Merge pull request #99921 from MicrosoftDocs/master

12/31 AM Publish

Author: huypub

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -126,11 +126,13 @@ There are two required installers for Azure AD password protection. They're avai
      The result should show a **Status** of "Running."
 
 1. Register the proxy.
-   * After step 3 is completed, the proxy service is running on the machine. But the service doesn't yet have the necessary credentials to communicate with Azure AD. Registration with Azure AD is required:
+   * After step 3 is completed, the proxy service is running on the machine, but does not yet have the necessary credentials to communicate with Azure AD. Registration with Azure AD is required:
 
      `Register-AzureADPasswordProtectionProxy`
 
-     This cmdlet requires global administrator credentials for your Azure tenant. You also need on-premises Active Directory domain administrator privileges in the forest root domain. After this command succeeds once for a proxy service, additional invocations of it will succeed but are unnecessary.
+     This cmdlet requires global administrator credentials for your Azure tenant. You also need on-premises Active Directory domain administrator privileges in the forest root domain. You must also run this cmdlet using an account with local administrator privileges.
+
+     After this command succeeds once for a proxy service, additional invocations of it will succeed but are unnecessary.
 
       The `Register-AzureADPasswordProtectionProxy` cmdlet supports the following three authentication modes. The first two modes support Azure Multi-Factor Authentication but the third mode does not. Please see comments below for more details.
 
@@ -174,7 +176,9 @@ There are two required installers for Azure AD password protection. They're avai
    > There might be a noticeable delay before completion the first time that this cmdlet is run for a specific Azure tenant. Unless a failure is reported, don't worry about this delay.
 
 1. Register the forest.
-   * You must initialize the on-premises Active Directory forest with the necessary credentials to communicate with Azure by using the `Register-AzureADPasswordProtectionForest` PowerShell cmdlet. The cmdlet requires global administrator credentials for your Azure tenant. It also requires on-premises Active Directory Enterprise Administrator privileges. This step is run once per forest.
+   * You must initialize the on-premises Active Directory forest with the necessary credentials to communicate with Azure by using the `Register-AzureADPasswordProtectionForest` PowerShell cmdlet.
+
+      The cmdlet requires global administrator credentials for your Azure tenant.  You must also run this cmdlet using an account with local administrator privileges. It also requires on-premises Active Directory Enterprise Administrator privileges. This step is run once per forest.
 
       The `Register-AzureADPasswordProtectionForest` cmdlet supports the following three authentication modes. The first two modes support Azure Multi-Factor Authentication but the third mode does not. Please see comments below for more details.
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -201,7 +201,7 @@ require multi-factor authentication as a grant access control.
 ## Log in using Azure AD credentials to a Windows VM
 
 > [!IMPORTANT]
-> Remote connection to VMs joined to Azure AD is only allowed from Windows 10 PCs that are Azure AD joined or hybrid Azure AD joined to the **same** directory as the VM. Additionally, to RDP using Azure AD credentials, the user must belong to one of the two RBAC roles, Virtual Machine Administrator Login or Virtual Machine User Login.
+> Remote connection to VMs joined to Azure AD is only allowed from Windows 10 PCs that are Azure AD joined or hybrid Azure AD joined to the **same** directory as the VM. Additionally, to RDP using Azure AD credentials, the user must belong to one of the two RBAC roles, Virtual Machine Administrator Login or Virtual Machine User Login. At this time, Azure Bastion cannot be used to login using Azure Active Directory authentication with the AADLoginForWindows extension. Only direct RDP is supported.
 
 To login in to your Windows Server 2019 virtual machine using Azure AD: 
 

articles/active-directory/saas-apps/jiramicrosoft-tutorial.md

@@ -39,7 +39,7 @@ Use your Microsoft Azure Active Directory account with Atlassian JIRA server to
 To configure Azure AD integration with JIRA SAML SSO by Microsoft, you need the following items:
 
 - An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-- JIRA Core and Software 6.4 to 8.0 or JIRA Service Desk 3.0 to 3.5 should installed and configured on Windows 64-bit version
+- JIRA Core and Software 6.4 to 8.5.1 or JIRA Service Desk 3.0 to 4.6.0 should installed and configured on Windows 64-bit version
 - JIRA server is HTTPS enabled
 - Note the supported versions for JIRA Plugin are mentioned in below section.
 - JIRA server is reachable on internet particularly to Azure AD Login page for authentication and should able to receive the token from Azure AD
@@ -58,7 +58,7 @@ To get started, you need the following items:
 ## Supported versions of JIRA
 
 * JIRA Core and Software: 6.4 to 8.5.1
-* JIRA Service Desk 3.0.0 to 4.5.1
+* JIRA Service Desk 3.0.0 to 4.6.0
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](jira52microsoft-tutorial.md)
 
 > [!NOTE]

articles/active-directory/saas-apps/media/salesforce-tutorial/salesforcexml.png

@@ -1,25 +1,25 @@
 ---
-title: 'Tutorial: Azure Active Directory Single sign-on (SSO) integration with Salesforce | Microsoft Docs'
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Salesforce | Microsoft Docs'
 description: Learn how to configure single sign-on between Azure Active Directory and Salesforce.
 services: active-directory
 documentationCenter: na
 author: jeevansd
-manager: daveba
+manager: mtillman
 ms.reviewer: barbkess
 
 ms.assetid: d2d7d420-dc91-41b8-a6b3-59579e043b35
 ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/13/2019
+ms.date: 12/23/2019
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
 ---
-# Tutorial: Azure Active Directory Single sign-on (SSO) integration with Salesforce
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Salesforce
 
 In this tutorial, you'll learn how to integrate Salesforce with Azure Active Directory (Azure AD). When you integrate Salesforce with Azure AD, you can:
 
@@ -66,27 +66,23 @@ Configure and test Azure AD SSO with Salesforce using a test user called **B.Sim
 To configure and test Azure AD SSO with Salesforce, complete the following building blocks:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
-    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-2. **[Configure Salesforce SSO](#configure-salesforce-sso)** - to configure the Single Sign-On settings on application side.
-    1. **[Create Salesforce test user](#create-salesforce-test-user)** - to have a counterpart of B.Simon in Salesforce that is linked to the Azure AD representation of user.
-3. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+    * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Salesforce SSO](#configure-salesforce-sso)** - to configure the single sign-on settings on application side.
+    * **[Create Salesforce test user](#create-salesforce-test-user)** - to have a counterpart of B.Simon in Salesforce that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
 
-In this section, you enable Azure AD single sign-on in the Azure portal.
-
-To configure Azure AD single sign-on with Salesforce, perform the following steps:
-
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Salesforce** application integration page, find the **Manage** section and select **Single sign-on**.
-1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. In the [Azure portal](https://portal.azure.com/), on the **Salesforce** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, perform the following steps:
+1. On the **Basic SAML Configuration** section, enter the values for the following fields:
 
 	a. In the **Sign-on URL** textbox, type the value using the following pattern:
 
@@ -103,11 +99,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     > [!NOTE]
 	> These values are not real. Update these values with the actual Sign-on URL and Identifier. Contact [Salesforce Client support team](https://help.salesforce.com/support) to get these values.
 
-1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
 	![The Certificate download link](common/metadataxml.png)
 
-1. On the **Set up Salesforce** section, copy the appropriate URL(s) as per your requirement.
+1. On the **Set up Salesforce** section, copy the appropriate URL(s) based on your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -122,9 +118,6 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
    1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
    1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
    1. Click **Create**.
-   
-    > [!NOTE]
-    > Salesforce user attributes are case sensitive for SAML validation.
 
 ### Assign the Azure AD test user
 
@@ -146,48 +139,56 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Salesforce SSO
 
-1. Open a new tab in your browser and sign in to your Salesforce administrator account.
+1. To automate the configuration within Salesforce, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
+
+	![My apps extension](common/install-myappssecure-extension.png)
+
+1. After adding extension to the browser, click on **Set up Salesforce** will direct you to the Salesforce Single Sign-On application. From there, provide the admin credentials to sign into Salesforce Single Sign-On. The browser extension will automatically configure the application for you and automate steps 3-13.
+
+	![Setup configuration](common/setup-sso.png)
+
+1. If you want to setup Salesforce manually, open a new web browser window and sign into your Salesforce company site as an administrator and perform the following steps:
 
-2. Click on the **Setup** under **settings icon** on the top right corner of the page.
+1. Click on the **Setup** under **settings icon** on the top right corner of the page.
 
 	![Configure Single Sign-On](./media/salesforce-tutorial/configure1.png)
 
-3. Scroll down to the **SETTINGS** in the navigation pane, click **Identity** to expand the related section. Then click **Single Sign-On Settings**.
+1. Scroll down to the **SETTINGS** in the navigation pane, click **Identity** to expand the related section. Then click **Single Sign-On Settings**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso.png)
 
-4. On the **Single Sign-On Settings** page, click the **Edit** button.
+1. On the **Single Sign-On Settings** page, click the **Edit** button.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso-edit.png)
 
     > [!NOTE]
     > If you are unable to enable Single Sign-On settings for your Salesforce account, you may need to contact [Salesforce Client support team](https://help.salesforce.com/support).
 
-5. Select **SAML Enabled**, and then click **Save**.
+1. Select **SAML Enabled**, and then click **Save**.
 
-      ![Configure Single Sign-On](./media/salesforce-tutorial/sf-enable-saml.png)
+    ![Configure Single Sign-On](./media/salesforce-tutorial/sf-enable-saml.png)
 
-6. To configure your SAML single sign-on settings, click **New from Metadata File**.
+1. To configure your SAML single sign-on settings, click **New from Metadata File**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso-new.png)
 
-7. Click **Choose File** to upload the metadata XML file which you have downloaded from the Azure portal and click **Create**.
+1. Click **Choose File** to upload the metadata XML file which you have downloaded from the Azure portal and click **Create**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/xmlchoose.png)
 
-8. On the **SAML Single Sign-On Settings** page, fields populate automatically and click save.
+1. On the **SAML Single Sign-On Settings** page, fields populate automatically and click save.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/salesforcexml.png)
 
-9. On the left navigation pane in Salesforce, click **Company Settings** to expand the related section, and then click **My Domain**.
+1. On the left navigation pane in Salesforce, click **Company Settings** to expand the related section, and then click **My Domain**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-my-domain.png)
 
-10. Scroll down to the **Authentication Configuration** section, and click the **Edit** button.
+1. Scroll down to the **Authentication Configuration** section, and click the **Edit** button.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-edit-auth-config.png)
 
-11. In the **Authentication Configuration** section, Check the **AzureSSO** as **Authentication Service** of your SAML SSO configuration, and then click **Save**.
+1. In the **Authentication Configuration** section, Check the **AzureSSO** as **Authentication Service** of your SAML SSO configuration, and then click **Save**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-auth-config.png)
 
@@ -237,4 +238,4 @@ When you click the Salesforce tile in the Access Panel, you should be automatica
 
 - [Configure User Provisioning](salesforce-provisioning-tutorial.md)
 
-- [Try Salesforce with Azure AD](https://aad.portal.azure.com)
+- [Try Salesforce with Azure AD](https://aad.portal.azure.com)

articles/active-directory/saas-apps/media/servicenow-tutorial/ic7694982.png

@@ -12,9 +12,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/14/2019
+ms.date: 12/27/2019
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management