Bringing even with master.

Author: v-alje

.openpublishing.redirection.json

@@ -28561,6 +28561,11 @@
             "source_path": "articles/application-insights/open-census-python.md",
             "redirect_url": "/azure/application-insights/app-insights-overview",
             "redirect_document_id" : false
+        },
+			  {
+            "source_path": "articles/application-insights/app-insights-troubleshoot-snapshot-debugger.md",
+            "redirect_url": "/azure/application-insights/app-insights-snapshot-debugger",
+            "redirect_document_id" : false
         }
     ]
 }

articles/active-directory-domain-services/TOC.md

@@ -44,6 +44,7 @@
 ### [Create a group managed service account on a managed domain](active-directory-ds-create-gmsa.md)
 ### [Administer group policy on a managed domain](active-directory-ds-admin-guide-administer-group-policy.md)
 ### [Configure password polices on a managed domain](active-directory-ds-password-policy.md)
+### [Configure scoped synchronization from Azure AD to a managed domain](active-directory-ds-scoped-synchronization.md)
 ## [Select a virtual network](active-directory-ds-networking.md)
 ## Deploy applications
 ### [Configure support for profile synchronization for SharePoint Server](active-directory-ds-enable-sharepoint-profile-sync.md)

articles/active-directory-domain-services/active-directory-ds-scoped-synchronization.md

@@ -0,0 +1,162 @@
+---
+title: 'Azure Active Directory Domain Services: Scoped synchronization | Microsoft Docs'
+description: Configure scoped synchronization from Azure AD to your managed domains
+services: active-directory-ds
+documentationcenter: ''
+author: mahesh-unnikrishnan
+manager: mtillman
+editor: curtand
+
+ms.assetid: 9389cf0f-0036-4b17-95da-80838edd2225
+ms.service: active-directory
+ms.component: domains
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 09/19/2018
+ms.author: maheshu
+
+---
+# Configure scoped synchronization from Azure AD to your managed domain
+This article shows you how to configure only specific user accounts to be synchronized from your Azure AD directory to your Azure AD Domain Services managed domain.
+
+
+## Group-based scoped synchronization
+By default, all users and groups within your Azure AD directory are synchronized to your managed domain. If the managed domain is being used only by a few users, you may prefer to synchronize only those user accounts to the managed domain. Group-based scoped synchronization enables you to do so. When configured, only user accounts belonging to the groups you've specified are synchronized to the managed domain.
+
+
+## Get started: Install the required PowerShell modules
+
+### Install and configure Azure AD PowerShell
+Follow the instructions in the article to [install the Azure AD PowerShell module and connect to Azure AD](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?toc=%2fazure%2factive-directory-domain-services%2ftoc.json).
+
+### Install and configure Azure PowerShell
+Follow the instructions in the article to [install the Azure PowerShell module and connect to your Azure subscription](https://docs.microsoft.com/powershell/azure/install-azurerm-ps?toc=%2fazure%2factive-directory-domain-services%2ftoc.json).
+
+
+
+## Enable group-based scoped synchronization
+Complete the following steps to configure group-based scoped synchronization to your managed domain:
+
+1. Select the groups you want to sync and provide the display name of the groups you want synchronized to your managed domain.
+
+2. Save the script in the following section to a file called ```Select-GroupsToSync.ps1```. Execute the script like below:
+
+  ```powershell
+  .\Select-GroupsToSync.ps1 -groupsToAdd @(“GroupName1”, “GroupName2”)
+  ```
+
+3. Now, enable group-based scoped synchronization for the managed domain.
+
+  ```powershell
+  // Login to your Azure AD tenant
+  Login-AzureRmAccount
+
+  // Retrieve the Azure AD Domain Services resource.
+  $DomainServicesResource = Get-AzureRmResource -ResourceType "Microsoft.AAD/DomainServices"
+
