Merge pull request #183420 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -14,7 +14,7 @@ manager: daveba
 ms.reviewer: michmcla
 
 ms.collection: M365-identity-device-management
-ms.custom: has-adal-ref
+ms.custom: 
 ---
 # Resolve error messages from the NPS extension for Azure AD Multi-Factor Authentication
 
@@ -26,7 +26,7 @@ If you encounter errors with the NPS extension for Azure AD Multi-Factor Authent
 | ---------- | --------------------- |
 | **CONTACT_SUPPORT** | [Contact support](#contact-microsoft-support), and mention the list of steps for collecting logs. Provide as much information as you can about what happened before the error, including tenant ID, and user principal name (UPN). |
 | **CLIENT_CERT_INSTALL_ERROR** | There may be an issue with how the client certificate was installed or associated with your tenant. Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert problems. |
-| **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and ADAL token problems. |
+| **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and security token problems. |
 | **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from https://adnotifications.windowsazure.com |
 | **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com/`. If those sites don't load, troubleshoot connectivity on that server. |
 | **NPS Extension for Azure AD MFA:** <br> NPS Extension for Azure AD MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com` using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
@@ -129,4 +129,4 @@ To collect debug logs for support diagnostics, use the following steps on the NP
    ```
 
 5. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **FALSE**
-6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.
+6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -14,7 +14,7 @@ manager: daveba
 ms.reviewer: michmcla
 
 ms.collection: M365-identity-device-management
-ms.custom: has-adal-ref
+ms.custom: 
 ---
 # Integrate your existing Network Policy Server (NPS) infrastructure with Azure AD Multi-Factor Authentication
 
@@ -361,7 +361,7 @@ After you run this command, go to the root of your *C:* drive, locate the file,
 
 Check that your password hasn't expired. The NPS extension doesn't support changing passwords as part of the sign-in workflow. Contact your organization's IT Staff for further assistance.
 
-### Why are my requests failing with ADAL token error?
+### Why are my requests failing with security token error?
 
 This error could be due to one of several reasons. Use the following steps to troubleshoot:
 

articles/active-directory/develop/msal-client-applications.md

@@ -19,7 +19,7 @@ ms.custom: aaddev, has-adal-ref
 
 # Public client and confidential client applications
 
-The Microsoft Authentication Library (MSAL) defines two types of clients: public clients and confidential clients. The two client types are distinguished by their ability to authenticate securely with the authorization server and maintain the confidentiality of their client credentials. In contrast, Azure Active Directory Authentication Library (ADAL) uses what's called _authentication context_ (which is a connection to Azure Active Directory).
+The Microsoft Authentication Library (MSAL) defines two types of clients: public clients and confidential clients. The two client types are distinguished by their ability to authenticate securely with the authorization server and maintain the confidentiality of their client credentials. 
 
 - **Confidential client applications** are apps that run on servers (web apps, web API apps, or even service/daemon apps). They're considered difficult to access, and for that reason can keep an application secret. Confidential clients can hold configuration-time secrets. Each instance of the client has a distinct configuration (including client ID and client secret). These values are difficult for end users to extract. A web app is the most common confidential client. The client ID is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed.
 

articles/active-directory/develop/msal-net-web-browsers.md

@@ -137,7 +137,7 @@ For desktop applications, however, launching a System Webview leads to a subpar
 
 ## Enable embedded webviews on iOS and Android
 
-You can also enable embedded webviews in Xamarin.iOS and Xamarin.Android apps. Starting with MSAL.NET 2.0.0-preview, MSAL.NET also supports using the **embedded** webview option. For ADAL.NET, embedded webview is the only option supported.
+You can also enable embedded webviews in Xamarin.iOS and Xamarin.Android apps. Starting with MSAL.NET 2.0.0-preview, MSAL.NET also supports using the **embedded** webview option. 
 
 As a developer using MSAL.NET targeting Xamarin, you may choose to use either embedded webviews or system browsers. This is your choice depending on the user experience and security concerns you want to target.
 

articles/active-directory/saas-apps/netdocuments-tutorial.md

@@ -101,7 +101,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     |
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Sign on URL and Reply URL. Repository ID is a value starting with **CA-** followed by 8 character code associated with your NetDocuments Repository. You can check the [NetDocuments Federated Identity support document](https://netdocuments.force.com/NetDocumentsSupport/s/en-us/articles/205220410-Federated-Identity-Login) for more information. Alternatively you can contact [NetDocuments Client support team](https://netdocuments.force.com/NetDocumentsSupport/s/) to get these values if you have difficulties configuring using the above information . You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Sign on URL and Reply URL. Repository ID is a value starting with **CA-** followed by 8 character code associated with your NetDocuments Repository. You can check the [NetDocuments Federated Identity support document](https://netdocuments.force.com/NetDocumentsSupport/s/article/205220410) for more information. Alternatively you can contact [NetDocuments Client support team](https://netdocuments.force.com/NetDocumentsSupport/s/) to get these values if you have difficulties configuring using the above information . You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. NetDocuments application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes, where as **nameidentifier** is mapped with **user.userprincipalname**. NetDocuments application expects **nameidentifier** to be mapped with **ObjectID** or any other claim which is applicable to your Organization as **nameidentifier**, so you need to edit the attribute mapping by clicking on **Edit** icon and change the attribute mapping.
 

articles/azure-government/documentation-government-get-started-connect-to-storage.md

@@ -52,91 +52,52 @@ These endpoint differences must be taken into account when you connect to storag
 
 #### C# 
 
-1. Open up Visual Studio and create a new project. Add a reference to the [WindowsAzure.Storage NuGet package](https://www.nuget.org/packages/WindowsAzure.Storage/). This NuGet package contains classes you will need to connect to your storage account.
+1. Open Visual Studio and create a new project. Add a reference to the [Azure Tables client library for .NET](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/tables/Azure.Data.Tables). This package contains classes for connecting to your Storage Table account.
 
 2. Add these two lines of C# code to connect:
     ```cs
-    var credentials = new StorageCredentials(storageAccountName, storageAccountKey);
-
-    var storageAccount = new CloudStorageAccount(credentials, "core.usgovcloudapi.net", useHttps: true);   
+    var credentials = new TableSharedKeyCredential(storageAccountName, Environment.GetEnvironmentVariable("STORAGE_ACCOUNT_KEY"));
+    var storageTableUri = Environment.GetEnvironmentVariable("STORAGE_TABLE_URI");
+    var tableServiceClient = new TableServiceClient(new Uri(storageTableUri), credentials);   
     ```
 
-    - Notice on the second line you had to use a [particular constructor for the CloudStorageAccount](/dotnet/api/microsoft.azure.storage.cloudstorageaccount.-ctor), enabling you to explicitly pass in the endpoint suffix of "core.usgovcloudapi.net". This constructor is the **only difference** required in your code to connect to storage in Azure Government as compared with commercial Azure.
 
-3. At this point, you can interact with storage as you normally would. For example, if you want to retrieve a specific record from table storage, you could do it like this:
+3. At this point, we can interact with Storage as we normally would. For example, if we want to retrieve a specific entity from our Table Storage, we could do it like this:
 
    ```cs
-    var tableClient = storageAccount.CreateCloudTableClient();
-
-    var table = tableClient.GetTableReference("Contacts");
-    var retrieveOperation = TableOperation.Retrieve<ContactEntity>("gov-partition1", "0fb52a6c-3784-4dc5-aa6d-ecda4426dbda");
-    var result = await table.ExecuteAsync(retrieveOperation);
-    var contact = result.Result as ContactEntity;
+    var tableClient = tableServiceClient.GetTableClient("Contacts");
+    ContactEntity contact = tableClient.GetEntity<ContactEntity>("gov-partition1", "0fb52a6c-3784-4dc5-aa6d-ecda4426dbda");
     Console.WriteLine($"Contact: {contact.FirstName} {contact.LastName}");
     ```
 
