Merge pull request #86601 from MicrosoftDocs/master

8/26 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -26013,6 +26013,11 @@
       "source_path": "articles/security-center/security-center-incident-response.md",
       "redirect_url": "/azure/security-center/tutorial-security-incident",
       "redirect_document_id": false
+    },    
+    {
+      "source_path": "articles/security-center/security-center-detection-capabilities.md",
+      "redirect_url": "/azure/security-center/security-center-alerts-overview",
+      "redirect_document_id": false
     },  
     {
       "source_path": "articles/virtual-network/virtual-network-deploy-multinic-arm-cli.md",

articles/active-directory/authentication/concept-password-ban-bad.md

@@ -118,9 +118,9 @@ Fuzzy matching is used on the normalized password to identify if it contains a p
 
 Example: assume that the password “abcdef” is banned, and a user tries to change their password to one of the following:
 
-‘abcdeg’    *(last character changed from ‘f’ to ‘g’)*
-‘abcdefg’   *’(g’ appended to end)*
-‘abcde’     *(trailing ‘f’ was deleted from end)*
+‘abcdeg’    *(last character changed from ‘f’ to ‘g’)*
+‘abcdefg’   *’(g’ appended to end)*
+‘abcde’     *(trailing ‘f’ was deleted from end)*
 
 Each of the above passwords does not specifically match the banned password "abcdef". However, since each example is within an edit distance of 1 of the banned term ‘abcdef’, they are all considered as a  match to “abcdef”.
 

articles/active-directory/develop/TOC.yml

@@ -35,6 +35,8 @@
         href: quickstart-v2-aspnet-core-webapp.md
       - name: NodeJS
         href: https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs
+      - name: Java
+        href: quickstart-v2-java-webapp.md
     - name: Web APIs
       items:
       - name: ASP .NET

articles/active-directory/develop/media/quickstart-v2-java-webapp/java-quickstart.svg

@@ -0,0 +1,146 @@
+---
+title: Microsoft identity platform Java web app quickstart | Azure
+description: Learn how to implement Microsoft Sign-In on a Java Web App using OpenID Connect
+services: active-directory
+documentationcenter: dev-center-name
+author: sangonzal
+editor: ''
+
+ms.assetid: 820acdb7-d316-4c3b-8de9-79df48ba3b06
+ms.service: active-directory
+ms.subservice: develop
+ms.devlang: na
+ms.topic: quickstart
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.date: 08/11/2019
+ms.author: sagonzal
+ms.custom: aaddev 
+---
+
+# Quickstart: Add sign-in with Microsoft to a Java web app
+
+[!INCLUDE [active-directory-develop-applies-v2](../../../includes/active-directory-develop-applies-v2.md)]
+
+In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app 
+will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API. 
+
+When you've completed the guide, your application will accept sign-ins of personal Microsoft accounts (including outlook.com,
+ live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.
+
+![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
+
+> ## Prerequisites
+> To run this sample you will need: 
+> - An internet connection.
+> - A working installation of Java and Maven.
+> - An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [how to get an Azure AD tenant.](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+
+> [!div renderon="docs"]
+> ## Register and download your quickstart app
+> You have two options to start your quickstart application:
+> * Express: [Option 1: Register and auto configure your app and then download your code sample.](#option-1-register-and-auto-configure-your-app-and-then-download-your-code-sample)
+> * Manual: [Option 2: Register and manually configure your application and code sample.](#option-2-register-and-manually-configure-your-application-and-code-sample)
+> 
+> ### Option 1: Register and auto configure your app and then download your code sample
+>
+> 1. Go to the [Azure portal - App registrations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps).
+> 1. Enter a name for your application and select **Register**.
+> 1. Follow the instructions to download and automatically configure your new application.
+>
+> ### Option 2: Register and manually configure your application and code sample
+> 
+>
+> #### Step 1: Download the code sample
+> 
+> - [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
+>
+> #### Step 2: Open application.properties
+>
+> 1. Extract the zip file to a local folder.
+> 1. (Optional) If you use an integrated development environment, open the sample in your favorite IDE.
+> 1. Open the *application.properties* file. You will insert values for `aad.clientId`, `aad.authority`, and `aad.secretKey` when you register your application in the next step.
+
+
+> #### Step 3: Register your application
+> To register your application and manually add the app's registration information to your solution, follow these steps:
+>
+> 1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+> 1. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.
+> 1. Navigate to the Microsoft identity platform for developers [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) page.
+> 1. Select **New registration**.
+> 1. When the **Register an application** page appears, enter your application's registration information:
+>    - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `java-webapp`.
+>    - Leave **Redirect URI** blank for now, and select **Register**.
+> 1. Find the **Application (client) ID** value of the application. Update the value of `Enter_the_Application_Id_here` in the *application.properties* file.
+> 1. Find the **Directory (tenant) ID** value of the application. Update the value of `Enter_the_Tenant_Info_Here` in the *application.properties* file. 
+> 1. Select the **Authentication** menu, and then add the following information:
+>    - In **Redirect URIs**, add `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/users`.
+>    - Select **Save**.
+> 1. On the left hand menu, choose **Certificates & secrets** and click on **New client secret** in the **Client Secrets** section:
+>     
+>    - Type a key description (of instance app secret).
+>    - Select a key duration of **In 1 year**.
+>    - When you click on **Add**, the key value will be displayed. 
+>    - Copy the value of the key. Open the *application.properties* file that you downloaded earlier and update the value of `Enter_the_Client_Secret_Here` with the key value. 
+>
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 1: Configure your application in the Azure portal
+> For the code sample for this quickstart to work, you need to:
+> 1. Add reply URLs as `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/users`.
+> 1. Create a Client Secret.
+> > [!div renderon="portal" id="makechanges" class="nextstepaction"]
+> > [Make this change for me]()
+>
+> > [!div id="appconfigured" class="alert alert-info"]
+> > ![Already configured](media/quickstart-v2-aspnet-webapp/green-check.png) Your application is configured with these attributes.
+> 
+> #### Step 2: Download the code sample
+> 
+> - [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
+> 
+> #### Step 3: Configure the code sample 
+> 
+> 1. Extract the zip file to a local folder.
+> 1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
+> 1. Open the **application.properties** file, which can be found in *src/main/resources/*.
+> 1. Replace application properties.
+>   1. Find `aad.clientId` and update the value of `Enter_the_Application_Id_here` with the **Application (client) ID** value of the application you registered. 
+>   1. Find `aad.authority` and update the value of `Enter_the_Tenant_Name_Here` with the **Directory (tenant) ID** value of the application you registered.
+>   1. Find `aad.secretKey` and update the value of `Enter_the_Client_Secret_Here` with the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
+
+#### Step 4: Run the code sample
+1. Run the code sample, and open a browser and navigate to *http://localhost:8080*.
+1. The front page contains a **sign-in** button. Click on the **sign-in** button to redirect to Azure Active Directory. The user will be prompted for their credentials.  
+1. After successfully authenticating on Azure Active Directory, they will be redirected to *http://localhost:8080/msal4jsamples/secure/aad*. They are officially signed in to the application, and the page should show information for the signed in account. It will also contain buttons for: 
+    - *Sign Out*: Will sign out the current user from the application, and redirect them the home page.
+    - *Show Users*: Will acquire a token for the Microsoft Graph, then call the Microsoft Graph with the token attached to the request to get all of the users in the tenant.
+
+
+## More information
+
+### Getting MSAL
+MSAL4J is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform. 
+You can add MSAL4J to your application by using Maven or Gradle to manage your dependencies by making the following changes to the pom.xml or build.gradle file in your application. 
+
+```
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j</artifactId>
+    <version>0.5.0-preview</version>
+</dependency>
+```
+
+```$xslt
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '0.5.0-preview'
+```
+
+
+### Msal initialization
+You can add the reference to MSAL4J by adding the following code to the top of the file where you will be using MSAL4J: 
+
+```
+import com.microsoft.aad.msal4j.*;
+```
+
+[!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -32,7 +32,7 @@ If you have an on-premises Active Directory (AD) environment and you want to joi
 This article assumes that you are familiar with the [Introduction to device identity management in Azure Active Directory](../device-management-introduction.md).
 
 > [!NOTE]
-> The minimum required domain functional and forest functional levels for Windows 10 hybrid Azure AD join is Windows Server 2008 R2.
+> The minimum required domain controller version for Windows 10 hybrid Azure AD join is Windows Server 2008 R2.
 
 ## Plan your implementation
 

articles/active-directory/devices/hybrid-azuread-join-plan.md

@@ -24,7 +24,7 @@ ms.collection: M365-identity-device-management
 After you have run Azure AD Connect to configure your organization for Hybrid Azure AD join, there are a few additional steps that you must complete to finalize that setup.  Carry out only the steps that apply for your devices.
 
 ## 1. Configure controlled rollout (Optional)
-All domain-joined devices running Windows 10 and Windows Server 2016 automatically register with Azure AD once all configuration steps are complete. If you prefer a controlled rollout rather than this auto-registration, you can use group policy to selectively enable or disable automatic rollout.  This group policy should be set before starting the other configuration steps:Azure AD
+All domain-joined devices running Windows 10 and Windows Server 2016 automatically register with Azure AD once all configuration steps are complete. If you prefer a controlled rollout rather than this auto-registration, you can use group policy to selectively enable or disable automatic rollout.  This group policy should be set before starting the other configuration steps:
 * Create a group policy object in your Active Directory.
 * Name it (ex- Hybrid Azure AD join).
 * Edit & go to:  Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration.

articles/active-directory/hybrid/how-to-connect-fed-hybrid-azure-ad-join-post-config-tasks.md

@@ -31,7 +31,7 @@ You can federate your on-premises environment with Azure AD and use this federat
 
 ## Next Steps
 
-- [What is hybrid identity?](whatis-phs.md)
+- [What is hybrid identity?](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity)
 - [What is Azure AD Connect and Connect Health?](whatis-azure-ad-connect.md)
 - [What is password hash synchronization?](whatis-phs.md)
 - [What is federation?](whatis-fed.md)