Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into work-fall-redirects

Heidilohr · Heidilohr · commit 9c6da5574fa1 · 2020-05-20T15:14:03.000-07:00
diff --git a/articles/active-directory/azuread-dev/conditional-access-dev-guide.md b/articles/active-directory/azuread-dev/conditional-access-dev-guide.md
@@ -26,7 +26,7 @@ The Conditional Access feature in Azure Active Directory (Azure AD) offers one o
 * Allowing only Intune enrolled devices to access specific services
 * Restricting user locations and IP ranges
 
-For more information on the full capabilities of Conditional Access, see [Conditional Access in Azure Active Directory](../active-directory-conditional-access-azure-portal.md).
+For more information on the full capabilities of Conditional Access, see [What is Conditional Access](../conditional-access/overview.md).
 
 For developers building apps for Azure AD, this article shows how you can use Conditional Access and you'll also learn about the impact of accessing resources that you don't have control over that may have Conditional Access policies applied. The article also explores the implications of Conditional Access in the on-behalf-of flow, web apps, accessing Microsoft Graph, and calling APIs.
 
@@ -45,7 +45,7 @@ Specifically, the following scenarios require code to handle Conditional Access
 * Single-page apps using ADAL.js
 * Web Apps calling a resource
 
-Conditional Access policies can be applied to the app, but also can be applied to a web API your app accesses. To learn more about how to configure a Conditional Access policy, see [Quickstart: Require MFA for specific apps with Azure Active Directory Conditional Access](../conditional-access/app-based-mfa.md).
+Conditional Access policies can be applied to the app, but also can be applied to a web API your app accesses. To learn more about how to configure a Conditional Access policy, see [Common Conditional Access policies](../conditional-access/concept-conditional-access-policy-common.md).
 
 Depending on the scenario, an enterprise customer can apply and remove Conditional Access policies at any time. In order for your app to continue functioning when a new policy is applied, you need to implement the "challenge" handling. The following examples illustrate challenge handling.
 
diff --git a/articles/active-directory/conditional-access/overview.md b/articles/active-directory/conditional-access/overview.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 09/17/2019
+ms.date: 05/20/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
diff --git a/articles/active-directory/develop/v2-conditional-access-dev-guide.md b/articles/active-directory/develop/v2-conditional-access-dev-guide.md
@@ -24,7 +24,7 @@ The Conditional Access feature in Azure Active Directory (Azure AD) offers one o
 * Allowing only Intune enrolled devices to access specific services
 * Restricting user locations and IP ranges
 
-For more information on the full capabilities of Conditional Access, see [Conditional Access in Azure Active Directory](../active-directory-conditional-access-azure-portal.md).
+For more information on the full capabilities of Conditional Access, see the article [What is Conditional Access](../conditional-access/overview.md).
 
 For developers building apps for Azure AD, this article shows how you can use Conditional Access and you'll also learn about the impact of accessing resources that you don't have control over that may have Conditional Access policies applied. The article also explores the implications of Conditional Access in the on-behalf-of flow, web apps, accessing Microsoft Graph, and calling APIs.
 
diff --git a/articles/active-directory/devices/concept-azure-ad-join.md b/articles/active-directory/devices/concept-azure-ad-join.md
@@ -40,7 +40,7 @@ Azure AD join is intended for organizations that want to be cloud-first or cloud
 |   | Self-service Password Reset and Windows Hello PIN reset on lock screen |
 |   | Enterprise State Roaming across devices |
 
-Azure AD joined devices are signed in to using an organizational Azure AD account. Access to resources in the organization can be further limited based on that Azure AD account and [Conditional Access policies](../conditional-access/overview.md) applied to the device identity.
+Azure AD joined devices are signed in to using an organizational Azure AD account. Access to resources in the organization can be further limited based on that Azure AD account and [Conditional Access policies](../conditional-access/howto-conditional-access-policy-compliant-device.md) applied to the device identity.
 
 Administrators can secure and further control Azure AD joined devices using Mobile Device Management (MDM) tools like Microsoft Intune or in co-management scenarios using Microsoft Endpoint Configuration Manager. These tools provide a means to enforce organization-required configurations like requiring storage to be encrypted, password complexity, software installations, and software updates. Administrators can make organization applications available to Azure AD joined devices using Configuration Manager to [Manage apps from the Microsoft Store for Business and Education](/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business).
 
diff --git a/articles/active-directory/devices/hybrid-azuread-join-federated-domains.md b/articles/active-directory/devices/hybrid-azuread-join-federated-domains.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: tutorial
-ms.date: 05/14/2019
+ms.date: 05/20/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -25,7 +25,7 @@ Like a user in your organization, a device is a core identity you want to protec
 - Hybrid Azure AD join
 - Azure AD registration
 
-Bringing your devices to Azure AD maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your cloud and on-premises resources with [Conditional Access](../active-directory-conditional-access-azure-portal.md) at the same time.
+Bringing your devices to Azure AD maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your cloud and on-premises resources with [Conditional Access](../conditional-access/howto-conditional-access-policy-compliant-device.md) at the same time.
 
 A federated environment should have an identity provider that supports the following requirements. If you have a federated environment using Active Directory Federation Services (AD FS), then the below requirements are already supported.
 
diff --git a/articles/active-directory/devices/hybrid-azuread-join-managed-domains.md b/articles/active-directory/devices/hybrid-azuread-join-managed-domains.md
@@ -29,7 +29,7 @@ Like a user in your organization, a device is a core identity you want to protec
 
 This article focuses on hybrid Azure AD join.
 
-Bringing your devices to Azure AD maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your cloud and on-premises resources with [Conditional Access](../active-directory-conditional-access-azure-portal.md) at the same time.
+Bringing your devices to Azure AD maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your cloud and on-premises resources with [Conditional Access](../conditional-access/howto-conditional-access-policy-compliant-device.md) at the same time.
 
 You can deploy a managed environment by using [password hash sync (PHS)](../hybrid/whatis-phs.md) or [pass-through authentication (PTA)](../hybrid/how-to-connect-pta.md) with [seamless single sign-on](../hybrid/how-to-connect-sso.md). These scenarios don't require you to configure a federation server for authentication.
 
diff --git a/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md b/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md
@@ -40,7 +40,7 @@ For customers with Office 365, there are two options:
 
 For customers with Azure AD Premium P1 or similar licenses that include this functionality such as Enterprise Mobility + Security E3, Microsoft 365 F1, or Microsoft 365 E3: 
 
-Use [Azure AD Conditional Access](../conditional-access/overview.md) to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements.
+Use [Azure AD Conditional Access](../authentication/tutorial-enable-azure-mfa.md) to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements.
 
 ## Azure AD Premium P2
 
diff --git a/articles/active-directory/governance/conditional-access-exclusion.md b/articles/active-directory/governance/conditional-access-exclusion.md
@@ -27,7 +27,7 @@ In an ideal world, all users follow the access policies to secure access to your
 
 ## Why would you exclude users from policies?
 
-Let's say that as the administrator, you decide to use [Azure AD Conditional Access](../conditional-access/overview.md) to require multi-factor authentication (MFA) and limit authentication requests to specific networks or devices. During deployment planning, you realize that not all users can meet these requirements. For example, you may have users who work from remote offices, not part of your internal network. You may also have to accommodate users connecting using unsupported devices while waiting for those devices to be replaced. In short, the business needs these users to sign in and do their job so you exclude them from Conditional Access policies.
+Let's say that as the administrator, you decide to use [Azure AD Conditional Access](../conditional-access/concept-conditional-access-policy-common.md) to require multi-factor authentication (MFA) and limit authentication requests to specific networks or devices. During deployment planning, you realize that not all users can meet these requirements. For example, you may have users who work from remote offices, not part of your internal network. You may also have to accommodate users connecting using unsupported devices while waiting for those devices to be replaced. In short, the business needs these users to sign in and do their job so you exclude them from Conditional Access policies.
 
 As another example, you may be using [named locations](../conditional-access/location-condition.md) in Conditional Access to specify a set of countries and regions from which you don't want to allow users to access their tenant.
 
diff --git a/articles/active-directory/identity-protection/concept-identity-protection-policies.md b/articles/active-directory/identity-protection/concept-identity-protection-policies.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: identity-protection
 ms.topic: conceptual
-ms.date: 10/18/2019
+ms.date: 05/20/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -38,7 +38,7 @@ If risk is detected, users can perform multi-factor authentication to self-remed
 
 ### Custom Conditional Access policy
 
-Administrators can also choose to create a custom Conditional Access policy including sign-in risk as an assignment condition. More information about Conditional Access can be found in the article, [What is Conditional Access?](../conditional-access/overview.md)
+Administrators can also choose to create a custom Conditional Access policy including sign-in risk as an assignment condition. More information about risk as a condition in a Conditional Access policy can be found in the article, [Conditional Access: Conditions](../conditional-access/concept-conditional-access-conditions.md#sign-in-risk)
 
 ![Custom Conditional Access sign-in risk policy](./media/concept-identity-protection-policies/identity-protection-custom-sign-in-policy.png)
 
diff --git a/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md b/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md
@@ -140,6 +140,6 @@ You can use the same certificate for multiple applications. If an uploaded certi
 When a certificate expires, you get a warning telling you to upload another certificate. If the certificate is revoked, your users may see a security warning when accessing the app. To update the certificate for an app, navigate to the **Application proxy** page for the app, select **Certificate**, and upload a new certificate. If the old certificate isn't being used by other apps, it's deleted automatically. 
 
 ## Next steps
-* [Enable single sign-on](application-proxy-configure-single-sign-on-with-kcd.md) to your published apps with Azure AD authentication.
-* [Enable Conditional Access](../conditional-access/overview.md) to your published apps.
 
+* [Enable single sign-on](application-proxy-configure-single-sign-on-with-kcd.md) to your published apps with Azure AD authentication.
+* [Conditional Access](../conditional-access/concept-conditional-access-cloud-apps.md) for your published cloud apps.
diff --git a/articles/active-directory/manage-apps/application-proxy-security.md b/articles/active-directory/manage-apps/application-proxy-security.md
@@ -43,7 +43,7 @@ If you choose Passthrough as your preauthentication method, you don't get this b
 
 Apply richer policy controls before connections to your network are established.
 
-With [Conditional Access](../conditional-access/overview.md), you can define restrictions on what traffic is allowed to access your back-end applications. You can create policies that restrict sign-ins based on location, strength of authentication, and user risk profile.
+With [Conditional Access](../conditional-access/concept-conditional-access-cloud-apps.md), you can define restrictions on how users are allowed to access your applications. You can create policies that restrict sign-ins based on location, strength of authentication, and user risk profile.
 
 You can also use Conditional Access to configure Multi-Factor Authentication policies, adding another layer of security to your user authentications. Additionally, your applications can also be routed to Microsoft Cloud App Security via Azure AD Conditional Access to provide real-time monitoring and controls, via [access](https://docs.microsoft.com/cloud-app-security/access-policy-aad) and [session](https://docs.microsoft.com/cloud-app-security/session-policy-aad) policies
 
diff --git a/articles/active-directory/manage-apps/what-is-access-management.md b/articles/active-directory/manage-apps/what-is-access-management.md
@@ -74,7 +74,7 @@ With Azure AD, applications like Salesforce can be pre-configured for single sig
 
 In this case, all assigned users would be automatically provisioned to Salesforce, as they are added to different groups their role assignment would be updated in Salesforce. Users would be able to discover and access Salesforce through the Microsoft application access panel, Office web clients, or even by navigating to their organizational Salesforce login page. Administrators would be able to easily view usage and assignment status using Azure AD reporting.
 
-Administrators can employ [Azure AD Conditional Access](../active-directory-conditional-access-azure-portal.md) to set access policies for specific roles. These policies can include whether access is permitted outside the corporate environment and even Multi-Factor Authentication or device requirements to achieve access in various cases.
+Administrators can employ [Azure AD Conditional Access](../conditional-access/concept-conditional-access-users-groups.md) to set access policies for specific roles. These policies can include whether access is permitted outside the corporate environment and even Multi-Factor Authentication or device requirements to achieve access in various cases.
 
 ## Access to Microsoft applications
 
@@ -93,5 +93,5 @@ Users can access Office 365 applications through their Office 365 portals. You c
 As with enterprise apps, you can [assign users](assign-user-or-group-access-portal.md) to certain Microsoft applications via the Azure portal or, if the portal option isn't available, by using PowerShell.
 
 ## Next steps
-* [Protecting apps with Conditional Access](../active-directory-conditional-access-azure-portal.md)
+* [Protecting apps with Conditional Access](../conditional-access/concept-conditional-access-cloud-apps.md)
 * [Self-service group management/SSAA](../users-groups-roles/groups-self-service-management.md)
diff --git a/articles/active-directory/manage-apps/what-is-application-management.md b/articles/active-directory/manage-apps/what-is-application-management.md
@@ -39,7 +39,7 @@ There are four main types of applications that you can add to your **Enterprise
 
 ## Manage risk with Conditional Access policies
 
-Coupling Azure AD single sign-on (SSO) with [Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview) provides high levels of security for accessing applications. Security capabilities include cloud-scale identity protection, risk-based access control, native multi-factor authentication, and Conditional Access policies. These capabilities allow for granular control policies based on applications, or on groups that need higher levels of security.
+Coupling Azure AD single sign-on (SSO) with [Conditional Access](../conditional-access/concept-conditional-access-cloud-apps.md) provides high levels of security for accessing applications. Security capabilities include cloud-scale identity protection, risk-based access control, native multi-factor authentication, and Conditional Access policies. These capabilities allow for granular control policies based on applications, or on groups that need higher levels of security.
 
 ## Improve productivity with single sign-on
 
diff --git a/articles/active-directory/reports-monitoring/quickstart-configure-named-locations.md b/articles/active-directory/reports-monitoring/quickstart-configure-named-locations.md
@@ -60,6 +60,5 @@ To complete this quickstart, you need:
 
 For more information, see:
 
-- [Azure AD Conditional Access](../active-directory-conditional-access-azure-portal.md).
-- [Location conditions in Azure AD Conditional Access](../conditional-access/location-condition.md)
+- [Location as a condition in Conditional Access](../conditional-access/concept-conditional-access-conditions.md#locations).
 - [Risky sign-ins report](concept-risky-sign-ins.md).  
diff --git a/articles/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial.md b/articles/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial.md
@@ -165,6 +165,4 @@ When you click the Palo Alto Networks - GlobalProtect tile in the Access Panel,
 
 - [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
 
-- [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
-
-- [Try Palo Alto Networks - GlobalProtect with Azure AD](https://aad.portal.azure.com/)
+- [Try Palo Alto Networks - GlobalProtect with Azure AD](https://aad.portal.azure.com/)
diff --git a/articles/governance/blueprints/create-blueprint-rest-api.md b/articles/governance/blueprints/create-blueprint-rest-api.md
@@ -50,7 +50,7 @@ $authHeader = @{
 }
 
 # Invoke the REST API
-$restUri = 'https://management.azure.com/subscriptions/{subscriptionId}?api-version=2016-06-01'
+$restUri = 'https://management.azure.com/subscriptions/{subscriptionId}?api-version=2020-01-01'
 $response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $authHeader
 ```
 
diff --git a/articles/governance/management-groups/manage.md b/articles/governance/management-groups/manage.md
@@ -383,7 +383,7 @@ New-AzRoleAssignment -Scope "/providers/Microsoft.Management/managementGroups/Co
 The same scope path is used when retrieving a policy definition at a management group.
 
 ```http
-GET https://management.azure.com/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming?api-version=2018-05-01
+GET https://management.azure.com/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming?api-version=2019-09-01
 ```
 
 ## Next steps
diff --git a/articles/governance/policy/assign-policy-azurecli.md b/articles/governance/policy/assign-policy-azurecli.md
@@ -83,7 +83,7 @@ Next, run the following command to get the resource IDs of the non-compliant res
 output into a JSON file:
 
 ```console
-armclient post "/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-09-01&$filter=IsCompliant eq false and PolicyAssignmentId eq '<policyAssignmentID>'&$apply=groupby((ResourceId))" > <json file to direct the output with the resource IDs into>
+armclient post "/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$filter=IsCompliant eq false and PolicyAssignmentId eq '<policyAssignmentID>'&$apply=groupby((ResourceId))" > <json file to direct the output with the resource IDs into>
 ```
 
 Your results resemble the following example:
diff --git a/articles/governance/policy/concepts/definition-structure.md b/articles/governance/policy/concepts/definition-structure.md
@@ -814,7 +814,7 @@ Policy, use one of the following methods:
 - REST API / ARMClient
 
   ```http
-  GET https://management.azure.com/providers/?api-version=2017-08-01&$expand=resourceTypes/aliases
+  GET https://management.azure.com/providers/?api-version=2019-10-01&$expand=resourceTypes/aliases
   ```
 
 ### Understanding the [*] alias
diff --git a/articles/governance/policy/how-to/get-compliance-data.md b/articles/governance/policy/how-to/get-compliance-data.md
diff --git a/articles/synapse-analytics/get-started.md b/articles/synapse-analytics/get-started.md
diff --git a/articles/synapse-analytics/spark/synapse-spark-sql-pool-import-export.md b/articles/synapse-analytics/spark/synapse-spark-sql-pool-import-export.md
diff --git a/articles/synapse-analytics/toc.yml b/articles/synapse-analytics/toc.yml
