Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: tynevi

.openpublishing.redirection.json

@@ -4970,6 +4970,11 @@
       "redirect_url": "/azure/app-service-mobile",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/application-gateway/application-gateway-redirect-overview.md",
+      "redirect_url": "/azure/application-gateway/redirect-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/application-gateway/application-gateway-create-gateway-arm-template.md",
       "redirect_url": "/azure/application-gateway/create-vmss-template",

articles/active-directory/manage-apps/bread/toc.yml

@@ -6,7 +6,7 @@
     tocHref: /azure/active-directory/saas-apps/
     topicHref: /azure/active-directory/index
     items:
-    - name: Manage applications
+    - name: Application management
       tocHref: /azure/active-directory/saas-apps/
       topicHref: /azure/active-directory/manage-apps/index
 
@@ -18,7 +18,30 @@
     tocHref: /azure/active-directory/fundamentals/
     topicHref: /azure/active-directory/index
     items:
-    - name: Manage applications
+    - name: Application management
       tocHref: /azure/active-directory/fundamentals/
       topicHref: /azure/active-directory/manage-apps/index
 
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:  
+  - name: Active Directory
+    tocHref: /azure/active-directory/hybrid/
+    topicHref: /azure/active-directory/index
+    items:
+    - name: Application management
+      tocHref: /azure/active-directory/hybrid/
+      topicHref: /azure/active-directory/manage-apps/index
+  
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:  
+  - name: Active Directory
+    tocHref: /azure/active-directory/develop/
+    topicHref: /azure/active-directory/index
+    items:
+    - name: Application management
+      tocHref: /azure/active-directory/develop/
+      topicHref: /azure/active-directory/manage-apps/index

articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/23/2019
+ms.date: 09/03/2019
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -41,7 +41,8 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Zoom supports **SP** initiated SSO
+* Zoom supports **SP** initiated SSO and 
+* Zoom supports [**Automated** user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/zoom-provisioning-tutorial).
 
 ## Adding Zoom from the gallery
 
@@ -86,7 +87,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     `<companyname>.zoom.us`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [Zoom Client support team](https://support.zoom.us/hc/en-us) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [Zoom Client support team](https://support.zoom.us/hc/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section,  find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
 
@@ -100,7 +101,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 > To learn how to configure Role in Azure AD, see [Configure the role claim issued in the SAML token for enterprise applications](https://docs.microsoft.com/azure/active-directory/develop/active-directory-enterprise-app-role-management).
 
 > [!NOTE]
-> Zoom might expect a group claim in the SAML payload. If you have created any groups, contact the [Zoom Client support team](https://support.zoom.us/hc/en-us) with the group information so they can configure the group information on their end. You also need to provide the Object ID to [Zoom Client support team](https://support.zoom.us/hc/en-us) so they can configure the Object ID on their end. To get the Object ID, see [Configuring Zoom with Azure](https://support.zoom.us/hc/en-us/articles/115005887566).
+> Zoom might expect a group claim in the SAML payload. If you have created any groups, contact the [Zoom Client support team](https://support.zoom.us/hc/) with the group information so they can configure the group information on their end. You also need to provide the Object ID to [Zoom Client support team](https://support.zoom.us/hc/) so they can configure the Object ID on their end. To get the Object ID, see [Configuring Zoom with Azure](https://support.zoom.us/hc/articles/115005887566).
 
 ### Create an Azure AD test user
 
@@ -171,30 +172,10 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ### Create Zoom test user
 
-In order to enable Azure AD users to sign in to Zoom, they must be provisioned into Zoom. In the case of Zoom, provisioning is a manual task.
-
-### To provision a user account, perform the following steps:
-
-1. Sign in to your **Zoom** company site as an administrator.
-
-2. Click the **Account Management** tab, and then click **User Management**.
-
-3. In the User Management section, click **Add users**.
-
-    ![User management](./media/zoom-tutorial/ic784703.png "User management")
-
-4. On the **Add users** page, perform the following steps:
-
-    ![Add users](./media/zoom-tutorial/ic784704.png "Add users")
-
-    a. As **User Type**, select **Basic**.
-
-    b. In the **Emails** textbox, type the email address of a valid Azure AD account you want to provision.
-
-    c. Click **Add**.
+The objective of this section is to create a user called B.Simon in Zoom. Zoom supports automatic user provisioning, which is by default enabled. You can find more details [here](https://docs.microsoft.com/azure/active-directory/saas-apps/zoom-provisioning-tutorial) on how to configure automatic user provisioning.
 
 > [!NOTE]
-> You can use any other Zoom user account creation tools or APIs provided by Zoom to provision Azure Active Directory user accounts.
+> If you need to create a user manually, you need to contact [Zoom Client support team](https://support.zoom.us/hc/)
 
 ## Test SSO 
 

articles/active-directory/saas-apps/contractworks-tutorial.md

@@ -1,6 +1,6 @@
 ---
-title: Security attributes for Azure App Service
-description: A checklist of security attributes for evaluating Azure App Service
+title: Security controls for Azure App Service
+description: A checklist of security controls for evaluating Azure App Service
 services: app-service
 documentationcenter: ''
 author: msmbaldwin
@@ -12,55 +12,49 @@ ms.date: 05/08/2019
 ms.author: mbaldwin
 
 ---
-# Security attributes for Azure App Service
+# Security controls for Azure App Service
 
-This article documents the security attributes built into Azure App Service.
+This article documents the security controls built into Azure App Service.
 
 [!INCLUDE [Security attributes header](../../includes/security-attributes-header.md)]
 
-## Preventative
+## Network
 
-| Security attribute | Yes/No | Notes |
+| Security control | Yes/No | Notes | Documentation
 |---|---|--|
-| Encryption at rest (such as server-side encryption, server-side encryption with customer-managed keys, and other encryption features) | Yes | Web site file content is stored in Azure Storage, which automatically encrypts the content at rest. See [Azure Storage encryption for data at rest](../storage/common/storage-service-encryption.md).<br><br>Customer supplied secrets are encrypted at rest. The secrets are encrypted at rest while stored in App Service configuration databases.<br><br>Locally attached disks can optionally be used as temporary storage by websites (D:\local and %TMP%). Locally attached disks are not encrypted at rest. |
-| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption )| Yes | Customers can configure web sites to require and use HTTPS for inbound traffic. See the blog post [How to make an Azure App Service HTTPS only](https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/30/how-to-make-an-azure-app-service-https-only/). |
-| Encryption key handling (CMK, BYOK, etc.)| Yes | Customers can choose to store application secrets in Key Vault and retrieve them at runtime. See [Use Key Vault references for App Service and Azure Functions (preview)](app-service-key-vault-references.md).|
-| Column level encryption (Azure Data Services)| N/A | |
-| API calls encrypted| Yes | Management calls to configure App Service occur via [Azure Resource Manager](../azure-resource-manager/index.yml) calls over HTTPS. |
-
-## Network segmentation
-
-| Security attribute | Yes/No | Notes |
-|---|---|--|
-| Service endpoint support| Yes | Currently available in preview for App Service. See [Azure App Service Access Restrictions](app-service-ip-restrictions.md). |
-| VNet injection support| Yes | App Service Environments are private implementations of App Service dedicated to a single customer injected into a customer's virtual network. See [Introduction to the App Service Environments](environment/intro.md). |
-| Network Isolation and Firewalling support| Yes | For the public multi-tenant variation of App Service, customers can configure network ACLs (IP Restrictions) to lock down allowed inbound traffic.  See [Azure App Service Access Restrictions](app-service-ip-restrictions.md).  App Service Environments are deployed directly into virtual networks and hence can be secured with NSGs. |
-| Forced tunneling support| Yes | App Service Environments can be deployed into a customer's virtual network where forced tunneling is configured. Customers need to follow the directions in [Configure your App Service Environment with forced tunneling](environment/forced-tunnel-support.md). |
+| Service endpoint support| Yes | Currently available in preview for App Service.| [Azure App Service Access Restrictions](app-service-ip-restrictions.md)
+| VNet injection support| Yes | App Service Environments are private implementations of App Service dedicated to a single customer injected into a customer's virtual network. | [Introduction to the App Service Environments](environment/intro.md)
+| Network Isolation and Firewalling support| Yes | For the public multi-tenant variation of App Service, customers can configure network ACLs (IP Restrictions) to lock down allowed inbound traffic.  App Service Environments are deployed directly into virtual networks and hence can be secured with NSGs. | [Azure App Service Access Restrictions](app-service-ip-restrictions.md)
+| Forced tunneling support| Yes | App Service Environments can be deployed into a customer's virtual network where forced tunneling is configured. | [Configure your App Service Environment with forced tunneling](environment/forced-tunnel-support.md)
 
-## Detection
+## Monitoring & logging
 
-| Security attribute | Yes/No | Notes|
+| Security control | Yes/No | Notes | Documentation
 |---|---|--|
-| Azure monitoring support (Log analytics, App insights, etc.)| Yes | App Service integrates with Application Insights for languages that support Application Insights (Full .NET Framework, .NET Core, Java and Node.JS).  See [Monitor Azure App Service performance](../azure-monitor/app/azure-web-apps.md). App Service also sends application metrics into Azure Monitor. See [Monitor apps in Azure App Service](web-sites-monitor.md). |
+| Azure monitoring support (Log analytics, App insights, etc.)| Yes | App Service integrates with Application Insights for languages that support Application Insights (Full .NET Framework, .NET Core, Java and Node.JS).  See [Monitor Azure App Service performance](../azure-monitor/app/azure-web-apps.md). App Service also sends application metrics into Azure Monitor. | [Monitor apps in Azure App Service](web-sites-monitor.md)
+| Control and management plane logging and audit| Yes | All management operations performed on App Service objects occur via [Azure Resource Manager](../azure-resource-manager/index.yml). Historical logs of these operations are available both in the portal and via the CLI. | [Azure Resource Manager resource provider operations](../role-based-access-control/resource-provider-operations.md#microsoftweb), [az monitor activity-log](/cli/azure/monitor/activity-log)
+| Data plane logging and audit | No | The data plane for App Service is a remote file share containing a customer’s deployed web site content.  There is no auditing of the remote file share. |
 
-## Identity and access management
+## Identity
 
-| Security attribute | Yes/No | Notes|
+| Security control | Yes/No | Notes |  Documentation
 |---|---|--|
-| Authentication| Yes | Customers can build applications on App Service that automatically integrate with [Azure Active Directory (Azure AD)](../active-directory/index.yml) as well as other OAuth compatible identity providers; see [Authentication and authorization in Azure App Service](overview-authentication-authorization.md). For management access to App Service assets, all access is controlled by a combination of Azure AD authenticated principal and Azure Resource Manager RBAC roles. |
-| Authorization| Yes | For management access to App Service assets, all access is controlled by a combination of Azure AD authenticated principal and Azure Resource Manager RBAC roles.  |
-
+| Authentication| Yes | Customers can build applications on App Service that automatically integrate with [Azure Active Directory (Azure AD)](../active-directory/index.yml) as well as other OAuth compatible identity providers For management access to App Service assets, all access is controlled by a combination of Azure AD authenticated principal and Azure Resource Manager RBAC roles. | [Authentication and authorization in Azure App Service](overview-authentication-authorization.md)
+| Authorization| Yes | For management access to App Service assets, all access is controlled by a combination of Azure AD authenticated principal and Azure Resource Manager RBAC roles.  | [Authentication and authorization in Azure App Service](overview-authentication-authorization.md)
 
-## Audit trail
+## Data protection
 
-| Security attribute | Yes/No | Notes|
+| Security control | Yes/No | Notes | Documentation
 |---|---|--|
-| Control and management plane logging and audit| Yes | All management operations performed on App Service objects occur via [Azure Resource Manager](../azure-resource-manager/index.yml). Historical logs of these operations are available both in the portal and via the CLI; see [Azure Resource Manager resource provider operations](../role-based-access-control/resource-provider-operations.md#microsoftweb) and [az monitor activity-log](/cli/azure/monitor/activity-log). |
-| Data plane logging and audit | No | The data plane for App Service is a remote file share containing a customer’s deployed web site content.  There is no auditing of the remote file share. |
+| Server-side encryption at rest: Microsoft managed keys | Yes | Web site file content is stored in Azure Storage, which automatically encrypts the content at rest. <br><br>Customer supplied secrets are encrypted at rest. The secrets are encrypted at rest while stored in App Service configuration databases.<br><br>Locally attached disks can optionally be used as temporary storage by websites (D:\local and %TMP%). Locally attached disks are not encrypted at rest. | [Azure Storage encryption for data at rest](../storage/common/storage-service-encryption.md)
+| Server-side encryption at rest: customer managed keys (BYOK) | Yes | Customers can choose to store application secrets in Key Vault and retrieve them at runtime. | [Use Key Vault references for App Service and Azure Functions (preview)](app-service-key-vault-references.md)
+| Column level encryption (Azure Data Services)| N/A | |
+| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption )| Yes | Customers can configure web sites to require and use HTTPS for inbound traffic.  | [How to make an Azure App Service HTTPS only](https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/30/how-to-make-an-azure-app-service-https-only/) (blog post)
+| API calls encrypted| Yes | Management calls to configure App Service occur via [Azure Resource Manager](../azure-resource-manager/index.yml) calls over HTTPS. |
 
 ## Configuration management
 
-| Security attribute | Yes/No | Notes|
+| Security control | Yes/No | Notes | Documentation
 |---|---|--|
 | Configuration management support (versioning of configuration, etc.)| Yes | For management operations, the state of an App Service configuration can be exported as an Azure Resource Manager template and versioned over time. For runtime operations, customers can maintain multiple different live versions of an application using the App Service deployment slots feature. |