Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -1995,6 +1995,26 @@
       "redirect_url": "/azure/cognitive-services/bing-video-search/quickstarts/client-libraries?pivots=programming-language-python",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-c-sharp.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-java.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-java",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-node.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-javascript",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/bing-visual-search/visual-search-sdk-python.md",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/quickstarts/client-libraries?pivots=programming-language-python",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/classic/rdma-cluster.md",
       "redirect_url": "/azure/virtual-machines/linux/sizes-hpc#rdma-capable-instances",
@@ -2902,7 +2922,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/overview-more-machine-learning.md",
-      "redirect_url": "/azure/architecture/data-guide/technology-choices/data-science-and-machine-learning",
+      "redirect_url": "https://docs.microsoft.com/azure/architecture/data-guide/technology-choices/data-science-and-machine-learning",
       "redirect_document_id": false
     },
     {
@@ -2982,7 +3002,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/support-for-aml-services.md",
-      "redirect_url": "https://aka.ms/aml-forum-service",
+      "redirect_url": "https://social.msdn.microsoft.com/Forums/home?forum=AzureMachineLearningService",
       "redirect_document_id": false
     },
     {
@@ -3072,17 +3092,17 @@
     },
     {
       "source_path": "articles/machine-learning/studio/live-chat.md",
-      "redirect_url": "https://social.msdn.microsoft.com/Forums/en-US/home?forum=MachineLearning",
+      "redirect_url": "https://social.msdn.microsoft.com/Forums/home?forum=MachineLearning",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/machine-learning/studio/datamarket-deprecation.md",
-      "redirect_url": "https://microsoft.com/cognitive",
+      "redirect_url": "https://azure.microsoft.com/services/cognitive-services/",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/machine-learning/r-developers-guide.md",
-      "redirect_url": "/azure/architecture/data-guide/technology-choices/r-developers-guide",
+      "redirect_url": "https://docs.microsoft.com/azure/architecture/data-guide/technology-choices/r-developers-guide",
       "redirect_document_id": false
     },
     {
@@ -5110,6 +5130,11 @@
       "redirect_url": "/azure/active-directory/develop/msal-overview",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/active-directory/develop/shared-device-mode.md",
+      "redirect_url": "/azure/active-directory/develop/msal-android-shared-devices",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/azure-resource-manager/resource-group-authenticate-service-principal.md",
       "redirect_url": "/azure/active-directory/develop/howto-authenticate-service-principal-powershell",
@@ -15156,7 +15181,7 @@
     },
     {
       "source_path": "articles/machine-learning/service/how-to-create-portal-experiments.md",
-      "redirect_url": "/azure/machine-learning/how-to-create-portal-experiments",
+      "redirect_url": "/azure/machine-learning/tutorial-first-experiment-automated-ml",
       "redirect_document_id": false
     },
     {
@@ -47324,6 +47349,11 @@
       "redirect_url": "https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160593",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory-domain-services/compatible-software.md",
+      "redirect_url": "/azure/active-directory-domain-services/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory-domain-services/active-directory-ds-troubleshooting.md",
       "redirect_url": "/azure/active-directory-domain-services/troubleshoot",
@@ -50498,6 +50528,16 @@
     {
       "source_path": "articles/sql-database/sql-database-managed-instance-index.yml",
       "redirect_url": "/azure/sql-database/sql-database-managed-instance"
+    },
+    {
+      "source_path": "articles/aks/integrate-azure.md",
+      "redirect_url": "/azure/aks/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/use-cosmosdb-osba-mongo-app.md",
+      "redirect_url": "/azure/aks/",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-domain-services/TOC.yml

@@ -145,8 +145,6 @@
       href: faqs.md
     - name: Service updates
       href: https://azure.microsoft.com/updates/?product=active-directory-ds
-    - name: Compatible third-party software
-      href: compatible-software.md
     - name: Pricing
       href: https://azure.microsoft.com/pricing/details/active-directory-ds/
     - name: Azure AD feedback forum

articles/active-directory-domain-services/compatible-software.md

@@ -223,8 +223,12 @@
         href: scenario-mobile-app-configuration.md
       - name: Mobile platforms specific config
         items:
+        - name: Microsoft Enterprise SSO plug-in for Apple devices
+          href: apple-sso-plugin.md
         - name: Shared device mode for Android devices
-          href: shared-device-mode.md
+          href: msal-android-shared-devices.md
+        - name: Shared device mode for iOS devices
+          href: msal-ios-shared-devices.md
         - name: Xamarin Android
           href: msal-net-xamarin-android-considerations.md
         - name: System browser on Android
@@ -312,6 +316,17 @@
       href: msal-handling-exceptions.md
     - name: Logging
       href: msal-logging.md
+    - name: Shared devices
+      items:
+      - name: Overview - shared devices
+        href: msal-shared-devices.md
+        displayName: shared device mode, firstline worker, frontline worker
+      - name: Shared device mode for iOS devices
+        href: msal-ios-shared-devices.md
+        displayName: firstline worker, frontline worker
+      - name: Shared device mode for Android devices
+        href: msal-android-shared-devices.md
+        displayName: firstline worker, frontline worker
     - name: Single sign-on
       displayName: SSO
       items:

