Merge branch 'chunking' of https://github.com/ecfan/azure-docs-pr into chunking

Author: ecfan

articles/active-directory/b2b/direct-federation.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 08/07/2019
+ms.date: 02/27/2019
 
 ms.author: mimart
 author: msmimart
@@ -61,6 +61,10 @@ If you specify the metadata URL in the identity provider settings, Azure AD will
 
 ### Limit on federation relationships
 Currently, a maximum of 1,000 federation relationships is supported. This limit includes both [internal federations](https://docs.microsoft.com/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0) and direct federations.
+
+### Limit on multiple domains
+We don’t currently support direct federation with multiple domains from the same tenant.
+
 ## Frequently asked questions
 ### Can I set up direct federation with a domain for which an unmanaged (email-verified) tenant exists? 
 Yes. If the domain hasn't been verified and the tenant hasn't undergone an [admin takeover](../users-groups-roles/domains-admin-takeover.md), you can set up direct federation with that domain. Unmanaged, or email-verified, tenants are created when a user redeems a B2B invitation or performs a self-service sign-up for Azure AD using a domain that doesn’t currently exist. You can set up direct federation with these domains. If you try to set up direct federation with a DNS-verified domain, either in the Azure portal or via PowerShell, you'll see an error.

articles/active-directory/develop/TOC.yml

@@ -29,9 +29,9 @@
       href: quickstart-v2-javascript.md
   - name: Web apps
     items:
-    - name: ASP .NET
+    - name: ASP.NET
       href: quickstart-v2-aspnet-webapp.md
-    - name: ASP .NET Core
+    - name: ASP.NET Core
       href: quickstart-v2-aspnet-core-webapp.md
     - name: NodeJS
       href: quickstart-v2-nodejs-webapp.md
@@ -42,9 +42,9 @@
       href: quickstart-v2-python-webapp.md
   - name: Web APIs
     items:
-    - name: ASP .NET
+    - name: ASP.NET
       href: quickstart-v2-dotnet-native-aspnet.md
-    - name: ASP .NET Core
+    - name: ASP.NET Core
       href: https://azure.microsoft.com/resources/samples/active-directory-dotnet-native-aspnetcore-v2
   - name: Mobile and desktop apps
     items:
@@ -70,7 +70,7 @@
       href: tutorial-v2-javascript-spa.md
   - name: Web apps
     items:
-    - name: ASP .NET
+    - name: ASP.NET
       href: tutorial-v2-asp-webapp.md
   - name: Mobile and desktop apps
     items:
@@ -242,13 +242,15 @@
       href: brokered-auth.md
     - name: Migration
       items:
+      - name: Overview
+        href: msal-migration.md
       - name: Migrate to MSAL.NET
         href: msal-net-migration.md
       - name: Migrate to MSAL.js
         href: msal-compare-msal-js-and-adal-js.md
       - name: Migrate to MSAL.Android
         href: migrate-android-adal-msal.md
-      - name: Migrate to MSAL.iOS / MacOS
+      - name: Migrate to MSAL.iOS / macOS
         href: migrate-objc-adal-msal.md
       - name: Migrate to MSAL Python
         href: migrate-python-adal-msal.md

articles/active-directory/develop/msal-migration.md

@@ -0,0 +1,38 @@
+---
+title: Migrate to Microsoft Authentication Library (MSAL)
+titleSuffix: Microsoft identity platform
+description: Learn about the differences between Microsoft Authentication Library (MSAL) and Azure AD Authentication Library (ADAL) and how to migrate to MSAL.
+services: active-directory
+author: jmprieur
+manager: CelesteDG
+
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 02/27/2020
+ms.author: jmprieur
+ms.reviewer: saeeda
+ms.custom: aaddev
+#Customer intent: As an application developer, I want to learn about the differences between the ADAL and MSAL libraries so I can migrate my applications to MSAL.
+---
+
+# Migrate applications to Microsoft Authentication Library (MSAL)
+
+Both Microsoft Authentication Library (MSAL) and Azure AD Authentication Library (ADAL) are used to authenticate Azure AD entities and request tokens from Azure AD. Up until now, most developers have worked with Azure AD for developers platform (v1.0) to authenticate Azure AD identities (work and school accounts) by requesting tokens using Azure AD Authentication Library (ADAL). Using MSAL:
+
+- You can authenticate a broader set of Microsoft identities (Azure AD identities and Microsoft accounts, and social and local accounts through Azure AD B2C) as it uses the Microsoft identity platform endpoint.
+- Your users will get the best single-sign-on experience.
+- Your application can enable incremental consent, and supporting Conditional Access is easier.
+- You benefit from the innovation.
+
+**MSAL is now the recommended auth library to use with the Microsoft identity platform**. No new features will be implemented on ADAL. The efforts are focused on improving MSAL.
+
+The following articles describe the differences between the MSAL and ADAL libraries and help you migrate to MSAL:
+- [Migrate to MSAL.NET](msal-net-migration.md)
+- [Migrate to MSAL.js](msal-compare-msal-js-and-adal-js.md)
+- [Migrate to MSAL.Android](migrate-android-adal-msal.md)
+- [Migrate to MSAL.iOS / macOS](migrate-objc-adal-msal.md)
+- [Migrate to MSAL Python](migrate-python-adal-msal.md)
+- [Migrate to MSAL for Java](migrate-adal-msal-java.md)
+- [Migrate Xamarin apps using brokers to MSAL.NET](msal-net-migration-ios-broker.md)

articles/active-directory/develop/quickstart-v2-android.md

@@ -17,14 +17,13 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started, languages:A
 
 # Quickstart: Sign in users and call the Microsoft Graph API from an Android app
 
-This quickstart uses a code sample to demonstrate how an Android application can sign in personal, work, or school accounts using the Microsoft identity platform, and then get an access token and call the Microsoft Graph API.
+This quickstart uses a code sample to demonstrate how an Android application can sign in personal, work, or school accounts using the Microsoft identity platform, and then get an access token and call the Microsoft Graph API. (See [How the sample works](#how-the-sample-works) for an illustration.)
 
 Applications must be represented by an app object in Azure Active Directory so that the Microsoft identity platform can provide tokens to your application.
 
 > [!div renderon="docs"]
 > As a convenience, the code sample comes with a default `redirect_uri` preconfigured in the `AndroidManifest.xml` file so that you don't have to first register your own app object. A `redirect_uri` is partly based on your app's signing key. The sample project is preconfigured with a signing key so that the provided `redirect_uri` will work. To learn more about registering an app object and integrating it with your application, see the [Sign in users and call the Microsoft Graph from an Android app](tutorial-v2-android.md) tutorial.
 
-![Screenshot of the sample app](media/quickstart-v2-android/android-intro.svg)
 
