Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-ga-sentinel

Author: v-alje

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/php-download-sdk.md",
+      "redirect_url": "https://github.com/Azure/azure-sdk-for-php",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-government/documentation-government-get-started-connect-with-vs.md",
       "redirect_url": "/azure/azure-government/documentation-government-welcome",
@@ -1540,6 +1545,26 @@
       "redirect_url": "/azure/cosmos-db/powershell-samples-sql",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/cosmos-db/scripts/powershell/create-and-configure-cassandra-database.md",
+      "redirect_url": "/azure/cosmos-db/powershell-samples-cassandra",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cosmos-db/scripts/powershell/create-graph-database-account-powershell.md",
+      "redirect_url": "/azure/cosmos-db/powershell-samples-gremlin",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cosmos-db/scripts/powershell/create-mongodb-database-account-powershell.md",
+      "redirect_url": "/azure/cosmos-db/powershell-samples-mongodb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cosmos-db/scripts/powershell/create-table-database-account-powershell.md",
+      "redirect_url": "/azure/cosmos-db/powershell-samples-table",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cosmos-db/scripts/powershell/sql/ps-account-delete.md",
       "redirect_url": "/azure/cosmos-db/powershell-samples-sql",
@@ -10785,6 +10810,16 @@
       "redirect_url": "/azure/dns/dns-reverse-dns-for-azure-services",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/dns/scripts/traffic-manager-cli-create-dns-zone-record.md",
+      "redirect_url": "/azure/dns/scripts/dns-cli-create-dns-zone-record",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/dns/private-dns-portal.md",
+      "redirect_url": "/azure/dns/private-dns-getstarted-portal",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/data-lake-analytics/data-lake-analytics-get-started-net-sdk.md",
       "redirect_url": "/azure/data-lake-analytics/data-lake-analytics-get-started-cli2",

articles/active-directory/saas-apps/blink-provisioning-tutorial.md

@@ -0,0 +1,148 @@
+---
+title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Blink.
+services: active-directory
+documentationcenter: ''
+author: zchia
+writer: zchia
+manager: beatrizd
+
+ms.assetid: 9ebcbf4a-0cf9-41c3-96af-d8ab6ab11639
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 09/19/2019
+ms.author: Zhchia
+---
+
+# Tutorial: Configure Blink for automatic user provisioning
+
+The objective of this tutorial is to demonstrate the steps to be performed in Blink and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users and/or groups to Blink.
+
+> [!NOTE]
+> This tutorial describes a connector built on top of the Azure AD User Provisioning Service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
+>
+> This connector is currently in Public Preview. For more information on the general Microsoft Azure terms of use for Preview features, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* An Azure AD tenant
+* [A Blink tenant](https://joinblink.com/pricing)
+* A user account in Blink with Admin permissions.
+
+## Assigning users to Blink
+
+Azure Active Directory uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Azure AD are synchronized.
+
+Before configuring and enabling automatic user provisioning, you should decide which users and/or groups in Azure AD need access to Blink. Once decided, you can assign these users and/or groups to Blink by following the instructions here:
+* [Assign a user or group to an enterprise app](../manage-apps/assign-user-or-group-access-portal.md)
+
+## Important tips for assigning users to Blink
+
+* It is recommended that a single Azure AD user is assigned to Blink to test the automatic user provisioning configuration. Additional users and/or groups may be assigned later.
+
+* When assigning a user to Blink, you must select any valid application-specific role (if available) in the assignment dialog. Users with the **Default Access** role are excluded from provisioning.
+
+## Setup Blink for provisioning
+
+1. Log a [Support Case](https://help.joinblink.com/hc/requests/new) or email **Blink support** at [email protected] to request a SCIM token. .
+
+2.	Copy the **SCIM Authentication Token**. This value will be entered in the Secret Token field in the Provisioning tab of your Blink application in the Azure portal.
+
+## Add Blink from the gallery
+
+Before configuring Blink for automatic user provisioning with Azure AD, you need to add Blink from the Azure AD application gallery to your list of managed SaaS applications.
+
+**To add Blink from the Azure AD application gallery, perform the following steps:**
+
+1. In the **[Azure portal](https://portal.azure.com)**, in the left navigation panel, select **Azure Active Directory**.
+
+	![The Azure Active Directory button](common/select-azuread.png)
+
+2. Go to **Enterprise applications**, and then select **All applications**.
+
+	![The Enterprise applications blade](common/enterprise-applications.png)
+
+3. To add a new application, select the **New application** button at the top of the pane.
+
+	![The New application button](common/add-new-app.png)
+
+4. In the search box, enter **Blink**, select **Blink** in the results panel, and then click the **Add** button to add the application.
+
+	![Blink in the results list](common/search-new-app.png)
+
+## Configuring automatic user provisioning to Blink 
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Blink based on user and/or group assignments in Azure AD.
+
+> [!TIP]
+> You may also choose to enable SAML-based single sign-on for Blink , following the instructions provided in the [Blink Single sign-on tutorial](https://docs.microsoft.com/azure/active-directory/saas-apps/blink-tutorial). Single sign-on can be configured independently of automatic user provisioning, though these two features compliment each other
+
+### To configure automatic user provisioning for Blink in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+	![Enterprise applications blade](common/enterprise-applications.png)
+
+2. In the applications list, select **Blink**.
+
+	![The Blink link in the Applications list](common/all-applications.png)
+
+3. Select the **Provisioning** tab.
+
+	![Provisioning tab](common/provisioning.png)
+
+4. Set the **Provisioning Mode** to **Automatic**.
+
+	![Provisioning tab](common/provisioning-automatic.png)
+
+5. Under the **Admin Credentials** section, input `https://api.joinblink.com/scim` in **Tenant URL**. Input the **SCIM Authentication Token** value retrieved earlier in **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to Blink. If the connection fails, ensure your Blink account has Admin permissions and try again.
+
+	![Tenant URL + Token](common/provisioning-testconnection-tenanturltoken.png)
+
+6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
+
+	![Notification Email](common/provisioning-notification-email.png)
+
+7. Click **Save**.
+
+8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Blink**.
+
+	![Blink User Mappings](media/blink-provisioning-tutorial/User_mappings.png)
+
+9. Review the user attributes that are synchronized from Azure AD to Blink in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Blink for update operations. Select the **Save** button to commit any changes.
+
+	![Blink User Attributes](media/blink-provisioning-tutorial/User_attributes.png)
+
+10. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+
+11. To enable the Azure AD provisioning service for Blink, change the **Provisioning Status** to **On** in the **Settings** section.
+
+	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+12. Define the users that you would like to provision to Blink by choosing the desired values in **Scope** in the **Settings** section.
+
+	![Provisioning Scope](common/provisioning-scope.png)
+
+15. When you are ready to provision, click **Save**.
+
+	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Blink.
+
+For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../manage-apps/check-status-user-account-provisioning.md).
+
+## Additional resources
+
+* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
+