articles/active-directory/develop/TOC.yml

@@ -0,0 +1,79 @@
+---
+title: Microsoft Enterprise SSO plug-in for Apple devices
+titleSuffix: Microsoft identity platform | Azure
+description: Learn about Microsoft's Azure Active Directory SSO plug-in for iOS and macOS devices.
+services: active-directory
+author: brandwe
+manager: CelesteDG
+
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 03/31/2020
+ms.author: brandwe
+ms.reviewer: brandwe
+ms.custom: aaddev
+---
+
+# Microsoft Enterprise SSO plug-in for Apple devices (Preview)
+
+> [!NOTE]
+> This feature is in public preview.
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+The *Microsoft Enterprise SSO plug-in for Apple devices* provides single sign-on (SSO) for Active Directory accounts across all applications that support Apple's [Enterprise Single Sign-On](https://developer.apple.com/documentation/authenticationservices) feature. Microsoft worked closely with Apple to develop this plug-in to increase your application's usability while providing the best protection that Apple and Microsoft can provide.
+
+In this Public Preview release, the Enterprise SSO plug-in is available only for iOS devices and is distributed in certain Microsoft applications.
+
+Our first use of the Enterprise SSO plug-in is with our new [shared device mode](msal-ios-shared-devices.md) feature.
+
+## Features
+
+The Microsoft Enterprise SSO plug-in for Apple devices offers the following benefits:
+
+- Provides SSO for Active Directory accounts across all applications that support Apple's Enterprise Single Sign-On feature.
+- Delivered automatically in the Microsoft Authenticator and can be enabled by any mobile device management (MDM) solution.
+
+## Requirements
+
+To use Microsoft Enterprise SSO plug-in for Apple devices:
+
+- iOS 13.0 or higher must be installed on the device.
+- A Microsoft application that provides the Microsoft Enterprise SSO plug-in for Apple devices must be installed on the device. For Public Preview, these applications include the [Microsoft Authenticator app](../user-help/user-help-auth-app-overview.md).
+- Device must be MDM-enrolled (for example, with Microsoft Intune).
+- Configuration must be pushed to the device to enable the Microsoft Enterprise SSO plug-in for Apple devices on the device. This security constraint is required by Apple.
+
+## Enable the SSO extension with mobile device management (MDM)
+
+To enable the Microsoft Enterprise SSO plug-in for Apple devices, your devices need to be sent a signal through an MDM service. Since Microsoft includes the Enterprise SSO plug-in in the [Microsoft Authenticator app](..//user-help/user-help-auth-app-overview.md), use your MDM to configure the app to enable the Microsoft Enterprise SSO plug-in.
+
+Use the following parameters to configure the Microsoft Enterprise SSO plug-in for Apple devices:
+
+- **Type**: Redirect
+- **Extension ID**: `com.microsoft.azureauthenticator.ssoextension`
+- **Team ID**: `SGGM6D27TK`
+- **URLs**:
+  - `https://login.microsoftonline.com`
+  - `https://login.windows.net`
+  - `https://login.microsoft.com`
+  - `https://sts.windows.net`
+  - `https://login.partner.microsoftonline.cn`
+  - `https://login.chinacloudapi.cn`
+  - `https://login.microsoftonline.de`
+  - `https://login.microsoftonline.us`
+  - `https://login.usgovcloudapi.net`
+  - `https://login-us.microsoftonline.com`
+
+You can use Microsoft Intune as your MDM service to ease configuration of the Microsoft Enterprise SSO plug-in. For more information, see the [Intune configuration documentation](https://docs.microsoft.com/intune/configuration/ios-device-features-settings).
+
+## Using the SSO extension in your application
+
+The [Microsoft Authentication Library (MSAL) for Apple devices](https://github.com/AzureAD/microsoft-authentication-library-for-objc) version 1.1.0 and higher supports the Microsoft Enterprise SSO plug-in for Apple devices.
+
+If you'd like to support shared device mode provided by the Microsoft Enterprise SSO plug-in for Apple devices, ensure your applications use the specified minimum required version of MSAL.
+
+## Next steps
+
+For more information about shared device mode on iOS, see [Shared device mode for iOS devices](msal-ios-shared-devices.md).

articles/active-directory/develop/apple-sso-plugin.md

@@ -18,34 +18,43 @@ ms.custom: aaddev
 
 # How to: Customize browsers and WebViews for iOS/macOS
 
-A web browser is required for interactive authentication. On iOS, the Microsoft Authentication Library (MSAL) uses the system web browser by default (which might appear on top of your app) to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the Single Sign On (SSO) state with other applications and with web applications.
+A web browser is required for interactive authentication. On iOS and macOS 10.15+, the Microsoft Authentication Library (MSAL) uses the system web browser by default (which might appear on top of your app) to do interactive authentication to sign in users. Using the system browser has the advantage of sharing the Single Sign On (SSO) state with other applications and with web applications.
 
 You can change the experience by customizing the configuration to other options for displaying web content, such as:
 
 For iOS only:
 
-- [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession?language=objc)
 - [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession?language=objc) 
 - [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller?language=objc)
 
 For iOS and macOS:
 
+- [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession?language=objc)
 - [WKWebView](https://developer.apple.com/documentation/webkit/wkwebview?language=objc).
 
-MSAL for macOS only supports `WKWebView`.
+MSAL for macOS only supports `WKWebView` on older OS versions. `ASWebAuthenticationSession` is only supported on macOS 10.15 and above. 
 
 ## System browsers
 
-For iOS, `ASWebAuthenticationSession`, `SFAuthenticationSession`, and `SFSafariViewController` are considered system browsers. In general, system browsers share cookies and other website data with the Safari browser application.
+For iOS, `ASWebAuthenticationSession`, `SFAuthenticationSession`, and `SFSafariViewController` are considered system browsers. For macOS, only `ASWebAuthenticationSession` is available. In general, system browsers share cookies and other website data with the Safari browser application.
 
 By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be `ASWebAuthenticationSession`. 
 
+### Default configuration for iOS
+
 | Version | Web browser |
 |:-------------:|:-------------:|
 | iOS 12+ | ASWebAuthenticationSession |
 | iOS 11 | SFAuthenticationSession |
 | iOS 10 | SFSafariViewController |
 
+### Default configuration for macOS
+
+| Version | Web browser |
+|:-------------:|:-------------:|
+| macOS 10.15+ | ASWebAuthenticationSession |
+| other versions | WKWebView |
+
 Developers can also select a different system browser for MSAL apps:
 
 - `SFAuthenticationSession` is the iOS 11 version of `ASWebAuthenticationSession`.
@@ -61,7 +70,7 @@ The browser you use impacts the SSO experience because of how they share cookies
 
 | Technology    | Browser Type  | iOS availability | macOS availability | Shares cookies and other data  | MSAL availability | SSO |
 |:-------------:|:-------------:|:-------------:|:-------------:|:-------------:|:-------------:|-------------:|
-| [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) | System | iOS12 and up | macOS 10.15 and up | Yes | iOS only | w/ Safari instances
+| [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) | System | iOS12 and up | macOS 10.15 and up | Yes | iOS and macOS 10.15+ | w/ Safari instances
 | [SFAuthenticationSession](https://developer.apple.com/documentation/safariservices/sfauthenticationsession) | System | iOS11 and up | N/A | Yes | iOS only |  w/ Safari instances
 | [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) | System | iOS11 and up | N/A | No | iOS only | No**
 | **SFSafariViewController** | System | iOS10 | N/A | Yes | iOS only |  w/ Safari instances
@@ -134,21 +143,26 @@ All MSAL supported web browser types are declared in the [MSALWebviewType enum](
 ```objc
 typedef NS_ENUM(NSInteger, MSALWebviewType)
 {
-#if TARGET_OS_IPHONE
-    // For iOS 11 and up, uses AuthenticationSession (ASWebAuthenticationSession
-    // or SFAuthenticationSession).
-    // For older versions, with AuthenticationSession not being available, uses
-    // SafariViewController.
+    /**
+     For iOS 11 and up, uses AuthenticationSession (ASWebAuthenticationSession or SFAuthenticationSession).
+     For older versions, with AuthenticationSession not being available, uses SafariViewController.
+     For macOS 10.15 and above uses ASWebAuthenticationSession
+     For older macOS versions uses WKWebView
+     */
     MSALWebviewTypeDefault,
 
-    // Use SFAuthenticationSession/ASWebAuthenticationSession
+    /** Use ASWebAuthenticationSession where available.
+     On older iOS versions uses SFAuthenticationSession
+     Doesn't allow any other webview type, so if either of these are not present, fails the request*/
     MSALWebviewTypeAuthenticationSession,
 
-    // Use SFSafariViewController for all versions.
+#if TARGET_OS_IPHONE
+    
+    /** Use SFSafariViewController for all versions. */
     MSALWebviewTypeSafariViewController,
 
 #endif
-    // Use WKWebView
+    /** Use WKWebView */
     MSALWebviewTypeWKWebView,
 };
 ```

articles/active-directory/develop/customize-webviews.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
-ms.date: 02/26/2020
+ms.date: 04/01/2020
 ms.author: ryanwi
 ms.reviewer: tomfitz
 ms.custom: aaddev, seoapril2019, identityplatformtop40
@@ -95,7 +95,7 @@ Export this certificate to a file using the [Manage User Certificate](/dotnet/fr
 
 1. To view your certificates, under **Certificates - Current User** in the left pane, expand the **Personal** directory.
 1. Right-click on the cert you created, select **All tasks->Export**.
-1. Follow the Certificate Export wizard.  Export the private key, specify a password for the cert file, and export to a file.
+1. Follow the Certificate Export wizard.  Do not export the private key, and export to a .CER file.
 
 To upload the certificate: