Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-pc-migration-pre

Author: v-alje

.openpublishing.redirection.json

@@ -29764,6 +29764,26 @@
       "redirect_url": "/azure/sentinel/fusion",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-apply-system-updates.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-investigation.md",
+      "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#security-alerts-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-threat-intel.md",
+      "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#menu_securityeventsmap",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-apply-disk-encryption.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/security-center/security-center-confidence-score.md",
       "redirect_url": "/azure/security-center/security-center-intro",

articles/active-directory/develop/authentication-scenarios.md

@@ -167,7 +167,7 @@ This attribute causes ASP.NET to check for the presence of a session cookie cont
 User authentication happens via the browser. The OpenID protocol uses standard HTTP protocol messages.
 * The web app sends an HTTP 302 (redirect) to the browser to use Azure AD.
 * When the user is authenticated, Azure AD sends the token to the web app by using a redirect through the browser.
-* The redirect is provided by the web app in the form of a redirect URI. This redirect URI is registered with the Azure AD application object. There can be several redirect URIs because the application may be deployed at several URLs. So the web app will also need to specify the redirect URi to use.
+* The redirect is provided by the web app in the form of a redirect URI. This redirect URI is registered with the Azure AD application object. There can be several redirect URIs because the application may be deployed at several URLs. So the web app will also need to specify the redirect URI to use.
 * Azure AD verifies that the redirect URI sent by the web app is one of the registered redirect URIs for the app.
 
 ## Desktop and mobile app sign-in flow with Azure AD

articles/active-directory/develop/scenario-web-app-call-api-overview.md

@@ -45,7 +45,7 @@ That's why they register a secret (an application password or certificate) with
 > [!NOTE]
 > Adding sign-in to a web app is about protecting the web app itself. That protection is achieved by using *middleware* libraries, not the Microsoft Authentication Library (MSAL). The preceding scenario, [Web app that signs in users](scenario-web-app-sign-user-overview.md), covered that subject.
 >
-> This scenario covers how to call web APIs from a web app. You must get access tokens for those web APIs. To acquire those tokens, you use MSAL libraries to acquire these tokens.
+> This scenario covers how to call web APIs from a web app. You must get access tokens for those web APIs. You use MSAL libraries to acquire these tokens.
 
 Development for this scenario involves these specific tasks:
 

articles/active-directory/fundamentals/whats-new.md

@@ -12,7 +12,7 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 04/01/2020
 ms.author: mimart
 ms.reviewer: dhanyahk
 ms.custom: it-pro
@@ -37,6 +37,14 @@ This page is updated monthly, so revisit it regularly. If you're looking for ite
 
 ## March 2020
 
+### Unmanaged Azure Active Directory accounts in B2B update for March, 2021
+
+**Type:** Plan for change  
+**Service category:** B2B  
+**Product capability:** B2B/B2C
+ 
+**Beginning on March 31, 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure Active Directory (Azure AD) accounts and tenants for B2B collaboration scenarios. In preparation for this, we encourage you to opt in to [email one-time passcode authentication](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode).
+
 ### Users with the default access role will be in scope for provisioning
 
 **Type:** Plan for change  

articles/active-directory/privileged-identity-management/pim-roles.md

@@ -11,15 +11,15 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: pim
-ms.date: 10/23/2019
+ms.date: 03/31/2020
 ms.author: curtand
 ms.custom: pim ; H1Hack27Feb2017;oldportal;it-pro;
 ms.collection: M365-identity-device-management
 ---
 
 # Roles you can't manage in Privileged Identity Management
 
-Azure Active Directory (Azure AD) Privileged Identity Management (PIM) enables you to manage all [Azure AD roles](../users-groups-roles/directory-assign-admin-roles.md) and all [Azure resource roles](../../role-based-access-control/built-in-roles.md). These roles also include your custom roles attached to your management groups, subscriptions, resource groups, and resources. However, there are few roles that you cannot manage. This article describes the roles you cannot manage in Privileged Identity Management.
+Azure Active Directory (Azure AD) Privileged Identity Management (PIM) enables you to manage all [Azure AD roles](../users-groups-roles/directory-assign-admin-roles.md) and all [Azure roles](../../role-based-access-control/built-in-roles.md). Azure roles can also include your custom roles attached to your management groups, subscriptions, resource groups, and resources. However, there are few roles that you cannot manage. This article describes the roles you can't manage in Privileged Identity Management.
 
 ## Classic subscription administrator roles
 
@@ -33,10 +33,10 @@ For more information about the classic subscription administrator roles, see [Cl
 
 ## What about Office 365 admin roles?
 
-Roles within Exchange Online or SharePoint Online, except for Exchange Administrator and SharePoint Administrator, are not represented in Azure AD and so cannot be managed in Privileged Identity Management. For more information about these Office 365 services, see [Office 365 admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles).
+We support all Office365 roles in the Azure AD Roles and Administrators portal experience, such as Exchange Administrator and SharePoint Administrator, but we don't support specific roles within Exchange RBAC or SharePoint RBAC. For more information about these Office 365 services, see [Office 365 admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles).
 
 > [!NOTE]
-> SharePoint Administrator has administrative access to SharePoint Online through the SharePoint Online admin center, and can perform almost any task in SharePoint Online. Eligible users may experience delays using this role within SharePoint after activating in Privileged Identity Management.
+> Eligible users for SharePoint Administrator role as well as any roles trying to access the Microsoft Security and Compliance Center might experience delays of up to a few hours after activating their role. We are working with those teams to fix the issues.
 
 ## Next steps
 

articles/active-directory/saas-apps/blink-provisioning-tutorial.md

@@ -20,7 +20,7 @@ ms.author: Zhchia
 
 # Tutorial: Configure Blink for automatic user provisioning
 
-The objective of this tutorial is to demonstrate the steps to be performed in Blink and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users and/or groups to Blink.
+The objective of this tutorial is to demonstrate the steps to be performed in Blink and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users to Blink.
 
 > [!NOTE]
 > This tutorial describes a connector built on top of the Azure AD User Provisioning Service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
@@ -37,9 +37,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Assigning users to Blink
 
-Azure Active Directory uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Azure AD are synchronized.
+Azure Active Directory uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or group members that have been assigned to an application in Azure AD are synchronized.
 
-Before configuring and enabling automatic user provisioning, you should decide which users and/or groups in Azure AD need access to Blink. Once decided, you can assign these users and/or groups to Blink by following the instructions here:
+Before configuring and enabling automatic user provisioning, you should decide which users and/or group members in Azure AD need access to Blink. Once decided, you can assign these users and/or groups to Blink by following the instructions here:
 * [Assign a user or group to an enterprise app](../manage-apps/assign-user-or-group-access-portal.md)
 
 ## Important tips for assigning users to Blink
@@ -50,7 +50,7 @@ Before configuring and enabling automatic user provisioning, you should decide w
 
 ## Setup Blink for provisioning
 
-1. Log a [Support Case](https://help.joinblink.com/hc/requests/new) or email **Blink support** at [email protected] to request a SCIM token. .
+1. Log a [Support Case](https://support.joinblink.com) or email **Blink support** at [email protected] to request a SCIM token. .
 
 2.	Copy the **SCIM Authentication Token**. This value will be entered in the Secret Token field in the Provisioning tab of your Blink application in the Azure portal.
 
@@ -78,7 +78,7 @@ Before configuring Blink for automatic user provisioning with Azure AD, you need
 
 ## Configuring automatic user provisioning to Blink 
 
-This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Blink based on user and/or group assignments in Azure AD.
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users in Blink based on user and/or group assignments in Azure AD.
 
 > [!TIP]
 > You may also choose to enable SAML-based single sign-on for Blink , following the instructions provided in the [Blink Single sign-on tutorial](https://docs.microsoft.com/azure/active-directory/saas-apps/blink-tutorial). Single sign-on can be configured independently of automatic user provisioning, though these two features compliment each other
@@ -133,7 +133,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
 
-This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Blink.
+This operation starts the initial synchronization of all users defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Blink.
 
 For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../app-provisioning/check-status-user-account-provisioning.md).
 

articles/active-directory/saas-apps/box-tutorial.md

@@ -13,7 +13,7 @@ ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: tutorial
-ms.date: 01/31/2020
+ms.date: 03/24/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -87,6 +87,9 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     b. In the **Identifier (Entity ID)** text box, type a URL:
     `box.net`
 
+    c. In the **Reply URL** text box, type a URL:
+    `https://sso.services.box.net/sp/ACS.saml2`
+
 	> [!NOTE]
 	> The Sign-on URL value is not real. Update the value with the actual Sign-On URL. Contact [Box Client support team](https://community.box.com/t5/custom/page/page-id/submit_sso_questionaire) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.