 > [!NOTE]
 > **Prerequisites**
@@ -41,73 +40,14 @@ Applications must be represented by an app object in Azure Active Directory so t
 > > ![Already configured](media/quickstart-v2-android/green-check.png) Your application is configured with these attributes
 >
 > ### Step 2: Download the project 
-> * [Download the code sample](https://github.com/Azure-Samples/ms-identity-android-java/archive/master.zip)
->
-> ### Step 3: Configure your project
-> 1. Extract and open the Project in Android Studio.
-> 2. Inside **app** > **src** > **main** > **res** > **raw**, open **auth_config_multiple_account.json** and replace it with the following code:
-> ```javascript 
-> {
->   "client_id" : "Enter_the_Application_Id_Here",
->   "authorization_user_agent" : "DEFAULT",
->   "redirect_uri" : "Enter_the_Redirect_Uri_Here",
->   "account_mode" : "MULTIPLE",
->   "broker_redirect_uri_registered": true,
->   "authorities" : [
->     {
->       "type": "AAD",
->       "audience": {
->         "type": "Enter_the_Audience_Info_Here",
->         "tenant_id": "Enter_the_Tenant_Info_Here"
->       }
->     }
->   ]
-> }
-> ```
-
 > [!div class="sxs-lookup" renderon="portal"]
-> 3. Inside **app** > **src** > **main** > **res** > **raw**, open **auth_config_single_account.json** and replace it with the following code:
-> ```javascript 
-> {
->   "client_id" : "Enter_the_Application_Id_Here",
->   "authorization_user_agent" : "DEFAULT",
->   "redirect_uri" : "Enter_the_Redirect_Uri_Here",
->   "account_mode" : "SINGLE",
->   "broker_redirect_uri_registered": true,
->   "authorities" : [
->     {
->       "type": "AAD",
->       "audience": {
->         "type": "Enter_the_Audience_Info_Here",
->         "tenant_id": "Enter_the_Tenant_Info_Here"
->       }
->     }
->   ]
-> }
-> ```
-
+> Run the project using Android Studio.
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
+>
 > [!div class="sxs-lookup" renderon="portal"]
-> 4. Inside **app** > **src** > **main**, open  **AndroidManifest.xml**.
-> 5. In the **manifest\application** node, replace the **activity android:name="com.microsoft.identity.client.BrowserTabActivity"** node with the following:	
-> ```xml
-> <!--Intent filter to catch Microsoft's callback after Sign In-->
-> <activity android:name="com.microsoft.identity.client.BrowserTabActivity">
->     <intent-filter>
->         <action android:name="android.intent.action.VIEW" />
->         <category android:name="android.intent.category.DEFAULT" />
->         <category android:name="android.intent.category.BROWSABLE" />
->         <!--
->             Add in your scheme/host from registered redirect URI 
->             note that the leading "/" is required for android:path
->         -->
->         <data 
->             android:host="Enter_the_Package_Name"
->             android:path="/Enter_the_Signature_Hash"
->             android:scheme= "msauth" />
->     </intent-filter>
-> </activity>
-> ```
-> 6. Run the app!   
+> ### Step 3: Your app is configured and ready to run
+> We have configured your project with values of your app's properties and it's ready to run. 
 > The sample app starts on the **Single Account Mode** screen. A default scope, **user.read**, is provided by default, which is used when reading your own profile data during the Microsoft Graph API call. The URL for the Microsoft Graph API call is provided by default. You can change both of these if you wish.
 >
 > ![MSAL sample app showing single and multiple account usage](./media/quickstart-v2-android/quickstart-sample-app.png)
@@ -123,7 +63,7 @@ Applications must be represented by an app object in Azure Active Directory so t
 
 > [!div class="sxs-lookup" renderon="portal"]
 > > [!NOTE]
-> > This quickstart supports Enter_the_Supported_Account_Info_Here.
+> > Enter_the_Supported_Account_Info_Here
 
 > [!div renderon="docs"]
 > ## Step 1: Get the sample app
@@ -148,6 +88,8 @@ Applications must be represented by an app object in Azure Active Directory so t
 > In multiple account mode, you can repeat the same steps.  Additionally, you can remove the signed-in account, which also removes the cached tokens for that account.
 
 ## How the sample works
+![Screenshot of the sample app](media/quickstart-v2-android/android-intro.svg)
+
 
 The code is organized into fragments that show how to write a single and multiple accounts MSAL app. The code files are organized as follows:
 

articles/azure-app-configuration/quickstart-feature-flag-aspnet-core.md

@@ -89,7 +89,7 @@ Add the [Secret Manager tool](https://docs.microsoft.com/aspnet/core/security/ap
 
     ```dotnetcli
     dotnet add package Microsoft.Azure.AppConfiguration.AspNetCore
-    dotnet add package Microsoft.FeatureManagement.AspNetCore --version 2.0.0-preview-010610001-1263
+    dotnet add package Microsoft.FeatureManagement.AspNetCore
     ```
 