 #### Java
-1. Download the [Azure Storage SDK for Java](https://github.com/azure/azure-storage-java) and configure your project correctly.
-2. Create a `CustomerEntity` class in your project and paste the code below:
-
-    ```java
-    import com.microsoft.azure.storage.table.TableServiceEntity;
-    
-    public class CustomerEntity extends TableServiceEntity {
-            public CustomerEntity(String lastName, String firstName) {
-                this.partitionKey = lastName;
-                this.rowKey = firstName;
-            }
-    
-            public CustomerEntity() { }
-    
-            String email;
-            
-            public String getEmail() {
-                return this.email;
-            }
-    
-            public void setEmail(String email) {
-                this.email = email;
-            }
-    
-        }
-    ``` 
-3. Create a "test" class where you'll access Azure Table Storage using the Azure Storage API. 
- Copy and paste the code below, and **paste** your Storage Account connection string into the `storageConnectionString` variable. 
-
+1. Download the [Azure Tables client library for Java](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/tables/azure-data-tables) and configure your project correctly.
+2. Create a "test" class where we'll access Azure Table Storage using the Azure Tables client library.  
+ Copy and paste the code below, and **paste** your Storage Account connection string into the `AZURE_STORAGE_CONNECTION_STRING` environment variable. 
     ```java
-    import com.microsoft.azure.storage.*;
-    import com.microsoft.azure.storage.table.*;
-    
+    import com.azure.data.tables.implementation.ModelHelper;
+    import com.azure.data.tables.models.*;
+    import java.util.HashMap;
     public class test {
-
-        public static final String storageConnectionString = //Paste in your Storage Account connection string
-
+        public static final String storageConnectionString = System.getEnv("AZURE_STORAGE_CONNECTION_STRING");
         public static void main(String[] args) {
-
         try
         {
-            // Retrieve storage account from connection-string.
-            CloudStorageAccount storageAccount =
-            CloudStorageAccount.parse(storageConnectionString);
-
-            // Create the table client.
-            CloudTableClient tableClient = storageAccount.createCloudTableClient();
-
+            // Create the table service client.
+            TableServiceClient tableServiceClient = new TableServiceClientBuilder()
+                .connectionString(storageConnectionString)
+                .buildClient();
             // Create the table if it doesn't exist.
             String tableName = "Contacts";
-            CloudTable cloudTable = tableClient.getTableReference(tableName);
-            cloudTable.createIfNotExists();
+            TableClient tableClient = tableServiceClient.createTableIfNotExists(tableName);
             // Create a new customer entity.
-            CustomerEntity customer1 = new CustomerEntity("Brown", "Walter");
-            customer1.setEmail("[email protected]");
-
-            // Create an operation to add the new customer to the people table.
-            TableOperation insertCustomer1 = TableOperation.insertOrReplace(customer1);
-
-            // Submit the operation to the table service.
-            cloudTable.execute(insertCustomer1);
+            TableEntity customer1 = ModelHelper.createEntity(new HashMap<String, Object>() {{
+                put("PartitionKey", "Brown");
+                put("RowKey", "Walter");
+                put("Email", "[email protected]");
+            }});
+            // Insert table entry into table
+            tableClient.createEntity(customer1);
         }
         catch (Exception e)
         {
@@ -148,32 +109,31 @@ These endpoint differences must be taken into account when you connect to storag
     ```
 
 #### Node.js
-1. Download the [Azure Storage SDK for Node.js](https://github.com/Azure/azure-sdk-for-node) and [configure your application](../storage/blobs/storage-quickstart-blobs-nodejs.md#configure-your-storage-connection-string) correctly.
+1. Download the [Azure Storage Blob client library for Node.js](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/storage/storage-blob) and configure your application correctly.
 2. The following code below connects to Azure Blob Storage and creates a Container using the Azure Storage API. 
-    **Paste** your Azure Storage account connection string into the `storageConnectionString` variable below. 
+    **Paste** your Azure Storage account connection string into the `AZURE_STORAGE_CONNECTION_STRING` environment variable. 
 
