MicrosoftDocs
diff --git a/‎articles/active-directory-domain-services/faqs.md
Lines changed: 4 additions & 0 deletions b/‎articles/active-directory-domain-services/faqs.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/active-directory/b2b/direct-federation.md
Lines changed: 4 additions & 1 deletion b/‎articles/active-directory/b2b/direct-federation.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/registration-config-how-to.md
Lines changed: 13 additions & 14 deletions b/‎articles/active-directory/develop/registration-config-how-to.md
Lines changed: 13 additions & 14 deletions
diff --git a/‎articles/active-directory/fundamentals/customize-branding.md
Lines changed: 14 additions & 4 deletions b/‎articles/active-directory/fundamentals/customize-branding.md
Lines changed: 14 additions & 4 deletions
diff --git a/‎articles/aks/TOC.yml
Lines changed: 5 additions & 0 deletions b/‎articles/aks/TOC.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/aks/policy-samples.md
Lines changed: 34 additions & 0 deletions b/‎articles/aks/policy-samples.md
Lines changed: 34 additions & 0 deletions
diff --git a/‎articles/app-service/troubleshoot-dotnet-visual-studio.md
Lines changed: 2 additions & 2 deletions b/‎articles/app-service/troubleshoot-dotnet-visual-studio.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/automation/automation-runbook-execution.md
Lines changed: 1 addition & 1 deletion b/‎articles/automation/automation-runbook-execution.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/automation/troubleshoot/update-agent-issues-linux.md
Lines changed: 14 additions & 8 deletions b/‎articles/automation/troubleshoot/update-agent-issues-linux.md
Lines changed: 14 additions & 8 deletions
@@ -87,6 +87,7 @@ Yes. Each Azure AD Domain Services managed domain includes two domain controller
 * [Can I modify or add DNS records in my managed domain?](#can-i-modify-or-add-dns-records-in-my-managed-domain)
 * [What is the password lifetime policy on a managed domain?](#what-is-the-password-lifetime-policy-on-a-managed-domain)
 * [Does Azure AD Domain Services provide AD account lockout protection?](#does-azure-ad-domain-services-provide-ad-account-lockout-protection)
+* [Can I configure Distributed File System (DFS) and replication within Azure AD Domain Services?](#can-i-configure-distributed-file-system-and-replication-within-azure-ad-domain-services)
 
 ### Can I connect to the domain controller for my managed domain using Remote Desktop?
 No. You don't have permissions to connect to domain controllers for the managed domain using Remote Desktop. Members of the *AAD DC Administrators* group can administer the managed domain using AD administration tools such as the Active Directory Administration Center (ADAC) or AD PowerShell. These tools are installed using the *Remote Server Administration Tools* feature on a Windows server joined to the managed domain. For more information, see [Create a management VM to configure and administer an Azure AD Domain Services managed domain](tutorial-create-management-vm.md).
@@ -115,6 +116,9 @@ The default password lifetime on an Azure AD Domain Services managed domain is 9
 ### Does Azure AD Domain Services provide AD account lockout protection?
 Yes. Five invalid password attempts within 2 minutes on the managed domain cause a user account to be locked out for 30 minutes. After 30 minutes, the user account is automatically unlocked. Invalid password attempts on the managed domain don't lock out the user account in Azure AD. The user account is locked out only within your Azure AD Domain Services managed domain. For more information, see [Password and account lockout policies on managed domains](password-policy.md).
 
+### Can I configure Distributed File System and replication within Azure AD Domain Services?
+No. Distributed File System (DFS) and replication aren't available when using Azure AD Domain Services.
+
 ## Billing and availability
 
 * [Is Azure AD Domain Services a paid service?](#is-azure-ad-domain-services-a-paid-service)
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 02/27/2019
+ms.date: 05/07/2020
 
 ms.author: mimart
 author: msmimart
@@ -47,10 +47,13 @@ The domain you want to federate with must ***not*** be DNS-verified in Azure AD.
 
 ### Authentication URL
 Direct federation is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change):
+
 -	accounts.google.com
 -	pingidentity.com
 -	login.pingone.com
 -	okta.com
+-	oktapreview.com
+-	okta-emea.com
 -	my.salesforce.com
 -	federation.exostar.com
 -	federation.exostartest.com
 
@@ -1,6 +1,7 @@
 ---
-title: Configure endpoints
-description: How to find the authentication endpoints for a custom application you are developing or registering with Azure AD.
+title: Get the endpoints for an Azure AD app registration
+titleSuffix: Microsoft identity platform
+description: How to find the authentication endpoints for a custom application you're developing or registering with Azure AD.
 services: active-directory
 author: rwike77
 manager: CelesteDG
@@ -10,26 +11,24 @@ ms.subservice: develop
 ms.custom: aaddev 
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/15/2019
+ms.date: 05/07/2020
 ms.author: ryanwi
-
 ---
 
-# How to configure endpoints
+# How to discover endpoints
 
 You can find the authentication endpoints for your application in the [Azure portal](https://portal.azure.com).
 
--   Navigate to the [Azure portal](https://portal.azure.com).
-
--   From the left navigation pane, click **Azure Active Directory**.
-
--   Click **App Registrations** and choose **Endpoints**.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select **Azure Active Directory**.
+1. Under **Manage**, select **App registrations**, and then select **Endpoints** in the top menu.
 
--   This open up the **Endpoints** page, which list all the authentication endpoints for your tenant.
-
--   Use the endpoint specific to the authentication protocol you are using, in conjunction with the application ID to craft the authentication request specific to your application.
+    The **Endpoints** page is displayed, showing the authentication endpoints for your tenant.
+    
+    Use the endpoint that matches the authentication protocol you're using in conjunction with the **Application (client) ID** to craft the authentication request specific to your application.
 
 **National clouds** (for example Azure AD China, Germany, and US Government) have their own app registration portal and Azure AD authentication endpoints. Learn more in the [National clouds overview](authentication-national-cloud.md).
 
 ## Next steps
-[Azure Active Directory developer's guide](https://docs.microsoft.com/azure/active-directory/develop/active-directory-developers-guide)
+
+For more information about endpoints in the different Azure environments, see the [National clouds overview](authentication-national-cloud.md).
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 09/18/2018
+ms.date: 05/07/2020
 ms.author: ajburnle
 ms.reviewer: kexia
 ms.custom: "it-pro, seodec18, fasttrack-edit"
@@ -48,17 +48,27 @@ Your custom branding won't immediately appear when your users go to sites such a
 
         - **Language.** The language is automatically set as your default and can't be changed.
 
-        - **Sign-in page background image.** Select a .png or .jpg image file to appear as the background for your sign-in pages. 
+        - **Sign-in page background image.** Select a .png or .jpg image file to appear as the background for your sign-in pages. The image will be anchored to the center of the browser, and will scale to the size of the viewable space. You can't select an image larger than 1920x1080 pixels in size or that has a file size more than 300 KB.
 
-            The image can't be larger than 1920x1080 pixels in size and must have a file size of less than 300 KB.
+            It's recommended to use images without a strong subject focus, e.g., an opaque white box appears in the center of the screen, and could cover any part of the image depending on the dimensions of the viewable space.
 
         - **Banner logo.** Select a .png or .jpg version of your logo to appear on the sign-in page after the user enters a username and on the **My Apps** portal page.
 
             The image can't be taller than 60 pixels or wider than 280 pixels. We recommend using a transparent image since the background might not match your logo background. We also recommend not adding padding around the image or it might make your logo look small.
 
         - **Username hint.** Type the hint text that appears to users if they forget their username. This text must be Unicode, without links or code, and can't exceed 64 characters. If guests sign in to your app, we suggest not adding this hint.
 
-        - **Sign-in page text.** Type the text that appears on the bottom of the sign-in page. You can use this text to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 256 characters. We also suggest not including links or HTML tags.
+        - **Sign-in page text.** Type the text that appears on the bottom of the sign-in page. You can use this text to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters.
+
+           You can customize the sign-in page text you entered. To begin a new paragraph, use the enter key twice. You can also change text formatting to include bold, italics, an underline or clickable link. Use the following syntax to add formatting to text: 
+
+          > Hyperlink: ```[text](link)``` 
+
+          > Bold: ``` **text** ``` or ``` __text__ ``` 
+
+          > Italics: ``` *text* ``` or ``` _text_ ``` 
+
+          > Underline: ``` ++text++ ``` 
 
     - **Advanced settings**
 
 
@@ -59,6 +59,11 @@
     href: tutorial-kubernetes-app-update.md
   - name: 7 - Upgrade cluster
     href: tutorial-kubernetes-upgrade-cluster.md
+- name: Samples
+  items:
+  - name: Azure Policy built-ins
+    displayName: samples, policies, definitions
+    href: ./policy-samples.md
 - name: Concepts
   items:
   - name: Clusters and workloads
 
