Merge pull request #82203 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -269,7 +269,7 @@ Some legacy and on-premises applications that do not authenticate directly again
 
 * Legacy on-premises applications, which will need to use Application proxy.
 * On-premises RADIUS applications, which will need to use MFA adapter with NPS server.
-* On-premises AD FS applications, which will need to use MFA adapter with AD FS 2016.
+* On-premises AD FS applications, which will need to use MFA adapter with AD FS 2016 or newer.
 
 Applications that authenticate directly with Azure AD and have modern authentication (WS-Fed, SAML, OAuth, OpenID Connect) can make use of Conditional Access policies directly.
 
@@ -319,13 +319,13 @@ Unlike with AD FS in Windows Server 2012 R2, the AD FS 2016 Azure MFA adapter in
 
 When using Azure MFA with AD FS 2016 and the target application is subject to Conditional Access policy, there are additional considerations:
 
-* Conditional Access is available when the application is a relying party to Azure AD, federated with AD FS 2016.
-* Conditional Access is not available when the application is a relying party to AD FS 2016 and is managed or federated with AD FS 2016.
-* Conditional Access is also not available when AD FS 2016 is configured to use Azure MFA as the primary authentication method.
+* Conditional Access is available when the application is a relying party to Azure AD, federated with AD FS 2016 or newer.
+* Conditional Access is not available when the application is a relying party to AD FS 2016 or AD FS 2019 and is managed or federated with AD FS 2016 or AD FS 2019.
+* Conditional Access is also not available when AD FS 2016 or AD FS 2019 is configured to use Azure MFA as the primary authentication method.
 
 #### AD FS logging
 
-Standard AD FS 2016 logging in both the Windows Security Log and the AD FS Admin log, contains information about authentication requests and their success or failure. Event log data within these events will indicate whether Azure MFA was used. For example, an AD FS Auditing Event ID 1200 may contain:
+Standard AD FS 2016 and 2019 logging in both the Windows Security Log and the AD FS Admin log, contains information about authentication requests and their success or failure. Event log data within these events will indicate whether Azure MFA was used. For example, an AD FS Auditing Event ID 1200 may contain:
 
 ```
 <MfaPerformed>true</MfaPerformed>

articles/active-directory/devices/howto-azure-managed-workstation.md

@@ -168,7 +168,7 @@ In Intune in the Azure portal:
    * Description - **Deployment of secure workstations**.
    * Set **Convert all targeted devices to Autopilot** to **Yes**. This setting makes sure that all devices in the list get registered with the Autopilot deployment service. Allow 48 hours for the registration to be processed.
 1. Select **Next**.
-   * For **Deployment mode**, choose **Self-Deploying (Preview)**. Devices with this profile are associated with the user who enrolls the device. User credentials are required to enroll the device.
+   * For **Deployment mode**, choose **Self-Deploying (Preview)**. Devices with this profile are associated with the user who enrolls the device. User credentials are required to enroll the device. It's essential to note that deploying a device in the **Self-Deploying** mode will allow you to deploy laptops in a shared model. No user assignment will happen until the device is assigned to a user for the first time. As a result, any user policies such as BitLocker will not be enabled until a user assignment is completed. For more details about how to log on to a secured device, see [selected profiles](https://docs.microsoft.com/intune/device-profile-assign).
    * The **Join to Azure AD as** box should show **Azure AD joined** and be grayed out.
    * Select your Langugage (Region), User account type **standard**. 
 1. Select **Next**.
@@ -178,6 +178,8 @@ In Intune in the Azure portal:
 1. Select **Next**.
 1. Select **Create** to create the profile. The Autopilot deployment profile is now available to assign to devices.
 
+Device enrollment in Autopilot provides a different user experience based on device type and role. In our deployment example, we illustrate a model where the secured devices are bulk deployed and can be shared, but when used for the first time, the device is assigned to a user. For more information, see [Intune Autopilot device enrollment](https://docs.microsoft.com/intune/device-enrollment).
+
 ### Configure Windows Update
 
 Keeping Windows 10 up to date is one of the most important things you can do. To maintain Windows in a secure state, you deploy an update ring to manage the pace that updates are applied to workstations. 

articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 This article provides information that you need to synchronize your user passwords from an on-premises Active Directory instance to a cloud-based Azure Active Directory (Azure AD) instance.
 
 ## How password hash synchronization works
-The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password. A hash value is a result of a one-way mathematical function (the *hashing algorithm*). There is no method to revert the result of a one-way function to the plain text version of a password. You cannot use a password hash to sign in to your on-premises network.
+The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password. A hash value is a result of a one-way mathematical function (the *hashing algorithm*). There is no method to revert the result of a one-way function to the plain text version of a password. 
 
 To synchronize your password, Azure AD Connect sync extracts your password hash from the on-premises Active Directory instance. Extra security processing is applied to the password hash before it is synchronized to the Azure Active Directory authentication service. Passwords are synchronized on a per-user basis and in chronological order.
 

articles/active-directory/hybrid/how-to-connect-sync-feature-preferreddatalocation.md

@@ -27,7 +27,7 @@ By default, Office 365 resources for your users are located in the same geo as y
 By setting the attribute **preferredDataLocation**, you can define a user's geo. You can have the user's Office 365 resources, such as the mailbox and OneDrive, in the same geo as the user, and still have one tenant for your entire organization.
 
 > [!IMPORTANT]
-> Multi-Geo is currently available to customers with a minimum of 2,500 Office 365 Services subscriptions. Please talk to your Microsoft representative for details.
+> Multi-Geo is currently available to customers with a minimum of 500 Office 365 Services subscriptions. Please talk to your Microsoft representative for details.
 >
 >
 
@@ -45,6 +45,8 @@ The geos in Office 365 available for Multi-Geo are:
 | India | IND |
 | Japan | JPN |
 | Korea | KOR |
+| South Africa | ZAF |
+| United Arab Emirates | ARE |
 | United Kingdom | GBR |
 | United States | NAM |
 

articles/active-directory/saas-apps/answerhub-tutorial.md

@@ -191,7 +191,7 @@ In this section, you create a test user named Britta Simon in the Azure portal.
 
 ### Assign the Azure AD test user
 
-In this section, you set up Britta Simon to use Azure AD single sign-on by granting her access to AnswerHub.
+In this section, you set up the user Britta Simon to use Azure AD single sign-on by granting the user access to AnswerHub.
 
 **To assign the Azure AD test user:**
 

articles/active-directory/saas-apps/pagedna-tutorial.md

@@ -168,7 +168,7 @@ In this section, you create a test user in the Azure portal named Britta Simon.
 
 ### Assign the Azure AD test user
 
-In this section, you enable Britta Simon to use Azure single sign-on by granting her access to PageDNA.
+In this section, you enable the user Britta Simon to use Azure single sign-on by granting the user access to PageDNA.
 
 1. In the Azure portal, select **Enterprise applications** > **All applications** > **PageDNA**.
 
@@ -208,4 +208,5 @@ When you select **PageDNA** in the My Apps portal, you should be automatically s
 
 * [Single sign-on to applications in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
 
-* [What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
+* [What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
+

articles/azure-monitor/app/java-get-started.md

@@ -164,6 +164,8 @@ You can also [set it in code](../../azure-monitor/app/api-custom-events-metrics.
     }
 ```
 
+Please note that [Live Metrics](https://docs.microsoft.com/azure/azure-monitor/app/live-stream) does not support reading instrumentation key from code.
+
 ## 4. Add an HTTP filter
 The last configuration step allows the HTTP request component to log each web request. (Not required if you just want the bare API.)
 
@@ -428,30 +430,6 @@ Each [Windows performance counter](https://msdn.microsoft.com/library/windows/de
 ### Unix performance counters
 * [Install collectd with the Application Insights plugin](java-collectd.md) to get a wide variety of system and network data.
 
-## Local forwarder
-
-[Local forwarder](https://docs.microsoft.com/azure/application-insights/local-forwarder) is an agent that collects Application Insights or [OpenCensus](https://opencensus.io/) telemetry from a variety of SDKs and frameworks and routes it to Application Insights. It's capable of running under Windows and Linux.
-
-```xml
-<Channel type="com.microsoft.applicationinsights.channel.concrete.localforwarder.LocalForwarderTelemetryChannel">
-<DeveloperMode>false</DeveloperMode>
-<EndpointAddress><!-- put the hostname:port of your LocalForwarder instance here --></EndpointAddress>
-<!-- The properties below are optional. The values shown are the defaults for each property -->
-<FlushIntervalInSeconds>5</FlushIntervalInSeconds><!-- must be between [1, 500]. values outside the bound will be rounded to nearest bound -->
-<MaxTelemetryBufferCapacity>500</MaxTelemetryBufferCapacity><!-- units=number of telemetry items; must be between [1, 1000] -->
-</Channel>
-```
-
-If you are using SpringBoot starter, add the following to your configuration file (application.properties):
-
-```yml
-azure.application-insights.channel.local-forwarder.endpoint-address=<!--put the hostname:port of your LocalForwarder instance here-->
-azure.application-insights.channel.local-forwarder.flush-interval-in-seconds=<!--optional-->
-azure.application-insights.channel.local-forwarder.max-telemetry-buffer-capacity=<!--optional-->
-```
-
-Default values are the same for SpringBoot application.properties and applicationinsights.xml configuration.
-
 ## Get user and session data
 OK, you're sending telemetry from your web server. Now to get the full 360-degree view of your application, you can add more monitoring:
 

articles/cognitive-services/Speech-Service/how-to-phrase-lists.md

@@ -20,6 +20,9 @@ As an example, if you have a command "Move to" and a possible destination of "Wa
 
 Single words or complete phrases can be added to a Phrase List. During recognition, an entry in a phrase list is used if an exact match is included in the audio. Building on the previous example, if the Phrase List includes "Move to Ward", and the phrase captured is "Move toward slowly", then the recognition result will be "Move to Ward slowly".
 
+>[!Note]
+> Currently, Phrase Lists supports only English for speech-to-text.
+
 ## How to use Phrase Lists
 
 The samples below illustrate how to build a Phrase List using the `PhraseListGrammar` object.

articles/cognitive-services/Translator/request-limits.md

@@ -49,7 +49,7 @@ If you reach or surpass these limits, or send too large of a portion of the quot
 
 Limits for [multi-service subscriptions](https://docs.microsoft.com/azure/cognitive-services/translator/reference/v3-0-reference#authentication) are the same as the S1 tier.
 
-These limits are restricted to Microsoft's standard translation models. Custom translation models that use Custom Translator are limited to 1,800 character per second.
+These limits are restricted to Microsoft's standard translation models. Custom translation models that use Custom Translator are limited to 1,800 characters per second.
 
 ## Latency
 

articles/data-lake-store/data-lake-store-access-control.md

@@ -162,7 +162,7 @@ def access_check( user, desired_perms, path ) :
   # Handle the owning user. Note that mask IS NOT used.
   entry = get_acl_entry( path, OWNER )
   if (user == entry.identity)
-      return ( (desired_perms & e.permissions) == desired_perms )
+      return ( (desired_perms & entry.permissions) == desired_perms )
 
   # Handle the named users. Note that mask IS used.
   entries = get_acl_entries( path, NAMED_USER )
@@ -212,9 +212,9 @@ When a new file or folder is created under an existing folder, the Default ACL o
 
 ### umask
 
-When creating a file or folder, umask is used to modify how the default ACLs are set on the child item. umask is a 9 bit a 9-bit value on parent folders that contains an RWX value for **owning user**, **owning group**, and **other**.
+When creating a file or folder, umask is used to modify how the default ACLs are set on the child item. umask is a 9-bit value on parent folders that contains an RWX value for **owning user**, **owning group**, and **other**.
 
-The umask for Azure Data Lake Storage Gen1 a constant value that is set to 007. This value translates to
+The umask for Azure Data Lake Storage Gen1 is a constant value set to 007. This value translates to
 
 | umask component     | Numeric form | Short form | Meaning |
 |---------------------|--------------|------------|---------|