Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ds-prcleanup1

Author: davidsmatlak

.openpublishing.redirection.json

@@ -43765,6 +43765,11 @@
       "redirect_url": "/azure/cognitive-services/acoustics/what-is-acoustics",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Acoustics/index.md",
+      "redirect_url": "/azure/cognitive-services/acoustics/what-is-acoustics",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/iot-central/howto-export-data.md",
       "redirect_url": "/azure/iot-central/core/howto-export-data-event-hubs-service-bus",

articles/active-directory/reports-monitoring/concept-sign-ins.md

@@ -173,13 +173,17 @@ The **Location** - The location the connection was initiated from:
 **Correlation ID** - The correlation ID of the activity.
 
 
+
+
 **Conditional access** - The status of the applied conditional access rules
 
-- Not applied 
+- **Not applied**: No policy applied to the user and application during sign-in.
+
+- **Success**: One or more conditional access policies applied to the user and application (but not necessarily the other conditions) during sign-in. 
+
+- **Failure**: One or more conditional access policies applied and was not satisfied during sign-in.
 
-- Success
 
-- Failure
 
 
 

articles/active-directory/saas-apps/brivo-onair-identity-connector-provisioning-tutorial.md

@@ -32,7 +32,7 @@ The objective of this tutorial is to demonstrate the steps to be performed in Br
 The scenario outlined in this tutorial assumes that you already have the following prerequisites:
 
 * An Azure AD tenant
-* [A Brivo Onair Identity Connector tenant](https://www.brivo.com/quote)
+* [A Brivo Onair Identity Connector tenant](https://www.brivo.com/lp/quote)
 * A user account in Brivo Onair Identity Connector with Senior Administrator permissions.
 
 ## Assigning users to Brivo Onair Identity Connector
@@ -50,17 +50,17 @@ Before configuring and enabling automatic user provisioning, you should decide w
 
 ## Setup Brivo Onair Identity Connector for provisioning
 
-1.	Sign in to your [Brivo Onair Identity Connector Admin Console](https://acs.brivo.com/login/). Navigate to **Account > Account Settings**.
+1.    Sign in to your [Brivo Onair Identity Connector Admin Console](https://acs.brivo.com/login/). Navigate to **Account > Account Settings**.
 
-	![Brivo Onair Identity Connector Admin Console](media/brivo-onair-identity-connector-provisioning-tutorial/admin.png)
+    ![Brivo Onair Identity Connector Admin Console](media/brivo-onair-identity-connector-provisioning-tutorial/admin.png)
 
 2.  Click on **Azure AD** tab. On the **Azure AD** details page re-enter the password of your senior administrator account. Click on **Submit**.
 
-	![Brivo Onair Identity Connector azure](media/brivo-onair-identity-connector-provisioning-tutorial/azuread.png)
+    ![Brivo Onair Identity Connector azure](media/brivo-onair-identity-connector-provisioning-tutorial/azuread.png)
 
-3.	Click on **Copy Token** button and save the **Secret Token**. This value will be entered in the Secret Token field in the Provisioning tab of your Brivo Onair Identity Connector application in the Azure portal.
+3.    Click on **Copy Token** button and save the **Secret Token**. This value will be entered in the Secret Token field in the Provisioning tab of your Brivo Onair Identity Connector application in the Azure portal.
 
-	![Brivo Onair Identity Connector token](media/brivo-onair-identity-connector-provisioning-tutorial/token.png)
+    ![Brivo Onair Identity Connector token](media/brivo-onair-identity-connector-provisioning-tutorial/token.png)
 
 ## Add Brivo Onair Identity Connector from the gallery
 
@@ -70,19 +70,19 @@ Before configuring Brivo Onair Identity Connector for automatic user provisionin
 
 1. In the **[Azure portal](https://portal.azure.com)**, in the left navigation panel, select **Azure Active Directory**.
 
-	![The Azure Active Directory button](common/select-azuread.png)
+    ![The Azure Active Directory button](common/select-azuread.png)
 
 2. Go to **Enterprise applications**, and then select **All applications**.
 
-	![The Enterprise applications blade](common/enterprise-applications.png)
+    ![The Enterprise applications blade](common/enterprise-applications.png)
 
 3. To add a new application, select the **New application** button at the top of the pane.
 
-	![The New application button](common/add-new-app.png)
+    ![The New application button](common/add-new-app.png)
 
 4. In the search box, enter **Brivo Onair Identity Connector**, select **Brivo Onair Identity Connector** in the results panel, and then click the **Add** button to add the application.
 
-	![Brivo Onair Identity Connector in the results list](common/search-new-app.png)
+    ![Brivo Onair Identity Connector in the results list](common/search-new-app.png)
 
 ## Configuring automatic user provisioning to Brivo Onair Identity Connector 
 
@@ -92,59 +92,59 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
 
-	![Enterprise applications blade](common/enterprise-applications.png)
+    ![Enterprise applications blade](common/enterprise-applications.png)
 
 2. In the applications list, select **Brivo Onair Identity Connector**.
 
-	![The Brivo Onair Identity Connector link in the Applications list](common/all-applications.png)
+    ![The Brivo Onair Identity Connector link in the Applications list](common/all-applications.png)
 
 3. Select the **Provisioning** tab.
 
-	![Provisioning tab](common/provisioning.png)
+    ![Provisioning tab](common/provisioning.png)
 
 4. Set the **Provisioning Mode** to **Automatic**.
 
-	![Provisioning tab](common/provisioning-automatic.png)
+    ![Provisioning tab](common/provisioning-automatic.png)
 
 5. Under the **Admin Credentials** section, input `https://scim.brivo.com/ActiveDirectory/v2/` in **Tenant URL**. Input the **SCIM Authentication Token** value retrieved earlier in **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to Brivo Onair Identity Connector. If the connection fails, ensure your Brivo Onair Identity Connector account has Admin permissions and try again.
 
-	![Tenant URL + Token](common/provisioning-testconnection-tenanturltoken.png)
+    ![Tenant URL + Token](common/provisioning-testconnection-tenanturltoken.png)
 
 6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
 
-	![Notification Email](common/provisioning-notification-email.png)
+    ![Notification Email](common/provisioning-notification-email.png)
 
 7. Click **Save**.
 
 8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Brivo Onair Identity Connector**.
 
-	![Brivo Onair Identity Connector User Mappings](media/brivo-onair-identity-connector-provisioning-tutorial/user-mappings.png )
+    ![Brivo Onair Identity Connector User Mappings](media/brivo-onair-identity-connector-provisioning-tutorial/user-mappings.png )
 
 9. Review the user attributes that are synchronized from Azure AD to Brivo Onair Identity Connector in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Brivo Onair Identity Connector for update operations. Select the **Save** button to commit any changes.
 
-	![Brivo Onair Identity Connector User Attributes](media/brivo-onair-identity-connector-provisioning-tutorial/user-attributes.png)
+    ![Brivo Onair Identity Connector User Attributes](media/brivo-onair-identity-connector-provisioning-tutorial/user-attributes.png)
 
 10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Brivo Onair Identity Connector**.
 
-	![Brivo Onair Identity Connector Group Mappings](media/brivo-onair-identity-connector-provisioning-tutorial/group-mappings.png)
+    ![Brivo Onair Identity Connector Group Mappings](media/brivo-onair-identity-connector-provisioning-tutorial/group-mappings.png)
 
 11. Review the group attributes that are synchronized from Azure AD to Brivo Onair Identity Connector in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Brivo Onair Identity Connector for update operations. Select the **Save** button to commit any changes.
 
-	![Brivo Onair Identity Connector Group Attributes](media/brivo-onair-identity-connector-provisioning-tutorial/group-attributes.png)
+    ![Brivo Onair Identity Connector Group Attributes](media/brivo-onair-identity-connector-provisioning-tutorial/group-attributes.png)
 
 12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
 13. To enable the Azure AD provisioning service for Brivo Onair Identity Connector, change the **Provisioning Status** to **On** in the **Settings** section.
 
-	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+    ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
 
 14. Define the users and/or groups that you would like to provision to Brivo Onair Identity Connector by choosing the desired values in **Scope** in the **Settings** section.
 
-	![Provisioning Scope](common/provisioning-scope.png)
+    ![Provisioning Scope](common/provisioning-scope.png)
 
 15. When you are ready to provision, click **Save**.
 
-	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+    ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
 
 This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Brivo Onair Identity Connector.
 

articles/aks/TOC.yml

@@ -221,6 +221,8 @@
       href: limit-egress-traffic.md
     - name: Enable Azure Active Directory integration
       items:
+        - name: Azure AD v2.0
+          href: azure-ad-v2.md
         - name: Use the Azure CLI
           href: azure-ad-integration-cli.md
         - name: Use the Azure portal

articles/aks/azure-ad-v2.md

@@ -0,0 +1,151 @@
+---
+title: Use Azure AD v2.0 in Azure Kubernetes Service
+description: Learn how to use Azure AD v2.0 in Azure Kubernetes Service (AKS) 
+services: container-service
+manager: gwallace
+ms.topic: article
+ms.date: 03/24/2020
+---
+
+# Integrate Azure AD v2.0 in Azure Kubernetes Service (Preview)
+
+> [!Note]
+> Existing Azure AD v1.0 clusters are not affected by the new Azure AD v2.0 feature for Azure Kubernetes Service (AKS).
+
+Azure AD v2.0 is designed to simplify the Azure AD v1.0 experience, where users were required to create a client app, a server app, and required the Azure AD tenant to grant Directory Read permissions. 
+In the new version, the AKS resource provider manages the client and server apps for you. Instead of using a persistent "Application Permission," the AKS resource provider uses a "Delegated Permission" via an on-behalf-of flow to get an access token to Graph API. Azure AD v2.0 enabled clusters use a limited scoped Graph API privilege (GroupMembers.Read.All) to query group membership only when the overage indicator is present (when there are more than 250 group claims).
+
+## Limitations
+
+* You can't currently upgrade an existing Azure AD v1.0 cluster to Azure AD v2.0.
+
+> [!IMPORTANT]
+> AKS preview features are available on a self-service, opt-in basis. Previews are provided "as-is" and "as available," and are excluded from the Service Level Agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features are not meant for production use. For more information, see the following support articles:
+>
+> - [AKS Support Policies](support-policies.md)
+> - [Azure Support FAQ](faq.md)
+
+## Before you begin
+
+You must have the following resources installed:
+
+- The Azure CLI, version 2.2.0 or later
+- The aks-preview 0.4.38 extension
+- Kubectl with a minimum version of [1.18 beta](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#client-binaries)
+
+To install/update the aks-preview  extension or later, use the following Azure CLI commands:
+
+```azurecli
+az extension add --name aks-preview
+az extension list
+```
+
+```azurecli
+az extension update --name aks-preview
+az extension list
+```
+
+To install kubectl, use the following
+```azurecli
+curl -LO "https://storage.googleapis.com/kubernetes-release/release/v1.18.0-beta.2/bin/darwin/amd64/kubectl"
+chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+kubectl version --client
+```
+
+Use [these instructions](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for other operating systems.
+
+> [!CAUTION]
+> After you register a feature on a subscription, you can't currently unregister that feature. When you enable some preview features, defaults might be used for all AKS clusters created afterward in the subscription. Don't enable preview features on production subscriptions. Instead, use a separate subscription to test preview features and gather feedback.
+
+```azurecli-interactive
+az feature register --name AAD-V2 --namespace Microsoft.ContainerService
+```
+
+It might take several minutes for the status to show as **Registered**. You can check the registration status by using the [az feature list](https://docs.microsoft.com/cli/azure/feature?view=azure-cli-latest#az-feature-list) command:
+
+```azurecli-interactive
+az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AAD-V2')].{Name:name,State:properties.state}"
+```
+
+When the status shows as registered, refresh the registration of the `Microsoft.ContainerService` resource provider by using the [az provider register](https://docs.microsoft.com/cli/azure/provider?view=azure-cli-latest#az-provider-register) command:
+
+```azurecli-interactive
+az provider register --namespace Microsoft.ContainerService
+```
+
+## Create an AKS cluster with Azure AD v2.0 enabled
+
+You can now create an AKS cluster by using the following CLI commands.
+
+First, create an Azure resource group:
+
+```azurecli-interactive
+# Create an Azure resource group
+az group create --name myResourceGroup --location centralus
+```
+
+Then, create an AKS cluster:
+
+```azurecli-interactive
+az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad
+```
+The above command creates a three node AKS cluster, but the user, who created the cluster, by default, is not a member of a group that has access to this cluster. This user needs to create an Azure AD group, add themselves as a member of the group, and then update the cluster as shown below. Follow instructions [here](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
+
+Once you've created a group and added yourself (and others) as a member, you can update the cluster with the Azure AD group using the following command
+
+```azurecli-interactive
+az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad [--aad-admin-group-object-ids <id1,id2>] [--aad-tenant-id <id>]
+```
+Alternatively, if you first create a group and add members, you can enable the Azure AD group at create time using the following command,
+
+```azurecli-interactive
+az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad [--aad-admin-group-object-ids <id1,id2>] [--aad-tenant-id <id>]
+```
+
+A successful creation of an Azure AD v2 cluster has the following section in the response body
+```
+"Azure ADProfile": {
+    "adminGroupObjectIds": null,
+    "clientAppId": null,
+    "managed": true,
+    "serverAppId": null,
+    "serverAppSecret": null,
+    "tenantId": "72f9****-****-****-****-****d011db47"
+  }
+```
+
+The cluster is created within a few minutes.
+
+## Accessing an Azure AD v2.0 enabled cluster
+To get the admin credentials to access the cluster:
+
+```azurecli-interactive
+az aks get-credentials --resource-group myResourceGroup --name MyManagedCluster --admin
+```
+Now use the kubectl get nodes command to view nodes in the cluster:
+
+```azurecli-interactive
+kubectl get nodes
+
+NAME                       STATUS   ROLES   AGE    VERSION
+aks-nodepool1-15306047-0   Ready    agent   102m   v1.15.10
+aks-nodepool1-15306047-1   Ready    agent   102m   v1.15.10
+aks-nodepool1-15306047-2   Ready    agent   102m   v1.15.10
+```
+
+To get the user credentials to access the cluster:
+
+```azurecli-interactive
+kubectl get nodes
+```
+
+Follow the instructions to sign in.
+
+**error: You must be logged in to the server (Unauthorized)**
+
+The user above gets an error because the user is not a part of a group that has access to the cluster.
+
+
+
+