Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into load-balancer-seo

asudbring · asudbring · commit 87c6fca5985f · 2019-11-13T10:01:24.000-08:00
diff --git a/articles/active-directory/develop/active-directory-configurable-token-lifetimes.md b/articles/active-directory/develop/active-directory-configurable-token-lifetimes.md
@@ -49,11 +49,11 @@ Clients use access tokens to access a protected resource. An access token can be
 
 ### SAML tokens
 
-SAML tokens are used by many web based SAAS applications, and are obtained using Azure Active Directory's SAML2 protocol endpoint.  They are also consumed by applications using WS-Federation.    The default lifetime of the token is 1 hour. After  From and applications perspective the validity period of the token is specified by the NotOnOrAfter value of the <conditions …>    element in the token.  After the token validity period the client must initiate a new authentication request, which will often be satisfied without interactive sign in as a result of the Single Sign On (SSO) Session token.
+SAML tokens are used by many web based SAAS applications, and are obtained using Azure Active Directory's SAML2 protocol endpoint. They are also consumed by applications using WS-Federation. The default lifetime of the token is 1 hour. From an application's perspective, the validity period of the token is specified by the NotOnOrAfter value of the `<conditions …>` element in the token. After the validity period of the token has ended, the client must initiate a new authentication request, which will often be satisfied without interactive sign in as a result of the Single Sign On (SSO) Session token.
 
-The value of NotOnOrAfter can be changed using the AccessTokenLifetime parameter in a TokenLifetimePolicy.  It will be set to the lifetime configured in the policy if any, plus a clock skew factor of five minutes.
+The value of NotOnOrAfter can be changed using the `AccessTokenLifetime` parameter in a `TokenLifetimePolicy`. It will be set to the lifetime configured in the policy if any, plus a clock skew factor of five minutes.
 
-Note that the subject confirmation NotOnOrAfter specified in the <SubjectConfirmationData> element is not affected by the Token Lifetime configuration. 
+Note that the subject confirmation NotOnOrAfter specified in the `<SubjectConfirmationData>` element is not affected by the Token Lifetime configuration. 
 
 ### Refresh tokens
 
diff --git a/articles/governance/blueprints/concepts/deployment-stages.md b/articles/governance/blueprints/concepts/deployment-stages.md
@@ -1,7 +1,7 @@
 ---
 title: Stages of a blueprint deployment
 description: Learn the steps the Azure Blueprint services goes through during a deployment.
-ms.date: 03/14/2019
+ms.date: 11/13/2019
 ms.topic: conceptual
 ---
 # Stages of a blueprint deployment
@@ -24,17 +24,24 @@ takes the following high-level steps:
 ## Blueprints granted owner rights
 
 The Azure Blueprints service principal is granted owner rights to the assigned subscription or
-subscriptions. The granted role allows Blueprints to create, and later revoke, the [system-assigned
-managed identity](../../../active-directory/managed-identities-azure-resources/overview.md).
+subscriptions when a [system-assigned managed
+identity](../../../active-directory/managed-identities-azure-resources/overview.md) managed identity
+is used. The granted role allows Blueprints to create, and later revoke, the **system-assigned**
+managed identity. If using a **user-assigned** managed identity, the Azure Blueprints service
+principal doesn't get and doesn't need owner rights on the subscription.
 
 The rights are granted automatically if the assignment is done through the portal. However, if the
 assignment is done through the REST API, granting the rights needs to be done with a separate API
 call. The Azure Blueprint AppId is `f71766dc-90d9-4b7d-bd9d-4499c4331c3f`, but the service principal
-varies by tenant. Use [Azure Active Directory Graph API](../../../active-directory/develop/active-directory-graph-api.md)
+varies by tenant. Use
+[Azure Active Directory Graph API](../../../active-directory/develop/active-directory-graph-api.md)
 and REST endpoint [servicePrincipals](/graph/api/resources/serviceprincipal) to get the service
-principal. Then, grant the Azure Blueprints the _Owner_ role through the [Portal](../../../role-based-access-control/role-assignments-portal.md),
-[Azure CLI](../../../role-based-access-control/role-assignments-cli.md), [Azure PowerShell](../../../role-based-access-control/role-assignments-powershell.md),
-[REST API](../../../role-based-access-control/role-assignments-rest.md), or a [Resource Manager template](../../../role-based-access-control/role-assignments-template.md).
+principal. Then, grant the Azure Blueprints the _Owner_ role through the
+[Portal](../../../role-based-access-control/role-assignments-portal.md),
+[Azure CLI](../../../role-based-access-control/role-assignments-cli.md),
+[Azure PowerShell](../../../role-based-access-control/role-assignments-powershell.md),
+[REST API](../../../role-based-access-control/role-assignments-rest.md), or a
+[Resource Manager template](../../../role-based-access-control/role-assignments-template.md).
 
 The Blueprints service doesn't directly deploy the resources.
 
@@ -48,15 +55,20 @@ While creating the blueprint assignment, the type of [managed
 identity](../../../active-directory/managed-identities-azure-resources/overview.md) is selected. The
 default is a **system-assigned** managed identity. A **user-assigned** managed identity can be
 chosen. When using a **user-assigned** managed identity, it must be defined and granted permissions
-before the blueprint assignment is created.
+before the blueprint assignment is created. Both the
+[Owner](../../../role-based-access-control/built-in-roles.md#owner) and
+[Blueprint Operator](../../../role-based-access-control/built-in-roles.md#blueprint-operator)
+built-in roles have the necessary `blueprintAssignment/write` permission to create an assignment
+that uses a **user-assigned** managed identity.
 
 ## Optional - Blueprints creates system-assigned managed identity
 
 When [system-assigned managed
 identity](../../../active-directory/managed-identities-azure-resources/overview.md) is selected
-during assignment, Blueprints creates the identity and grants the managed identity the [owner](../../../role-based-access-control/built-in-roles.md#owner)
-role. If an [existing assignment is upgraded](../how-to/update-existing-assignments.md), Blueprints
-uses the previously created managed identity.
+during assignment, Blueprints creates the identity and grants the managed identity the
+[owner](../../../role-based-access-control/built-in-roles.md#owner) role. If an
+[existing assignment is upgraded](../how-to/update-existing-assignments.md), Blueprints uses the
+previously created managed identity.
 
 The managed identity related to the blueprint assignment is used to deploy or redeploy the resources
 defined in the blueprint. This design avoids assignments inadvertently interfering with each other.
diff --git a/articles/sentinel/connect-zscaler.md b/articles/sentinel/connect-zscaler.md
@@ -103,7 +103,7 @@ In this step, you need to select the Linux machine that will act as a proxy betw
     - Port = 514
     - Format = CEF
     - IP address - make sure to send the CEF messages to the IP address of the virtual machine you dedicated for this purpose.
- For more information, see the [Zscaler Azure Sentinel integration guide](https://aka.ms/ZscalerCEFInstructions).
+ For more information, see the [Zscaler and Azure Sentinel Deployment Guide](https://aka.ms/ZscalerCEFInstructions).
  
    > [!NOTE]
    > This solution supports Syslog RFC 3164 or RFC 5424.
diff --git a/articles/storage/blobs/TOC.yml b/articles/storage/blobs/TOC.yml
@@ -539,11 +539,11 @@
       items:
       - name: Microsoft.Azure.Storage.Common (version 11.x)
         href: https://www.nuget.org/packages/Microsoft.Azure.Storage.Common/
-      - name: Azure.Storage.Common (version 12.x - preview)
+      - name: Azure.Storage.Common (version 12.x)
         href: https://www.nuget.org/packages/Azure.Storage.Common/
       - name: Microsoft.Azure.Storage.Blob (version 11.x)
         href: https://www.nuget.org/packages/Microsoft.Azure.Storage.Blob/
-      - name: Azure.Storage.Blob (version 12.x - preview)
+      - name: Azure.Storage.Blob (version 12.x)
         href: https://www.nuget.org/packages/Azure.Storage.Blobs/
       - name: Azure Configuration Manager
         href: https://www.nuget.org/packages/Microsoft.Azure.ConfigurationManager/
@@ -557,7 +557,7 @@
         items:
         - name: Azure Storage client library
           items:
-          - name: Version 12.x (preview)
+          - name: Version 12.x
             href: https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/storage
           - name: Version 11.x and earlier
             href: https://github.com/Azure/azure-storage-net
@@ -567,19 +567,19 @@
           href: https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/storage/Microsoft.Azure.Management.Storage
       - name: Java
         items:
-        - name: Azure Storage client library version 12.x (preview)
+        - name: Azure Storage client library version 12.x
           href: https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/storage
         - name: Azure Storage client library version 8.x and earlier
           href: https://github.com/Azure/azure-storage-java
       - name: Node.js
         items:
-        - name: Azure Storage client library version 12.x (preview)
+        - name: Azure Storage client library version 12.x
           href: https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/storage
         - name: Azure Storage client library version 10.x
           href: https://github.com/Azure/azure-storage-node
       - name: Python
         items:
-        - name: Azure Storage client library version 12.x (preview)
+        - name: Azure Storage client library version 12.x
           href: https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/storage
         - name: Azure Storage client library version 2.1
           href: https://github.com/Azure/azure-storage-python
@@ -754,7 +754,7 @@
       - name: Storage Resource Provider
         href: /java/api/overview/azure/storage/management
     - name: JavaScript (version 12.x)
-      href: /javascript/api/@azure/storage-blob/?view=azure-node-preview
+      href: /javascript/api/@azure/storage-blob/
     - name: Python (version 12.x)
       href: /python/api/azure-storage-blob/
     - name: REST