@@ -0,0 +1,34 @@
+---
+title: List of built-in policy definitions for Azure Kubernetes Service
+description: Lists Azure Policy built-in policy definitions for Azure Kubernetes Service. These built-ins provide common approaches to managing your Azure resources.
+ms.date: 04/30/2020
+ms.topic: sample
+ms.custom: subject-policy-samples
+---
+# Azure Policy built-in policy definitions for Azure Kubernetes Service
+
+This page is an index of [Azure Policy](../governance/policy/overview.md) built-in policy
+definitions for Azure Kubernetes Service. For additional Azure Policy built-ins for other services,
+see [Azure Policy built-in definitions](../governance/policy/samples/built-in-policies.md).
+
+The name of each built-in links to the policy definition in Azure portal. Use the link in the
+**Source** column to view the source on the
+[Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
+
+## Microsoft.Kubernetes
+
+[!INCLUDE [azure-policy-samples-rp-aks-kubernetes](../../includes/policy/samples/byrp/microsoft.kubernetes.md)]
+
+## Microsoft.ContainerService
+
+[!INCLUDE [azure-policy-samples-rp-aks-containerservice](../../includes/policy/samples/byrp/microsoft.containerservice.md)]
+
+## AKS Engine
+
+[!INCLUDE [azure-policy-samples-rp-aks-aksengine](../../includes/policy/samples/byrp/aks-engine.md)]
+
+## Next steps
+
+- See the built-ins on the [Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
+- Review the [Azure Policy definition structure](../governance/policy/concepts/definition-structure.md).
+- Review [Understanding policy effects](../governance/policy/concepts/effects.md).
@@ -629,7 +629,7 @@ For more information about remote debugging for App Service apps and WebJobs, se
 * [Introduction to Remote Debugging on Azure App Service part 3 - Multi-Instance environment and GIT](https://azure.microsoft.com/blog/2014/05/08/introduction-to-remote-debugging-on-azure-web-sites-part-3-multi-instance-environment-and-git/)
 * [WebJobs Debugging (video)](https://www.youtube.com/watch?v=ncQm9q5ZFZs&list=UU_SjTh-ZltPmTYzAybypB-g&index=1)
 
-If your app uses an Azure Web API or Mobile Services back-end and you need to debug that, see [Debugging .NET Backend in Visual Studio](https://blogs.msdn.com/b/azuremobile/archive/2014/03/14/debugging-net-backend-in-visual-studio.aspx).
+If your app uses an Azure Web API or Mobile Services back-end and you need to debug that, see [Debugging .NET Backend in Visual Studio](/archive/blogs/azuremobile/debugging-net-backend-in-visual-studio).
 
 ### Tracing in ASP.NET applications
 There are no thorough and up-to-date introductions to ASP.NET tracing available on the Internet. The best you can do is get started with old introductory materials written for Web Forms because MVC didn't exist yet, and supplement that with newer blog posts that focus on specific issues. Some good places to start are the following resources:
@@ -642,7 +642,7 @@ There are no thorough and up-to-date introductions to ASP.NET tracing available
   Information about trace listeners but doesn't mention the [WebPageTraceListener](/dotnet/api/system.web.webpagetracelistener).
 * [Walkthrough: Integrating ASP.NET Tracing with System.Diagnostics Tracing](/previous-versions/b0ectfxd(v=vs.140))<br/>
   This article is also old, but includes some additional information that the introductory article doesn't cover.
-* [Tracing in ASP.NET MVC Razor Views](https://blogs.msdn.com/b/webdev/archive/2013/07/16/tracing-in-asp-net-mvc-razor-views.aspx)<br/>
+* [Tracing in ASP.NET MVC Razor Views](https://devblogs.microsoft.com/aspnet/tracing-in-asp-net-mvc-razor-views/)<br/>
   Besides tracing in Razor views, the post also explains how to create an error filter in order to log all unhandled exceptions in an MVC application. For information about how to log all unhandled exceptions in a Web Forms application, see the Global.asax example in [Complete Example for Error Handlers](/previous-versions/bb397417(v=vs.140)) on MSDN. In either MVC or Web Forms, if you want to log certain exceptions but let the default framework handling take effect for them, you can catch and rethrow as in the following example:
 
     ```csharp
 
@@ -82,7 +82,7 @@ Azure Automation makes use of the [Azure Monitor](https://docs.microsoft.com/azu
 
 ### Log Analytics agent for Windows
 
-The [Log Analytics agent for Windows](https://docs.microsoft.com/azure/azure-monitor/platform/agent-window) works with Azure Monitor to manage Windows VMs and physical computers. The machines can be running either in Azure or in a non-Azure environment, such as a local datacenter. You must configure the agent to report to one or more Log Analytics workspaces. 
+The [Log Analytics agent for Windows](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows) works with Azure Monitor to manage Windows VMs and physical computers. The machines can be running either in Azure or in a non-Azure environment, such as a local datacenter. You must configure the agent to report to one or more Log Analytics workspaces. 
 
