Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into mm-assign

Author: msmimart

.openpublishing.redirection.json

@@ -250,6 +250,11 @@
       "redirect_url": "/azure/virtual-machines/",
       "redirect_document_id": false
     },
+    {  
+      "source_path": "articles/virtual-machines/dc-series.md",
+      "redirect_url": "/azure/virtual-machines/sizes-previous-gen",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/windows/maintenance-and-updates.md",
       "redirect_url": "/azure/virtual-machines/maintenance-and-updates?toc=/azure/virtual-machines/windows/toc.json&bc=/azure/virtual-machines/windows/breadcrumb/toc.json",
@@ -520,16 +525,7 @@
       "redirect_url": "/azure/site-recovery/vmware-physical-mobility-service-overview#install-mobility-agent-through-ui",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/site-recovery/scvmm-site-recovery-deprecation.md",
-      "redirect_url": "/azure/site-recovery/site-to-site-deprecation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/site-recovery/site-to-site-deprecation.md",
-      "redirect_url": "/azure/site-recovery/hyper-v-azure-tutorial",
-      "redirect_document_id": false
-    },
+ 
     {
       "source_path": "articles/machine-learning/service/quickstart-get-started.md",
       "redirect_url": "/azure/machine-learning/service/tutorial-1st-experiment-sdk-setup",
@@ -26985,6 +26981,16 @@
       "redirect_url": "/azure/storage/files/storage-files-faq",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/storage/files/storage-files-active-directory-enable.md",
+      "redirect_url": "/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/storage/files/storage-files-active-directory-domain-services-enable.md",
+      "redirect_url": "/azure/storage/files/storage-files-identity-auth-active-directory-enable",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/storage/storage-files-introduction.md",
       "redirect_url": "/azure/storage/files/storage-files-introduction",
@@ -29010,6 +29016,11 @@
       "redirect_url": "/azure/security-center/security-center-partner-integration",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-faq.md",
+      "redirect_url": "/azure/security-center/faq-general",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/security-center/security-center-playbooks.md",
       "redirect_url": "/azure/security-center/workflow-automation",
@@ -48875,6 +48886,21 @@
       "source_path": "articles/virtual-machines/windows/chef-automation.md",
       "redirect_url": "/azure/chef/chef-automation",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/azure-monitor/app/hockeyapp-bridge-app.md",
+      "redirect_url": "/azure/azure-monitor/overview",
+      "redirect_document_id": false 
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/tutorial-build-deploy-jenkins.md",
+      "redirect_url": "/azure/jenkins/tutorial-build-deploy-jenkins",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/tutorial-jenkins-github-docker-cicd.md",
+      "redirect_url": "/azure/jenkins/tutorial-jenkins-github-docker-cicd",
+      "redirect_document_id": false 
     }
   ]
 }

articles/active-directory/develop/howto-create-service-principal-portal.md

@@ -36,9 +36,9 @@ Let's jump straight into creating the identity. If you run into a problem, check
 
 You've created your Azure AD application and service principal.
 
-## Assign the application to a role
+## Assign a role to the application
 
-To access resources in your subscription, you must assign the application to a role. Decide which role offers the right permissions for the application. To learn about the available roles, see [RBAC: Built in Roles](../../role-based-access-control/built-in-roles.md).
+To access resources in your subscription, you must assign a role to the application. Decide which role offers the right permissions for the application. To learn about the available roles, see [RBAC: Built in Roles](../../role-based-access-control/built-in-roles.md).
 
 You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope. For example, adding an application to the Reader role for a resource group means it can read the resource group and any resources it contains.
 
@@ -58,7 +58,7 @@ You can set the scope at the level of the subscription, resource group, or resou
 
    ![Select the role to assign to the application](./media/howto-create-service-principal-portal/select-role.png)
 
-1. Select **Save** to finish assigning the role. You see your application in the list of users assigned to a role for that scope.
+1. Select **Save** to finish assigning the role. You see your application in the list of users with a role for that scope.
 
 Your service principal is set up. You can start using it to run your scripts or apps. The next section shows how to get values that are needed when signing in programmatically.
 
@@ -108,7 +108,7 @@ If you choose not to use a certificate, you can create a new application secret.
 1. Select **Client secrets -> New client secret**.
 1. Provide a description of the secret, and a duration. When done, select **Add**.
 
-   After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.
+   After saving the client secret, the value of the client secret is displayed. Copy this value because you won't be able to retrieve the key later. You will provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.
 
