Merge pull request #103626 from MicrosoftDocs/master

Merge Master to Live, 4 AM

Author: PMEds28

.openpublishing.publish.config.json

@@ -433,14 +433,6 @@
     "master": [
       "Publish",
       "PDF"
-    ],
-    "release-event-grid": [
-      "Publish",
-      "PDF"
-    ],
-    "hd-insight-pdf": [
-      "Publish",
-      "PDF"
     ]
   },
   "need_generate_pdf_url_template": true,

articles/active-directory/develop/msal-net-xamarin-android-considerations.md

@@ -68,17 +68,19 @@ That line ensures that the control goes back to MSAL once the interactive portio
 
 ## Update the Android manifest
 The `AndroidManifest.xml` should contain the following values:
-```xml
-<activity android:name="microsoft.identity.client.BrowserTabActivity">
-	<intent-filter>
-		<action android:name="android.intent.action.VIEW" />
-		<category android:name="android.intent.category.DEFAULT" />
-		<category android:name="android.intent.category.BROWSABLE" />
-		<data android:scheme="msauth"
-		      android:host="Enter_the_Package_Name"
-		      android:path="/Enter_the_Signature_Hash"/>
-         </intent-filter>
-</activity>
+
+<!--Intent filter to capture System Browser or Authenticator calling back to our app after sign-in-->
+  <activity
+        android:name="com.microsoft.identity.client.BrowserTabActivity">
+     <intent-filter>
+            <action android:name="android.intent.action.VIEW" />
+            <category android:name="android.intent.category.DEFAULT" />
+            <category android:name="android.intent.category.BROWSABLE" />
+            <data android:scheme="msauth"
+                android:host="Enter_the_Package_Name"
+                android:path="/Enter_the_Signature_Hash" />
+     </intent-filter>
+ </activity>
 ```
 Substitute the package name you registered in the Azure portal for the `android:host=` value. Substitute the key hash you registered in the Azure portal for the `android:path=` value. The Signature Hash should **not** be URL encoded. Ensure that there is a leading `/` at the beginning of your Signature Hash.
 

articles/active-directory/manage-apps/cloud-app-security.md

@@ -0,0 +1,67 @@
+---
+title: App visibility and control with Microsoft Cloud App Security 
+description: Learn ways to identify app risk levels, stop breaches and leaks in real time, and use app connectors to take advantage of provider APIs for visibility and governance.
+services: active-directory
+author: msmimart
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: app-mgmt
+ms.topic: overview
+ms.workload: identity
+ms.date: 02/03/2020
+ms.author: mimart
+ms.collection: M365-identity-device-management
+---
+
+# Cloud app visibility and control
+
+To get the full benefit of cloud apps and services, an IT team must find the right balance of supporting access while maintaining control to protect critical data. Microsoft Cloud App Security provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services.
+
+## Discover and manage shadow IT in your network
+
+When IT admins are asked how many cloud apps they think their employees use, on average they say 30 or 40, when in reality, the average is over 1,000 separate apps being used by employees in your organization. Shadow IT helps you know and identify which apps are being used and what your risk level is. Eighty percent of employees use unsanctioned apps that no one has reviewed and may not be compliant with your security and compliance policies. And because your employees are able to access your resources and apps from outside your corporate network, it's no longer enough to have rules and policies on your firewalls.
+
+Use Microsoft Cloud App Discovery (an Azure Active Directory Premium P1 feature) to discover which apps are being used, explore the risk of these apps, configure policies to identify new risky apps, and unsanction these apps in order to block them natively using your proxy or firewall appliance.
+
+- Discover and identify Shadow IT
+- Evaluate and analyze
+- Manage your apps
+- Advanced Shadow IT discovery reporting
+- Control sanctioned apps
+ 
+### Learn more
+
+- [Discover and manage shadow IT in your network ](https://docs.microsoft.com/cloud-app-security/tutorial-shadow-it)
+- [Discovered apps with Cloud App Security ](https://docs.microsoft.com/cloud-app-security/discovered-apps)
+ 
+## User session visibility and control 
+
+In today’s workplace, it’s often not enough to know what’s happening in your cloud environment after the fact. You want to stop breaches and leaks in real time before employees intentionally or inadvertently put your data and your organization at risk. Together with Azure Active Directory (Azure AD), Microsoft Cloud App Security delivers these capabilities in a holistic and integrated experience with Conditional Access App Control. 
+
+Session control uses a reverse proxy architecture and is uniquely integrated with Azure AD Conditional Access. Azure AD Conditional Access allows you to enforce access controls on your organization’s apps based on certain conditions. The conditions define who (user or group of users) and what (which cloud apps) and where (which locations and networks) a Conditional Access policy is applied to. After you’ve determined the conditions, you can route users to Cloud App Security where you can protect data in real time.  
+
+With this control you can:  
+- Control file downloads
+- Monitor B2B scenarios  
+- Control access to files  
+- Protect documents on download  
+ 
+### Learn more
+
+- [Protect apps with Session Control in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+ 
+## Advanced app visibility and controls 
+
+App connectors use the APIs of app providers to enable greater visibility and control by Microsoft Cloud App Security over the apps you connect to. 
+Cloud App Security leverages the APIs provided by the cloud provider. Each service has its own framework and API limitations such as throttling, API limits, dynamic time-shifting API windows, and others. The Cloud App Security product team worked with these services to optimize the use of APIs and provide the best performance. Taking into account different limitations services impose on their APIs, the Cloud App Security engines use their maximum allowed capacity. Some operations, such as scanning all files in the tenant, require numerous API calls so they're spread over a longer period. Expect some policies to run for several hours or days. 
+ 
+### Learn more  
+
+- [Connect apps in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps)
+
+## Next steps
+
+- [Discover and manage shadow IT in your network ](https://docs.microsoft.com/cloud-app-security/tutorial-shadow-it)
+- [Discovered apps with Cloud App Security ](https://docs.microsoft.com/cloud-app-security/discovered-apps)
+- [Protect apps with Session Control in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+- [Connect apps in Cloud App Security ](https://docs.microsoft.com/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps)

articles/active-directory/manage-apps/toc.yml

@@ -72,6 +72,8 @@
           href: howto-saml-token-encryption.md
         - name: End-user portals
           href: end-user-experiences.md
+    - name: Cloud app visibility and control
+      href: cloud-app-security.md
     - name: Application Proxy for on-premises apps
       items:
        - name: Application Proxy

articles/aks/operator-best-practices-identity.md

@@ -118,7 +118,7 @@ This best practices article focused on authentication and authorization for your
 
 For more information about cluster operations in AKS, see the following best practices:
 
-* [Multi-tenancy and cluster isolation][aks-best-practices-scheduler]
+* [Multi-tenancy and cluster isolation][aks-best-practices-cluster-isolation]
 * [Basic Kubernetes scheduler features][aks-best-practices-scheduler]
 * [Advanced Kubernetes scheduler features][aks-best-practices-advanced-scheduler]
 

articles/azure-databricks/TOC.yml

@@ -1087,9 +1087,20 @@
       - name: Enable Azure Data Lake Storage credential passthrough
         href: /azure/databricks/administration-guide/access-control/credential-passthrough
         maintainContext: true
-    - name: Manage workspace storage
-      href: /azure/databricks/administration-guide/workspace-storage/storage
-      maintainContext: true
+    - name: Manage workspace objects and behavior
+      items:
+      - name: Manage workspaces overview
+        href: /azure/databricks/administration-guide/workspace/index
+        maintainContext: true
+      - name: Manage workspace storage
+        href: /azure/databricks/administration-guide/workspace/storage
+        maintainContext: true
+      - name: Manage workspace security headers
+        href: /azure/databricks/administration-guide/workspace/security
+        maintainContext: true
+      - name: Manage access to notebook features
+        href: /azure/databricks/administration-guide/workspace/notebooks
+        maintainContext: true
     - name: Enable cluster configurations
       items:
       - name: Cluster configuration overview
@@ -1609,6 +1620,9 @@
       - name: Platform release notes 
         href: /azure/databricks/release-notes/product/index
         maintainContext: true
+      - name: February 2020
+        href: /azure/databricks/release-notes/product/2020/february
+        maintainContext: true
       - name: January 2020
         href: /azure/databricks/release-notes/product/2020/january
         maintainContext: true
@@ -1756,10 +1770,7 @@
             maintainContext: true 
           - name: Databricks Runtime 5.2 ML
             href: /azure/databricks/release-notes/runtime/5.2ml
-            maintainContext: true 
-          - name: Databricks Runtime 3.5
-            href: /azure/databricks/release-notes/runtime/3.5
-            maintainContext: true 
+            maintainContext: true
         - name: Unsupported
           items:
           - name: Unsupported runtime releases
@@ -1792,6 +1803,9 @@
           - name: Databricks Runtime 4.0
             href: /azure/databricks/release-notes/runtime/4.0
             maintainContext: true
+          - name: Databricks Runtime 3.5 LTS
+            href: /azure/databricks/release-notes/runtime/3.5
+            maintainContext: true 
           - name: Databricks Runtime 3.4
             href: /azure/databricks/release-notes/runtime/3.4
             maintainContext: true 
@@ -1804,6 +1818,9 @@
     - name: Release types
       href: /azure/databricks/release-notes/release-types
       maintainContext: true 
+    - name: Azure Databricks status page
+      href: /azure/databricks/status
+      maintainContext: true 
   - name: R developer's guide 
     href: /azure/machine-learning/r-developers-guide
   - name: Azure Roadmap

articles/azure-monitor/platform/agents-overview.md

@@ -59,7 +59,7 @@ Scenarios supported by the Azure Diagnostics extension include the following:
 ## Log Analytics agent
 The [Log Analytics agent](log-analytics-agent.md) collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log Analytics workspace.
 
-The Log Analytics agent is the same agent used by System Center Operations Manager, and you multihome agent computers to communicate with your management group and Azure Monitor simultaneously. This agent is also required by certain solutions in Azure Monitor.
+The Log Analytics agent is the same agent used by System Center Operations Manager, and multihome agent computers to communicate with your management group and Azure Monitor simultaneously. This agent is also required by certain solutions in Azure Monitor.
 
 The Log Analytics agent for Windows is often referred to as Microsoft Management Agent (MMA). The Log Analytics agent for Linux is often referred to as OMS agent.
 

articles/data-factory/data-flow-tutorials.md

@@ -5,7 +5,7 @@ author: djpmsft
 ms.author: daperlov
 ms.service: data-factory
 ms.topic: tutorial
-ms.date: 01/14/2020
+ms.date: 02/06/2020
 ---
 
 # Mapping data flow video tutorials
@@ -127,3 +127,7 @@ As updates are constantly made to the product, some features have added or diffe
 [Logical Models vs. Physical Models](http://youtu.be/K5tgzLjEE9Q)
 
 [Detect source data changes](http://youtu.be/CaxIlI7oXfI?hd=1)
+
+## Data flow expressions
+
+[Date/Time expressions](https://www.youtube.com/watch?v=uboyCZ25r_E&feature=youtu.be&hd=1)

articles/industry/agriculture/install-azure-farmbeats.md

@@ -68,19 +68,19 @@ The entire setup of Azure FarmBeats, including the preparation and installation
 
 ## Prerequisites
 
-Before you start the actual installation of Azure FarmBeats, you'll need to complete the following steps:
+You'll need to complete the following steps before you start the actual installation of Azure FarmBeats:
 
 ### Verify Permissions
 
-You'll need the following permissions in the Azure tenant you're looking to install Azure FarmBeats -
+You'll need the following permissions in the Azure tenant to install Azure FarmBeats:
 
 - Tenant - AAD app creator
 - Subscription - Owner
 - Resource Group in which FarmBeats is being installed - Owner
 
 The first two permissions are needed for [creating the AAD application](#create-an-aad-application) step. If needed, you can get someone with the appropriate permissions to create the AAD application. The person installing FarmBeats needs to be an owner of the Resource Group in which FarmBeats is being installed.
 
-You can verify your access permissions in the Azure portal by following the instructions on [role based access control](https://docs.microsoft.com/azure/role-based-access-control/check-access)
+You can verify your access permissions in the Azure portal by following the instructions on [role based access control](https://docs.microsoft.com/azure/role-based-access-control/check-access).
 
 ### Decide Subscription and Region
 
@@ -115,23 +115,23 @@ Run the following steps in a Cloud Shell instance using the PowerShell environme
         ./create_aad_script.ps1
     ```
 
-4. The AAD script takes around 2 minutes to run and outputs values to screen as well as to a json file in the same directory. If you had someone else run the script, ask them to share this output with you.
+4. The AAD script takes around 2 minutes to run and outputs values on screen as well as to a json file in the same directory. If you had someone else run the script, ask them to share this output with you.
 
 ### Create Sentinel account
 
-Your Azure FarmBeats setup enables you to get satellite imagery from European Space Agency's [Sentinel-2](https://scihub.copernicus.eu/) satellite mission for your farm. To configure this setup, you require a Sentinel Account.
+Your Azure FarmBeats setup enables you to get satellite imagery from European Space Agency's [Sentinel-2](https://scihub.copernicus.eu/) satellite mission for your farm. To configure this setup, you require a Sentinel account.
 
 Follow the steps to create a free account with Sentinel:
 
 1. Go to the official [sign-up](https://aka.ms/SentinelRegistration) page.
 2. Provide the required details (first name, last name, username, password, and email ID) and complete the form.
-3. A verification link will be sent to the registered email ID. Select the link provided in the email and complete the verification.
+3. A verification link is sent to the registered email ID. Select the link provided in the email and complete the verification.
 
-Your registration process is complete once you complete the verification. Make a note of your **Sentinel Username** and **Sentinel Password**.
+Your registration process is complete. Make a note of your **Sentinel Username** and **Sentinel Password**, once the verification is also completed.
 
 ## Install
 
-You are now ready to install FarmBeats. Follow the steps below to start the installation -
+You are now ready to install FarmBeats. Follow the steps below to start the installation:
 
 1. Sign in to the Azure portal. Select your account in the top-right corner and switch to the Azure AD tenant where you want to install Azure FarmBeats.
 
@@ -141,23 +141,26 @@ You are now ready to install FarmBeats. Follow the steps below to start the inst
 
 4. A new window appears. Complete the sign-up process by choosing the correct subscription, resource group, and location to which you want to install Azure FarmBeats.
 
-5. Provide the email address that should receive any service alerts related to Azure FarmBeats in the **FarmBeats Service Alerts** section. Click Next at the bottom of the page to move to the **Dependencies** Tab.
-![Basics Tab](./media/install-azure-farmbeats/create-azure-farmbeats-basics.png)
+5. Provide the email address that should receive any service alerts related to Azure FarmBeats in the **FarmBeats Service Alerts** section. Select **Next** at the bottom of the page to move to the **Dependencies** Tab.
+
+    ![Basics Tab](./media/install-azure-farmbeats/create-azure-farmbeats-basics.png)
 
 6. Copy the individual entries from the output of [AAD script](#create-an-aad-application) to the inputs in the AAD application section.
 
-7. Enter the [Sentinel account](#create-sentinel-account) user name and password in the Sentinel Account section. Click Next to move to the **Review + Create** Tab
-![Dependencies Tab](./media/install-azure-farmbeats/create-azure-farmbeats-dependencies.png)
+7. Enter the [Sentinel account](#create-sentinel-account) user name and password in the Sentinel Account section. Select **Next** to move to the **Review + Create** tab.
+
+    ![Dependencies Tab](./media/install-azure-farmbeats/create-azure-farmbeats-dependencies.png)
 
-8. Once the entered details are validated, SELECT **OK**. The Terms of use page appears. Review the terms and select **Create** to start the installation. You will automatically be redirected to a page where you can follow the progress of the installation.
+8. Once the entered details are validated, select **OK**. The Terms of use page appears. Review the terms and select **Create** to start the installation. You will be redirected to the page where you can follow the installation progress.
 
 Once the installation is complete, you can verify the installation and start using FarmBeats portal by navigating to the website name you provided during installation: https://\<FarmBeats-website-name>.azurewebsites.net. You should see FarmBeats user interface with an option to create Farms.
 
 **Datahub** can be found at https://\<FarmBeats-website-name>-api.azurewebsites.net/swagger. Here you will see the different FarmBeats API objects and perform REST operations on the APIs.
 
 ## Upgrade
 
-To upgrade FarmBeats to the latest version, run the following steps in a Cloud Shell instance using the PowerShell environment. The user will need to be the owner of the Subscription in which FarmBeats is installed.
+To upgrade FarmBeats to the latest version, run the following steps in a Cloud Shell instance using the PowerShell environment. The user will need to be the owner of the subscription in which FarmBeats is installed.
+
 First-time users will be prompted to select a subscription and create a storage account. Complete the setup as instructed.
 
 1. Download the [upgrade script](https://aka.ms/FarmBeatsUpgradeScript)
@@ -178,7 +181,7 @@ First-time users will be prompted to select a subscription and create a storage
         ./upgrade-farmbeats.ps1 -InputFilePath [Path to input.json file]
     ```
 
-The path to input.json file is optional. If not specified, the script will ask you for all required inputs. The upgrade should finish in around 30 minutes.
+The path to input.json file is optional. If not specified, the script will ask for all the required inputs. The upgrade should finish in around 30 minutes.
 
 ## Uninstall