apps won't be able to use wildcards in the redirect URI. However, older apps that contain wildcards in redirect URIs will continue to work.
 
-If your scenario requires more redirect URIs than the maximum limit allowed, instead of adding a wildcard redirect URI, consider one of the following approaches.
+If your scenario requires more redirect URIs than the maximum limit allowed, instead of adding a wildcard redirect URI, consider the following approach.
 
 ### Use a state parameter
 
@@ -66,10 +66,6 @@ In this approach:
 > [!NOTE]
 > This approach allows a compromised client to modify the additional parameters sent in the state parameter, thereby redirecting the user to a different URL, which is the [open redirector threat](https://tools.ietf.org/html/rfc6819#section-4.2.4) described in RFC 6819. Therefore, the client must protect these parameters by encrypting the state or verifying it by some other means such as validating domain name in the redirect URI against the token.
 
-### Add redirect URIs to service principals
-
-Another approach is to add redirect URIs to the [service principals](app-objects-and-service-principals.md#application-and-service-principal-relationship) that represent your app registration in any Azure AD tenant. You can use this approach when you can't use a state parameter or your scenario requires you to add new redirect URIs to your app registration for every new tenant you support. 
-
 ## Next steps
 
 - Learn about the [Application manifest](reference-app-manifest.md)

articles/active-directory/develop/reply-url.md

@@ -28,15 +28,10 @@ This article:
 
 ## Manage device identities
 
-The Azure AD portal provides you with a central place to manage your device identities. You can get to this place by either using a [direct link](https://portal.azure.com/#blade/Microsoft_AAD_IAM/DevicesMenuBlade/Devices) or by following these manual steps:
+The Azure AD portal provides you with a central place to manage your device identities. You can get to this place by either using a [direct link](https://portal.azure.com/#blade/Microsoft_AAD_IAM/DevicesMenuBlade/Devices) or:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as administrator.
-
-2. Search for and select **Azure Active Directory** or select it from the **Home** page.
-
-3. In the **Manage** section, click **Devices**.
-
-   ![Configure device settings](./media/device-management-azure-portal/74.png)
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Browse to **Azure Active Directory** > **Devices**.
 
 The **Devices** page enables you to:
 
@@ -49,9 +44,7 @@ The **Devices** page enables you to:
 
 To manage your device identities using the Azure AD portal, your devices need to be either [registered or joined](overview.md) to Azure AD. As an administrator, you can fine-tune the process of registering and joining devices by configuring the device settings.
 
-![Configure device settings](./media/device-management-azure-portal/22.png)
-
-The device settings page enables you to configure:
+The device settings page enables you to configure settings related to device identities:
 
 ![Manage an Intune device](./media/device-management-azure-portal/21.png)
 
@@ -81,13 +74,8 @@ This option is a premium capability available through products such as Azure AD
 You have two options to locate registered and joined devices:
 
 - **All devices** in the **Manage** section of the **Devices** page  
-
-   ![All devices](./media/device-management-azure-portal/41.png)
-
 - **Devices** in the **Manage** section of a **User** page
 
-   ![All devices](./media/device-management-azure-portal/43.png)
-
 With both options, you can get to a view that:
 
 - Enables you to search for devices using the display name or device ID as filter.
@@ -193,9 +181,7 @@ Device activities are available through the activity logs. These logs include ac
 
 Your entry point to the auditing data is **Audit logs** in the **Activity** section of the **Devices** page.
 
-![Audit logs](./media/device-management-azure-portal/61.png)
-
-An audit log has a default list view that shows:
+The audit log has a default list view that shows:
 
 - The date and time of the occurrence
 - The targets