Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into standardSSD

Author: roygara

articles/active-directory/TOC.md

@@ -112,9 +112,9 @@
 #### [Interpret the sign-in log schema in Azure Monitor](reports-monitoring/reference-azure-monitor-sign-ins-log-schema.md)
 
 ### Troubleshoot
-#### [Missing audit data](reports-monitoring/troubleshoot-missing-audit-data.md)
+#### [Missing data in Azure AD activity logs](reports-monitoring/troubleshoot-missing-audit-data.md)
 #### [Missing data in downloads](reports-monitoring/troubleshoot-missing-data-download.md)
-#### [Azure AD Activity logs content pack errors](reports-monitoring/troubleshoot-content-pack.md)
+#### [Azure AD activity logs content pack errors](reports-monitoring/troubleshoot-content-pack.md)
 #### [Errors in Azure AD Reporting API](reports-monitoring/troubleshoot-graph-api.md)
 
 ###	[Programmatic Access](reports-monitoring/concept-reporting-api.md)

articles/active-directory/reports-monitoring/media/troubleshoot-missing-audit-data/02.png

@@ -131,6 +131,16 @@ This section answers frequently asked questions and discusses known issues with
 
 ---
 
+**Q: How do I integrate Azure AD activity logs with my SIEM system?**
+
+**A**: You can do this in two ways:
+
+- Use Azure Monitor with Event Hubs to stream logs to your SIEM system. First, [stream the logs to an event hub](quickstart-azure-monitor-stream-logs-to-event-hub.md) and then [set up your SIEM tool](quickstart-azure-monitor-stream-logs-to-event-hub.md#access-data-from-your-event-hub) with the configured event hub. 
+
+- Use the [Reporting Graph API](concept-reporting-api.md) to access the data, and push it into the SIEM system using your own scripts.
+
+---
+
 **Q: What SIEM tools are currently supported?** 
 
 **A**: Currently, Azure Monitor is supported by [Splunk](tutorial-integrate-activity-logs-with-splunk.md), QRadar, and [Sumo Logic](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Azure_Active_Directory). For more information about how the connectors work, see [Stream Azure monitoring data to an event hub for consumption by an external tool](../../monitoring-and-diagnostics/monitor-stream-monitoring-data-event-hubs.md).

articles/active-directory/reports-monitoring/media/troubleshoot-missing-audit-data/03.png

@@ -128,6 +128,12 @@ This article includes answers to frequently asked questions about Azure Active D
 
 ---
 
+**Q: What does the risk event "Sign-in with additional risk detected" signify?**
+
+**A:** To give you an insight into all the risky sign-ins in your environment, "Sign-in with additional risk detected" functions as placeholder for sign-ins for detections that are exclusive to Azure AD Identity Protection subscribers.
+
+---
+
 ## Conditional access
 
 **Q: What's new with this feature?**

articles/active-directory/reports-monitoring/overview-activity-logs-in-azure-monitor.md

@@ -1,7 +1,7 @@
 ---
 
-title: 'Troubleshoot: Missing data in the Azure Active Directory activity log  | Microsoft Docs'
-description: Lists the various available reports for Azure Active Directory
+title: 'Troubleshoot Missing data in the Azure Active Directory activity logs  | Microsoft Docs'
+description: Provides you with a resolution to missing data in Azure Active Directory activity logs.
 services: active-directory
 documentationcenter: ''
 author: priyamohanram
@@ -21,17 +21,38 @@ ms.reviewer: dhanyahk
 
 ---
 
-# Troubleshoot: Missing data in the Azure Active Directory activity log 
+# Troubleshoot: Missing data in the Azure Active Directory activity logs 
 
+## I can't find audit logs for recent actions in the Azure portal
 
-## Symptoms
+### Symptoms
 
 I performed some actions in the Azure portal and expected to see the audit logs for those actions in the `Activity logs > Audit Logs` blade, but I can’t find them.
 
  ![Reporting](./media/troubleshoot-missing-audit-data/01.png)
 
+### Cause
 
-## Cause
+Actions don’t appear immediately in the activity logs. The table below enumerates our latency numbers for activity logs. 
+
+| Report |   | Latency (P95) | Latency (P99) |
+|--------|--------|---------------|---------------|
+| Directory audit |   | 2 mins | 5 mins |
+| Sign-in activity |   | 2 mins | 5 mins | 
+
+### Resolution
+
+Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
+
+## I can’t find recent user sign-ins in the Azure Active Directory sign-ins activity log
+
+### Symptoms
+
+I recently signed into the Azure portal and expected to see the sign-in logs for those actions in the `Activity logs > Sign-ins` blade, but I can’t find them.
+
+ ![Reporting](./media/troubleshoot-missing-audit-data/02.png)
+ 
+### Cause
 
 Actions don’t appear immediately in the activity logs. The table below enumerates our latency numbers for activity logs. 
 
@@ -40,13 +61,36 @@ Actions don’t appear immediately in the activity logs. The table below enumera
 | Directory audit |   | 2 mins | 5 mins |
 | Sign-in activity |   | 2 mins | 5 mins | 
 
-## Resolution
+### Resolution
 
 Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
 
+## I can't view more than 30 days of report data in the Azure portal
+
+### Symptoms
+
+I can't view more than 30 days of sign-in and audit data from the Azure portal. Why? 
+
+ ![Reporting](./media/troubleshoot-missing-audit-data/03.png)
+
+### Cause
+
+Depending on your license, Azure Active Directory Actions stores activity reports for the following durations:
+
+| Report           |   |  Azure AD Free | Azure AD Premium P1 | Azure AD Premium P2 |
+| ---              | ----   |  ---           | ---                 | ---                 |
+| Directory Audit  |   |	7 days	   | 30 days             | 30 days             |
+| Sign-in Activity |   | Not available. You can access your own sign-ins for 7 days from the individual user profile blade | 30 days | 30 days             |
+
+For more information, see [Azure Active Directory report retention policies](reference-reports-data-retention.md).  
+
+### Resolution
+
+You have two options to retain the data for longer than 30 days. You can use the [Azure AD Reporting APIs](concept-reporting-api.md) to retrieve the data programmatically and store it in a database. Alternatively, you can integrate audit logs into a third party SIEM system like Splunk or SumoLogic.
 
 ## Next steps
 
+* [Azure AD reporting retention](reference-reports-data-retention.md).
 * [Azure Active Directory reporting latencies](reference-reports-latencies.md).
 * [Azure Active Directory reporting FAQ](reports-faq.md).
 

articles/active-directory/reports-monitoring/reports-faq.md

@@ -4,7 +4,7 @@ description: Understand how to handle Event Grid events in Azure Functions.
 services: functions
 documentationcenter: na
 author: ggailey777
-manager: cfowler
+manager: jeconnoc
 editor: ''
 tags: ''
 keywords:
@@ -14,7 +14,7 @@ ms.devlang: multiple
 ms.topic: reference
 ms.tgt_pltfrm: multiple
 ms.workload: na
-ms.date: 06/08/2018
+ms.date: 08/20/2018
 ms.author: glenga
 ---
 
@@ -337,7 +337,7 @@ You can get the system key by using the following API (HTTP GET):
 http://{functionappname}.azurewebsites.net/admin/host/systemkeys/eventgridextensionconfig_extension?code={adminkey}
 ```
 
-This is an admin API, so it requires Your [admin key](functions-bindings-http-webhook.md#authorization-keys). Don't confuse the system key (for invoking an Event Grid trigger function) with the admin key (for performing administrative tasks on the function app). When you subscribe to an Event Grid topic, be sure to use the system key.
+This is an admin API, so it requires your function app [master key](functions-bindings-http-webhook.md#authorization-keys). Don't confuse the system key (for invoking an Event Grid trigger function) with the master key (for performing administrative tasks on the function app). When you subscribe to an Event Grid topic, be sure to use the system key. 
 
 Here's an example of the response that provides the system key:
 

articles/active-directory/reports-monitoring/troubleshoot-missing-audit-data.md

@@ -127,6 +127,7 @@ In the terminal window or from a command prompt, run the following command to cr
 func init MyFunctionProj
 ```
 
+When you provide a project name, a new folder with that name is created and initialized. Otherwise, the current folder is initialized.  
 In version 2.x, when you run the command you must choose a runtime for your project. If you plan to develop JavaScript functions, choose **node**:
 
 ```output

articles/azure-functions/functions-bindings-event-grid.md

@@ -163,9 +163,9 @@ The URLs for Log Analytics are different in Azure Government:
 | \*.ods.opinsights.azure.com |\*.ods.opinsights.azure.us |Agent communication - [configuring firewall settings](../log-analytics/log-analytics-proxy-firewall.md) |
 | \*.oms.opinsights.azure.com |\*.oms.opinsights.azure.us |Agent communication - [configuring firewall settings](../log-analytics/log-analytics-proxy-firewall.md) |
 | \*.blob.core.windows.net |\*.blob.core.usgovcloudapi.net |Agent communication - [configuring firewall settings](../log-analytics/log-analytics-proxy-firewall.md) |
-| portal.loganalytics.io |portal.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#advanced-analytics-portal) |
-| api.loganalytics.io |api.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#advanced-analytics-portal) |
-| docs.loganalytics.io |docs.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#advanced-analytics-portal) |
+| portal.loganalytics.io |portal.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#log-analytics-page-preview) |
+| api.loganalytics.io |api.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#log-analytics-page-preview) |
+| docs.loganalytics.io |docs.loganalytics.us |Advanced Analytics Portal - [configuring firewall settings](../log-analytics/log-analytics-log-search-portals.md#log-analytics-page-preview) |
 | \*.azure-automation.net |\*.azure-automation.us |Azure Automation - [configuring firewall settings](../log-analytics/log-analytics-concept-hybrid.md#network-firewall-requirements) |
 | N/A | *.usgovtrafficmanager.net | Azure Traffic Manager - [configuring firewall settings](../log-analytics/log-analytics-concept-hybrid.md#network-firewall-requirements) |
 

articles/azure-functions/functions-run-local.md

@@ -13,7 +13,7 @@ ms.workload: na
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 08/15/2018
+ms.date: 08/20/2018
 ms.author: anwestg
 ms.reviewer: brenduns
 
@@ -66,6 +66,10 @@ Azure App Service on Azure Stack Update 3 includes the following improvements an
   - Added Wincache 2.0.0.8
   - Updated Git for Windows to v 2.17.1.2
   - Updated Kudu to 74.10611.3437
+  
+- **Updates to underlying operating system of all roles**:
+  - [Servicing stack update for Windows Server 2016 for x64-based Systems (KB4132216)](https://support.microsoft.com/help/4132216/servicing-stack-update-for-windows-10-1607-may-17-2018)
+  - [2018-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4338822)](https://support.microsoft.com/help/4338822/windows-10-update-kb4338822)
 
 ### Post Update Steps (optional)