    ![Copy the secret value because you can't retrieve this later](./media/howto-create-service-principal-portal/copy-secret.png)
 
@@ -122,7 +122,7 @@ Keep in mind, you might need to configure addition permissions on resources that
 
 ## Required permissions
 
-You must have sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure subscription.
+You must have sufficient permissions to register an application with your Azure AD tenant, and assign to the application a role in your Azure subscription.
 
 ### Check Azure AD permissions
 
@@ -134,11 +134,11 @@ You must have sufficient permissions to register an application with your Azure
 1. In the left pane, select **User settings**.
 1. Check the **App registrations** setting. This value can only be set by an administrator. If set to **Yes**, any user in the Azure AD tenant can register an app.
 
-If the app registrations setting is set to **No**, only users with an administrator role may register these types of applications. See [available roles](../users-groups-roles/directory-assign-admin-roles.md#available-roles) and [role permissions](../users-groups-roles/directory-assign-admin-roles.md#role-permissions) to learn about available administrator roles and the specific permissions in Azure AD that are given to each role. If your account is assigned to the User role, but the app registration setting is limited to admin users, ask your administrator to either assign you to one of the administrator roles that can create and manage all aspects of app registrations, or to enable users to register apps.
+If the app registrations setting is set to **No**, only users with an administrator role may register these types of applications. See [available roles](../users-groups-roles/directory-assign-admin-roles.md#available-roles) and [role permissions](../users-groups-roles/directory-assign-admin-roles.md#role-permissions) to learn about available administrator roles and the specific permissions in Azure AD that are given to each role. If your account is assigned the User role, but the app registration setting is limited to admin users, ask your administrator to either assign you one of the administrator roles that can create and manage all aspects of app registrations, or to enable users to register apps.
 
 ### Check Azure subscription permissions
 
-In your Azure subscription, your account must have `Microsoft.Authorization/*/Write` access to assign an AD app to a role. This action is granted through the [Owner](../../role-based-access-control/built-in-roles.md#owner) role or [User Access Administrator](../../role-based-access-control/built-in-roles.md#user-access-administrator) role. If your account is assigned to the **Contributor** role, you don't have adequate permission. You receive an error when attempting to assign the service principal to a role.
+In your Azure subscription, your account must have `Microsoft.Authorization/*/Write` access to assign a role to an AD app. This action is granted through the [Owner](../../role-based-access-control/built-in-roles.md#owner) role or [User Access Administrator](../../role-based-access-control/built-in-roles.md#user-access-administrator) role. If your account is assigned the **Contributor** role, you don't have adequate permission. You will receive an error when attempting to assign the service principal a role.
 
 To check your subscription permissions:
 
@@ -150,9 +150,9 @@ To check your subscription permissions:
 
    ![Select the subscription you want to create the service principal in](./media/howto-create-service-principal-portal/view-details.png)
 
-1. Select **Role assignments** to view your assigned roles, and determine if you have adequate permissions to assign an AD app to a role. If not, ask your subscription administrator to add you to User Access Administrator role. In the following image, the user is assigned to the Owner role, which means that user has adequate permissions.
+1. Select **Role assignments** to view your assigned roles, and determine if you have adequate permissions to assign a role to an AD app. If not, ask your subscription administrator to add you to User Access Administrator role. In the following image, the user is assigned the Owner role, which means that user has adequate permissions.
 
-   ![This example shows the user is assigned to the Owner role](./media/howto-create-service-principal-portal/view-user-role.png)
+   ![This example shows the user is assigned the Owner role](./media/howto-create-service-principal-portal/view-user-role.png)
 
 ## Next steps
 

articles/active-directory/devices/hybrid-azuread-join-plan.md

@@ -70,20 +70,21 @@ As a first planning step, you should review your environment and determine wheth
 
 ## Review things you should know
 
-Hybrid Azure AD join is currently not supported if your environment consists of a single AD forest synchronizing identity data to more than one Azure AD tenant.
+### Unsupported scenarios
+- Hybrid Azure AD join is currently not supported if your environment consists of a single AD forest synchronizing identity data to more than one Azure AD tenant.
 
-If your environment uses virtual desktop infrastructure (VDI), see [Device identity and desktop virtualization](https://docs.microsoft.com/azure/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure).
+- Hybrid Azure AD join is not supported for Windows Server running the Domain Controller (DC) role.
 
-Hybrid Azure AD join is supported for FIPS-compliant TPM 2.0 and not supported for TPM 1.2. If your devices have FIPS-compliant TPM 1.2, you must disable them before proceeding with Hybrid Azure AD join. Microsoft does not provide any tools for disabling FIPS mode for TPMs as it is dependent on the TPM manufacturer. Please contact your hardware OEM for support. Starting from Windows 10 1903 release, TPMs 1.2 are not used for hybrid Azure AD join and devices with those TPMs will be considered as if they don't have a TPM.
+- Hybrid Azure AD join is not supported on Windows down-level devices when using credential roaming or user profile roaming or mandatory profile.
 
-Hybrid Azure AD join is not supported for Windows Server running the Domain Controller (DC) role.
+### OS imaging considerations
+- If you are relying on the System Preparation Tool (Sysprep) and if you are using a **pre-Windows 10 1809** image for installation, make sure that image is not from a device that is already registered with Azure AD as Hybrid Azure AD join.
 
-Hybrid Azure AD join is not supported on Windows down-level devices when using credential roaming or user profile roaming or mandatory profile.
+- If you are relying on a Virtual Machine (VM) snapshot to create additional VMs, make sure that snapshot is not from a VM that is already registered with Azure AD as Hybrid Azure AD join.
 
-If you are relying on the System Preparation Tool (Sysprep) and if you are using a **pre-Windows 10 1809** image for installation, make sure that image is not from a device that is already registered with Azure AD as Hybrid Azure AD join.
-
-If you are relying on a Virtual Machine (VM) snapshot to create additional VMs, make sure that snapshot is not from a VM that is already registered with Azure AD as Hybrid Azure AD join.
+- If you are using [Unified Write Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/unified-write-filter) and similar technologies that clear changes to the disk at reboot, they must be applied after the device is Hybrid Azure AD joined. Enabling such technologies prior to completion of Hybrid Azure AD join will result in the device getting unjoined on every reboot
 
+### Handling devices with Azure AD registered state
 If your Windows 10 domain joined devices are [Azure AD registered](overview.md#getting-devices-in-azure-ad) to your tenant, it could lead to a dual state of Hybrid Azure AD joined and Azure AD registered device. We recommend upgrading to Windows 10 1803 (with KB4489894 applied) or above to automatically address this scenario. In pre-1803 releases, you will need to remove the Azure AD registered state manually before enabling Hybrid Azure AD join. In 1803 and above releases, the following changes have been made to avoid this dual state:
 
 - Any existing Azure AD registered state would be automatically removed <i>after the device is Hybrid Azure AD joined</i>.
@@ -93,6 +94,11 @@ If your Windows 10 domain joined devices are [Azure AD registered](overview.md#g
 > [!NOTE]
 > The Azure AD registered device will not be automatically removed if it is managed by Intune.
 
+### Additional considerations
+- If your environment uses virtual desktop infrastructure (VDI), see [Device identity and desktop virtualization](https://docs.microsoft.com/azure/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure).
+
+- Hybrid Azure AD join is supported for FIPS-compliant TPM 2.0 and not supported for TPM 1.2. If your devices have FIPS-compliant TPM 1.2, you must disable them before proceeding with Hybrid Azure AD join. Microsoft does not provide any tools for disabling FIPS mode for TPMs as it is dependent on the TPM manufacturer. Please contact your hardware OEM for support. Starting from Windows 10 1903 release, TPMs 1.2 are not used for hybrid Azure AD join and devices with those TPMs will be considered as if they don't have a TPM.
+
 ## Review controlled validation of hybrid Azure AD join
 
 When all of the pre-requisites are in place, Windows devices will automatically register as devices in your Azure AD tenant. The state of these device identities in Azure AD is referred as hybrid Azure AD join. More information about the concepts covered in this article can be found in the article [Introduction to device identity management in Azure Active Directory](overview.md).

articles/active-directory/saas-apps/workplacebyfacebook-provisioning-tutorial.md

@@ -48,7 +48,7 @@ We have locked down the admin credentials section for existing Workplace custome
 
 
 #### When will these changes happen?
-All new instances of Workplace will already be using the new integration / authorization method. Existing integrations will be migrated gradually in February. The migration will be completed for all tenants by the end of the Month. 
+All new instances of Workplace will already be using the new integration / authorization method. Existing integrations will be migrated gradually by May. The workplace team has provided an extension on the deadline from Feb-28 to May-1. 
 
 ## Capabilities supported
 > [!div class="checklist"]