 >[!NOTE]
 >The Log Analytics agent for Windows was previously known as the Microsoft Monitoring Agent (MMA).
 
@@ -13,27 +13,30 @@ manager: carmonm
 
 # Troubleshoot Linux update agent issues
 
-There can be many reasons your machine isn't showing up as ready (healthy) in the Azure Automation Update Management solution. In Update Management, you can check the health of a Hybrid Runbook Worker agent to determine the underlying problem. This article discusses how to run the troubleshooter for Azure machines from the Azure portal and non-Azure machines in the [offline scenario](#troubleshoot-offline). 
+There can be many reasons why your machine isn't showing up as ready (healthy) in Update Management. You can check the health of a Linux Hybrid Runbook Worker agent to determine the underlying problem. The following are the three readiness states for a machine:
 
-A machine can be in three readiness states:
-
-* **Ready**: The Hybrid Runbook Worker is deployed and was last seen less than one hour ago.
-* **Disconnected**: The Hybrid Runbook Worker is deployed and was last seen over one hour ago.
-* **Not configured**: The Hybrid Runbook Worker isn't found or hasn't finished onboarding.
+* Ready: The Hybrid Runbook Worker is deployed and was last seen less than one hour ago.
+* Disconnected: The Hybrid Runbook Worker is deployed and was last seen over one hour ago.
+* Not configured: The Hybrid Runbook Worker isn't found or hasn't finished onboarding.
 
 > [!NOTE]
 > There can be a slight delay between what the Azure portal shows and the current state of a machine.
 
+This article discusses how to run the troubleshooter for Azure machines from the Azure portal and non-Azure machines in the [offline scenario](#troubleshoot-offline). 
+
+> [!NOTE]
+> The troubleshooter script currently doesn't route traffic through a proxy server if one is configured.
+
 ## Start the troubleshooter
 
-For Azure machines, select the **troubleshoot** link under the **Update Agent Readiness** column in the portal to open the **Troubleshoot Update Agent** page. For non-Azure machines, the link brings you to this article. To troubleshoot a non-Azure machine, see the instructions in the "Troubleshoot offline" section.
+For Azure machines, select the **troubleshoot** link under the **Update Agent Readiness** column in the portal to open the Troubleshoot Update Agent page. For non-Azure machines, the link brings you to this article. To troubleshoot a non-Azure machine, see the instructions in the "Troubleshoot offline" section.
 
 ![VM list page](../media/update-agent-issues-linux/vm-list.png)
 
 > [!NOTE]
 > The checks require the VM to be running. If the VM isn't running, **Start the VM** appears.
 
-On the **Troubleshoot Update Agent** page, select **Run Checks** to start the troubleshooter. The troubleshooter uses [Run command](../../virtual-machines/linux/run-command.md) to run a script on the machine to verify the dependencies. When the troubleshooter is finished, it returns the result of the checks.
+On the Troubleshoot Update Agent page, select **Run Checks** to start the troubleshooter. The troubleshooter uses [Run command](../../virtual-machines/linux/run-command.md) to run a script on the machine to verify the dependencies. When the troubleshooter is finished, it returns the result of the checks.
 
 ![Troubleshoot page](../media/update-agent-issues-linux/troubleshoot-page.png)
 
@@ -80,6 +83,9 @@ This check verifies if the Log Analytics agent for Linux has the Hybrid Runbook
 
 This check makes sure the Hybrid Runbook Worker is running on the machine. The following processes should be present if the Hybrid Runbook Worker is running correctly. To learn more, see [Troubleshooting the Log Analytics Agent for Linux](hybrid-runbook-worker.md#oms-agent-not-running).
 
+> [!NOTE]
+> If the Hybrid Runbook Worker is not running and the operations endpoint has failed, the update can fail. Update Management downloads the hybrid worker packages from the operations endpoint.
+
 ```bash
 nxautom+   8567      1  0 14:45 ?        00:00:00 python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/worker/main.py /var/opt/microsoft/omsagent/state/automationworker/oms.conf rworkspace:<workspaceId> <Linux hybrid worker version>
 nxautom+   8593      1  0 14:45 ?        00:00:02 python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/worker/hybridworker.py /var/opt/microsoft/omsagent/state/automationworker/worker.conf managed rworkspace:<workspaceId> rversion:<Linux hybrid worker version>