MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/administration-concepts.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-domain-services/administration-concepts.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/overview.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-domain-services/overview.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/synchronization.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-domain-services/synchronization.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/TOC.yml
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/develop/TOC.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/migrate-python-adal-msal.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/develop/migrate-python-adal-msal.md
Lines changed: 2 additions & 2 deletions
@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/sql-database/sql-database-feature-restrictions.md",
+      "redirect_url": "/azure/sql-database",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/digital-twins/how-to-use-legacy-aad.md",
       "redirect_url": "/azure/digital-twins/quickstart-view-occupancy-dotnet#set-permissions-for-your-app",
 
@@ -56,6 +56,9 @@ For users synchronized from an on-premises AD DS environment using Azure AD Conn
 
 Once appropriately configured, the usable password hashes are stored in the Azure AD DS managed domain. If you delete the Azure AD DS managed domain, any password hashes stored at that point are also deleted. Synchronized credential information in Azure AD can't be reused if you later create an Azure AD DS managed domain - you must reconfigure the password hash synchronization to store the password hashes again. Previously domain-joined VMs or users won't be able to immediately authenticate - Azure AD needs to generate and store the password hashes in the new Azure AD DS managed domain. For more information, see [Password hash sync process for Azure AD DS and Azure AD Connect][azure-ad-password-sync].
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ## Forests and trusts
 
 A *forest* is a logical construct used by Active Directory Domain Services (AD DS) to group one or more *domains*. The domains then store objects for user or groups, and provide authentication services.
 
@@ -93,6 +93,9 @@ Let's look at an example for Litware Corporation, a hybrid organization that run
 * Litware's IT team enables Azure AD DS for their Azure AD tenant in this, or a peered, virtual network.
 * Applications and VMs deployed in the Azure virtual network can then use Azure AD DS features like domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ### Azure AD DS for cloud-only organizations
 
 A cloud-only Azure AD tenant doesn't have an on-premises identity source. User accounts and group memberships, for example, are created and managed directly in in Azure AD.
 
@@ -95,6 +95,9 @@ The following table illustrates how specific attributes for group objects in Azu
 
 Azure AD Connect is used to synchronize user accounts, group memberships, and credential hashes from an on-premises AD DS environment to Azure AD. Attributes of user accounts such as the UPN and on-premises security identifier (SID) are synchronized. To sign in using Azure AD Domain Services, legacy password hashes required for NTLM and Kerberos authentication are also synchronized to Azure AD.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 If you configure write-back, changes from Azure AD are synchronized back to the on-premises AD DS environment. For example, if a user changes their password using Azure AD self-service password management, the password is updated back in the on-premises AD DS environment.
 
 > [!NOTE]
 
@@ -50,6 +50,9 @@ To authenticate users on the managed domain, Azure AD DS needs password hashes i
 
 Azure AD Connect can be configured to synchronize the required NTLM or Kerberos password hashes for Azure AD DS. Make sure that you have completed the steps to [enable Azure AD Connect for password hash synchronization][enable-azure-ad-connect]. If you had an existing instance of Azure AD Connect, [download and update to the latest version][azure-ad-connect-download] to make sure you can synchronize the legacy password hashes for NTLM and Kerberos. This functionality isn't available in early releases of Azure AD Connect or with the legacy DirSync tool. Azure AD Connect version *1.1.614.0* or later is required.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ## Enable synchronization of password hashes
 
 With Azure AD Connect installed and configured to synchronize with Azure AD, now configure the legacy password hash sync for NTLM and Kerberos. A PowerShell script is used to configure the required settings and then start a full password synchronization to Azure AD. When that Azure AD Connect password hash synchronization process is complete, users can sign in to applications through Azure AD DS that use legacy NTLM or Kerberos password hashes.
 
@@ -36,7 +36,7 @@ The Azure Active Directory (Azure AD) default configuration for user sign in fre
 
 It might sound alarming to not ask for a user to sign back in, in reality any violation of IT policies will revoke the session. Some examples include (but are not limited to) a password change, an incompliant device, or account disable. You can also explicitly [revoke users’ sessions using PowerShell](https://docs.microsoft.com/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0). The Azure AD default configuration comes down to “don’t ask users to provide their credentials if security posture of their sessions has not changed”.
 
-Sign-in frequency setting works with apps that have implemented OAUTH2 or OIDC protocols according to the standards. Most Microsoft native apps for Windows, Mac, and Mobile including the following comply with the setting.
+Sign-in frequency setting works with apps that have implemented OAUTH2 or OIDC protocols according to the standards. Most Microsoft native apps for Windows, Mac, and Mobile including the following web applications comply with the setting.
 
 - Word, Excel, PowerPoint Online
 - OneNote Online
 
@@ -60,7 +60,7 @@
       - name: .NET Core console (daemon)
         href: quickstart-v2-netcore-daemon.md
       - name: Python console daemon
-        href: quickstart-v2-python-daemon.md      
+        href: quickstart-v2-python-daemon.md
   - name: Tutorials
     items:
     - name: Single-page apps
@@ -289,6 +289,8 @@
         items:
         - name: ADFS support in MSAL.NET
           href: msal-net-adfs-support.md
+        - name: ADFS support in MSAL for Python
+          href: msal-python-adfs-support.md
         - name: ADFS support in MSAL for Java
           href: msal-java-adfs-support.md
       - name: Integrate with Azure AD B2C
 
@@ -46,7 +46,7 @@ ADAL Python acquires tokens for resources, but MSAL Python acquires tokens for s
 
 ### Error handling
 
-Azure Active Directory Authentication Library (ADAL) for Python uses the exception `AdalError` to indicate that there's been a problem. MSAL for  Python typically uses error codes, instead. For more information, see  [MSAL for Python error handling](msal-handling-exceptions.md#msal-for-python-error-handling).
+Azure Active Directory Authentication Library (ADAL) for Python uses the exception `AdalError` to indicate that there's been a problem. MSAL for  Python typically uses error codes, instead. For more information, see  [MSAL for Python error handling](https://docs.microsoft.com/azure/active-directory/develop/msal-handling-exceptions?tabs=python).
 
 ### API changes
 
@@ -58,7 +58,7 @@ The following table lists an API in ADAL for Python, and the one to use in its p
 | N/A  | [get_authorization_request_url()](https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.get_authorization_request_url)  |
 | [acquire_token_with_authorization_code()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token_with_authorization_code) | [acquire_token_by_authorization_code()](https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.acquire_token_by_authorization_code) |
 | [acquire_token()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token) | [acquire_token_silent()](https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.acquire_token_silent) |
-| [acquire_token_with_refresh_token()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token_with_refresh_token) | N/A (See the section above) |
+| [acquire_token_with_refresh_token()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token_with_refresh_token) | N/A |
 | [acquire_user_code()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_user_code) | [initiate_device_flow()](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_device_flow) |
 | [acquire_token_with_device_code()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token_with_device_code) and [cancel_request_to_get_token_with_device_code()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.cancel_request_to_get_token_with_device_code) | [acquire_token_by_device_flow()](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.acquire_token_by_device_flow) |
 | [acquire_token_with_username_password()](https://adal-python.readthedocs.io/en/latest/#adal.AuthenticationContext.acquire_token_with_username_password) | [acquire_token_by_username_password()](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.acquire_token_by_username_password) |
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,10 @@`
`1`	`1`	`{`
`2`	`2`	`"redirections": [`
	`3`	`+ {`
	`4`	`+ "source_path": "articles/sql-database/sql-database-feature-restrictions.md",`
	`5`	`+ "redirect_url": "/azure/sql-database",`
	`6`	`+ "redirect_document_id": false`
	`7`	`+ },`
`3`	`8`	`{`
`4`	`9`	`"source_path": "articles/digital-twins/how-to-use-legacy-aad.md",`
`5`	`10`	`"redirect_url": "/azure/digital-twins/quickstart-view-occupancy-dotnet#set-permissions-for-your-app",`