Merge pull request #45940 from MicrosoftDocs/master

7/5 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -5,6 +5,51 @@
             "redirect_url": "/azure/cognitive-services/Speech-Service/how-to-customize-acoustic-models",
             "redirect_document_id": true
         },
+        {
+            "source_path": "articles/active-directory/active-directory-licensing-ps-examples.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/licensing-ps-examples",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/active-directory-self-service-signup.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/directory-self-service-signup",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/active-directory-service-limits-restrictions.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/directory-service-limits-restrictions",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/admin-roles-best-practices.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/directory-admin-roles-secure",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/directory-delete-howto.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/directory-delete-howto",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/domains-admin-takeover.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/domains-admin-takeover",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/groups-naming-policy.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/groups-naming-policy",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/linkedin-integration.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/linkedin-integration",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/active-directory/directory-manage-roles-portal.md",
+            "redirect_url": "/azure/active-directory/users-groups-roles/directory-manage-roles-portal",
+            "redirect_document_id": true
+        },
         {
             "source_path": "articles/active-directory/active-directory-groups-dynamic-membership-azure-portal.md",
             "redirect_url": "/azure/active-directory/users-groups-roles/groups-dynamic-membership",
@@ -14,7 +59,8 @@
             "source_path": "articles/active-directory/active-directory-groups-lifecycle-azure-portal.md",
             "redirect_url": "/azure/active-directory/users-groups-roles/groups-lifecycle",
             "redirect_document_id": true
-        },        {
+        },
+        {
             "source_path": "articles/active-directory/active-directory-licensing-directory-independence.md",
             "redirect_url": "/azure/active-directory/users-groups-roles/licensing-directory-independence",
             "redirect_document_id": true
@@ -47,6 +93,8 @@
         {
             "source_path": "articles/active-directory/active-directory-licensing-product-and-service-plan-reference.md",
             "redirect_url": "/azure/active-directory/users-groups-roles/licensing-service-plan-reference",
+        },
+        {
             "source_path": "articles/active-directory/active-directory-accessmanagement-groups-settings-cmdlets.md",
             "redirect_url": "/azure/active-directory/users-groups-roles/groups-settings-cmdlets",
             "redirect_document_id": true
@@ -21189,12 +21237,12 @@
         },
         {
             "source_path": "articles/active-directory/active-directory-add-manage-domain-names.md",
-            "redirect_url": "/azure/active-directory/active-directory-domains-manage-azure-portal",
+            "redirect_url": "/azure/active-directory/users-groups-roles/domains-manage",
             "redirect_document_id": false
         },
         {
             "source_path": "articles/active-directory/active-directory-add-domain-concepts.md",
-            "redirect_url": "/azure/active-directory/active-directory-domains-manage-azure-portal",
+            "redirect_url": "/azure/active-directory/users-groups-roles/domains-manage",
             "redirect_document_id": false
         },
         {
@@ -24399,7 +24447,7 @@
         },
         {
             "source_path": "articles/cognitive-services/QnAMaker/Home.md",
-            "redirect_url": "/azure/cognitive-services/QnAMaker/Overview/overview",
+            "redirect_url": "/azure/cognitive-services/QnAMaker/index",
             "redirect_document_id": false
         },
         {

articles/active-directory/TOC.md

@@ -94,16 +94,16 @@
 #### [Migrate individual licensed users to group-based licensing](users-groups-roles/licensing-groups-migrate-users.md)
 #### [Migrate users between product licenses](users-groups-roles/licensing-groups-change-licenses.md)
 #### [Additional scenarios for group-based licensing](users-groups-roles/licensing-group-advanced.md)
-#### [Azure PowerShell examples for group-based licensing](active-directory-licensing-ps-examples.md)
+#### [Azure PowerShell examples for group-based licensing](users-groups-roles/licensing-ps-examples.md)
 #### [Reference for products and service plans in Azure AD](users-groups-roles/licensing-service-plan-reference.md)
 ### [Set up Office 365 groups expiration](users-groups-roles/groups-lifecycle.md)
-### [Enforce a naming policy for groups](groups-naming-policy.md)
+### [Enforce a naming policy for groups](users-groups-roles/groups-naming-policy.md)
 ### [View all groups](fundamentals/active-directory-groups-view-azure-portal.md)
 ### [Add group access to SaaS apps](users-groups-roles/groups-saasapps.md)
 ### [Restore a deleted Office 365 group](fundamentals/active-directory-groups-restore-azure-portal.md)
 ### [Manage group settings](fundamentals/active-directory-groups-settings-azure-portal.md) 
 ### Create advanced rules
-#### [Azure portal]/users-groups-roles/active-directory-groups-dynamic-membership-azure-portal.md)
+#### [Azure portal](users-groups-roles/groups-dynamic-membership.md)
 ### [Set up self-service groups](users-groups-roles/groups-self-service-management.md)
 ### [Troubleshoot](users-groups-roles/groups-troubleshooting.md)
 
@@ -365,10 +365,10 @@
 #### [Quickstart](fundamentals/add-custom-domain.md)
 #### [Add custom domain names](users-groups-roles/domains-manage.md)
 ### [Administer your directory](fundamentals/active-directory-administer.md)
-### [Delete a directory](directory-delete-howto.md)
+### [Delete a directory](users-groups-roles/directory-delete-howto.md)
 ### [Multiple directories](users-groups-roles/licensing-directory-independence.md)
-### [Self-service signup](active-directory-self-service-signup.md)
-### [Take over an unmanaged directory](domains-admin-takeover.md)
+### [Self-service signup](users-groups-roles/directory-self-service-signup.md)
+### [Take over an unmanaged directory](users-groups-roles/domains-admin-takeover.md)
 ### [Enterprise State Roaming](active-directory-windows-enterprise-state-roaming-overview.md)
 #### [Enable](active-directory-windows-enterprise-state-roaming-enable.md)
 #### [Group policy settings](active-directory-windows-enterprise-state-roaming-group-policy-settings.md)
@@ -380,11 +380,11 @@
 ### [Integrate on-premises identities using Azure AD Connect](./connect/active-directory-aadconnect.md)
 
 ## Delegate access to resources
-### [View members of an admin role](directory-manage-roles-portal.md)
+### [View members of an admin role](users-groups-roles//directory-manage-roles-portal.md)
 ### [Administrator roles](users-groups-roles/directory-assign-admin-roles.md)
 #### [Assign admin role to a user](fundamentals/active-directory-users-assign-role-azure-portal.md)
 #### [Compare member and guest user permissions](fundamentals/users-default-permissions.md)
-### [Harden administrator role security](admin-roles-best-practices.md)  
+### [Administrator role security](users-groups-roles/directory-admin-roles-secure.md)  
 #### [Create emergency access administrator accounts](users-groups-roles/directory-emergency-access.md)
 ### [Administrative units](users-groups-roles/directory-administrative-units.md)
 ### [Configure token lifetimes](active-directory-configurable-token-lifetimes.md)
@@ -448,7 +448,7 @@
 ### [Privileged Identity Management](active-directory-privileged-identity-management-configure.md)
 
 ## Integrate other services with Azure AD 
-### [Integrate LinkedIn with Azure AD](linkedin-integration.md)
+### [Integrate LinkedIn with Azure AD](users-groups-roles/linkedin-integration.md)
 
 ## [Deploy AD FS in Azure](active-directory-aadconnect-azure-adfs.md)
 ### [High availability](active-directory-adfs-in-azure-with-azure-traffic-manager.md)
@@ -468,7 +468,7 @@
 ## [Azure PowerShell cmdlets](/powershell/azure/overview)
 ## [Java API Reference](/java/api)
 ## [.NET API](/active-directory/adal/microsoft.identitymodel.clients.activedirectory)
-## [Service limits and restrictions](active-directory-service-limits-restrictions.md)
+## [Service limits and restrictions](users-groups-roles/directory-service-limits-restrictions.md)
 
 # Related
 ## [Multi-Factor Authentication](/azure/multi-factor-authentication/)

articles/active-directory/active-directory-conditional-access-migration-mfa.md

@@ -36,7 +36,7 @@ The scenario in this article shows how to migrate a classic policy that requires
 
 The migration process consist of the following steps:
 
-1. [Open the classic policy](#open-a-classic-policy) to get the the configuration settings.
+1. [Open the classic policy](#open-a-classic-policy) to get the configuration settings.
 2. Create a new Azure AD conditional access policy to replace your classic policy. 
 3. Disable the classic policy.
 

articles/active-directory/active-directory-playbook-building-blocks.md

@@ -39,7 +39,7 @@ Following are some pre-requisites needed for any POC with Azure AD Premium.
 | Pre-requisite | Resources |
 | --- | --- |
 | Azure AD tenant defined with a valid Azure subscription | [How to get an Azure Active Directory tenant](active-directory-howto-tenant.md)<br/>**Note:** If you already have an environment with Azure AD Premium licenses, you can get a zero cap subscription by navigating to https://aka.ms/accessaad <br/>Learn more at: https://blogs.technet.microsoft.com/enterprisemobility/2016/02/26/azure-ad-mailbag-azure-subscriptions-and-azure-ad-2/ and https://technet.microsoft.com/library/dn832618.aspx |
-| Domains defined and verified | [Add a custom domain name to Azure Active Directory](active-directory-domains-add-azure-portal.md)<br/>**Note:** Some workloads such as Power BI could have provisioned an azure AD tenant under the covers. To check if a given domain is associated to a tenant, navigate to https://login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration. If you get a successful response, then the domain is already assigned to a tenant and take over might be needed. If so, contact Microsoft for further guidance. Learn more about the takeover options at: [What is Self-Service Signup for Azure?](active-directory-self-service-signup.md) |
+| Domains defined and verified | [Add a custom domain name to Azure Active Directory](active-directory-domains-add-azure-portal.md)<br/>**Note:** Some workloads such as Power BI could have provisioned an azure AD tenant under the covers. To check if a given domain is associated to a tenant, navigate to https://login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration. If you get a successful response, then the domain is already assigned to a tenant and take over might be needed. If so, contact Microsoft for further guidance. Learn more about the takeover options at: [What is Self-Service Signup for Azure?](users-groups-roles/directory-self-service-signup.md) |
 | Azure AD Premium or EMS trial Enabled | [Azure Active Directory Premium free for one month](https://azure.microsoft.com/trial/get-started-active-directory/) |
 | You have assigned Azure AD Premium or EMS licenses to PoC users | [License yourself and your users in Azure Active Directory](active-directory-licensing-get-started-azure-portal.md) |
 | Azure AD Global Admin credentials | [Assigning administrator roles in Azure Active Directory](users-groups-roles/directory-assign-admin-roles.md) |

articles/active-directory/active-directory-reporting-azure-portal.md

@@ -109,7 +109,7 @@ If you want to know more about the various report types in Azure Active Director
 - [Audit logs report](active-directory-reporting-activity-audit-logs.md)
 - [Sign-ins logs report](active-directory-reporting-activity-sign-ins.md)
 
-If you want to know more about accessing the the reporting data using the reporting API, see: 
+If you want to know more about accessing the reporting data using the reporting API, see: 
 
 - [Getting started with the Azure Active Directory reporting API](active-directory-reporting-api-getting-started-azure-portal.md)
 

articles/active-directory/active-directory-saas-access-panel-introduction.md

@@ -103,6 +103,10 @@ To use internal company URLs while remote using the extension, do the following:
 3. Install the extension, and sign in to it by selecting Sign in to get started.
 4. You can now browse to the internal company URL even while remote.
 
+> [!NOTE]
+> You may also turn off automatic redirection to company URLs by selecting the settings gear on the main menu and selecting **off** for the Company internal URL redirection option.
+
+
 ## Mobile app support
 
 The Azure Active Directory team publishes the My Apps mobile app. When you install the app, you can sign in to password-based SSO applications on iOS and Android devices.

articles/active-directory/authentication/concept-sspr-howitworks.md

@@ -232,7 +232,7 @@ This control designates whether users who visit the password reset portal should
 Password reset and change are fully supported on all business-to-business (B2B) configurations. B2B user password reset is supported in the following three cases:
 
    * **Users from a partner organization with an existing Azure AD tenant**: If the organization you're partnering with has an existing Azure AD tenant, we *respect whatever password reset policies are enabled on that tenant*. For password reset to work, the partner organization just needs to make sure that Azure AD SSPR is enabled. There is no additional charge for Office 365 customers, and it can be enabled by following the steps in our [Get started with password management](https://azure.microsoft.com/documentation/articles/active-directory-passwords-getting-started/#enable-users-to-reset-or-change-their-aad-passwords) guide.
-   * **Users who sign up through** self-service sign-up: If the organization you're partnering with used the [self-service sign-up](../active-directory-self-service-signup.md) feature to get into a tenant, we let them reset the password with the email they registered.
+   * **Users who sign up through** self-service sign-up: If the organization you're partnering with used the [self-service sign-up](../users-groups-roles/directory-self-service-signup.md) feature to get into a tenant, we let them reset the password with the email they registered.
    * **B2B users**: Any new B2B users created by using the new [Azure AD B2B capabilities](../active-directory-b2b-what-is-azure-ad-b2b.md) will also be able to reset their passwords with the email they registered during the invite process.
 
 To test this scenario, go to http://passwordreset.microsoftonline.com with one of these partner users. If they have an alternate email or authentication email defined, password reset works as expected.

articles/active-directory/connect-health/active-directory-aadconnect-health-faq.md

@@ -56,8 +56,16 @@ Example:
 
 **Q: Does Azure AD Connect Health support Azure Germany Cloud?**
 
-Azure AD Connect Health has an [installation](active-directory-aadconnect-health-agent-install.md) for Azure Germany. All the data for German Cloud customers is kept within Azure Germany Cloud.
+Azure AD Connect Health is not supported in Germany Cloud except for the [sync errors report feature](active-directory-aadconnect-health-sync.md#object-level-synchronization-error-report-preview). 
 
+| Roles | Features | Supported in German Cloud |
+| ------ | --------------- | --- |
+| Connect Health for Sync | Monitoring / Insight / Alerts / Analysis | No |
+|  | Sync error report | Yes |
+| Connect Health for ADFS | Monitoring / Insight / Alerts / Analysis | No |
+| Connect Health for ADDS | Monitoring / Insight / Alerts / Analysis | No |
+
+To ensure the agent connectivity of Connect Health for sync, please configure the [installation requirement](active-directory-aadconnect-health-agent-install.md#outbound-connectivity-to-the-azure-service-endpoints) accordingly.   
 
 ## Installation questions
 

articles/active-directory/develop/active-directory-v2-protocols-implicit.md

@@ -47,7 +47,7 @@ The entire implicit sign-in flow looks something like this - each of the steps a
 To initially sign the user into your app, you can send an [OpenID Connect](active-directory-v2-protocols-oidc.md) authorization request and get an `id_token` from the v2.0 endpoint:
 
 > [!IMPORTANT]
-> In order to succesfully request an ID token, the app registration in the [registration portal](https://apps.dev.microsoft.com) must have the **[Implicit grant](active-directory-v2-protocols-implicit.md)** enabled for the the Web client. If it is not enabled, an `unsupported_response` error will be returned: "The provided value for the input parameter 'response_type' is not allowed for this client. Expected value is 'code'"
+> In order to succesfully request an ID token, the app registration in the [registration portal](https://apps.dev.microsoft.com) must have the **[Implicit grant](active-directory-v2-protocols-implicit.md)** enabled for the Web client. If it is not enabled, an `unsupported_response` error will be returned: "The provided value for the input parameter 'response_type' is not allowed for this client. Expected value is 'code'"
 
 ```
 // Line breaks for legibility only

articles/active-directory/develop/active-directory-v2-protocols-oidc.md

@@ -81,7 +81,7 @@ When your web app needs to authenticate the user, it can direct the user to the
 * The request must include the `nonce` parameter.
 
 > [!IMPORTANT]
-> In order to succesfully request an ID token, the app registration in the [registration portal](https://apps.dev.microsoft.com) must have the **[Implicit grant](active-directory-v2-protocols-implicit.md)** enabled for the the Web client. If it is not enabled, an `unsupported_response` error will be returned: "The provided value for the input parameter 'response_type' is not allowed for this client. Expected value is 'code'"
+> In order to succesfully request an ID token, the app registration in the [registration portal](https://apps.dev.microsoft.com) must have the **[Implicit grant](active-directory-v2-protocols-implicit.md)** enabled for the Web client. If it is not enabled, an `unsupported_response` error will be returned: "The provided value for the input parameter 'response_type' is not allowed for this client. Expected value is 'code'"
 
 For example: