MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 17 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 17 additions & 1 deletion
diff --git a/‎articles/active-directory/manage-apps/customize-application-attributes.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/manage-apps/customize-application-attributes.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 57 additions & 0 deletions b/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 57 additions & 0 deletions
diff --git a/‎articles/active-directory/users-groups-roles/groups-dynamic-membership.md
Lines changed: 7 additions & 2 deletions b/‎articles/active-directory/users-groups-roles/groups-dynamic-membership.md
Lines changed: 7 additions & 2 deletions
diff --git a/‎articles/active-directory/users-groups-roles/groups-naming-policy.md
Lines changed: 7 additions & 2 deletions b/‎articles/active-directory/users-groups-roles/groups-naming-policy.md
Lines changed: 7 additions & 2 deletions
diff --git a/‎articles/ansible/ansible-deploy-app-vmss.md
Lines changed: 4 additions & 4 deletions b/‎articles/ansible/ansible-deploy-app-vmss.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/api-management/policies/filter-ip-addresses-when-using-appgw.md
Lines changed: 33 additions & 0 deletions b/‎articles/api-management/policies/filter-ip-addresses-when-using-appgw.md
Lines changed: 33 additions & 0 deletions
diff --git a/‎articles/api-management/policy-samples.md
Lines changed: 1 addition & 0 deletions b/‎articles/api-management/policy-samples.md
Lines changed: 1 addition & 0 deletions
@@ -12565,6 +12565,11 @@
       "redirect_url": "/azure/event-hubs/event-hubs-node-get-started-send",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-hubs/event-hubs-python.md",
+      "redirect_url": "/azure/event-hubs/event-hubs-python-get-started-send",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "articles/event-hubs/event-hubs-python-get-started-receive.md",
       "redirect_url": "/azure/event-hubs/event-hubs-python-get-started-send",
@@ -45649,10 +45654,21 @@
       "redirect_url": "/azure/media-services/latest/content-aware-encoding",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/virtual-machines/workloads/redhat/redhat-byos.md",
+      "redirect_url": "/azure/virtual-machines/workloads/redhat/byos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/workloads/redhat/redhat-overview.md",
+      "redirect_url": "/azure/virtual-machines/workloads/redhat/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/load-balancer/load-balancer-arm.md",
       "redirect_url": "/azure/load-balancer/load-balancer-overview",
       "redirect_document_id": true
     }
   ]
-}
+}
+
@@ -67,6 +67,7 @@ Along with this property, attribute-mappings also support the following attribut
 
 - **Source attribute** - The user attribute from the source system (example: Azure Active Directory).
 - **Target attribute** – The user attribute in the target system (example: ServiceNow).
+- **Default value if null (optional)** - The value that will be passed to the target system if the source attribute is null. This value will only be provisioned when a user is created. The "default value when null" will not be provisioned when updating an existing user. If, for example, you want to provision all existing users in the target system with a particular Job Title (when it is null in the source system), you can use the following [expression](https://docs.microsoft.com/azure/active-directory/manage-apps/functions-for-customizing-application-data): Switch(IsPresent([jobTitle]), "DefaultValue", "True", [jobTitle]). Make sure to replace the "Default Value" with what you would like to provision when null in the source system. 
 - **Match objects using this attribute** – Whether this mapping should be used to uniquely identify users between the source and target systems. It's typically set on the userPrincipalName or mail attribute in Azure AD, which is typically mapped to a username field in a target application.
 - **Matching precedence** – Multiple matching attributes can be set. When there are multiple, they're evaluated in the order defined by this field. As soon as a match is found, no further matching attributes are evaluated.
 - **Apply this mapping**
 
@@ -150,9 +150,12 @@ This section provides example SCIM requests emitted by the Azure AD SCIM client
   - [Update User [Multi-valued properties]](#update-user-multi-valued-properties) ([Request](#request-4) /  [Response](#response-4))
   - [Update User [Single-valued properties]](#update-user-single-valued-properties) ([Request](#request-5)
 / [Response](#response-5)) 
+  - [Disable User](#disable-user) ([Request](#request-14) / 
+[Response](#response-14))
   - [Delete User](#delete-user) ([Request](#request-6) / 
 [Response](#response-6))
 
+
 [Group Operations](#group-operations)
   - [Create Group](#create-group) (
 [Request](#request-7) / [Response](#response-7))
@@ -436,6 +439,60 @@ This section provides example SCIM requests emitted by the Azure AD SCIM client
 }
 ```
 
+### Disable User
+
+##### <a name="request-14"></a>Request
+
+*PATCH /Users/5171a35d82074e068ce2 HTTP/1.1*
+```json
+{
+    "Operations": [
+        {
+            "op": "Replace",
+            "path": "active",
+            "value": false
+        }
+    ],
+    "schemas": [
+        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
+    ]
+}
+```
+
+##### <a name="response-14"></a>Response
+
+```json
+{
+    "schemas": [
+        "urn:ietf:params:scim:schemas:core:2.0:User"
+    ],
+    "id": "CEC50F275D83C4530A495FCF@834d0e1e5d8235f90a495fda",
+    "userName": "[email protected]",
+    "name": {
+        "familyName": "Harris",
+        "givenName": "Larry"
+    },
+    "active": false,
+    "emails": [
+        {
+            "value": "[email protected]",
+            "type": "work",
+            "primary": true
+        }
+    ],
+    "addresses": [
+        {
+            "country": "ML",
+            "type": "work",
+            "primary": true
+        }
+    ],
+    "meta": {
+        "resourceType": "Users",
+        "location": "/scim/5171a35d82074e068ce2/Users/CEC50F265D83B4530B495FCF@5171a35d82074e068ce2"
+    }
+}
+```
 #### Delete User
 
 ##### <a name="request-6"></a>Request
 
@@ -316,7 +316,12 @@ You can create a group containing all users within a tenant using a membership r
 The "All users" rule is constructed using single expression using the -ne operator and the null value. This rule adds B2B guest users as well as member users to the group.
 
 ```
-user.objectid -ne null
+user.objectId -ne null
+```
+If you want your group to exclude guest users and include only members of your tenant, you can use the following syntax:
+
+```
+(user.objectId -ne null) -and (user.userType -eq “Member”)
 ```
 
 ### Create an "All devices" rule
@@ -326,7 +331,7 @@ You can create a group containing all devices within a tenant using a membership
 The "All Devices" rule is constructed using single expression using the -ne operator and the null value:
 
 ```
-device.objectid -ne null
+device.objectId -ne null
 ```
 
 ## Extension properties and custom extension properties
 
@@ -60,7 +60,12 @@ Blocked word list rules:
 - There are no character restrictions on blocked words.
 - There is an upper limit of 5000 phrases that can be configured in the blocked words list. 
 
-### Administrator override
+### Roles and permissions
+
+To configure naming policy, one of the folowing roles is required:
+- Global administrator
+- Group administrator
+- User administrator
 
 Selected administrators can be exempted from these policies, across all group workloads and endpoints, so that they can create groups using blocked words and with their own naming conventions. The following are the list of administrator roles exempted from the group naming policy.
 
@@ -72,7 +77,7 @@ Selected administrators can be exempted from these policies, across all group wo
 
 ## Configure naming policy in Azure portal
 
-1. Sign in to the [Azure AD admin center](https://aad.portal.azure.com) with a Global Administrator account.
+1. Sign in to the [Azure AD admin center](https://aad.portal.azure.com) with a Group administrator account.
 1. Select **Groups**, then select **Naming policy** to open the Naming policy page.
 
     ![open the Naming policy page in the admin center](./media/groups-naming-policy/policy.png)
 
@@ -3,7 +3,7 @@ title: Tutorial - Deploy apps to virtual machine scale sets in Azure using Ansib
 description: Learn how to use Ansible to configure Azure virtual machine scale sets and deploy application on the scale set
 keywords: ansible, azure, devops, bash, playbook, virtual machine, virtual machine scale set, vmss
 ms.topic: tutorial
-ms.date: 04/30/2019
+ms.date: 01/13/2020
 ---
 
 # Tutorial: Deploy apps to virtual machine scale sets in Azure using Ansible
@@ -51,13 +51,13 @@ Save the following sample playbook as `get-hosts-tasks.yml`:
   - name: Add all hosts
     add_host:
       groups: scalesethosts
-      hostname: "{{ output_ip_address.ansible_facts.azure_publicipaddresses[0].properties.ipAddress }}_{{ item.properties.frontendPort }}"
-      ansible_host: "{{ output_ip_address.ansible_facts.azure_publicipaddresses[0].properties.ipAddress }}"
+      hostname: "{{ output_ip_address.publicipaddresses[0].ip_address }}_{{ item.properties.frontendPort }}"
+      ansible_host: "{{ output_ip_address.publicipaddresses[0].ip_address }}"
       ansible_port: "{{ item.properties.frontendPort }}"
       ansible_ssh_user: "{{ admin_username }}"
       ansible_ssh_pass: "{{ admin_password }}"
     with_items:
-      - "{{ output.ansible_facts.azure_loadbalancers[0].properties.inboundNatRules }}"
+      - "{{ output.ansible_info.azure_loadbalancers[0].properties.inboundNatRules }}"
   ```
 
 ## Prepare an application for deployment
 
@@ -0,0 +1,33 @@
+---
+title: Sample API management policy - Filter on IP Address when using Application Gateway
+titleSuffix: Azure API Management
+description: Azure API management policy sample - Demonstrates how to filter on request IP address when using an Application Gateway.
+services: api-management
+documentationcenter: ''
+author: jftl6y
+
+ms.service: api-management
+ms.workload: mobile
+ms.tgt_pltfrm: na
+ms.topic: article
+ms.date: 01/13/2020
+ms.author: joscot
+ms.custom: fasttrack-new
+---
+
+# Filter on request IP Address when using an Application Gateway
+
+This article shows an Azure API management policy sample that demonstrates how filter on the request IP address when the API Management instance is accessed through an Application Gateway or other intermediary. To set or edit a policy code, follow the steps described in [Set or edit a policy](../set-edit-policies.md). To see other examples, see [policy samples](../policy-samples.md).
+
+## Policy
+
+Paste the code into the **inbound** block.
+
+[!code-xml[Main](../../../api-management-policy-samples/examples/Filter on IP Address when using Application Gateway.policy.xml)]
+
+## Next steps
+
+Learn more about APIM policies:
+
++ [Access restrictions policies](../api-management-access-restriction-policies.md)
++ [Policy samples](../policy-samples.md)
@@ -29,6 +29,7 @@ ms.custom: mvc
 | [Authorize access based on JWT claims](./policies/authorize-request-based-on-jwt-claims.md?toc=api-management/toc.json)                                              | Shows how to authorize access to specific HTTP methods on an API based on JWT claims.                                                                                                                                       |
 | [Authorize requests using external authorizer](./policies/authorize-request-using-external-authorizer.md)                                                   | Shows how to use external authorizer for securing API access.                                                                                                                                                               |
 | [Authorize access using Google OAuth token](./policies/use-google-as-oauth-token-provider.md?toc=api-management/toc.json)                                            | Shows how to authorize access to your endpoints using Google as an OAuth token provider.                                                                                                                                    |
+| [Filter IP Addresses when using an Application Gateway](./policies/filter-ip-addresses-when-using-appgw.md) | Shows how to IP filter in policies when the API Management instance is accessed via an Application Gateway
 | [Generate Shared Access Signature and forward request to Azure storage](./policies/generate-shared-access-signature.md?toc=api-management/toc.json)                  | Shows how to generate [Shared Access Signature](https://docs.microsoft.com/azure/storage/storage-dotnet-shared-access-signature-part-1) using expressions and forward the request to Azure storage with rewrite-uri policy. |
 | [Get OAuth2 access token from AAD and forward it to the backend](./policies/use-oauth2-for-authorization.md?toc=api-management/toc.json)                             | Provides and example of using OAuth2 for authorization between the gateway and a backend. It shows how to obtain an access token from AAD and forward it to the backend.                                                    |
 | [Get X-CSRF token from SAP gateway using send request policy](./policies/get-x-csrf-token-from-sap-gateway.md?toc=api-management/toc.json)                           | Shows how to implement X-CSRF pattern used by many APIs. This example is specific to SAP Gateway.                                                                                                                           |