articles/active-directory/saas-apps/media/blink-provisioning-tutorial/user_attributes.png

@@ -1476,6 +1476,8 @@
         href: atlassian-cloud-provisioning-tutorial.md
       - name: BitaBIZ
         href: bitabiz-provisioning-tutorial.md
+      - name: Blink
+        href: blink-provisioning-tutorial.md
       - name: BlueJeans
         href: bluejeans-provisioning-tutorial.md
       - name: Bonusly

articles/active-directory/saas-apps/media/blink-provisioning-tutorial/user_mappings.png

@@ -36,27 +36,25 @@
   items:
   - name: Manage users
     items: 
-    - name: Add new users to Azure AD 
+    - name: Create users 
       href: /azure/active-directory/fundamentals/add-users-azure-active-directory?context=azure/active-directory/users-groups-roles/context/ugr-context
-    - name: Manage user profiles    
+    - name: Bulk create users (preview)
+      href: users-bulk-add.md    
+    - name: Manage user profiles
       href: /azure/active-directory/fundamentals/active-directory-users-profile-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
-    - name: Bulk operations (preview)
-      items:
-        - name: Download users (preview)
-          href: users-bulk-download.md
-        - name: Bulk import users (preview)
-          href: users-bulk-add.md
-        - name: Bulk delete users (preview)
-          href: users-bulk-delete.md
-        - name: Bulk restore users (preview)
-          href: users-bulk-restore.md
+    - name: Download user info (preview)
+      href: users-bulk-download.md
     - name: Share user accounts  
       href: users-sharing-accounts.md
     - name: Assign users to admin roles    
       href: /azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
+    - name: Bulk delete users (preview)
+      href: users-bulk-delete.md
     - name: Restore a deleted user    
       href: /azure/active-directory/fundamentals/active-directory-users-restore?context=azure/active-directory/users-groups-roles/context/ugr-context
-    - name: Close your account in an unmanaged directory
+    - name: Bulk restore users (preview)
+      href: users-bulk-restore.md
+    - name: Close an account in an unmanaged directory
       href: users-close-account.md
     - name: Add B2B users  
       href: /azure/active-directory/b2b/what-is-b2b?context=azure/active-directory/users-groups-roles/context/ugr-context
@@ -86,28 +84,26 @@
       href: /azure/active-directory/fundamentals/active-directory-manage-groups?context=azure/active-directory/users-groups-roles/context/ugr-context
     - name: Search group and member lists (preview)    
       href: groups-members-owners-search.md
+    - name: Create a group (Azure portal)    
+      href: /azure/active-directory/fundamentals/active-directory-groups-create-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
     - name: Manage groups PowerShell for Graph (v2)   
       href: groups-settings-v2-cmdlets.md
     - name: Manage groups PowerShell MSOnline    
       href: groups-settings-cmdlets.md
-    - name: Manage group members    
+    - name: Add or remove group members    
       href: /azure/active-directory/fundamentals/active-directory-groups-members-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
+    - name: Bulk add members (preview)
+      href: groups-bulk-import-members.md
+    - name: Bulk remove members (preview)
+      href: groups-bulk-remove-members.md
+    - name: Bulk download member list (preview)
+      href: groups-bulk-download-members.md
     - name: Manage group owners
       href: /azure/active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners?context=azure/active-directory/users-groups-roles/context/ugr-context
-    - name: Bulk operations (preview)
-      items:
-      - name: Bulk import members (preview)
-        href: groups-bulk-import-members.md
-      - name: Bulk download members (preview)
-        href: groups-bulk-download-members.md
-      - name: Bulk remove members (preview)
-        href: groups-bulk-remove-members.md
-      - name: Bulk download a groups list (preview)
-        href: groups-bulk-download.md
+    - name: Bulk download groups list (preview)
+      href: groups-bulk-download.md
     - name: Manage groups in groups
       href: /azure/active-directory/fundamentals/active-directory-groups-membership-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
-    - name: Create a group (Azure portal)    
-      href: /azure/active-directory/fundamentals/active-directory-groups-create-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context
     - name: Add group access to SaaS apps
       href: groups-saasapps.md
     - name: Groups naming reference

articles/active-directory/saas-apps/toc.yml

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: users-groups-roles
 ms.topic: article
-ms.date: 09/05/2019
+ms.date: 09/20/2019
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -76,6 +76,12 @@ The Authentication administrator role is currently in public preview. This previ
 * Administrators in other services outside of Azure AD like Exchange Online, Office Security and Compliance Center, and human resources systems.
 * Non-administrators like executives, legal counsel, and human resources employees who may have access to sensitive or private information.
 
+### [Azure DevOps Administrator](#azure-devops-administrator-permissions)
+
+Users with this role can manage the Azure DevOps policy to restrict new Azure DevOps organization creation to a set of configurable users or groups. Users in this role can manage this policy through any Azure DevOps organization that is backed the company’s Azure AD organization.
+
+All enterprise Azure DevOps policies can be managed by users in this role.
+
 ### [Azure Information Protection Administrator](#azure-information-protection-administrator-permissions)
 
 Users with this role have all permissions in the Azure Information Protection service. This role allows configuring labels for the Azure Information Protection policy, managing protection templates, and activating protection. This role does not grant any permissions in Identity Protection Center, Privileged Identity Management, Monitor Office 365 Service Health, or Office 365 Security & Compliance Center.
@@ -489,6 +495,19 @@ Allowed to view, set and reset authentication method information for any non-adm
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
 | microsoft.directory/users/password/update | Update passwords for all users in the Office 365 organization. See online documentation for more detail. |
 
+### Azure DevOps Administrator permissions
+
+Can manage Azure DevOps organization policy and settings.
+
+> [!NOTE]
+> This role has additional permissions outside of Azure Active Directory. For more information, see [role description](#azure-devops-administrator) above.
+>
+>
+
+| **Actions** | **Description** |
+| --- | --- |
+| microsoft.azure.devOps/allEntities/allTasks | Read and configure Azure DevOps. |
+
 ### Azure Information Protection Administrator permissions
 
 Can manage all aspects of the Azure Information Protection service.

articles/active-directory/users-groups-roles/TOC.yml

@@ -84,14 +84,11 @@ When you verify ownership of the domain name, Azure AD removes the domain name f
 ### Support for external admin takeover
 External admin takeover is supported by the following online services:
 
-- Power BI
 - Azure Rights Management
 - Exchange Online
 
 The supported service plans include:
 
-- Power BI Free
-- Power BI Pro
 - PowerApps Free
 - PowerFlow Free
 - RMS for individuals
@@ -110,10 +107,6 @@ The key and templates are not moved over when the unmanaged tenant is in a diffe
 
 Although RMS for individuals is designed to support Azure AD authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates were not moved over, that content is not accessible after the domain takeover.
 
-#### More information about Power BI
-
-When you perform an external takeover, Power BI content that was created before the takeover is placed in a [Power BI Archived Workspace](/power-bi/service-admin-power-bi-archived-workspace). You must manually migrate any content that you want to use in the new tenant.
-
 ### Azure AD PowerShell cmdlets for the ForceTakeover option
 You can see these cmdlets used in [PowerShell example](#powershell-example).