Merge branch 'master' into two-agriculture-articles

Author: itechedit

.openpublishing.redirection.json

@@ -567,6 +567,11 @@
       "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-quickstart-intent-and-sentiment-analysis.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/tutorial-publish-settings",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/LUIS/luis-how-to-add-example-utterances.md",
       "redirect_url": "/azure/cognitive-services/LUIS/luis-how-to-add-entities",
@@ -11466,7 +11471,7 @@
       "source_path": "articles/event-hubs/event-hubs-create-kafka-enabled.md",
       "redirect_url": "/azure/event-hubs/event-hubs-create",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path": "articles/event-hubs/event-hubs-csharp-ephcs-getstarted.md",
       "redirect_url": "/azure/event-hubs/event-hubs-dotnet-standard-getstarted-send",
@@ -15622,6 +15627,11 @@
       "redirect_url": "/azure/monitoring-and-diagnostics/insights-advanced-autoscale-virtual-machine-scale-sets",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-use-low-priority.md",
+      "redirect_url": "/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-spot",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-cli-quick-create-cli-nodejs.md",
       "redirect_url": "/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-create",
@@ -29511,9 +29521,54 @@
       "redirect_url": "/azure/cognitive-services/speech/concepts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Bing-Image-Search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Autosuggest/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Custom-Search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Entities-Search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-local-business-search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-News-Search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Spell-Check/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Video-Search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/index.yml",
+      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/Bing-Image-Search/search-the-web.md",
-      "redirect_url": "/azure/cognitive-services/bing-image-search",
+      "redirect_url": "/azure/cognitive-services/Bing-Image-Search/overview",
       "redirect_document_id": false
     },
     {
@@ -29523,7 +29578,7 @@
     },
     {
       "source_path": "articles/cognitive-services/Bing-Web-Search/search-the-web.md",
-      "redirect_url": "/azure/cognitive-services/bing-web-search",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/overview",
       "redirect_document_id": false
     },
     {
@@ -43851,6 +43906,11 @@
       "source_path": "articles/service-bus-messaging/migrate-java-apps-wild-fly.md",
       "redirect_url": "/azure/app-service/containers/configure-language-java#use-service-bus-as-a-message-broker",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/mysql/howto-redirection.md",
+      "redirect_url": "/azure/mysql/concepts-connectivity-architecture",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md

@@ -33,14 +33,17 @@ This topic:
 
 To configure certificate-based authentication, the following statements must be true:
 
-- Certificate-based authentication (CBA) is only supported for Federated environments for browser applications or native clients using modern authentication (ADAL). The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for  federated and managed accounts.
+- Certificate-based authentication (CBA) is only supported for Federated environments for browser applications, native clients using modern authentication (ADAL), or MSAL libraries. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for  federated and managed accounts.
 - The root certificate authority and any intermediate certificate authorities must be configured in Azure Active Directory.
 - Each certificate authority must have a certificate revocation list (CRL) that can be referenced via an internet-facing URL.
 - You must have at least one certificate authority configured in Azure Active Directory. You can find related steps in the [Configure the certificate authorities](#step-2-configure-the-certificate-authorities) section.
 - For Exchange ActiveSync clients, the client certificate must have the user’s routable email address in Exchange online in either the Principal Name or the RFC822 Name value of the Subject Alternative Name field. Azure Active Directory maps the RFC822 value to the Proxy Address attribute in the directory.
 - Your client device must have access to at least one certificate authority that issues client certificates.
 - A client certificate for client authentication must have been issued to your client.
 
+>[!IMPORTANT]
+>The maximum size of a CRL for Azure Active Directory to successfully download and cache is 20MB, and the time required to download the CRL must not exceed 10 seconds.  If Azure Active Directory can't download a CRL, certificate based authentications using certificates issued by the corresponding CA will fail. Best practices to ensure CRL files are within size constraints are to keep certificate lifetimes to within reasonable limits and to clean up expired certificates. 
+
 ## Step 1: Select your device platform
 
 As a first step, for the device platform you care about, you need to review the following:

articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/21/2019
+ms.date: 12/02/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -53,7 +53,7 @@ Azure AD joined devices that you will be piloting with must be running Windows 1
 Organizations may choose to use one or more of the following methods to enable the use of security keys for Windows sign-in based on their organization's requirements.
 
 - [Enable with Intune](#enable-with-intune)
-   - [Targeted Intune deployment](#targeted-intune-deployment)
+- [Targeted Intune deployment](#targeted-intune-deployment)
 - [Enable with a provisioning package](#enable-with-a-provisioning-package)
 
 ### Enable with Intune
@@ -64,7 +64,7 @@ Organizations may choose to use one or more of the following methods to enable t
 
 Configuration of security keys for sign-in, is not dependent on configuring Windows Hello for Business.
 
-#### Targeted Intune deployment
+### Targeted Intune deployment
 
 To target specific device groups to enable the credential provider, use the following custom settings via Intune.
 

articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md

@@ -230,7 +230,7 @@ To ensure there is time to validate users’ credentials, perform two-step verif
 
 ### Verify Connection Request Policies
 
-By default, when you configure the RD Gateway to use a central policy store for connection authorization policies, the RD Gateway is configured to forward CAP requests to the NPS server. The NPS server with the Azure MFA extension installed, processes the RADIUS access request. The following steps show you how to verify the default connection request policy.
+By default, when you configure the RD Gateway to use a central policy store for connection authorization policies, the RD Gateway is configured to forward CAP requests to the NPS server. The NPS server with the Azure MFA extension installed, processes the RADIUS access request. The following steps show you how to verify the default connection request policy.  
 
 1. On the RD Gateway, in the NPS (Local) console, expand **Policies**, and select **Connection Request Policies**.
 1. Double-click **TS GATEWAY AUTHORIZATION POLICY**.
@@ -241,6 +241,9 @@ By default, when you configure the RD Gateway to use a central policy store for
 
 1. Click **Cancel**.
 
+>[!NOTE]
+> For more information about creating a connection request policy see the article, [Configure connection request policies](https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-crp-configure#add-a-connection-request-policy) documentation for the same. 
+
 ## Configure NPS on the server where the NPS extension is installed
 
 The NPS server where the NPS extension is installed needs to be able to exchange RADIUS messages with the NPS server on the Remote Desktop Gateway. To enable this message exchange, you need to configure the NPS components on the server where the NPS extension service is installed.

articles/active-directory/authentication/howto-mfa-userstates.md

@@ -38,11 +38,14 @@ Enabled by Azure AD Identity Protection - This method uses the Azure AD Identity
 
 User accounts in Azure Multi-Factor Authentication have the following three distinct states:
 
+> [!IMPORTANT]
+> Enabling Azure MFA through a Conditional Access policy will not change the state of the user. Do not be alarmed users appear disabled. Conditional Access does not change the state. **Organizations should not enable or enforce users if they are utilizing Conditional Access policies.**
+
 | Status | Description | Non-browser apps affected | Browser apps affected | Modern authentication affected |
-|:---:|:---:|:---:|:--:|:--:|
-| Disabled |The default state for a new user not enrolled in Azure MFA. |No |No |No |
-| Enabled |The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in. |No.  They continue to work until the registration process is completed. | Yes. After the session expires, Azure MFA registration is required.| Yes. After the access token expires, Azure MFA registration is required. |
-| Enforced |The user has been enrolled and has completed the registration process for Azure MFA. |Yes. Apps require app passwords. |Yes. Azure MFA is required at login. | Yes. Azure MFA is required at login. |
+|:---:| --- |:---:|:--:|:--:|
+| Disabled | The default state for a new user not enrolled in Azure MFA. | No | No | No |
+| Enabled | The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in. | No.  They continue to work until the registration process is completed. | Yes. After the session expires, Azure MFA registration is required.| Yes. After the access token expires, Azure MFA registration is required. |
+| Enforced | The user has been enrolled and has completed the registration process for Azure MFA. | Yes. Apps require app passwords. | Yes. Azure MFA is required at login. | Yes. Azure MFA is required at login. |
 
 A user's state reflects whether an admin has enrolled them in Azure MFA, and whether they completed the registration process.
 

articles/active-directory/cloud-provisioning/TOC.yml

@@ -0,0 +1,79 @@
+- name: Cloud provisioning
+  href: index.yml
+- name: Overview
+  items:
+  - name: What is identity provisioning?
+    href: what-is-provisioning.md
+  - name: What is Azure AD Connect cloud provisioning?
+    href: what-is-cloud-provisioning.md
+    maintainContext: true
+- name: Tutorials
+  expanded: true
+  items:
+  - name: Integrate a single AD forest  with a single Azure AD tenant
+    href: tutorial-single-forest.md
+  - name: Integrate an existing forest and a new forest with a single Azure AD tenant
+    href: tutorial-existing-forest.md
+  - name: Pilot cloud provisioning for an existing synced AD forest 
+    href: tutorial-pilot-aadc-aadccp.md
+
+
+
+
+
+- name: Concepts
+  items:
+  - name: What is password hash sync?
+    href: /azure/active-directory/hybrid/whatis-phs?context=azure/active-directory/cloud-provisioning/context/cloud-provisioning-context
+  - name: Understanding the Azure AD schema, attributes, and expressions
+    href: concept-attributes.md
+  - name: Writing Expressions for Attribute Mappings in Azure Active Directory
+    href: reference-expressions.md
+    
+  
+
+- name: How-to guides
+  items:
+  - name: Installation and upgrade
+    items:
+    - name: Installation Prerequisites
+      href: how-to-prerequisites.md
+    - name: Install the Azure AD Connect cloud provisioning agent
+      href: how-to-install.md
+    - name: Cloud provisioning configuration
+      href: how-to-configure.md
+  - name: Plan and design
+    items:
+    - name: Topologies and scenarios for Azure AD Connect cloud provisioning
+      href: plan-cloud-provisioning-topologies.md
+    
+     
+  - name: Manage 
+    items:
+    - name: Agent automatic upgrade
+      href: how-to-automatic-upgrade.md
+  - name: Develop
+    items:
+    - name: Transformations
+      href: how-to-transformation.md
+    - name: Azure AD synchronization API 
+      href: https://docs.microsoft.com/graph/api/resources/synchronization-overview
+  
+  - name: Troubleshoot
+    items:
+    - name: Troubleshoot cloud provisioning
+      href: how-to-troubleshoot.md
+    - name: Duplicate attributes
+      href: https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync
+    
+- name: Reference
+  items:
+  - name: Azure AD Connect cloud provisioning agent version history
+    href: /azure/active-directory/manage-apps/provisioning-agent-release-version-history?context=azure/active-directory/cloud-provisioning/context/cp-context
+  - name: Azure AD Connect cloud provisioning FAQ
+    href: reference-cloud-provisioning-faq.md
+  - name: Attributes that are synchronized
+    href: /azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized?context=azure/active-directory/cloud-provisioning/context/cp-context
+  - name: Basic Active Directory and Azure AD environment
+    href: tutorial-basic-ad-azure.md
+  

articles/active-directory/cloud-provisioning/bread/toc.yml

@@ -0,0 +1,24 @@
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:
+  - name: Active Directory
+    tocHref: /azure/active-directory/manage-apps/
+    topicHref: /azure/active-directory/index
+    items:
+    - name: Cloud provisioning
+      tocHref: /azure/active-directory/manage-apps/
+      topicHref: /azure/active-directory/cloud-provisioning/index
+  
+- name: Azure
+  tocHref: /azure/
+  topicHref: /azure/index
+  items:  
+  - name: Active Directory
+    tocHref: /azure/active-directory/hybrid/
+    topicHref: /azure/active-directory/index
+    items:
+    - name: Cloud provisioning
+      tocHref: /azure/active-directory/hybrid/
+      topicHref: /azure/active-directory/cloud-provisioning/index
+