     ```javascript
-    var azure = require('azure-storage');
-    var storageConnectionString = //Paste Azure Storage connection string here
-    var blobSvc = azure.createBlobService(storageConnectionString);
-    blobSvc.createContainerIfNotExists('testing', function(error, result, response){
-    if(!error){
-    // Container exists and is private
-    }
-    });
+    var { BlobServiceClient } = require("@azure/storage-blob");
+    var storageConnectionString = process.env["AZURE_STORAGE_CONNECTION_STRING"];
+    var blobServiceClient = BlobServiceClient.fromConnectionString(storageConnectionString);
+    var containerClient = blobServiceClient.getContainerClient('testing');
+    containerClient.createIfNotExists();
     ```
 
 #### Python
-1. Download the [Azure Storage SDK for Python](https://github.com/Azure/azure-storage-python).
-2. When using the Storage SDK for Python to connect to Azure Government, you **must separately define an "endpoint_suffix" parameter**. Paste in your Azure storage account name and key in the placeholders below.
+1. Download the [Azure Storage Blob client library for Python](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/storage/azure-storage-blob).
+2. When using the Storage library for Python to connect to Azure Government, paste your Azure storage connection string in the `AZURE_STORAGE_CONNECTION_STRING` environment variable.
 
     ```python
-    # Create the BlockBlockService that is used to call the Blob service for the storage account
-    block_blob_service = BlockBlobService(account_name='#your account name', account_key='#your account key', endpoint_suffix="core.usgovcloudapi.net") 
+    # Create the BlobServiceClient that is used to call the Blob service for the storage account
+    connection_string = os.getenv("AZURE_STORAGE_CONNECTION_STRING")
+    blob_service_client = BlobServiceClient.from_connection_string(conn_str=connection_string)
     container_name ='ml-gov-demo'
-    generator = block_blob_service.list_blobs(container_name)
+    container = blob_service_client.get_container_client(container=container_name)
+    generator = container.list_blobs()
     for blob in generator:
-        print(blob.name)
+        print("\t Blob name: " + blob.name)
     ```
 
 #### PHP
@@ -214,3 +174,4 @@ These endpoint differences must be taken into account when you connect to storag
 - Read more about [Azure Storage](../storage/index.yml). 
 - Subscribe to the [Azure Government blog](https://blogs.msdn.microsoft.com/azuregov/)
 - Get help on Stack Overflow by using the [azure-gov](https://stackoverflow.com/questions/tagged/azure-gov) tag
+

articles/azure-signalr/signalr-resource-faq.yml

@@ -48,11 +48,9 @@ sections:
       - question: |
           Can I configure the transports available in Azure SignalR Service on the server side with ASP.NET Core SignalR? For example, can I disable WebSocket transport?
         answer: |
-          No.
+          Yes. See [Transport Configuration](https://github.com/Azure/azure-signalr/blob/dev/docs/advanced-topics/transport-configuration.md) for how to configure.
           
-          Azure SignalR Service provides all three transports that ASP.NET Core SignalR supports by default. It's not configurable. Azure SignalR Service will handle connections and transports for all client connections.
-          
-          You can configure client-side transports as documented in [ASP.NET Core SignalR configuration](/aspnet/core/signalr/configuration#configure-allowed-transports-1).
+          You can also configure client-side transports as documented in [ASP.NET Core SignalR configuration](/aspnet/core/signalr/configuration#configure-allowed-transports-1).
           
       - question: |
           What is the meaning of metrics like message count or connection count shown in the Azure portal? Which kind of aggregation type should I choose?