Merge pull request #185200 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.redirection.defender-for-cloud.json

@@ -10,6 +10,21 @@
             "redirect_url": "/azure/defender-for-cloud/upcoming-changes",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/security-center/policy-reference.md",
+            "redirect_url": "/azure/defender-for-cloud/policy-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/security-center/security-center-policy-definitions.md",
+            "redirect_url": "/azure/defender-for-cloud/policy-reference",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/defender-for-storage-introduction.md#what-is-hash-reputation-analysis-for-malware",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-storage-introduction#what-kind-of-alerts-does-microsoft-defender-for-storage-provide",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/security-center/release-notes-archive.md",
             "redirect_url": "/azure/defender-for-cloud/release-notes-archive",

.openpublishing.redirection.json

@@ -24053,11 +24053,6 @@
       "redirect_url": "/azure/security-center/policy-reference",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/security-center/security-center-policy-definitions.md",
-      "redirect_url": "/azure/security-center/policy-reference",
-      "redirect_document_id": false
-    },
     {
       "source_path_from_root": "/articles/operations-management-suite/oms-security-connect-products.md",
       "redirect_url": "/azure/security-center/quick-security-solutions",

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Thank you for taking the time to contribute to the Microsoft Azure documentation.
 
-This guide covers some general topics related to contribution and refers to the [contributors guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
+This guide covers some general topics related to contribution and refers to the [contributors guide](/contribute) for more detailed explanations when required.
 
 ## Code of Conduct
 
@@ -21,8 +21,8 @@ Please use the Feedback tool at the bottom of any article to submit bugs and sug
 
 ### Editing in GitHub
 
-Follow the guidance for [Quick edits to existing documents](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) in our contributors guide.
+Follow the guidance for [Quick edits to existing documents](/contribute/#quick-edits-to-existing-documents) in our contributors guide.
 
 ### Pull Request
 
-Review the guidance for [Pull Requests](https://docs.microsoft.com/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.
+Review the guidance for [Pull Requests](/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.

articles/active-directory/app-provisioning/known-issues.md

@@ -120,7 +120,7 @@ The following attributes and objects aren't supported:
    - Groups.
    - Complex anchors (for example, ObjectTypeName+UserName).
    - Binary attributes.
-   - On-premises applications are sometimes not federated with Azure AD and require local passwords. The on-premises provisioning preview does not support password synchronization. Provisioning initial one-time passwords is supported. Please ensure that you are using the [Redact](/azure/active-directory/app-provisioning/functions-for-customizing-application-data#redact) function to redact the passwords from the logs. In the SQL and LDAP connectors, the passwords are not exported on the initial call to the application, but rather a second call with set password.   
+   - On-premises applications are sometimes not federated with Azure AD and require local passwords. The on-premises provisioning preview does not support password synchronization. Provisioning initial one-time passwords is supported. Please ensure that you are using the [Redact](./functions-for-customizing-application-data.md#redact) function to redact the passwords from the logs. In the SQL and LDAP connectors, the passwords are not exported on the initial call to the application, but rather a second call with set password.   
 
 #### SSL certificates
    The Azure AD ECMA Connector Host currently requires either an SSL certificate to be trusted by Azure or the provisioning agent to be used. The certificate subject must match the host name the Azure AD ECMA Connector Host is installed on.
@@ -139,4 +139,4 @@ The following attributes and objects aren't supported:
 The ECMA host does not support updating the password in the connectivity page of the wizard. Please create a new connector when changing the password. 
 
 ## Next steps
-[How provisioning works](how-provisioning-works.md)
+[How provisioning works](how-provisioning-works.md)

articles/active-directory/app-provisioning/toc.yml

@@ -20,7 +20,7 @@ items:
     - name: Customize attribute mappings
       href: customize-application-attributes.md
     - name: App specific provisioning tutorials
-      href: /azure/active-directory/saas-apps/tutorial-list
+      href: ../saas-apps/tutorial-list.md
     - name: On-prem app provisioning tutorials
       items:
       - name: Provisioning to On-premises SCIM-enabled apps
@@ -136,4 +136,4 @@ items:
     - name: Stack Overflow
       href: https://stackoverflow.com/questions/tagged/azure-active-directory
     - name: Videos
-      href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory
+      href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory

articles/active-directory/app-provisioning/user-provisioning.md

@@ -20,7 +20,7 @@ In Azure Active Directory (Azure AD), the term *app provisioning* refers to auto
 
 Azure AD application provisioning refers to automatically creating user identities and roles in the applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into SaaS applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and more.
 
-Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If your application supports [SCIM](https://aka.ms/scimoverview), or you've built a SCIM gateway to connect to your legacy application, you can use the Azure AD Provisioning agent to [directly connect](/azure/active-directory/app-provisioning/on-premises-scim-provisioning) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](/azure/active-directory/app-provisioning/on-premises-ldap-connector-configure) user store or a [SQL](/azure/active-directory/app-provisioning/tutorial-ecma-sql-connector) database, Azure AD can support those as well. 
+Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If your application supports [SCIM](https://aka.ms/scimoverview), or you've built a SCIM gateway to connect to your legacy application, you can use the Azure AD Provisioning agent to [directly connect](./on-premises-scim-provisioning.md) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](./on-premises-ldap-connector-configure.md) user store or a [SQL](./tutorial-ecma-sql-connector.md) database, Azure AD can support those as well. 
 
