Merge pull request #95531 from MicrosoftDocs/master

11/11 AM Publish

Author: huypub

articles/active-directory/develop/app-registrations-training-guide-for-app-registrations-legacy-users.md

@@ -98,7 +98,7 @@ In the code snippets using application builders, a number of `.With` methods can
 
 The modifiers you can set on a public client or confidential client application builder are:
 
-|Parameter | Description|
+|Modifier | Description|
 |--------- | --------- |
 |`.WithAuthority()` 7 overrides | Sets the application default authority to an Azure AD authority, with the possibility of choosing the Azure Cloud, the audience, the tenant (tenant ID or domain name), or providing directly the authority URI.|
 |`.WithAdfsAuthority(string)` | Sets the application default authority to be an ADFS authority.|
@@ -117,15 +117,15 @@ The modifiers you can set on a public client or confidential client application
 
 The modifiers you can set on a public client application builder on Xamarin.iOS are:
 
-|Parameter | Description|
+|Modifier | Description|
 |--------- | --------- |
 |`.WithIosKeychainSecurityGroup()` | **Xamarin.iOS only**: Sets the iOS key chain security group (for the cache persistence).|
 
 ### Modifiers specific to confidential client applications
 
 The modifiers you can set on a confidential client application builder are:
 
-|Parameter | Description|
+|Modifier | Description|
 |--------- | --------- |
 |`.WithCertificate(X509Certificate2 certificate)` | Sets the certificate identifying the application with Azure AD.|
 |`.WithClientSecret(string clientSecret)` | Sets the client secret (app password) identifying the application with Azure AD.|

articles/active-directory/develop/msal-net-initializing-client-applications.md

@@ -93,26 +93,26 @@ Applications must be represented by an app object in Azure Active Directory so t
 
 > [!div class="sxs-lookup" renderon="portal"]
 > 4. Inside **app** > **src** > **main**, open  **AndroidManifest.xml**.
-> 5. In the **manifest\application** node, replace the **<activity android:name="com.microsoft.identity.client.BrowserTabActivity">** node with the following:	
+> 5. In the **manifest\application** node, replace the **activity android:name="com.microsoft.identity.client.BrowserTabActivity"** node with the following:	
 > ```xml
-> &lt;!--Intent filter to catch Microsoft's callback after Sign In--&gt;
-> &lt;activity android:name=&quot;com.microsoft.identity.client.BrowserTabActivity&quot;&gt;
->     &lt;intent-filter&gt;
->     &lt;action android:name=&quot;android.intent.action.VIEW&quot; /&gt;
->     &lt;category android:name=&quot;android.intent.category.DEFAULT&quot; /&gt;
->     &lt;category android:name=&quot;android.intent.category.BROWSABLE&quot; /&gt;
->         &lt;!--
+> <!--Intent filter to catch Microsoft's callback after Sign In-->
+> <activity android:name="com.microsoft.identity.client.BrowserTabActivity">
+>     <intent-filter>
+>         <action android:name="android.intent.action.VIEW" />
+>         <category android:name="android.intent.category.DEFAULT" />
+>         <category android:name="android.intent.category.BROWSABLE" />
+>         <!--
 >             Add in your scheme/host from registered redirect URI 
->             note that the leading &quot;/&quot; is required for android:path
->         --&gt;
->         &lt;data android:scheme=&quot;msauth&quot;
->             android:host=&quot;Enter_the_Package_Name&quot;
->             android:path=&quot;Enter_the_Signature_Hash&quot;
->             android:scheme = &quot;msauth&quot; /&gt;
->     &lt;/intent-filter&gt;
-> &lt;/activity&gt;
+>             note that the leading "/" is required for android:path
+>         -->
+>         <data 
+>             android:host="Enter_the_Package_Name"
+>             android:path="/Enter_the_Signature_Hash"
+>             android:scheme= "msauth" />
+>     </intent-filter>
+> </activity>
 > ```
-> 6. Run the app!
+> 6. Run the app!   
 > The sample app starts on the **Single Account Mode** screen. A default scope, **user.read**, is provided by default, which is used when reading your own profile data during the Microsoft Graph API call. The URL for the Microsoft Graph API call is provided by default. You can change both of these if you wish.
 >
 > ![MSAL sample app showing single and multiple account usage](./media/quickstart-v2-android/quickstart-sample-app.png)

articles/active-directory/develop/quickstart-v2-android.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 ---
 # What is Azure AD entitlement management?
 
-Azure Active Directory (Azure AD) entitlement management is a [identity governance](identity-governance-overview.md) feature that  enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.
+Azure Active Directory (Azure AD) entitlement management is an [identity governance](identity-governance-overview.md) feature that  enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.
 
 Employees in organizations need access to various groups, applications, and sites to perform their job. Managing this access is challenging, as requirements change - new applications are added or users need additional access rights.  This scenario gets more complicated when you collaborate with outside organizations - you may not know who in the other organization needs access to your organization's resources, and they won't know what applications, groups or sites your organization is using.
 

articles/active-directory/governance/entitlement-management-overview.md

@@ -38,9 +38,18 @@ Download| [Download Azure AD Connect](https://go.microsoft.com/fwlink/?LinkId=61
 While we go through this process, the version number of the release will be shown with an "X" in the minor release number position, as in "1.3.X.0" - this indicates that the release notes in this document are valid for all versions beginning with "1.3.". As soon as we have finalized the release process the release version number will be updated to the most recently released version and the release status will be updated to "Released for download and auto upgrade".
 Not all releases of Azure AD Connect will be made available for auto upgrade. The release status will indicate whether a release is made available for auto upgrade or for download only. If auto upgrade was enabled on your Azure AD Connect server then that server will automatically upgrade to the latest version of Azure AD Connect that is released for auto upgrade. Note that not all Azure AD Connect configurations are eligible for auto upgrade. Please follow this link to read more about [auto upgrade](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-install-automatic-upgrade)
 
