MicrosoftDocs
diff --git a/‎articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
Lines changed: 14 additions & 14 deletions b/‎articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
Lines changed: 14 additions & 14 deletions
diff --git a/‎articles/active-directory/saas-apps/amazon-web-service-tutorial.md
Lines changed: 7 additions & 3 deletions b/‎articles/active-directory/saas-apps/amazon-web-service-tutorial.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎articles/active-directory/saas-apps/box-tutorial.md
Lines changed: 6 additions & 2 deletions b/‎articles/active-directory/saas-apps/box-tutorial.md
Lines changed: 6 additions & 2 deletions
diff --git a/‎articles/active-directory/saas-apps/cisco-spark-tutorial.md
Lines changed: 15 additions & 26 deletions b/‎articles/active-directory/saas-apps/cisco-spark-tutorial.md
Lines changed: 15 additions & 26 deletions
@@ -60,10 +60,10 @@ The following Azure regions are currently supported during the preview of this f
 
 To enable Azure AD authentication for your Windows VMs in Azure, you need to ensure your VMs network configuration permits outbound access to the following endpoints over TCP port 443:
 
-- https://enterpriseregistration.windows.net
-- https://login.microsoftonline.com
-- https://device.login.microsoftonline.com
-- https://pas.windows.net
+- https:\//enterpriseregistration.windows.net
+- https:\//login.microsoftonline.com
+- https:\//device.login.microsoftonline.com
+- https:\//pas.windows.net
 
 ## Enabling Azure AD login in for Windows VM in Azure
 
@@ -246,15 +246,15 @@ The AADLoginForWindows extension must install successfully in order for the VM t
 
 1. Ensure the required endpoints are accessible from the VM using the command line:
 
-   - curl https://login.microsoftonline.com/ -D –
-   - curl https://login.microsoftonline.com/`<TenantID>`/ -D –
+   - curl https:\//login.microsoftonline.com/ -D –
+   - curl https:\//login.microsoftonline.com/`<TenantID>`/ -D –
 
    > [!NOTE]
    > Replace `<TenantID>` with the Azure AD Tenant ID that is associated with the Azure subscription.
 
-   - curl https://enterpriseregistration.windows.net/ -D -
-   - curl https://device.login.microsoftonline.com/ -D -
-   - curl https://pas.windows.net/ -D -
+   - curl https:\//enterpriseregistration.windows.net/ -D -
+   - curl https:\//device.login.microsoftonline.com/ -D -
+   - curl https:\//pas.windows.net/ -D -
 
 1. The Device State can be viewed by running `dsregcmd /status`. The goal is for Device State to show as `AzureAdJoined : YES`.
 
@@ -281,15 +281,15 @@ This Exit code translates to DSREG_AUTOJOIN_DISC_FAILED because the extension is
 
 1. Verify the required endpoints are accessible from the VM using the command line:
 
-   - curl https://login.microsoftonline.com/ -D –
-   - curl https://login.microsoftonline.com/`<TenantID>`/ -D –
+   - curl https:\//login.microsoftonline.com/ -D –
+   - curl https:\//login.microsoftonline.com/`<TenantID>`/ -D –
 
    > [!NOTE]
    > Replace `<TenantID>` with the Azure AD Tenant ID that is associated with the Azure subscription. If you need to find the tenant ID, you can hover over your account name to get the directory / tenant ID, or select Azure Active Directory > Properties > Directory ID in the Azure portal.
 
-   - curl https://enterpriseregistration.windows.net/ -D -
-   - curl https://device.login.microsoftonline.com/ -D -
-   - curl https://pas.windows.net/ -D -
+   - curl https:\//enterpriseregistration.windows.net/ -D -
+   - curl https:\//device.login.microsoftonline.com/ -D -
+   - curl https:\//pas.windows.net/ -D -
 
 1. If any of the commands fails with "Could not resolve host `<URL>`", try running this command to determine the DNS server that is being used by the VM.
 
 
@@ -12,9 +12,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 10/25/2019
+ms.date: 01/16/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -63,6 +62,7 @@ To get started, you need the following items:
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
 * Amazon Web Services (AWS) supports **SP and IDP** initiated SSO
+* Once you configure the Amazon Web Services (AWS) you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-aad)
 
 > [!NOTE]
 > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
@@ -372,6 +372,10 @@ When you click the Amazon Web Services (AWS) tile in the Access Panel, you shoul
 
 - [Try Amazon Web Services (AWS) with Azure AD](https://aad.portal.azure.com/)
 
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/protect-aws)
+
+- [How to protect Amazon Web Services (AWS) with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+
 [11]: ./media/amazon-web-service-tutorial/ic795031.png
 [12]: ./media/amazon-web-service-tutorial/ic795032.png
 [13]: ./media/amazon-web-service-tutorial/ic795033.png
@@ -390,4 +394,4 @@ When you click the Amazon Web Services (AWS) tile in the Access Panel, you shoul
 [38]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_createnewaccesskey.png
 [39]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_automatic.png
 [40]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_testconnection.png
-[41]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_on.png
+[41]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_on.png
@@ -12,9 +12,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/13/2019
+ms.date: 01/16/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -44,6 +43,7 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
 * Box supports **SP** initiated SSO
 * Box supports [**Automated** user provisioning and deprovisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/box-userprovisioning-tutorial) (recommended)
 * Box supports **Just In Time** user provisioning
+* Once you configure the Box you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-aad)
 
 ## Adding Box from the gallery
 
@@ -153,3 +153,7 @@ When you click the Box tile in the Access Panel, you should be automatically sig
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 
 - [Try Box with Azure AD](https://aad.portal.azure.com/)
+
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/protect-box)
+
+- [How to protect Box with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
@@ -12,9 +12,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 01/15/2020
+ms.date: 01/16/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -39,7 +38,11 @@ To get started, you need the following items:
 
 ## Scenario description
 
-In this tutorial, you configure and test Azure AD SSO in a test environment. Cisco Webex supports **SP** initiated SSO and supports **Automated** user provisioning.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Cisco Webex supports **SP** initiated SSO.
+* Cisco Webex supports **Automated** user provisioning.
+* Once you configure the Cisco Webex you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-aad)
 
 ## Adding Cisco Webex from the gallery
 
@@ -88,34 +91,16 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	In the **Sign on URL** textbox, paste the value of **Reply URL**, which gets autofilled by SP metadata file upload.
 
-5. Cisco Webex  application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. Click **Edit** icon to open User Attributes dialog.
+1. Cisco Webex application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
-	![image](common/edit-attribute.png)
+	![image](common/default-attributes.png)
 
-6. In addition to above, Cisco Webex application expects few more attributes to be passed back in SAML response. In the **User Claims** section on the **User Attributes** dialog, perform the following steps to add SAML token attribute as shown in the below table:
-    
+1. In addition to above, Cisco Webex application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+  
 	| Name |  Source Attribute|
 	| ---------------|--------- |
 	| uid | user.userprincipalname |
 
-	a. Click **Add new claim** to open the **Manage user claims** dialog.
-
-	![image](common/new-save-attribute.png)
-
-	![image](common/new-attribute-details.png)
-
-	b. In the **Name** textbox, type the attribute name shown for that row.
-
-	c. Leave the **Namespace** blank.
-
-	d. Select Source as **Attribute**.
-
-	e. From the **Source attribute** list, type the attribute value shown for that row.
-
-	f. Click **Ok**
-
-	g. Click **Save**.
-
 1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
    ![The Certificate download link](common/metadataxml.png)
@@ -217,4 +202,8 @@ When you select the Cisco Webex tile in the Access Panel, you should be automati
 
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 
-- [Try Cisco Webex with Azure AD](https://aad.portal.azure.com)
+- [Try Cisco Webex with Azure AD](https://aad.portal.azure.com)
+
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/protect-webex)
+
+- [How to protect Cisco Webex with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)