Merge pull request #97324 from MicrosoftDocs/master

11/27 AM Publish

Author: huypub

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -77,7 +77,7 @@ Some of the risk detections detected by Azure Active Directory Identity Protecti
 
 ## Define network locations
 
-We recommended that organizations use Conditional Access to define their network using [named locations](../conditional-access/location-condition.md#named-locations). If your organization is using Identity Protection, consider using risk-based policies instead of named locations.
+We recommend that organizations use Conditional Access to define their network using [named locations](../conditional-access/location-condition.md#named-locations). If your organization is using Identity Protection, consider using risk-based policies instead of named locations.
 
 ### Configuring a named location
 

articles/active-directory/fundamentals/active-directory-deployment-plans.md

@@ -77,14 +77,14 @@ Widening the rollout to larger groups of users should be carried out by increasi
 | [ADFS to Password Hash Sync](https://aka.ms/deploymentplans/adfs2phs)| With Password Hash Synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, letting Azure AD authenticate users with no interaction with the on-premises Active Directory |
 | [ADFS to Pass Through Authentication](https://aka.ms/deploymentplans/adfs2pta)| Azure AD Pass-through Authentication helps your users sign in to both on-premises and cloud-based applications using the same passwords. This feature provides users with a better experience - one less password to remember - and reduces IT helpdesk costs because users are less likely to forget how to sign in. When people sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory. |
 | [Azure AD Application Proxy](https://aka.ms/deploymentplans/appproxy)| Employees today want to be productive at any place, at any time, and from any device. They need to access SaaS apps in the cloud and corporate apps on-premises. Azure AD Application proxy enables this robust access without costly and complex virtual private networks (VPNs) or demilitarized zones (DMZs). |
-| [Seamless SSO](https://aka.ms/SeamlessSSODPDownload)| Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. With this feature, users won't need to type in their passwords to sign in to Azure AD and usually won't need to enter their usernames. This feature provides authorized users with easy access to your cloud-based applications without needing any additional on-premises components. |
+| [Seamless SSO](../hybrid/how-to-connect-sso-quick-start.md)| Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. With this feature, users won't need to type in their passwords to sign in to Azure AD and usually won't need to enter their usernames. This feature provides authorized users with easy access to your cloud-based applications without needing any additional on-premises components. |
 
 ## Deploy user provisioning
 
 | Capability | Description|
 | -| -|
 | [User provisioning](https://aka.ms/deploymentplans/userprovisioning)| Azure AD helps you automate the creation, maintenance, and removal of user identities in cloud (SaaS) applications, such as Dropbox, Salesforce, ServiceNow, and more. |
-| [Workday-driven Inbound User Provisioning](https://aka.ms/WorkdayDeploymentPlan)| Workday-driven Inbound User Provisioning to Active Directory creates a foundation for ongoing identity governance and enhances the quality of business processes that rely on authoritative identity data. Using this feature, you can seamlessly manage the identity lifecycle of employees and contingent workers by configuring rules that map Joiner-Mover-Leaver processes (such as New Hire, Terminate, Transfer) to IT provisioning actions (such as Create, Enable, Disable) |
+| [Cloud HR user provisioning](https://aka.ms/deploymentplans/cloudhr)| Cloud HR user provisioning to Active Directory creates a foundation for ongoing identity governance and enhances the quality of business processes that rely on authoritative identity data. Using this feature with your cloud HR product, such as Workday or Successfactors, you can seamlessly manage the identity lifecycle of employees and contingent workers by configuring rules that map Joiner-Mover-Leaver processes (such as New Hire, Terminate, Transfer) to IT provisioning actions (such as Create, Enable, Disable) |
 
 ## Deploy governance and reporting
 

articles/active-directory/hybrid/TOC.yml

@@ -326,6 +326,8 @@
     href:  reference-connect-version-history.md
   - name: Azure AD Connect Health version history
     href: reference-connect-health-version-history.md
+  - name: Azure AD Pass-through Authentication agent version history
+    href: reference-connect-pta-version-history.md
   - name: Connector version history
     href: reference-connect-sync-connector-version-history.md
   - name: Accounts and permissions

articles/active-directory/hybrid/reference-connect-pta-version-history.md

@@ -0,0 +1,76 @@
+---
+title: 'Azure AD Pass-through Authentication: Version release history | Microsoft Docs'
+description: This article lists all releases of the Azure AD Pass-through Authentication agent
+services: active-directory
+author: billmath
+manager: daveba
+ms.assetid: ef2797d7-d440-4a9a-a648-db32ad137494
+ms.service: active-directory
+ms.topic: reference
+ms.workload: identity
+ms.date: 11/27/2019
+ms.subservice: hybrid
+ms.author: billmath
+ms.collection: M365-identity-device-management
+---
+
+# Azure AD Pass-through Authentication agent: Version Release History 
+ 
+The agents installed on-premises that enable Pass-through Authentication are updated regularly to provide new capabilities. This article lists the versions and features that are added when new functionality is introduced. Pass-through authentication agents are updated automatically when a new version is released. 
+
+Here are related topics: 
+
+- [User sign-in with Azure AD Pass-through Authentication](how-to-connect-pta.md) 
+- [Azure AD Pass-through Authentication agent installation](how-to-connect-pta-quick-start.md) 
+
+
+
+## 1.5.1007.0 
+### Release status 
+1/22/2019: Released for download  
+### New features and improvements 
+- Added support for Service Bus reliable channels to add another layer of connection resiliency for outbound connections 
+- Enforce TLS 1.2 during agent registration 
+
+## 1.5.643.0 
+### Release status 
+4/10/2018: Released for download  
+### New features and improvements 
+- Web socket connection support 
+- Set TLS 1.2 as the default protocol for the agent 
+ 
+## 1.5.405.0 
+### Release status 
+1/31/2018: Released for download  
+### Fixed issues 
+
+- Fixed a bug that caused some memory leaks in the agent. 
+- Updated the Azure Service Bus version, which includes a bug fix for connector timeout issues. 
+ 
+## 1.5.405.0 
+### Release status 
+11/26/2017: Released for download  
+### New features and improvements 
+- Added support for websocket based connections between the agent and Azure AD services to improve connection resiliency 
+
+## 1.5.402.0 
+### Release status 
+11/25/2017: Released for download  
+### Fixed issues 
+- Fixed bugs related to the DNS cache for default proxy scenarios 
+ 
+## 1.5.389.0 
+### Release status 
+10/17/2017: Released for download  
+### New features and improvements 
+- Added DNS cache functionality for outbound connections to add resiliency from DNS failures 
+ 
+## 1.5.261.0 
+### Release status 
+08/31/2017: Released for download  
+### New features and improvements 
+- GA version of the Azure AD Pass-through authentication agent 
+
+## Next steps
+
+- [User sign-in with Azure Active Directory Pass-through Authentication](how-to-connect-pta.md)

articles/active-directory/manage-apps/configure-automatic-user-provisioning-portal.md

@@ -81,4 +81,4 @@ If provisioning is being enabled for the first time for an application, turn on
 
 Change the **Provisioning Status** to **Off**  to pause the provisioning service. In this state, Azure doesn't create, update, or remove any user or group objects in the app. Change the state back to **On** and the service picks up where it left off.
 
-**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. This should not be used to trigger a delete or disable request as these events can be dropped when triggering a clear state and restart. The initial cycle also takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here.](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-when-will-provisioning-finish-specific-user). 
+**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here.](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-when-will-provisioning-finish-specific-user). 

articles/app-service/containers/app-service-linux-intro.md

@@ -64,7 +64,12 @@ Based on a current limitation, for the same resource group you cannot mix Window
 
 ## Troubleshooting
 
-When your application fails to start or you want to check the logging from your app, check the Docker logs in the LogFiles directory. You can access this directory either through your SCM site or via FTP. To log the `stdout` and `stderr` from your container, you need to enable **Docker Container logging** under **App Service Logs**. The setting takes effect immediately. App Service detects the change and restarts the container automatically.
+> [!NOTE]
+> There's new integrated logging capability with [Azure Monitoring (preview)](https://docs.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs#send-logs-to-azure-monitor-preview) . 
+>
+>
+
+When your application fails to start or you want to check the logging from your app, check the Docker logs in the LogFiles directory. You can access this directory either through your SCM site or via FTP. To log the `stdout` and `stderr` from your container, you need to enable **Application Logging** under **App Service Logs**. The setting takes effect immediately. App Service detects the change and restarts the container automatically.
 
 You can access the SCM site from **Advanced Tools** in the **Development Tools** menu.
 

articles/app-service/troubleshoot-diagnostic-logs.md

@@ -185,7 +185,7 @@ With the new [Azure Monitor integration](https://aka.ms/appsvcblog-azmon), you c
 
 The following table shows the supported log types and descriptions: 
 
-| Log type | Windows support | Linux support | Description |
+| Log type | Windows support | Linux (Docker) support | Description |
 |-|-|-|
 | AppServiceConsoleLogs | TBA | Yes | Standard output and standard error |
 | AppServiceHTTPLogs | Yes | Yes | Web server logs |

articles/azure-monitor/app/pricing.md

@@ -6,7 +6,7 @@ ms.subservice: application-insights
 ms.topic: conceptual
 author: DaleKoetke
 ms.author: dalek
-ms.date: 10/28/2019
+ms.date: 11/27/2019
 
 ms.reviewer: mbullwin
 ---
@@ -65,7 +65,7 @@ Application Insights charges are added to your Azure bill. You can see details o
 ### Using data volume metrics
 <a id="understanding-ingested-data-volume"></a>
 
-To learn more about your data volumes, selecting **Metrics** for your Application Insights resource, add a new chart. For the chart metric, under **Log-based metrics**, select **Data point volume**. Click **Apply splitting**, and select group by **Telemetryitem type**.
+To learn more about your data volumes, selecting **Metrics** for your Application Insights resource, add a new chart. For the chart metric, under **Log-based metrics**, select **Data point volume**. Click **Apply splitting**, and select group by **`Telemetryitem` type**.
 
 ![Use Metrics to look at data volume](./media/pricing/10-billing.png)
 
@@ -199,7 +199,7 @@ To change the retention, from your Application Insights resource, go to the **Us
 
 ![Adjust the daily telemetry volume cap](./media/pricing/pricing-005.png)
 
-The retention can also be [set programatically using Powershell](powershell.md#set-the-data-retention) using the `retentionInDays` parameter. Additionally, if you set the data retention to 30 days, you can trigger an immediate purge of older data using the `immediatePurgeDataOn30Days` parameter, which may be useful for compliance-related scenarios. This purge functionality is only exposed via Azure Resource Manager and should be used with extreme care. 
+The retention can also be [set programatically using Powershell](powershell.md#set-the-data-retention) using the `retentionInDays` parameter. Additionally, if you set the data retention to 30 days, you can trigger an immediate purge of older data using the `immediatePurgeDataOn30Days` parameter, which may be useful for compliance-related scenarios. This purge functionality is only exposed via Azure Resource Manager and should be used with extreme care. The daily reset time for the data volume cap can be configured using Azure Resource Manager to set the `dailyQuotaResetTime` parameter. 
 
 ## Data transfer charges using Application Insights
 
@@ -279,4 +279,4 @@ You can write a script to set the pricing tier by using Azure Resource Managemen
 [apiproperties]: app-insights-api-custom-events-metrics.md#properties
 [start]: ../../azure-monitor/app/app-insights-overview.md
 [pricing]: https://azure.microsoft.com/pricing/details/application-insights/
-[pricing]: https://azure.microsoft.com/pricing/details/application-insights/
+[pricing]: https://azure.microsoft.com/pricing/details/application-insights/

articles/azure-monitor/platform/stream-monitoring-data-event-hubs.md

@@ -51,7 +51,7 @@ Routing your monitoring data to an event hub with Azure Monitor enables you to e
 | SumoLogic | Instructions for setting up SumoLogic to consume data from an event hub are available at [Collect Logs for the Azure Audit App from Event Hub](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Azure-Audit/02Collect-Logs-for-Azure-Audit-from-Event-Hub). |
 | ArcSight | The ArcSight Azure Event Hub smart connector is available as part of [the ArcSight smart connector collection](https://community.softwaregrp.com/t5/Discussions/Announcing-General-Availability-of-ArcSight-Smart-Connectors-7/m-p/1671852). |
 | Syslog server | If you want to stream Azure Monitor data directly to a syslog server, you can use a [solution based on an Azure function](https://github.com/miguelangelopereira/azuremonitor2syslog/).
-| LogRhythm | Instructions to sett up LogRhythm to collect logs from an event hub are available [here](https://logrhythm.com/six-tips-for-securing-your-azure-cloud-environment/). 
+| LogRhythm | Instructions to set up LogRhythm to collect logs from an event hub are available [here](https://logrhythm.com/six-tips-for-securing-your-azure-cloud-environment/). 
 
 
 ## Next Steps

articles/backup/backup-support-matrix-iaas.md

@@ -153,7 +153,7 @@ Azure VM data disks | Back up a VM with 16 or less data disks.
 Data disk size | Individual disk size can be up to 32 TB and a maximum of 256 TB combined for all disks in a VM.
 Storage type | Standard HDD, Standard SSD, Premium SSD.
 Managed disks | Supported.
-Encrypted disks | Supported.<br/><br/> Azure VMs enabled with Azure Disk Encryption can be backed up (with or without the Azure AD app).<br/><br/> Encrypted VMs can’t be recovered at the file/folder level. You must recover the entire VM.<br/><br/> You can enable encryption on VMs that are already protected by Azure Backup.
+Encrypted disks | Supported (up to 4 TB).<br/><br/> Azure VMs enabled with Azure Disk Encryption can be backed up (with or without the Azure AD app).<br/><br/> Encrypted VMs can’t be recovered at the file/folder level. You must recover the entire VM.<br/><br/> You can enable encryption on VMs that are already protected by Azure Backup.
 Disks with Write Accelerator enabled | Not supported.<br/><br/> Azure backup automatically excludes the Disks with Write Accelerator enabled during backup. Since they are not backed up, you will not be able to Restore these disks from Recovery-Points of the VM.
 Back up & Restore deduplicated VMs/disks | Azure Backup does not support deduplication. For more information, see this [article](https://docs.microsoft.com/azure/backup/backup-support-matrix#disk-deduplication-support) <br/> <br/>  - Azure Backup does not deduplicate across VMs in the Recovery Services vault <br/> <br/>  - If there are VMs in deduplication state during restore, the files can't be restored as vault does not understand the format
 Add disk to protected VM | Supported.