-## 1.4.25.0
+## 1.4.32.0
+### Release status
+08/11/2019: Released for download. Not available for auto-upgrade
+
+>[!IMPORTANT]
+>Due to an internal schema change in this release of Azure AD Connect, if you manage ADFS trust relationship configuration settings using MSOnline PowerShell then you must update your MSOnline PowerShell module to version 1.1.183.57 or higher
+### Fixed issues
 
+This version fixes an issue with existing Hybrid Azure AD joined devices. This release contains a new device sync rule that corrects this issue.
+Note that this rule change may cause deletion of obsolete devices from Azure AD. This is not a cause for concern, as these device objects are not used by Azure AD during Conditional Access authorization. For some customers, the number of devices that will be deleted through this rule change can exceed the deletion threshold. If you see the deletion of device objects in Azure AD exceeding the Export Deletion Threshold, it is advised to allow the deletions to go through. [How to allow deletes to flow when they exceed the deletion threshold](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-prevent-accidental-deletes)
 
+## 1.4.25.0
 
 ### Release status
 9/28/2019: Released for auto-upgrade to select tenants. Not available for download.

articles/active-directory/hybrid/reference-connect-version-history.md

@@ -29,7 +29,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.64 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
 
-> [!Note]
+> [!NOTE]
 > If running the commands in this quickstart locally (instead of Azure Cloud Shell), ensure you run the commands as administrator.
 
 ## Create a resource group
@@ -61,7 +61,7 @@ The following example output shows the resource group created successfully:
 
 Use the [az aks create][az-aks-create] command to create an AKS cluster. The following example creates a cluster named *myAKSCluster* with one node. Azure Monitor for containers is also enabled using the *--enable-addons monitoring* parameter.  This will take several minutes to complete.
 
-> [NOTE]
+> [!NOTE]
 > When creating an AKS cluster a second resouce group is automatically created to store the AKS resources. For more information see [Why are two resource groups created with AKS?](https://docs.microsoft.com/azure/aks/faq#why-are-two-resource-groups-created-with-aks)
 
 ```azurecli-interactive

articles/aks/kubernetes-walkthrough.md

@@ -32,7 +32,7 @@ The following architecture diagram demonstrates how the various components withi
 
 ## Selection criteria
 
-It's important to understand and consider the following areas when evaluating Linkerd for your workloads:
+It's important to understand and consider the following areas when evaluating Consul for your workloads:
 
 - [Consul Principles](#consul-principles)
 - [Capabilities](#capabilities)
@@ -107,4 +107,4 @@ You can also further explore Consul features and architecture:
 [prometheus]: https://prometheus.io/
 
 <!-- LINKS - internal -->
-[consul-install]: ./servicemesh-consul-install.md
+[consul-install]: ./servicemesh-consul-install.md

articles/aks/servicemesh-consul-about.md

@@ -318,6 +318,7 @@ When running the job, instead of indicating a remote jar URL, the `local://` sch
     --name spark-pi \
     --class org.apache.spark.examples.SparkPi \
     --conf spark.executor.instances=3 \
+    --conf spark.kubernetes.authenticate.driver.serviceAccountName=spark \
     --conf spark.kubernetes.container.image=<spark-image> \
     local:///opt/spark/work-dir/<your-jar-name>.jar
 ```

articles/aks/spark-job.md

@@ -87,7 +87,7 @@ You can learn how to set an address on your app with the tutorial on [Configurin
 
 ### Access Restrictions 
 
-The Access Restrictions capability lets you filter **inbound** requests based on the origination IP address. The filtering action takes place on the front-end roles that are upstream from the worker rolls where your apps are running. Since the front-end roles are upstream from the workers, the Access Restrictions capability can be regarded as network level protection for your apps. The feature allows you to build a list of allow and deny address blocks that are evaluated in priority order. It is similar to the Network Security Group (NSG) feature that exists in Azure Networking.  You can use this feature in an ASE or in the multi-tenant service. When used with an ILB ASE, you can restrict access from private address blocks.
+The Access Restrictions capability lets you filter **inbound** requests based on the origination IP address. The filtering action takes place on the front-end roles that are upstream from the worker roles where your apps are running. Since the front-end roles are upstream from the workers, the Access Restrictions capability can be regarded as network level protection for your apps. The feature allows you to build a list of allow and deny address blocks that are evaluated in priority order. It is similar to the Network Security Group (NSG) feature that exists in Azure Networking.  You can use this feature in an ASE or in the multi-tenant service. When used with an ILB ASE, you can restrict access from private address blocks.
 
 ![Access Restrictions](media/networking-features/access-restrictions.png)
 

articles/app-service/networking-features.md

@@ -41,7 +41,7 @@ To reduce the memory footprint of the agent, whenever the agent collects an iden
 
 Events are considered identical only when the following conditions are met: 
 
-* ProcessCreate events - when **commandLine**, **executable**, **username, and **userid** are identical
+* ProcessCreate events - when **commandLine**, **executable**, **username**, and **userid** are identical
 * ConnectionCreate events - when **commandLine**, **userId**, **direction**, **local address**, **remote address**, **protocol, and **destination port** are identical
 * ProcessTerminate events - when **executable** and **exit status** are identical