+  // Enable group-based scoped synchronization.
+  $enableScopedSync = @{"filteredSync" = "Enabled"}
+
+  Set-AzureRmResource -Id $DomainServicesResource.ResourceId -Properties $enableScopedSync
+  ```
+
+## Disable group-based scoped synchronization
+Use the following PowerShell script to disable group-based scoped synchronization for your managed domain:
+
+```powershell
+// Login to your Azure AD tenant
+Login-AzureRmAccount
+
+// Retrieve the Azure AD Domain Services resource.
+$DomainServicesResource = Get-AzureRmResource -ResourceType "Microsoft.AAD/DomainServices"
+
+// Disable group-based scoped synchronization.
+$disableScopedSync = @{"filteredSync" = "Disabled"}
+
+Set-AzureRmResource -Id $DomainServicesResource.ResourceId -Properties $disableScopedSync
+```
+
+## Script to select groups to synchronize to the managed domain (Select-GroupsToSync.ps1)
+Save the following script to a file (```Select-GroupsToSync.ps1```). This script configures Azure AD Domain Services to synchronize selected groups to the managed domain. All user accounts belonging to the specified groups will be synchronized to the managed domain.
+
+```powershell
+param (
+    [Parameter(Position = 0)]
+    [String[]]$groupsToAdd
+)
+
+Connect-AzureAD
+$sp = Get-AzureADServicePrincipal -Filter "AppId eq '2565bd9d-da50-47d4-8b85-4c97f669dc36'"
+$role = $sp.AppRoles | where-object -FilterScript {$_.DisplayName -eq "User"}
+
+Write-Output "`n****************************************************************************"
+
+Write-Output "Total group-assignments need to be added: $($groupsToAdd.Count)"
+$newGroupIds = New-Object 'System.Collections.Generic.HashSet[string]'
+foreach ($groupName in $groupsToAdd)
+{
+    try
+    {
+        $group = Get-AzureADGroup -Filter "DisplayName eq '$groupName'"
+        $newGroupIds.Add($group.ObjectId)
+
+        Write-Output "Group-Name: $groupName, Id: $($group.ObjectId)"
+    }
+    catch
+    {
+        Write-Error "Failed to find group: $groupName. Exception: $($_.Exception)."
+    }
+}
+
+Write-Output "****************************************************************************`n"
+Write-Output "`n****************************************************************************"
+
+$currentAssignments = Get-AzureADServiceAppRoleAssignment -ObjectId $sp.ObjectId
+Write-Output "Total current group-assignments: $($currentAssignments.Count), SP-ObjectId: $($sp.ObjectId)"
+
+$currAssignedObjectIds = New-Object 'System.Collections.Generic.HashSet[string]'
+foreach ($assignment in $currentAssignments)
+{
+    Write-Output "Assignment-ObjectId: $($assignment.PrincipalId)"
+
+    if ($newGroupIds.Contains($assignment.PrincipalId) -eq $false)
+    {
+        Write-Output "This assignment is not needed anymore. Removing it! Assignment-ObjectId: $($assignment.PrincipalId)"
+        Remove-AzureADServiceAppRoleAssignment -ObjectId $sp.ObjectId -AppRoleAssignmentId $assignment.ObjectId
+    }
+    else
+    {
+        $currAssignedObjectIds.Add($assignment.PrincipalId)
+    }
+}
+
+Write-Output "****************************************************************************`n"
+Write-Output "`n****************************************************************************"
+
+foreach ($id in $newGroupIds)
+{
+    try
+    {
+        if ($currAssignedObjectIds.Contains($id) -eq $false)
+        {
+            Write-Output "Adding new group-assignment. Role-Id: $($role.Id), Group-Object-Id: $id, ResourceId: $($sp.ObjectId)"
+            New-AzureADGroupAppRoleAssignment -Id $role.Id -ObjectId $id -PrincipalId $id -ResourceId $sp.ObjectId
+        }
+        else
+        {
+            Write-Output "Group-ObjectId: $id is already assigned."
+        }
+    }
+    catch
+    {
+        Write-Error "Exception occured assigning Object-ID: $id. Exception: $($_.Exception)."
+    }
+}
+
+Write-Output "****************************************************************************`n"
+```
+
+## Next steps
+* [Understand synchronization in Azure AD Domain Services](active-directory-ds-synchronization.md)

articles/active-directory/develop/tutorial-v2-ios.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/09/2018
+ms.date: 09/19/2018
 ms.author: andret
 ms.custom: aaddev 
 ---

articles/active-directory/fundamentals/identity-secure-score.md

@@ -0,0 +1,176 @@
+---
+title: What is Identity secure score in Azure AD? - preview | Microsoft Docs
+description: Learn how you can use the identity secure score to improve the security posture of your Azure AD tenant.
+services: active-directory
+keywords: identity secure score, Azure AD, secure access to company resources
+documentationcenter: ''
+author: MarkusVi
+manager: mtillman
+ms.assetid: 
+ms.service: active-directory
+ms.component: fundamentals
+ms.topic: overview 
+ms.devlang: na
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.date: 09/19/2018
+ms.author: markvi
+ms.reviewer: nigu
+#Customer intent: As an IT admin, I want understand the identity secure score, so that I can maximize the security posture of my tenant.
+---
+
+# What is the identity secure score in Azure AD? - preview
+
+How secure is your Azure AD tenant? If you don't know how to answer this question, read this article to learn how the identity secure score helps you to monitor and improve your identity security posture. 
+
+## What is a secure score?
+
+The identity secure score is number between 1 and 248 that functions as indicator for how aligned you are with Microsoft's best practices recommendations for security.
+
+
+![Secure score](./media/identity-secure-score/01.png)
+
+
+
+The score helps you to:
+
+- Objectively measure your identity security posture
+
+- Plan identity security improvements
+
+- Review the success of your improvements 
+
+
+You can access the score and related information on the identity secure score dashboard. On this dashboard, you find:
+
+- Your score
+
+    ![Secure score](./media/identity-secure-score/02.png)
+
+- A comparison graph
+
+    ![Secure score](./media/identity-secure-score/03.png)
+
+- A trend graph
+
+    ![Secure score](./media/identity-secure-score/04.png)
+
+- A list of identity security best practices. 
+
+    ![Secure score](./media/identity-secure-score/05.png)
+
+
+By following the improvement actions, you can:
+
+- Improve your security posture and your score.
+ 
+- Take advantage of Microsoft’s Identity features. 
+
+The improvement actions take into consideration:
+
+- Privileged accounts
+
+- App management
+
+- Conditional access policies
+
+- Authentication methods
+
+- Auditing and reporting. 
+
+
+## How do I get my secure score?
+
+The Identity Secure Score is available in all editions of Azure AD.
+
+To access your score, go to the [Azure AD Overview dashboard](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/IdentitySecureScore).
+
+
+
+## How does it work?
+
+Every 48 hours, Azure looks at your security configuration and compares your settings with the recommended best practices. Based on the outcome of this evaluation, a new score is calculated for your tenant. This means that it can take up to 48 hours until a configuration change you have made is reflected in your score. 
+
+Each recommendation is measured based on your Azure AD configuration. If you are using third-party products to enable a best practice recommendation, you can indicate this in the settings of an improvement action.
+
+![Secure score](./media/identity-secure-score/07.png)
+
+
+Additionally, you also have the option to set recommendations to be ignored if they don't apply to your environment. An ignored recommendation does not contribute to the calculation of your score. 
+ 
+![Secure score](./media/identity-secure-score/06.png)
+
+
+
+## How does it help me?
+
+Using the secure score helps increase your organization's security by encouraging you to use the built-in security features such as:
+
+
+Learning more about these features as you use the tool will help give you piece of mind that you're taking the right steps to protect your organization from threats.
+
+Customers who are using Secure Score have seen their score increase five times more than customers who aren't using it. (The increase in score corresponds with the security features being used in their organizations.)
+
+
+## What you should know
+
+### Who can use Secure Score?
+
+Anyone who has admin permissions (global admin or a custom admin role) for your Azure AD tenant. Users who aren't assigned an admin role can't access the score. However, admins can use the tool to share their results with other people in their organization. 
+
+### What does [Not Scored] mean?
+
+Actions labeled as [Not Scored] are ones you can perform in your organization but won't be scored because they aren't hooked up in the tool (yet!). So, you can still improve your security, but you won't get credit for those actions right now.
+
+### How often is my score updated?
+
+The score is calculated once per day (around 1:00 AM PST). If you make a change to a measured action, the score will automatically update the next day. It takes up to 48 hours for a change to be reflected in your score.
+
+### Who can see my results?
+
+Results are filtered to show scores only to people in your organization who are assigned an admin role (global admin or a custom admin role).
+
+### My score changed. How do I figure out why?
+
+On the score analyzer page on the [secure score portal](https://securescore.microsoft.com/#!/score), click a data point for a specific day, then scroll down to see the completed and incomplete actions for that day to find out what changed.
+
+### Does the Secure Score measure my risk of getting breached?
+
+In short, no. The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted features that can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.
+
+### How should I interpret my score?
+
+You're given points for configuring recommended security features or performing security-related tasks (like reading reports). Some actions are scored for partial completion, like enabling multi-factor authentication (MFA) for your users. Your Secure Score is directly representative of the Microsoft security services you use. Remember that security should always be balanced with usability. All security controls have a user impact component. Controls with low user impact should have little to no effect on your users' day-to-day operations.
+
+To see your score history, go to the score analyzer page on the [secure score portal](https://securescore.microsoft.com/#!/score). Choose a specific date to see which controls were enabled for that day and what points you earned for each one.
+
+
+### How does the identity secure score relate to the Office 365 secure score? 
+
+The [Office 365 secure score](https://docs.microsoft.com/office365/securitycompliance/office-365-secure-score) is about to be migrated into an aggregate of five different scores:
+
+- Identity
+
+- Data
+
+- Devices
+
+- Infrastructure
+
+- Apps
+
+The identity secure score represents the identity part of of the Office 365 secure score. This means that your recommendations for the identity secure score and the identity score in Office 365 are the same. 
+
+
+### I have an idea for another control. How do I let you know what it is?
+We'd love to hear from you. Post your ideas on the Office Security, Privacy & Compliance community. We're listening and want the Secure Score to include all options that are important to you.
+
+Something isn't working right. Who should I contact?
+If you have any issues, let us know by posting on the Office Security, Privacy & Compliance community. We're monitoring the community and will provide help.
+
+### My organization only has certain security features. Does this affect my score?
+The Secure Score calculates your score based on the services you purchased. For example, if you only purchased an Exchange Online plan, you won't be scored for SharePoint Online security features. The denominator of the score is the sum of all the baselines for the controls that apply to the products you purchased. The numerator is the sum of all the controls for which you completed, or partially completed, the actions to fulfill that control.
+## Next steps
+
+If you would like to see a video about the Office 365 secure score, click [here](https://www.youtube.com/watch?v=jzfpDJ9Kg-A).
+