 1. Run the following command to restore packages for your project:

articles/azure-functions/functions-premium-plan.md

@@ -105,29 +105,30 @@ Below are the currently supported regions for each OS.
 |Australia Central 2| ✔<sup>1</sup> | |
 |Australia East| ✔ | ✔<sup>1</sup> |
 |Australia Southeast | ✔ | ✔<sup>1</sup> |
-|Brazil South| ✔<sup>2</sup> |  |
+|Brazil South| ✔<sup>2</sup> | ✔<sup>1</sup> |
 |Canada Central| ✔ | ✔<sup>1</sup> |
-|Central US| ✔ |  |
-|East Asia| ✔ |  |
+|Central US| ✔ | ✔<sup>1</sup> |
+|East Asia| ✔ | ✔<sup>1</sup> |
 |East US | ✔ | ✔<sup>1</sup> |
 |East US 2| ✔ | ✔<sup>1</sup> |
-|France Central| ✔ |  |
+|France Central| ✔ | ✔<sup>1</sup> |
 |Germany West Central| ✔ | |
 |Japan East| ✔ | ✔<sup>1</sup> |
 |Japan West| ✔ | ✔<sup>1</sup> |
 |Korea Central| ✔ | ✔<sup>1</sup> |
-|North Central US| ✔ |  |
+|North Central US| ✔ | ✔<sup>1</sup> |
 |North Europe| ✔ | ✔<sup>1</sup> |
+|Norway East| ✔<sup>1</sup> | ✔<sup>1</sup> |
 |South Central US| ✔ | ✔<sup>1</sup> |
 |South India | ✔ | |
 |Southeast Asia| ✔ | ✔<sup>1</sup> |
 |UK South| ✔ | ✔<sup>1</sup> |
-|UK West| ✔ |  |
+|UK West| ✔ | ✔<sup>1</sup> |
 |West Europe| ✔ | ✔<sup>1</sup> |
-|West India| ✔ |  |
-|West Central US| | ✔<sup>1</sup> |
+|West India| ✔ | ✔<sup>1</sup> |
+|West Central US| ✔<sup>1</sup> | ✔<sup>1</sup> |
 |West US| ✔ | ✔<sup>1</sup> |
-|West US 2| ✔ |  |
+|West US 2| ✔ | ✔<sup>1</sup> |
 
 <sup>1</sup>Maximum scale out limited to 20 instances.  
 <sup>2</sup>Maximum scale out limited to 60 instances.

articles/azure-netapp-files/azure-netapp-files-understand-storage-hierarchy.md

@@ -13,13 +13,16 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: overview
-ms.date: 04/16/2019
+ms.date: 02/27/2020
 ms.author: b-juche
 ---
 # What is the storage hierarchy of Azure NetApp Files
 
 Before creating a volume in Azure NetApp Files, you must purchase and set up a pool for provisioned capacity.  To set up a capacity pool, you must have a NetApp account. Understanding the storage hierarchy helps you set up and manage your Azure NetApp Files resources.
 
+> [!IMPORTANT] 
+> Azure NetApp Files currently does not support resource migration between subscriptions.
+
 ## <a name="azure_netapp_files_account"></a>NetApp accounts
 
 - A NetApp account serves as an administrative grouping of the constituent capacity pools.  

articles/connectors/connectors-sftp-ssh.md

@@ -230,4 +230,4 @@ For more technical details about this connector, such as triggers, actions, and
 
 ## Next steps
 
-* Learn about other [Logic Apps connectors](../connectors/apis-list.md)
+* Learn about other [Logic Apps connectors](../connectors/apis-list.md)

articles/cosmos-db/how-to-configure-firewall.md

@@ -38,20 +38,20 @@ When you enable an IP access control policy programmatically, you need to add th
 |US Gov|52.244.48.71|
 |All other regions|104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26|
 
-You can enable access to the Azure portal by selecting the **Allow access from Azure portal** option, as shown in the following screenshot:
+You can enable requests to access the Azure portal by selecting the **Allow access from Azure portal** option, as shown in the following screenshot:
 
 ![Screenshot showing how to enable Azure portal access](./media/how-to-configure-firewall/enable-azure-portal.png)
 
