Merge pull request #100304 from MicrosoftDocs/master

1/07 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -18550,6 +18550,11 @@
       "redirect_url": "/azure/service-fabric/service-fabric-tutorial-deploy-app-to-party-cluster",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/migrate/troubleshooting-general.md",
+      "redirect_url": "troubleshoot-general",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/migrate/preserve-drive-letter-protected-virtual-machines-failed-migrated-azure.md",
       "redirect_url": "prepare-for-migration",

articles/active-directory/manage-apps/how-provisioning-works.md

@@ -58,6 +58,7 @@ You can customize the default attribute-mappings according to your business need
 
 When you configure provisioning to a SaaS application, one of the types of attribute mappings that you can specify is an expression mapping. For these mappings, you must write a script-like expression that allows you to transform your users’ data into formats that are more acceptable for the SaaS application. For details, see [Writing expressions for attribute mappings](functions-for-customizing-application-data.md).
 
+## Scoping 
 ### Assignment-based scoping
 
 For outbound provisioning from Azure AD to a SaaS application, relying on [user or group assignments](assign-user-or-group-access-portal.md) is the most common way to determine which users are in scope for provisioning. Because user assignments are also used for enabling single sign-on, the same method can be used for managing both access and provisioning. Assignment-based scoping doesn't apply to inbound provisioning scenarios such as Workday and Successfactors.

articles/active-directory/saas-apps/google-apps-provisioning-tutorial.md

@@ -11,9 +11,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: article
-ms.date: 03/27/2019
+ms.date: 01/06/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -61,18 +60,18 @@ Before configuring G Suite for automatic user provisioning with Azure AD, you wi
 
     ![Select security.][10]
 
-2. On the **Security** page, select **API Reference**.
+1. On the **Security** page, select **API Reference**.
 
     ![Select API Reference.][15]
 
-3. Select **Enable API access**.
+1. Select **Enable API access**.
 
     ![Select API Reference.][16]
 
    > [!IMPORTANT]
    > For every user that you intend to provision to G Suite, their user name in Azure AD **must** be tied to a custom domain. For example, user names that look like [email protected] are not accepted by G Suite. On the other hand, [email protected] is accepted. You can change an existing user's domain by following the instructions [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-custom-domain).
 
-4.  Once you have added and verified your desired custom domains with Azure AD, you must verify them again with G Suite. To verify domains in G Suite, refer to the following steps:
+1. Once you have added and verified your desired custom domains with Azure AD, you must verify them again with G Suite. To verify domains in G Suite, refer to the following steps:
 
     a. In the [G Suite Admin Console](https://admin.google.com/), select **Domains**.
 
@@ -90,11 +89,11 @@ Before configuring G Suite for automatic user provisioning with Azure AD, you wi
 
     e. Repeat the preceding steps for any additional domains that you intend to add to G Suite.
 
-5. Next, determine which admin account you want to use to manage user provisioning in G Suite. Navigate to **Admin Roles**.
+1. Next, determine which admin account you want to use to manage user provisioning in G Suite. Navigate to **Admin Roles**.
 
     ![Select Google Apps][26]
-    
-6. For the **Admin role** of that account, edit the **Privileges** for that role. Make sure to enable all **Admin API Privileges** so that this account can be used for provisioning.
+
+1. For the **Admin role** of that account, edit the **Privileges** for that role. Make sure to enable all **Admin API Privileges** so that this account can be used for provisioning.
 
     ![Select Google Apps][27]
 
@@ -106,15 +105,15 @@ To configure G Suite for automatic user provisioning with Azure AD, you will nee
 
 	![The Azure Active Directory button](common/select-azuread.png)
 
-2. Go to **Enterprise applications**, and then select **All applications**.
+1. Go to **Enterprise applications**, and then select **All applications**.
 
 	![The Enterprise applications blade](common/enterprise-applications.png)
 
-3. To add a new application, select the **New application** button at the top of the pane.
+1. To add a new application, select the **New application** button at the top of the pane.
 
 	![The New application button](common/add-new-app.png)
 
-4. In the search box, enter **G Suite**, select **G Suite** in the results panel, and then click the **Add** button to add the application.
+1. In the search box, enter **G Suite**, select **G Suite** in the results panel, and then click the **Add** button to add the application.
 
 	![G Suite in the results list](common/search-new-app.png)
 
@@ -134,66 +133,69 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Enterprise applications blade](common/enterprise-applications.png)
 
-2. In the applications list, select **G Suite**.
+1. In the applications list, select **G Suite**.
 
 	![The G Suite link in the Applications list](common/all-applications.png)
 
-3. Select the **Provisioning** tab.
+1. Select the **Provisioning** tab.
 
 	![Provisioning tab](common/provisioning.png)
 
-4. Set the **Provisioning Mode** to **Automatic**.
+1. Set the **Provisioning Mode** to **Automatic**.
 
 	![Provisioning tab](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, select **Authorize**. It opens a Google authorization dialog box in a new browser window.
+1. Under the **Admin Credentials** section, select **Authorize**. It opens a Google authorization dialog box in a new browser window.
 
     ![G Suite Authorize](media/google-apps-provisioning-tutorial/authorize.png)
 
-6. Confirm that you want to give Azure AD permissions to make changes to your G Suite tenant. Select **Accept**.
+1. Confirm that you want to give Azure AD permissions to make changes to your G Suite tenant. Select **Accept**.
 
     ![Confirm permissions.][28]
 
-7. In the Azure portal, select **Test Connection** to ensure that Azure AD can connect to your app. If the connection fails, ensure that your G Suite account has Team Admin permissions. Then try the **Authorize** step again.
+1. In the Azure portal, select **Test Connection** to ensure that Azure AD can connect to your app. If the connection fails, ensure that your G Suite account has Team Admin permissions. Then try the **Authorize** step again.
 
-8. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
 
 	![Notification Email](common/provisioning-notification-email.png)
 
-8. Click **Save**.
+1. Click **Save**.
 
-9. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to G Suite**.
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to G Suite**.
 
 	![G Suite User Mappings](media/google-apps-provisioning-tutorial/usermappings.png)
 
-10. Review the user attributes that are synchronized from Azure AD to G Suite in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in G Suite for update operations. Select the **Save** button to commit any changes.
+1. Review the user attributes that are synchronized from Azure AD to G Suite in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in G Suite for update operations. Select the **Save** button to commit any changes.
 
 	![G Suite User Attributes](media/google-apps-provisioning-tutorial/userattributes.png)
 
-11. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to G Suite**.
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to G Suite**.
 
 	![G Suite Group Mappings](media/google-apps-provisioning-tutorial/groupmappings.png)
 
-12. Review the group attributes that are synchronized from Azure AD to G Suite in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in G Suite for update operations. Select the **Save** button to commit any changes. The UI displays the default set of attribute mappings between Azure AD and G Suite. You can choose to add additional attributes such as Org Unit by clicking add new mapping. 
+1. Review the group attributes that are synchronized from Azure AD to G Suite in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in G Suite for update operations. Select the **Save** button to commit any changes. The UI displays the default set of attribute mappings between Azure AD and G Suite. You can choose to add additional attributes such as Org Unit by clicking add new mapping.
 
     ![G Suite Group Attributes](media/google-apps-provisioning-tutorial/groupattributes.png)
 
-13. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
 
-14. To enable the Azure AD provisioning service for G Suite, change the **Provisioning Status** to **On** in the **Settings** section.
+1. To enable the Azure AD provisioning service for G Suite, change the **Provisioning Status** to **On** in the **Settings** section.
 
 	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
 
-15. Define the users and/or groups that you would like to provision to G Suite by choosing the desired values in **Scope** in the **Settings** section.
+1. Define the users and/or groups that you would like to provision to G Suite by choosing the desired values in **Scope** in the **Settings** section.
 
 	![Provisioning Scope](common/provisioning-scope.png)
 
-16. When you are ready to provision, click **Save**.
+1. When you are ready to provision, click **Save**.
 
 	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
 
 This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on G Suite.
 
+> [!NOTE]
+> If the users already have an existing personal/consumer account using the email address of the Azure AD user, then it may cause some issue which could be resolved by using the Google Transfer Tool prior to performing the directory sync.
+
 For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../manage-apps/check-status-user-account-provisioning.md).
 
 ## Additional resources
@@ -208,7 +210,6 @@ For more information on how to read the Azure AD provisioning logs, see [Reporti
 
 * [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
 
-
 <!--Image references-->
 
 [10]: ./media/google-apps-provisioning-tutorial/gapps-security.png

articles/active-directory/saas-apps/media/google-apps-provisioning-tutorial/domain_1.png

@@ -146,7 +146,7 @@ When the Azure Database for PostgreSQL server is created, the Azure CLI shows in
 In the Cloud Shell, create a firewall rule for your Postgres server to allow client connections by using the [`az postgres server firewall-rule create`](/cli/azure/postgres/server/firewall-rule?view=azure-cli-latest#az-postgres-server-firewall-rule-create) command. When both starting IP and end IP are set to 0.0.0.0, the firewall is only opened for other Azure resources. Substitute a unique server name for the *\<postgres-server-name>* placeholder.
 
 ```azurecli-interactive
-az postgres server firewall-rule create --resource-group myResourceGroup --server <postgres-server-name> --name AllowAllIps --start-ip-address 0.0.0.0 --end-ip-address 255.255.255.255
+az postgres server firewall-rule create --resource-group myResourceGroup --server <postgres-server-name> --name AllowAllIps --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
 ```
 
 > [!TIP] 
@@ -506,4 +506,4 @@ Advance to the next tutorial to learn how to map a custom DNS name to your app.
 Or, check out other resources:
 
 > [!div class="nextstepaction"]
-> [Configure Ruby app](configure-language-ruby.md)
+> [Configure Ruby app](configure-language-ruby.md)