[AKS] Resolving merge conflict

Author: iainfoulds

articles/active-directory/connect/active-directory-aadconnect-version-history.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 08/10/2018
+ms.date: 08/21/2018
 ms.component: hybrid
 ms.author: billmath
 
@@ -36,7 +36,7 @@ Download| [Download Azure AD Connect](http://go.microsoft.com/fwlink/?LinkId=615
 
 ### Release status
 
-7/20/2018: Released for download and auto upgrade. The auto upgrade process is still in progress.
+8/21/2018: Released for download and auto upgrade. 
 
 ### New features and improvements
 

articles/active-directory/develop/howto-get-appsource-certified.md

@@ -14,41 +14,46 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 08/03/2017
+ms.date: 08/21/2018
 ms.author: celested
 ms.reviewer: andret
 ms.custom: aaddev
 ---
 
 # How to get AppSource Certified for Azure Active Directory
+
 [Microsoft AppSource](https://appsource.microsoft.com/) is a destination for business users to discover, try, and manage line-of-business SaaS applications (standalone SaaS and add-on to existing Microsoft SaaS products).
 
-To list a standalone SaaS application on AppSource, your application must accept single sign-on from work accounts from any company or organization that has Azure Active Directory. The sign-in process must use the [OpenID Connect](v1-protocols-openid-connect-code.md) or [OAuth 2.0](v1-protocols-oauth-code.md) protocols. SAML integration is not accepted for AppSource certification.
+To list a standalone SaaS application on AppSource, your application must accept single sign-on from work accounts from any company or organization that has Azure Active Directory (Azure AD). The sign-in process must use the [OpenID Connect](v1-protocols-openid-connect-code.md) or [OAuth 2.0](v1-protocols-oauth-code.md) protocols. SAML integration is not accepted for AppSource certification.
 
 ## Guides and code samples
-If you want to learn about how to integrate your application with Azure Active Directory using Open ID connect, follow our guides and code samples in the [Azure Active Directory developer's guide](azure-ad-developers-guide.md#get-started "Get Started with Azure AD for developers").
+
+If you want to learn about how to integrate your application with Azure AD using Open ID connect, follow our guides and code samples in the [Azure Active Directory developer's guide](azure-ad-developers-guide.md#get-started "Get Started with Azure AD for developers").
 
 ## Multi-tenant applications
 
-An application that accepts sign-ins from users from any company or organization that have Azure Active Directory without requiring a separate instance, configuration, or deployment is known as a *multi-tenant application*. AppSource recommends that applications implement multi-tenancy to enable the *single-click* free trial experience.
+A *multi-tenant application* is an application that accepts sign-ins from users from any company or organization that have Azure AD without requiring a separate instance, configuration, or deployment. AppSource recommends that applications implement multi-tenancy to enable the *single-click* free trial experience.
 
-In order to enable multi-tenancy on your application:
-- Set `Multi-Tenanted` property to `Yes` on your application registration's information in the [Azure Portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) (by default, applications created in the Azure Portal are configured as *single-tenant*)
-- Update your code to send requests to the '`common`' endpoint (update the endpoint from *https://login.microsoftonline.com/{yourtenant}* to *https://login.microsoftonline.com/common*)
-- For some platforms, like ASP.NET, you need also to update your code to accept multiple issuers
+To enable multi-tenancy on your application, follow these steps:
+1. Set `Multi-Tenanted` property to `Yes` on your application registration's information in the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps). By default, applications created in the Azure portal are configured as *[single-tenant](#single-tenant-applications)*.
+1. Update your code to send requests to the `common` endpoint. To do this, update the endpoint from `https://login.microsoftonline.com/{yourtenant}` to `https://login.microsoftonline.com/common*`.
+1. For some platforms, like ASP .NET, you need also to update your code to accept multiple issuers.
 
-For more information about multi-tenancy, see: [How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern](howto-convert-app-to-be-multi-tenant.md).
+For more information about multi-tenancy, see [How to sign in any Azure Active Directory (Azure AD) user using the multi-tenant application pattern](howto-convert-app-to-be-multi-tenant.md).
 
 ### Single-tenant applications
-Applications that only accept sign-ins from users of a defined Azure Active Directory instance are known as *single-tenant application*. External users (including Work or School accounts from other organizations, or personal account) can sign in to a single-tenant application after adding each user as *guest account* to the Azure Active Directory instance that the application is registered. You can add users as guest accounts to an Azure Active Directory via the [*Azure AD B2B collaboration*](../b2b/what-is-b2b.md) - and it can be done [programatically](../../active-directory-b2c/code-samples.md). When you add a user as guest account to an Azure Active Directory, an invitation email is sent to the user, who has to accept the invitation by clicking on the link in the invitation email. Invitations that are sent to an additional user in an inviting organization that is also a member of the partner organization are not required to accept an invitation to sign in.
 
-Single-tenant applications can enable the *Contact Me* experience, but if you want to enable the single-click/ free trial experience that AppSource recommends, enable multi-tenancy on your application instead.
+A *single-tenant application* is an application that only accepts sign-ins from users of a defined Azure AD instance. External users (including work or school accounts from other organizations, or personal accounts) can sign in to a single-tenant application after adding each user as a guest account to the Azure AD instance that the application is registered. 
 
+You can add users as guest accounts to Azure AD through the [Azure AD B2B collaboration](../b2b/what-is-b2b.md) and you can do this [programatically](../../active-directory-b2c/code-samples.md). When using B2B, users can create a self-service portal that does not require an invitation to sign in. For more info, see [Self-service portal for Azure AD B2B collaboration sign-up](https://docs.microsoft.com/azure/active-directory/b2b/self-service-portal).
+
+Single-tenant applications can enable the *Contact Me* experience, but if you want to enable the single-click/free trial experience that AppSource recommends, enable multi-tenancy on your application instead.
 
 ## AppSource trial experiences
 
-### Free Trial (Customer-led trial experience) 
-The *customer-led trial* is the experience that AppSource recommends as it offers a single-click access to your application. Below an illustration of how this experience looks like:<br/><br/>
+### Free trial (customer-led trial experience) 
+
+The customer-led trial is the experience that AppSource recommends as it offers a single-click access to your application. Below an illustration of how this experience looks like:<br/><br/>
 
 <table >
 <tr>
@@ -63,8 +68,9 @@ The *customer-led trial* is the experience that AppSource recommends as it offer
 </tr>
 </table>
 
-### Contact Me (Partner-led trial experience)
-The *partner trial experience* can be used when a manual or a long-term operation needs to happen to provision the user/ company: for example, your application needs to provision virtual machines, database instances, or operations that take much time to complete. In this case, after user selects the *'Request Trial'* button and fills out a form, AppSource sends you the user's contact information. Upon receiving this information, you then provision the environment and send the instructions to the user on how to access the trial experience:<br/><br/>
+### Contact me (partner-led trial experience)
+
+You can use the partner trial experience when a manual or a long-term operation needs to happen to provision the user/company--for example, your application needs to provision virtual machines, database instances, or operations that take much time to complete. In this case, after the user selects the **Request Trial** button and fills out a form, AppSource sends you the user's contact information. When you receive this information, you then provision the environment and send the instructions to the user on how to access the trial experience:<br/><br/>
 
 <table valign="top">
 <tr>
@@ -97,17 +103,18 @@ The *partner trial experience* can be used when a manual or a long-term operatio
 </table>
 
 ### More information
+
 For more information about the AppSource trial experience, see [this video](https://aka.ms/trialexperienceforwebapps). 
 
 ## Next Steps
 
-- For more information on building applications that support Azure Active Directory sign-ins, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/active-directory-authentication-scenarios) 
-
+- For more information on building applications that support Azure AD sign-ins, see [Authentication scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-scenarios).
 - For information on how to list your SaaS application in AppSource, go see [AppSource Partner Information](https://appsource.microsoft.com/partners)
 
 
-## Get Support
-For Azure Active Directory integration, we use [Stack Overflow](http://stackoverflow.com/questions/tagged/azure-active-directory+appsource) with the community to provide support. 
+## Get support
+
+For Azure AD integration, we use [Stack Overflow](http://stackoverflow.com/questions/tagged/azure-active-directory+appsource) with the community to provide support. 
 
 We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [`[azure-active-directory]` and `[appsource]`](http://stackoverflow.com/questions/tagged/azure-active-directory+appsource).
 
@@ -121,4 +128,4 @@ Use the following comments section to provide feedback and help us refine and sh
 [AAD-QuickStart-Web-Apps]: azure-ad-developers-guide.md#get-started
 
 
-<!--Image references-->
+<!--Image references-->

articles/active-directory/develop/v2-permissions-and-consent.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 01/07/2017
+ms.date: 08/21/2018
 ms.author: celested
 ms.reviewer: hirsin, dastrock
 ms.custom: aaddev
@@ -70,6 +70,19 @@ If your app does not request the `offline_access` scope, it won't receive refres
 
 For more information about how to get and use refresh tokens, see the [v2.0 protocol reference](active-directory-v2-protocols.md).
 
+## Accessing v1.0 resources
+v2.0 applications can request tokens and consent for v1.0 applications (such as the PowerBI API `https://analysis.windows.net/powerbi/api` or Sharepoint API `https://{tenant}.sharepoint.com`).  To do so, you can reference the app URI and scope string in the `scope` parameter.  For example, `scope=https://analysis.windows.net/powerbi/api/Dataset.Read.All` would request the PowerBI `View all Datasets` permission for your application. 
+
+To request multiple permissions, append the entire URI with a space or `+`, e.g. `scope=https://analysis.windows.net/powerbi/api/Dataset.Read.All+https://analysis.windows.net/powerbi/api/Report.Read.All`.  This requests both the `View all Datasets` and `View all Reports` permissions.  Note that as with all Azure AD scopes and permissions, applications can only make a request to one resource at a time - so the request `scope=https://analysis.windows.net/powerbi/api/Dataset.Read.All+https://api.skypeforbusiness.com/Conversations.Initiate`, which requests both the PowerBI `View all Datasets` permission and the Skype for Business `Initiate conversations` permission, will be rejected due to requesting permissions on two different resources.  
+
+### v1.0 resources and tenancy
+Both the v1.0 and v2.0 Azure AD protocols use a `{tenant}` parameter embedded in the URI (`https://login.microsoftonline.com/{tenant}/oauth2/`).  When using the v2.0 endpoint to access a v1.0 organizational resource, the `common` and `consumers` tenants cannot be used, as these resources are only accessible with organizational (Azure AD) accounts.  Thus, when accessing these resources, only the tenant GUID or `organizations` can be used as the `{tenant}` parameter.  
+
+If an application attempts to access an organizational v1.0 resource using an incorrect tenant, an error similar to the one below will be returned. 
+
+`AADSTS90124: Resource 'https://analysis.windows.net/powerbi/api' (Microsoft.Azure.AnalysisServices) is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.`
+
+
 ## Requesting individual user consent
 In an [OpenID Connect or OAuth 2.0](active-directory-v2-protocols.md) authorization request, an app can request the permissions it needs by using the `scope` query parameter. For example, when a user signs in to an app, the app sends a request like the following example (with line breaks added for legibility):
 

articles/active-directory/manage-apps/application-proxy-publish-azure-portal.md

@@ -2,19 +2,15 @@
 title: Publish apps with Azure AD Application Proxy | Microsoft Docs
 description: Publish on-premises applications to the cloud with Azure AD Application Proxy in the Azure portal.
 services: active-directory
-documentationcenter: ''
 author: barbkess
 manager: mtillman
-
 ms.service: active-directory
 ms.component: app-mgmt
 ms.workload: identity
-ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: conceptual
-ms.date: 05/24/2018
+ms.date: 08/20/2018
 ms.author: barbkess
-ms.reviewer: harshja
+ms.reviewer: japere
 ms.custom: it-pro
 ---
 
@@ -69,6 +65,7 @@ Follow these steps to publish your apps with Application Proxy. If you haven't a
    ![Configure your application](./media/application-proxy-publish-azure-portal/configure-app.png)
 5. If necessary, configure additional settings. For most applications, you should keep these settings in their default states. 
    - **Backend Application Timeout**: Set this value to **Long** only if your application is slow to authenticate and connect. 
+   - **Use HTTP-Only Cookie**: Set this value to **Yes** to have Application Proxy cookies include the HTTPOnly flag in the HTTP response header.
    - **Translate URLs in Headers**: Keep this value as **Yes** unless your application required the original host header in the authentication request.
    - **Translate URLs in Application Body**: Keep this value as **No** unless you have hardcoded HTML links to other on-premises applications, and don't use custom domains. For more information, see [Link translation with Application Proxy](application-proxy-configure-hard-coded-link-translation.md).
 

articles/aks/kubelet-logs.md

@@ -1,36 +1,34 @@
 ---
-title: Get kubelet logs from Azure Kubernetes Service (AKS)
-description: Get kubelet logs from Azure Kubernetes Service (AKS) cluster nodes
+title: View kubelet logs in Azure Kubernetes Service (AKS)
+description: How to view troubleshooting information in the kubelet logs from Azure Kubernetes Service (AKS) nodes
 services: container-service
 author: iainfoulds
-manager: jeconnoc
 
 ms.service: container-service
 ms.topic: article
-ms.date: 05/08/2018
+ms.date: 08/21/2018
 ms.author: iainfou
-ms.custom: mvc
 ---
 
 # Get kubelet logs from Azure Kubernetes Service (AKS) cluster nodes
 
-Occasionally, you may need to get kubelet logs from an Azure Kubernetes Service (AKS) node for troubleshooting purposes. This document details one option for pulling these logs.
+Occasionally, you may need to get *kubelet* logs from an Azure Kubernetes Service (AKS) node for troubleshooting purposes. This article shows you how you can use `journalctl` to view the *kubelet* logs.
 
 ## Create an SSH connection
 
-First, create an SSH connection with the node on which you need to pull kubelet logs. This operation is detailed in the [SSH into Azure Kubernetes Service (AKS) cluster nodes][aks-ssh] document.
+First, create an SSH connection with the node on which you need to view *kubelet* logs. This operation is detailed in the [SSH into Azure Kubernetes Service (AKS) cluster nodes][aks-ssh] document.
 
 ## Get kubelet logs
 
-Once you have connected to the node, run the following command to pull the kubelet logs.
+Once you have connected to the node, run the following command to pull the *kubelet* logs:
 
-```azurecli-interactive
-journalctl -u kubelet -o cat
+```console
+sudo journalctl -u kubelet -o cat
 ```
 
-Sample Output:
+The following sample output shows the *kubelet* log data:
 
-```console
+```
 I0508 12:26:17.905042    8672 kubelet_node_status.go:497] Using Node Hostname from cloudprovider: "aks-agentpool-11482510-0"
 I0508 12:26:27.943494    8672 kubelet_node_status.go:497] Using Node Hostname from cloudprovider: "aks-agentpool-11482510-0"
 I0508 12:26:28.920125    8672 server.go:796] GET /stats/summary: (10.370874ms) 200 [[Ruby] 10.244.0.2:52292]
@@ -54,5 +52,10 @@ I0508 12:28:48.321952    8672 kubelet_node_status.go:497] Using Node Hostname fr
 I0508 12:28:58.344656    8672 kubelet_node_status.go:497] Using Node Hostname from cloudprovider: "aks-agentpool-11482510-0"
 ```
 
+## Next steps
+
+If you need additional troubleshooting information from the Kubernetes master, see [view Kubernetes master node logs in AKS][aks-master-logs].
+
 <!-- LINKS - internal -->
-[aks-ssh]: ssh.md
+[aks-ssh]: ssh.md
+[aks-master-logs]: view-master-logs.md

articles/key-vault/key-vault-ovw-storage-keys.md

@@ -8,7 +8,7 @@ ms.service: key-vault
 author: bryanla
 ms.author: bryanla
 manager: mbaldwin
-ms.date: 10/12/2017
+ms.date: 08/21/2017
 ---
 # Azure Key Vault Storage Account Keys
 
@@ -103,18 +103,18 @@ accountSasCredential.UpdateSASToken(sasToken);
 
 ## Getting started
 
-### Setup for role-based access control (RBAC) permissions
+### Give Key Vault access to your Storage Account 
 
-The Azure Key Vault application identity needs permissions to *list* and
-*regenerate* keys for a storage account. Set up these permissions using the
-following steps:
+Like many applications, Key Vault is registered with Azure AD in order to use OAuth to access other services. During registration, [a service principal](/azure/active-directory/develop/app-objects-and-service-principals) object is created, which is used to represent the application's identity at run time. The service principal is also used to authorize the application's identity to access another resource, through role-based access control (RBAC).
+
+The Azure Key Vault application identity needs permissions to *list* and *regenerate* keys for your storage account. Set up these permissions using the following steps:
 
 ```powershell
 # Get the resource ID of the Azure Storage Account you want to manage.
 # Below, we are fetching a storage account using Azure Resource Manager
 $storage = Get-AzureRmStorageAccount -ResourceGroupName "mystorageResourceGroup" -StorageAccountName "mystorage"
 
-# Get ObjectId of Azure Key Vault Identity
+# Get Application ID of Azure Key Vault's service principal
 $servicePrincipal = Get-AzureRmADServicePrincipal -ServicePrincipalName cfa8b339-82a2-471a-a3c9-0fc0be7a4093
 
 # Assign Storage Key Operator role to Azure Key Vault Identity

articles/logic-apps/manage-logic-apps-with-visual-studio.md

@@ -3,14 +3,13 @@ title: Manage logic apps with Visual Studio - Azure Logic Apps | Microsoft Docs
 description: Manage logic apps and other Azure assets with Visual Studio Cloud Explorer
 services: logic-apps
 ms.service: logic-apps
-ms.prod: visual-studio-dev15
 ms.technology: vs-azure
 ms.workload: azure-vs
 author: ecfan
 ms.author: estfan
 manager: jeconnoc
 ms.topic: article
-ms.custom: mvc, vs-azure
+ms.custom: mvc
 ms.date: 03/15/2018
 ms.reviewer: klam, LADocs
 ms.suite: integration