Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-build-synapse-sqldw

Author: v-alje

articles/active-directory/cloud-provisioning/how-to-prerequisites.md

@@ -43,6 +43,8 @@ Run the [IdFix tool](https://docs.microsoft.com/office365/enterprise/prepare-dir
 
 1. Identify a domain-joined host server running Windows Server 2012 R2 or greater with a minimum of 4-GB RAM and .NET 4.7.1+ runtime.
 
+1. The PowerShell execution policy on the local server must be set to Undefined or RemoteSigned.
+
 1. If there's a firewall between your servers and Azure AD, configure the following items:
    - Ensure that agents can make *outbound* requests to Azure AD over the following ports:
 

articles/active-directory/conditional-access/media/block-legacy-authentication/01.png

@@ -20,7 +20,7 @@ ms.reviewer: hirsin, jlu, annaba
 You can specify the lifetime of a token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization.
 
 > [!IMPORTANT]
-> After hearing from customers during the preview, we've implemented [authentication session management capabilities](https://go.microsoft.com/fwlink/?linkid=2083106) in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency. After May 1, 2020 you will not be able to use Configurable Token Lifetime policy to configure session and refresh tokens. You can still configure access token lifetimes after the deprecation.
+> After hearing from customers during the preview, we've implemented [authentication session management capabilities](https://go.microsoft.com/fwlink/?linkid=2083106) in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency. After May 30, 2020 no new tenant will be able to use Configurable Token Lifetime policy to configure session and refresh tokens. The deprecation will happen within several months after that, which means that we will stop honoring existing session and refresh tokens polices. You can still configure access token lifetimes after the deprecation.
 
 In Azure AD, a policy object represents a set of rules that are enforced on individual applications or on all applications in an organization. Each policy type has a unique structure, with a set of properties that are applied to objects to which they are assigned.
 

articles/active-directory/develop/active-directory-configurable-token-lifetimes.md

@@ -40,7 +40,7 @@ In this quickstart, you use a code sample to learn how an ASP.NET web app to sig
 > 1. Select **New registration**.
 > 1. When the **Register an application** page appears, enter your application's registration information:
 >      - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `ASPNET-Quickstart`.
->      - Add `http://localhost:44368/` in **Redirect URI**, and click **Register**.
+>      - Add `https://localhost:44368/` in **Redirect URI**, and click **Register**.
 >      - From the left navigation pane under the Manage section, select **Authentication**
 >          - Under the **Implicit Grant** sub-section, select **ID tokens**.
 >          - And then select **Save**.

articles/active-directory/develop/quickstart-v2-aspnet-webapp.md

@@ -149,12 +149,12 @@ The `Response` element includes the result of the authorization request. Azure A
 
 ### Issuer
 
-Azure AD sets the `Issuer` element to `https://login.microsoftonline.com/<TenantIDGUID>/` where \<TenantIDGUID> is the tenant ID of the Azure AD tenant.
+Azure AD sets the `Issuer` element to `https://sts.windows.net/<TenantIDGUID>/` where \<TenantIDGUID> is the tenant ID of the Azure AD tenant.
 
 For example, a response with Issuer element could look like the following sample:
 
 ```
-<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
+<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> https://sts.windows.net/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
 ```
 
 ### Status
@@ -187,7 +187,7 @@ In addition to the `ID`, `IssueInstant` and `Version`, Azure AD sets the followi
 This is set to `https://sts.windows.net/<TenantIDGUID>/`where \<TenantIDGUID> is the Tenant ID of the Azure AD tenant.
 
 ```
-<Issuer>https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
+<Issuer>https://sts.windows.net/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
 ```
 
 #### Signature

articles/active-directory/develop/single-sign-on-saml-protocol.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: identity-protection
 ms.topic: conceptual
-ms.date: 10/18/2019
+ms.date: 05/05/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -47,12 +47,11 @@ Configure the users at risk email in the **Azure portal** under **Azure Active D
 The weekly digest email contains a summary of new risk detections.  
 It includes:
 
-- Users at risk
-- Suspicious activities
-- Detected vulnerabilities
+- New risky users detected
+- New risky sign-ins detected (in real-time)
 - Links to the related reports in Identity Protection
 
-![Weekly digest email](./media/howto-identity-protection-configure-notifications/400.png)
+![Weekly digest email](./media/howto-identity-protection-configure-notifications/weekly-digest-email.png)
 
 By default, recipients include all Global Admins. Global Admins can also add other Global Admins, Security Admins, Security Readers as recipients.