Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into work-azure-vmportal

Author: Heidilohr

.openpublishing.redirection.json

@@ -64969,6 +64969,11 @@
     {
       "source_path": "articles/app-service/quickstart-dotnet-framework.md",
       "redirect_url": "/azure/app-service/quickstart-dotnetcore?tabs=netframework48"
+    },
+    {
+      "source_path": "articles/virtual-desktop/rd-gateway-role.md",
+      "redirect_url": "/windows-server/remote/remote-desktop-services/remote-desktop-gateway-role",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -233,7 +233,7 @@ The _Trusted IPs_ feature of Azure AD Multi-Factor Authentication bypasses multi
 > [!NOTE]
 > The trusted IPs can include private IP ranges only when you use MFA Server. For cloud-based Azure AD Multi-Factor Authentication, you can only use public IP address ranges.
 >
-> IPv6 ranges are only supported in the [Named location (preview)](../conditional-access/location-condition.md#preview-features) interface.
+> IPv6 ranges are only supported in the [Named location (preview)](../conditional-access/location-condition.md) interface.
 
 If your organization deploys the NPS extension to provide MFA to on-premises applications note the source IP address will always appear to be the NPS server the authentication attempt flows through.
 

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -139,7 +139,7 @@ From this page, you can optionally limit the users and groups that will be subje
 For CAE, we only have insights into named IP-based named locations. We have no insights into other location settings like [MFA trusted IPs](../authentication/howto-mfa-mfasettings.md#trusted-ips) or country-based locations. When user comes from an MFA trusted IP or trusted locations that include MFA Trusted IPs or country location, CAE will not be enforced after user move to a different location. In those cases, we will issue a 1-hour CAE token without instant IP enforcement check.
 
 > [!IMPORTANT]
-> When configuring locations for continuous access evaluation, use only the [IP based Conditional Access location condition](../conditional-access/location-condition.md#preview-features) and configure all IP addresses, **including both IPv4 and IPv6**, that can be seen by your identity provider and resources provider. Do not use country location conditions or the trusted ips feature that is available in Azure AD Multi-Factor Authentication's service settings page.
+> When configuring locations for continuous access evaluation, use only the [IP based Conditional Access location condition](../conditional-access/location-condition.md) and configure all IP addresses, **including both IPv4 and IPv6**, that can be seen by your identity provider and resources provider. Do not use country location conditions or the trusted ips feature that is available in Azure AD Multi-Factor Authentication's service settings page.
 
 ### IP address configuration
 

articles/active-directory/conditional-access/location-condition.md

@@ -30,39 +30,37 @@ Organizations can use this network location for common tasks like:
 
 The network location is determined by the public IP address a client provides to Azure Active Directory. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. 
 
-> [!TIP]
-> IPv6 ranges are only supported in the **[Named location (preview)](#preview-features)** interface. 
-
 ## Named locations
 
-Locations are designated in the Azure portal under **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**. These named network locations may include locations like an organization's headquarters network ranges, VPN network ranges, or ranges that you wish to block. 
+Locations are designated in the Azure portal under **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**. These named network locations may include locations like an organization's headquarters network ranges, VPN network ranges, or ranges that you wish to block. Named locations can be defined by IPv4/IPv6 address ranges or by countries/regions. 
 
 ![Named locations in the Azure portal](./media/location-condition/new-named-location.png)
 
-To configure a location, you will need to provide at least a **Name** and the IP range. 
-
-The number of named locations you can configure is constrained by the size of the related object in Azure AD. You can configure locations based on of the following limitations:
+### IP address ranges
 
-- One named location with up to 1200 IPv4 ranges.
-- A maximum of 90 named locations with one IP range assigned to each of them.
+To define a named location by IPv4/IPv6 address ranges, you will need to provide a **Name** and an IP range. 
 
-> [!TIP]
-> IPv6 ranges are only supported in the **[Named location (preview)](#preview-features)** interface. 
+Named locations defined by IPv4/IPv6 address ranges are subject to the following limitations: 
+- Configure up to 195 named locations
+- Configure up to 2000 IP ranges per named location
+- Both IPv4 and IPv6 ranges are supported
+- Private IP ranges connot be configured
+- The number of IP addresses contained in a range is limited. Only CIDR masks greater than /8 are allowed when defining an IP range. 
 
 ### Trusted locations
 
-When creating a network location, an administrator has the option to mark a location as a trusted location. 
+Administrators can designate named locations defined by IP address ranges to be trusted named locations. 
 
 ![Trusted locations in the Azure portal](./media/location-condition/new-trusted-location.png)
 
-This option can factor in to Conditional Access policies where you may, for example,  require registration for multi-factor authentication from a trusted network location. It also factors in to Azure AD Identity Protection's risk calculation, lowering a users' sign-in risk when coming from a location marked as trusted.
+Sign-ins from trusted named locations improve the accuracy of Azure AD Identity Protection's risk calculation, lowering a users' sign-in risk when they authenticate from a location marked as trusted. Additionally, trusted named locations can be targeted in Conditional Access policies. For example, you may require restrict multi-factor authentication registration to trusted named locations only. 
 
 ### Countries and regions
 
-Some organizations may choose to define entire countries or regions IP boundaries as named locations for Conditional Access policies. They may use these locations when blocking unnecessary traffic when they know valid users will never come from a location such as North Korea. These mappings of IP address to country are updated periodically. 
+Some organizations may choose to restrict access to certain countries or regions using Conditional Access. In addition to defining named locations by IP ranges, admins can define named locations by country or regions. When a user signs in, Azure AD resolves the user's IPv4 address to a country or region, and the mapping is updated periodically. Organizations can use named locations defined by countries to block traffic from countries where they do not do business, such as North Korea. 
 
 > [!NOTE]
-> IPv6 address ranges cannot be mapped to countries. Only IPv4 addresses map to countries.
+> Sign-ins from IPv6 addresses cannot be mapped to countries or regions, and are considered unknown areas. Only IPv4 addresses can be mapped to countries or regions.
 
 ![Create a new country or region-based location in the Azure portal](./media/location-condition/new-named-location-country-region.png)
 
@@ -89,33 +87,6 @@ For mobile and desktop applications, which have long lived session lifetimes, Co
 
 If both steps fail, a user is considered to be no longer on a trusted IP.
 
-## Preview features
-
-In addition to the generally available named location feature, there is also a named location (preview). You can access the named location preview by using the banner at the top of the current named location blade.
-
-![Try the named locations preview](./media/location-condition/preview-features.png)
-
-With the named location preview, you are able to
-
-- Configure up to 195 named locations
-- Configure up to 2000 IP Ranges per named location
-- Configure IPv6 addresses alongside IPv4 addresses
-
-We’ve also added some additional checks to help reduce the change of misconfiguration.
-
-- Private IP ranges can no longer be configured
-- The number of IP addresses that can be included in a range are limited. Only CIDR masks greater than /8 will be allowed when configuring an IP range.
-
-With the preview, there are now two create options: 
-
-- **Countries location**
-- **IP ranges location**
-
-> [!NOTE]
-> IPv6 address ranges cannot be mapped to countries. Only IPv4 addresses map to countries.
-
-![Named locations preview interface](./media/location-condition/named-location-preview.png)
-
 ## Location condition in policy
 
 When you configure the location condition, you have the option to distinguish between:
@@ -141,7 +112,7 @@ With this option, you can select one or more named locations. For a policy with
 
 ## IPv6 traffic
 
-By default, Conditional Access policies will apply to all IPv6 traffic. With the [named location preview](#preview-features), you can exclude specific IPv6 address ranges from a Conditional Access policy. This option is useful in cases where you don’t want policy to be enforced for specific IPv6 ranges. For example, if you want to not enforce a policy for uses on your corporate network, and your corporate network is hosted on public IPv6 ranges.  
+By default, Conditional Access policies will apply to all IPv6 traffic. You can exclude specific IPv6 address ranges from a Conditional Access policy if you don’t want policies to be enforced for specific IPv6 ranges. For example, if you want to not enforce a policy for uses on your corporate network, and your corporate network is hosted on public IPv6 ranges.  
 
 ### When will my tenant have IPv6 traffic?
 

articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md

@@ -285,7 +285,7 @@ Refer to the following list to configure managed identity for Azure Policy (in r
 - [PowerShell](../../governance/policy/how-to/remediate-resources.md#create-managed-identity-with-powershell)
 - [Azure CLI](/cli/azure/policy/assignment#az-policy-assignment-create)
 - [Azure Resource Manager templates](/azure/templates/microsoft.authorization/policyassignments)
-- [REST](/rest/api/resources/policyassignments/create)
+- [REST](/rest/api/policy/policyassignments/create)
 
 
 ### Azure Service Fabric

articles/azure-monitor/agents/diagnostics-extension-stream-event-hubs.md

@@ -173,7 +173,7 @@ You can use a variety of methods to validate that data is being sent to the even
 
 * [Event Hubs overview](../../event-hubs/event-hubs-about.md)
 * [Create an event hub](../../event-hubs/event-hubs-create.md)
-* [Event Hubs FAQ](../../event-hubs/event-hubs-faq.md)
+* [Event Hubs FAQ](../../event-hubs/event-hubs-faq.yml)
 
 <!-- Images. -->
 [0]: ../../event-hubs/media/event-hubs-streaming-azure-diags-data/dashboard.png

articles/azure-monitor/logs/data-security.md

@@ -99,7 +99,7 @@ Log Analytics has an incident management process that all Microsoft services adh
   * Operators working on the Microsoft Azure service have addition training obligations surrounding their access to sensitive systems hosting customer data.
   * Microsoft security response personnel receive specialized training for their roles
 
-If loss of any customer data occurs, we notify each customer within one day. However, customer data loss has never occurred with the service. 
+While very rare, Microsoft will notify each customer within one day if significant loss of any customer data occurs. 
 
 For more information about how Microsoft responds to security incidents, see [Microsoft Azure Security Response in the Cloud](https://gallery.technet.microsoft.com/Azure-Security-Response-in-dd18c678/file/150826/4/Microsoft%20Azure%20Security%20Response%20in%20the%20cloud.pdf).
 
@@ -186,4 +186,4 @@ You can use these additional security features to further secure your Azure Moni
 ## Next steps
 * Learn how to collect data with Log Analytics for your Azure VMs following the [Azure VM quickstart](../vm/quick-collect-azurevm.md).  
 
-*  If you are looking to collect data from physical or virtual Windows or Linux computers in your environment, see the [Quickstart for Linux computers](../vm/quick-collect-linux-computer.md) or [Quickstart for Windows computers](../vm/quick-collect-windows-computer.md)
+*  If you are looking to collect data from physical or virtual Windows or Linux computers in your environment, see the [Quickstart for Linux computers](../vm/quick-collect-linux-computer.md) or [Quickstart for Windows computers](../vm/quick-collect-windows-computer.md)

articles/azure-relay/TOC.yml

@@ -94,7 +94,7 @@
   - name: Azure Roadmap
     href: https://azure.microsoft.com/roadmap/?category=enterprise-integration
   - name: FAQ
-    href: relay-faq.md
+    href: relay-faq.yml
   - name: Blog
     href: /archive/blogs/servicebus/
   - name: Pricing

articles/azure-relay/relay-api-overview.md

@@ -66,4 +66,4 @@ repository.
 
 To learn more about Azure Relay, visit these links:
 * [What is Azure Relay?](relay-what-is-it.md)
-* [Relay FAQ](relay-faq.md)
+* [Relay FAQ](relay-faq.yml)

articles/azure-relay/relay-create-namespace-portal.md

@@ -20,7 +20,7 @@ Congratulations! You have now created a relay namespace.
 
 ## Next steps
 
-* [Relay FAQ](relay-faq.md)
+* [Relay FAQ](relay-faq.yml)
 * [Get started with .NET](relay-hybrid-connections-dotnet-get-started.md)
 * [Get started with Node](relay-hybrid-connections-node-get-started.md)