 ### Allow requests from global Azure datacenters or other sources within Azure
 
-If you access your Azure Cosmos DB account from services that don’t provide a static IP (for example, Azure Stream Analytics and Azure Functions), you can still use the IP firewall to limit access. To allow access to the Azure Cosmos DB account from such services, add the IP address 0.0.0.0 to the list of allowed IP addresses. The 0.0.0.0 address restricts requests to your Azure Cosmos DB account from Azure datacenter IP range. This setting does not allow access for any other IP ranges to your Azure Cosmos DB account.
+If you access your Azure Cosmos DB account from services that don’t provide a static IP (for example, Azure Stream Analytics and Azure Functions), you can still use the IP firewall to limit access. You can enable access from other sources within the Azure by selecting the **Accept connections from within Azure datacenters** option, as shown in the following screenshot:
 
-> [!NOTE]
-> This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy. Use this option only if your requests don’t originate from static IPs or subnets in virtual networks. Choosing this option automatically allows access from the Azure portal because the Azure portal is deployed in Azure.
+![Screenshot showing how to open the Firewall page in the Azure portal](./media/how-to-configure-firewall/enable-azure-services.png)
 
-You can enable access to the Azure portal by selecting the **Accept connections from within Azure datacenters** option, as shown in the following screenshot:
+When you enable this option, the IP address `0.0.0.0` is added to the list of allowed IP addresses. The `0.0.0.0` IP address restricts requests to your Azure Cosmos DB account from Azure datacenter IP range. This setting does not allow access for any other IP ranges to your Azure Cosmos DB account.
 
-![Screenshot showing how to open the Firewall page in the Azure portal](./media/how-to-configure-firewall/enable-azure-services.png)
+> [!NOTE]
+> This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy. Use this option only if your requests don’t originate from static IPs or subnets in virtual networks. Choosing this option automatically allows access from the Azure portal because the Azure portal is deployed in Azure.
 
 ### Requests from your current IP
 

articles/cosmos-db/sql-api-dotnet-application.md

@@ -178,7 +178,9 @@ First, we'll add a class that contains the logic to connect to and use Azure Cos
 
    :::code language="csharp" source="~/samples-cosmosdb-dotnet-core-web-app/src/Services/CosmosDbService.cs":::
 
-1. Repeat the previous two steps, but this time, use the name *ICosmosDBService*, and use the following code:
+1. Right-click the **Services** folder, select **Add** > **Class**. Name the new class *ICosmosDBService* and select **Add**.
+
+1. Add the following code to *ICosmosDBService* class:
 
    :::code language="csharp" source="~/samples-cosmosdb-dotnet-core-web-app/src/Services/ICosmosDbService.cs":::
 
@@ -190,18 +192,11 @@ First, we'll add a class that contains the logic to connect to and use Azure Cos
 
 1. Within the same file, add the following method **InitializeCosmosClientInstanceAsync**, which reads the configuration and initializes the client.
 
-    :::code language="csharp" source="~/samples-cosmosdb-dotnet-core-web-app/src/Startup.cs" id="InitializeCosmosClientInstanceAsync":::
+   :::code language="csharp" source="~/samples-cosmosdb-dotnet-core-web-app/src/Startup.cs" id="InitializeCosmosClientInstanceAsync":::
 
-1. Define the configuration in the project's *appsettings.json* file. Open the file and add a section called **CosmosDb**:
+1. Define the configuration in the project's *appsettings.json* file as shown in the following snippet:
 
-   ```csharp
-     "CosmosDb": {
-        "Account": "<enter the URI from the Keys blade of the Azure Portal>",
-        "Key": "<enter the PRIMARY KEY, or the SECONDARY KEY, from the Keys blade of the Azure  Portal>",
-        "DatabaseName": "Tasks",
-        "ContainerName": "Items"
-      }
-   ```
+   :::code language="json" source="~/samples-cosmosdb-dotnet-core-web-app/src/appsettings.json":::
 
 ### <a name="add-a-controller"></a>Add a controller