 App provisioning lets you:
 
@@ -91,4 +91,4 @@ For other applications that support SCIM 2.0, follow the steps in [Build a SCIM
 
 - [List of tutorials on how to integrate SaaS apps](../saas-apps/tutorial-list.md)
 - [Customizing attribute mappings for user provisioning](customize-application-attributes.md)
-- [Scoping filters for user provisioning](define-conditional-rules-for-provisioning-user-accounts.md)
+- [Scoping filters for user provisioning](define-conditional-rules-for-provisioning-user-accounts.md)

articles/active-directory/app-proxy/toc.yml

@@ -11,7 +11,7 @@
     expanded: true
     items:
     - name: List of app integration tutorials
-      href: /azure/active-directory/saas-apps/tutorial-list
+      href: ../saas-apps/tutorial-list.md
     - name: Add an on-premises app with Application Proxy
       href: application-proxy-add-on-premises-application.md
   - name: Samples
@@ -176,4 +176,4 @@
     - name: Stack Overflow
       href: https://stackoverflow.com/questions/tagged/azure-active-directory
     - name: Videos
-      href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory
+      href: https://azure.microsoft.com/documentation/videos/index/?services=active-directory

articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.yml

@@ -68,7 +68,7 @@ sections:
           
           When a hybrid user changes their password in Azure AD, whether through Azure AD SSPR, MyAccount, or another Azure AD password change mechanism, their password is evaluated against the global and custom banned password lists in the cloud. When the password reaches Active Directory through password-writeback, it has already been validated in Azure AD.
           
-          Password resets and changes initiated in Azure AD that fail validation for hybrid users can be found in the Azure AD Audit logs. See [Troubleshoot self-service password reset in Azure Active Directory](/azure/active-directory/authentication/troubleshoot-sspr).
+          Password resets and changes initiated in Azure AD that fail validation for hybrid users can be found in the Azure AD Audit logs. See [Troubleshoot self-service password reset in Azure Active Directory](./troubleshoot-sspr.md).
           
           ### Is it supported to install Azure AD Password Protection side by side with other password-filter-based products?
           
@@ -318,4 +318,4 @@ additionalContent: |
   ## Next steps
   If you have an on-premises Azure AD Password Protection question that isn't answered here, submit a Feedback item below - thank you!
           
-  [Deploy Azure AD password protection](howto-password-ban-bad-on-premises-deploy.md)
+  [Deploy Azure AD password protection](howto-password-ban-bad-on-premises-deploy.md)

articles/active-directory/develop/access-tokens.md

@@ -182,7 +182,7 @@ You can adjust the lifetime of an access token to control how often the client a
 
 Default token lifetime variation is applied to organizations that have Continuous Access Evaluation (CAE) enabled, even if CTL policies are configured. The default token lifetime for long lived token lifetime ranges from 20 to 28 hours. When the access token expires, the client must use the refresh token to (usually silently) acquire a new refresh token and access token.
 
-Organizations that use [Conditional Access sign-in frequency (SIF)](/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime#user-sign-in-frequency) to enforce how frequently sign-ins occur cannot override default access token lifetime variation. When using SIF, the time between credential prompts for a client is the token lifetime (ranging from 60 - 90 minutes) plus the sign-in frequency interval.  
+Organizations that use [Conditional Access sign-in frequency (SIF)](../conditional-access/howto-conditional-access-session-lifetime.md#user-sign-in-frequency) to enforce how frequently sign-ins occur cannot override default access token lifetime variation. When using SIF, the time between credential prompts for a client is the token lifetime (ranging from 60 - 90 minutes) plus the sign-in frequency interval.  
 
 Here's an example of how default token lifetime variation works with sign-in frequency.  Let's say an organization sets sign-in frequency to occur every hour. The actual sign-in interval will occur anywhere between 1 hour to 2.5 hours since the token is issued with lifetime ranging from 60-90 minutes (due to token lifetime variation).
 
@@ -327,4 +327,4 @@ Check out [Primary Refresh Tokens](../devices/concept-primary-refresh-token.md)
 ## Next steps
 
 * Learn about [`id_tokens` in Azure AD](id-tokens.md).
-* Learn about permission and consent ( [v1.0](../azuread-dev/v1-permissions-consent.md), [v2.0](v2-permissions-and-consent.md)).
+* Learn about permission and consent ( [v1.0](../azuread-dev/v1-permissions-consent.md), [v2.0](v2-permissions-and-consent.md)).

articles/active-directory/develop/developer-glossary.md

@@ -117,7 +117,7 @@ See the [ID token reference](id-tokens.md) for more details.
 
 ## Managed identities
 
-Eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication. Applications may use the managed identity to obtain Azure AD tokens. For example, an application may use a managed identity to access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts. For more information, see [managed identities overview](/azure/active-directory/managed-identities-azure-resources/overview).
+Eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication. Applications may use the managed identity to obtain Azure AD tokens. For example, an application may use a managed identity to access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts. For more information, see [managed identities overview](../managed-identities-azure-resources/overview.md).
 
 ## Microsoft identity platform
 
@@ -278,4 +278,4 @@ Use the following comments section to provide feedback and help to refine and sh
 [OAuth2-Role-Def]: https://tools.ietf.org/html/rfc6749#page-6
 [OpenIDConnect]: https://openid.net/specs/openid-connect-core-1_0.html
 [OpenIDConnect-AuthZ-Endpoint]: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
-[OpenIDConnect-ID-Token]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
+[OpenIDConnect-ID-Token]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken