Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ehub-grid-0818

Author: spelluru

.openpublishing.redirection.json

@@ -23981,6 +23981,11 @@
             "redirect_url": "/azure/active-directory/authentication/howto-mfa-userdevicesettings",
             "redirect_document_id": true
         },
+        {
+            "source_path": "articles/network-watcher/prepare-flow-log.md",
+            "redirect_url": "/azure/network-watcher/network-watcher-nsg-flow-logging-overview",
+            "redirect_document_id": true
+        },
         {
             "source_path": "articles/network-watcher/network-watcher-nsg-flow-logging-cli-nodejs.md",
             "redirect_url": "/azure/network-watcher/network-watcher-nsg-flow-logging-cli",

articles/active-directory-b2c/TOC.yml

@@ -261,6 +261,8 @@
     href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Frequently asked questions
     href: active-directory-b2c-faqs.md
+  - name: Getting help
+    href: /azure/active-directory/develop/developer-support-help-options
   - name: Pricing
     href: https://azure.microsoft.com/pricing/details/active-directory-b2c/
   - name: Pricing calculator

articles/active-directory/TOC.md

@@ -112,9 +112,9 @@
 #### [Interpret the sign-in log schema in Azure Monitor](reports-monitoring/reference-azure-monitor-sign-ins-log-schema.md)
 
 ### Troubleshoot
-#### [Missing audit data](reports-monitoring/troubleshoot-missing-audit-data.md)
+#### [Missing data in Azure AD activity logs](reports-monitoring/troubleshoot-missing-audit-data.md)
 #### [Missing data in downloads](reports-monitoring/troubleshoot-missing-data-download.md)
-#### [Azure AD Activity logs content pack errors](reports-monitoring/troubleshoot-content-pack.md)
+#### [Azure AD activity logs content pack errors](reports-monitoring/troubleshoot-content-pack.md)
 #### [Errors in Azure AD Reporting API](reports-monitoring/troubleshoot-graph-api.md)
 
 ###	[Programmatic Access](reports-monitoring/concept-reporting-api.md)

articles/active-directory/develop/quickstart-v1-openid-connect-code.md

@@ -406,7 +406,7 @@ Sign in with either a personal Microsoft account or a work or school account, an
 
 For reference, the completed sample (without your configuration values) [is provided as a .zip file](https://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS/archive/complete.zip). Alternatively, you can clone it from GitHub:
 
-```git clone --branch complete https://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS.git```
+```git clone --branch master https://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS.git```
 
 You can now move onto more advanced topics. You might want to try:
 

articles/active-directory/reports-monitoring/media/troubleshoot-missing-audit-data/02.png

@@ -131,6 +131,16 @@ This section answers frequently asked questions and discusses known issues with
 
 ---
 
+**Q: How do I integrate Azure AD activity logs with my SIEM system?**
+
+**A**: You can do this in two ways:
+
+- Use Azure Monitor with Event Hubs to stream logs to your SIEM system. First, [stream the logs to an event hub](quickstart-azure-monitor-stream-logs-to-event-hub.md) and then [set up your SIEM tool](quickstart-azure-monitor-stream-logs-to-event-hub.md#access-data-from-your-event-hub) with the configured event hub. 
+
+- Use the [Reporting Graph API](concept-reporting-api.md) to access the data, and push it into the SIEM system using your own scripts.
+
+---
+
 **Q: What SIEM tools are currently supported?** 
 
 **A**: Currently, Azure Monitor is supported by [Splunk](tutorial-integrate-activity-logs-with-splunk.md), QRadar, and [Sumo Logic](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Azure_Active_Directory). For more information about how the connectors work, see [Stream Azure monitoring data to an event hub for consumption by an external tool](../../monitoring-and-diagnostics/monitor-stream-monitoring-data-event-hubs.md).

articles/active-directory/reports-monitoring/media/troubleshoot-missing-audit-data/03.png

@@ -128,6 +128,12 @@ This article includes answers to frequently asked questions about Azure Active D
 
 ---
 
+**Q: What does the risk event "Sign-in with additional risk detected" signify?**
+
+**A:** To give you an insight into all the risky sign-ins in your environment, "Sign-in with additional risk detected" functions as placeholder for sign-ins for detections that are exclusive to Azure AD Identity Protection subscribers.
+
+---
+
 ## Conditional access
 
 **Q: What's new with this feature?**

articles/active-directory/reports-monitoring/overview-activity-logs-in-azure-monitor.md

@@ -1,7 +1,7 @@
 ---
 
-title: 'Troubleshoot: Missing data in the Azure Active Directory activity log  | Microsoft Docs'
-description: Lists the various available reports for Azure Active Directory
+title: 'Troubleshoot Missing data in the Azure Active Directory activity logs  | Microsoft Docs'
+description: Provides you with a resolution to missing data in Azure Active Directory activity logs.
 services: active-directory
 documentationcenter: ''
 author: priyamohanram
@@ -21,17 +21,38 @@ ms.reviewer: dhanyahk
 
 ---
 
-# Troubleshoot: Missing data in the Azure Active Directory activity log 
+# Troubleshoot: Missing data in the Azure Active Directory activity logs 
 
+## I can't find audit logs for recent actions in the Azure portal
 
-## Symptoms
+### Symptoms
 
 I performed some actions in the Azure portal and expected to see the audit logs for those actions in the `Activity logs > Audit Logs` blade, but I can’t find them.
 
  ![Reporting](./media/troubleshoot-missing-audit-data/01.png)
 
+### Cause
 
-## Cause
+Actions don’t appear immediately in the activity logs. The table below enumerates our latency numbers for activity logs. 
+
+| Report |   | Latency (P95) | Latency (P99) |
+|--------|--------|---------------|---------------|
+| Directory audit |   | 2 mins | 5 mins |
+| Sign-in activity |   | 2 mins | 5 mins | 
+
+### Resolution
+
+Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
+
+## I can’t find recent user sign-ins in the Azure Active Directory sign-ins activity log
+
+### Symptoms
+
+I recently signed into the Azure portal and expected to see the sign-in logs for those actions in the `Activity logs > Sign-ins` blade, but I can’t find them.
+
+ ![Reporting](./media/troubleshoot-missing-audit-data/02.png)
+ 
+### Cause
 
 Actions don’t appear immediately in the activity logs. The table below enumerates our latency numbers for activity logs. 
 
@@ -40,13 +61,36 @@ Actions don’t appear immediately in the activity logs. The table below enumera
 | Directory audit |   | 2 mins | 5 mins |
 | Sign-in activity |   | 2 mins | 5 mins | 
 
-## Resolution
+### Resolution
 
 Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
 
+## I can't view more than 30 days of report data in the Azure portal
+
+### Symptoms
+
+I can't view more than 30 days of sign-in and audit data from the Azure portal. Why? 
+
+ ![Reporting](./media/troubleshoot-missing-audit-data/03.png)
+
+### Cause
+
+Depending on your license, Azure Active Directory Actions stores activity reports for the following durations:
+
+| Report           |   |  Azure AD Free | Azure AD Premium P1 | Azure AD Premium P2 |
+| ---              | ----   |  ---           | ---                 | ---                 |
+| Directory Audit  |   |	7 days	   | 30 days             | 30 days             |
+| Sign-in Activity |   | Not available. You can access your own sign-ins for 7 days from the individual user profile blade | 30 days | 30 days             |
+
+For more information, see [Azure Active Directory report retention policies](reference-reports-data-retention.md).  
+
+### Resolution
+
+You have two options to retain the data for longer than 30 days. You can use the [Azure AD Reporting APIs](concept-reporting-api.md) to retrieve the data programmatically and store it in a database. Alternatively, you can integrate audit logs into a third party SIEM system like Splunk or SumoLogic.
 
 ## Next steps
 
+* [Azure AD reporting retention](reference-reports-data-retention.md).
 * [Azure Active Directory reporting latencies](reference-reports-latencies.md).
 * [Azure Active Directory reporting FAQ](reports-faq.md).
 

articles/active-directory/reports-monitoring/reports-faq.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 11/29/2017
+ms.date: 08/20/2018
 ms.author: jeedes
 
 ---
@@ -46,30 +46,32 @@ To test the steps in this tutorial, you should follow these recommendations:
 - If you don't have an Azure AD trial environment, you can [get a one-month trial](https://azure.microsoft.com/pricing/free-trial/).
 
 ## Scenario description
-In this tutorial, you test Azure AD single sign-on in a test environment. 
+
+In this tutorial, you test Azure AD single sign-on in a test environment.
 The scenario outlined in this tutorial consists of two main building blocks:
 
 1. Adding Dropbox for Business from the gallery
-1. Configuring and testing Azure AD single sign-on
+2. Configuring and testing Azure AD single sign-on
 
 ## Adding Dropbox for Business from the gallery
+
 To configure the integration of Dropbox for Business into Azure AD, you need to add Dropbox for Business from the gallery to your list of managed SaaS apps.
 
 **To add Dropbox for Business from the gallery, perform the following steps:**
 
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon. 
+1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
 
 	![The Azure Active Directory button][1]
 
-1. Navigate to **Enterprise applications**. Then go to **All applications**.
+2. Navigate to **Enterprise applications**. Then go to **All applications**.
 
 	![The Enterprise applications blade][2]
-	
-1. To add new application, click **New application** button on the top of dialog.
+
+3. To add new application, click **New application** button on the top of dialog.
 
 	![The New application button][3]
 
-1. In the search box, type **Dropbox for Business**, select **Dropbox for Business** from result panel then click **Add** button to add the application.
+4. In the search box, type **Dropbox for Business**, select **Dropbox for Business** from result panel then click **Add** button to add the application.
 
 	![Dropbox for Business in the results list](./media/dropboxforbusiness-tutorial/tutorial_dropboxforbusiness_addfromgallery.png)
 
@@ -84,10 +86,10 @@ In Dropbox for Business, assign the value of the **user name** in Azure AD as th
 To configure and test Azure AD single sign-on with Dropbox for Business, you need to complete the following building blocks:
 
 1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-1. **[Create a Dropbox for Business test user](#create-a-dropbox-for-business-test-user)** - to have a counterpart of Britta Simon in Dropbox for Business that is linked to the Azure AD representation of user.
-1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-1. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
+3. **[Create a Dropbox for Business test user](#create-a-dropbox-for-business-test-user)** - to have a counterpart of Britta Simon in Dropbox for Business that is linked to the Azure AD representation of user.
+4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
+5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
 
 ### Configure Azure AD single sign-on
 
@@ -99,71 +101,68 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
 
 	![Configure single sign-on link][4]
 
-1. On the **Single sign-on** dialog, select **Mode** as	**SAML-based Sign-on** to enable single sign-on.
+2. On the **Single sign-on** dialog, select **Mode** as	**SAML-based Sign-on** to enable single sign-on.
 
 	![Single sign-on dialog box](./media/dropboxforbusiness-tutorial/tutorial_dropboxforbusiness_samlbase.png)
 
-1. On the **Dropbox for Business Domain and URLs** section, perform the following steps:
+3. On the **Dropbox for Business Domain and URLs** section, perform the following steps:
 
 	![Dropbox for Business Domain and URLs single sign-on information](./media/dropboxforbusiness-tutorial/tutorial_dropboxforbusiness_url1.png)
 
     a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://www.dropbox.com/sso/<id>`
 
 	b. In the **Identifier** textbox, type a value: `Dropbox`
 
-	> [!NOTE] 
-	> The preceding Sign-on URL value is not real value. You will update the value with the actual Sign-on URL, which is explained later in the tutorial. Contact [Dropbox for Business Client support team](https://www.dropbox.com/business/contact) to get the value. 
- 
+	> [!NOTE]
+	> The preceding Sign-on URL value is not real value. You will update the value with the actual Sign-on URL, which is explained later in the tutorial.
 
-1. On the **SAML Signing Certificate** section, click **Certificate (Base64)** and then save the certificate file on your computer.
+4. On the **SAML Signing Certificate** section, click **Certificate (Base64)** and then save the certificate file on your computer.
 
 	![The Certificate download link](./media/dropboxforbusiness-tutorial/tutorial_dropboxforbusiness_certificate.png) 
 
-1. Click **Save** button.
+5. Click **Save** button.
 
 	![Configure Single Sign-On Save button](./media/dropboxforbusiness-tutorial/tutorial_general_400.png)
 
-1. On the **Dropbox for Business Configuration** section, click **Configure Dropbox for Business** to open **Configure sign-on** window. Copy the **SAML Single Sign-On Service URL** from the **Quick Reference section.**
+6. On the **Dropbox for Business Configuration** section, click **Configure Dropbox for Business** to open **Configure sign-on** window. Copy the **SAML Single Sign-On Service URL** from the **Quick Reference section.**
 
 	![Dropbox for Business Configuration](./media/dropboxforbusiness-tutorial/tutorial_dropboxforbusiness_configure.png) 
 
-1. To configure single sign-on on **Dropbox for Business** side, Go on your Dropbox for Business tenant.
+7. To configure single sign-on on **Dropbox for Business** side, Go on your Dropbox for Business tenant and sign on to your Dropbox for business tenant.
 
-	a. Sign on to your Dropbox for business tenant. 
-   
 	![Configure single sign-on](./media/dropboxforbusiness-tutorial/ic769509.png "Configure single sign-on")
-   
-	b. In the navigation pane on the left side, click **Admin Console**. 
-   
-	![Configure single sign-on](./media/dropboxforbusiness-tutorial/ic769510.png "Configure single sign-on")
-   
-	c. On the **Admin Console**, click **Authentication** in the left navigation pane. 
-   
-	![Configure single sign-on](./media/dropboxforbusiness-tutorial/ic769511.png "Configure single sign-on")
-   
-	d. In the **Single sign-on** section, select **Enable single sign-on**, and then click **More** to expand this section.  
-   
-	![Configure single sign-on](./media/dropboxforbusiness-tutorial/ic769512.png "Configure single sign-on")
-   
-	e. Copy the URL next to **Users can sign in by entering their email address or they can go directly to** and paste it into the **Sign-on URL** textbox of **Dropbox for Business Domain and URLs** section on Azure portal. 
-	
-	![Configure single sign-on](./media/dropboxforbusiness-tutorial/ic769513.png)
-	
-1. In the **Single sign-on** section of the **Authentication** page, perform the following steps: 
-   
-    ![Configure single sign-on](./media/dropboxforbusiness-tutorial/IC769516.png "Configure single sign-on")
-   
-    a. Click **Required**.
-   
-    b. In the **Sign-in URL** textbox, paste the value of **SAML Single Sign-On Service URL** which you have copied from the Azure portal.
 
-    c. Click **Choose certificate**, and then browse to your **Base64 encoded certificate file**.
+8. Click on the **User Icon** and select **Settings** tab.
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure1.png "Configure single sign-on")
+
+9. In the navigation pane on the left side, click **Admin console**.
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure2.png "Configure single sign-on")
+
+10. On the **Admin console**, click **Settings** in the left navigation pane.
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure3.png "Configure single sign-on")
+
+11. Select **Single sign-on** option under the **Authentication** section.
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure4.png "Configure single sign-on")
+
+12. In the **Single sign-on** section, perform the following steps:  
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure5.png "Configure single sign-on")
+
+	a. Select **Required** as a option from the dropdown for the **Single sign-on**.
+
+	b. Click on **Add sign-in URL** and in the **Identity provider sign-in URL** textbox, paste the **SAML Single Sign-On Service URL** value which you have copied from the Azure portal and then select **Done**.
+
+	![Configure single sign-on](./media/dropboxforbusiness-tutorial/configure6.png "Configure single sign-on")
+
+	c. Click **Upload certificate**, and then browse to your **Base64 encoded certificate file** which you have downloaded from the Azure portal.
 
-    d. Click **Save changes** to complete the configuration on your DropBox for Business tenant.
+	d. Click on **Copy link** and paste the copied value into the **Sign-on URL** textbox of **Dropbox for Business Domain and URLs** section on Azure portal.
 
-> [!TIP]
-> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app!  After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
-> 
+	e. Click **Save**.
 
 ### Create an Azure AD test user