Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-domain-services/troubleshoot.md

@@ -134,7 +134,7 @@ If one or more users in your Azure AD tenant can't sign in to the Azure AD DS ma
       * You've deployed, or updated to, the [latest recommended release of Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594).
       * You've configured Azure AD Connect to [perform a full synchronization][hybrid-phs].
       * Depending on the size of your directory, it may take a while for user accounts and credential hashes to be available in Azure AD DS. Make sure you wait long enough before trying to authenticate against the managed domain.
-      * If the issue persists after verifying the previous steps, try restarting the *Microsoft Azure AD Sync Service*. From your [management VM][management-vm], open a command prompt and run the following commands:
+      * If the issue persists after verifying the previous steps, try restarting the *Microsoft Azure AD Sync Service*. From your Azure AD Connect server, open a command prompt and run the following commands:
 
         ```console
         net stop 'Microsoft Azure AD Sync'

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -64,35 +64,7 @@ Organizations can choose to use the device identity as part of their Conditional
 
 Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution.
 
-This setting applies to the following client apps:
-
-- Microsoft Azure Information Protection
-- Microsoft Bookings
-- Microsoft Cortana
-- Microsoft Dynamics 365
-- Microsoft Edge
-- Microsoft Excel
-- Microsoft Flow
-- Microsoft Intune Managed Browser
-- Microsoft Invoicing
-- Microsoft Kaizala
-- Microsoft Launcher
-- Microsoft OneDrive
-- Microsoft OneNote
-- Microsoft Outlook
-- Microsoft Planner
-- Microsoft PowerApps
-- Microsoft Power BI
-- Microsoft PowerPoint
-- Microsoft SharePoint
-- Microsoft Skype for Business
-- Microsoft StaffHub
-- Microsoft Stream
-- Microsoft Teams
-- Microsoft To-Do
-- Microsoft Visio
-- Microsoft Word
-- Microsoft Yammer
+Supported applications can be found in the article, [Microsoft Intune protected apps](/intune/apps/apps-supported-intune-apps).
 
 **Remarks**
 
@@ -105,12 +77,7 @@ This setting applies to the following client apps:
 
 In your Conditional Access policy, you can require an [Intune app protection policy](/intune/app-protection-policy) be present on the client app before access is available to the selected cloud apps. 
 
-This setting applies to the following client apps:
-
-- Microsoft Cortana
-- Microsoft OneDrive
-- Microsoft Outlook
-- Microsoft Planner
+Supported applications can be found in the article, [Microsoft Intune protected apps](/intune/apps/apps-supported-intune-apps).
 
 **Remarks**
 

articles/active-directory/develop/quickstart-v2-aspnet-core-webapp.md

@@ -17,11 +17,7 @@ ms.custom: aaddev, identityplatformtop40
 ---
 
 # Quickstart: Add sign-in with Microsoft to an ASP.NET Core web app
-
-In this quickstart, you'll learn how an ASP.NET Core web app can sign in personal accounts (hotmail.com, outlook.com, others) and work and school accounts from any Azure Active Directory (Azure AD) instance.
-
-![Shows how the sample app generated by this quickstart works](media/quickstart-v2-aspnet-core-webapp/aspnetcorewebapp-intro.svg)
-
+In this quickstart, you use a code sample to learn how an ASP.NET Core web app can sign in personal accounts (hotmail.com, outlook.com, others) and work and school accounts from any Azure Active Directory (Azure AD) instance. (See [How the sample works](#how-the-sample-works) for an illustration.)
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
 > You have two options to start your quickstart application:
@@ -63,22 +59,32 @@ In this quickstart, you'll learn how an ASP.NET Core web app can sign in persona
 
 #### Step 2: Download your ASP.NET Core project
 
-- [Download the Visual Studio 2019 solution](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore2-2.zip)
-
-#### Step 3: Configure your Visual Studio project
-
-1. Extract the zip file to a local folder within the root folder - for example, **C:\Azure-Samples**
-1. If you use Visual Studio 2019, open the solution in Visual Studio (optional).
-1. Edit the **appsettings.json** file. Find `ClientId` and update the value of `ClientId` with the **Application (client) ID** value of the application you registered. 
+> [!div renderon="docs"]
+> [Download the Visual Studio 2019 solution](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore2-2.zip)
 
-    ```json
-    "ClientId": "Enter_the_Application_Id_here"
-    "TenantId": "Enter_the_Tenant_Info_Here"
-    ```
+> [!div class="sxs-lookup" renderon="portal"]
+> Run the project using Visual Studio 2019.
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
 
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 3: Your app is configured and ready to run
+> We have configured your project with values of your app's properties and it's ready to run. 
 > [!div class="sxs-lookup" renderon="portal"]
 > > [!NOTE]
-> > This quickstart supports Enter_the_Supported_Account_Info_Here.
+> > Enter_the_Supported_Account_Info_Here
+> [!div renderon="docs"]
+> #### Step 3: Run your Visual Studio project
+> 1. Extract the zip file to a local folder within the root folder - for example, **C:\Azure-Samples**
+> 1. Open the solution in Visual Studio 
+> 1. Edit the **appsettings.json** file. Find `ClientId` and update the value of `ClientId` with the **Application (client) ID** value of the application you registered. 
+>
+>    ```json
+>    "ClientId": "Enter_the_Application_Id_here"
+>    "TenantId": "Enter_the_Tenant_Info_Here"
+>    ```
+
+
 
 > [!div renderon="docs"]
 > Where:
@@ -95,6 +101,9 @@ In this quickstart, you'll learn how an ASP.NET Core web app can sign in persona
 
 This section gives an overview of the code required to sign in users. This overview can be useful to understand how the code works, main arguments, and also if you want to add sign-in to an existing ASP.NET Core application.
 
+### How the sample works
+![Shows how the sample app generated by this quickstart works](media/quickstart-v2-aspnet-core-webapp/aspnetcorewebapp-intro.svg)
+
 ### Startup class
 
 *Microsoft.AspNetCore.Authentication* middleware uses a Startup class that is executed when the hosting process initializes:
@@ -161,4 +170,4 @@ Check out the GitHub repo for this ASP.NET Core tutorial for more information in
 Help us improve the Microsoft identity platform. Tell us what you think by completing a short two-question survey.
 
 > [!div class="nextstepaction"]
-> [Microsoft identity platform survey](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRyKrNDMV_xBIiPGgSvnbQZdUQjFIUUFGUE1SMEVFTkdaVU5YT0EyOEtJVi4u)
+> [Microsoft identity platform survey](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRyKrNDMV_xBIiPGgSvnbQZdUQjFIUUFGUE1SMEVFTkdaVU5YT0EyOEtJVi4u)

articles/active-directory/develop/quickstart-v2-aspnet-webapp.md

@@ -17,11 +17,7 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started, languages:A
 ---
 
 # Quickstart: Add Microsoft identity platform sign-in to an ASP.NET web app
-
-In this quickstart, you'll enable an ASP.NET web app to sign in personal accounts (hotmail.com, outlook.com, others) and work and school accounts from any Azure Active Directory (Azure AD) instance.
-
-![Shows how the sample app generated by this quickstart works](media/quickstart-v2-aspnet-webapp/aspnetwebapp-intro.svg)
-
+In this quickstart, you use a code sample to learn how an ASP.NET web app to sign in personal accounts (hotmail.com, outlook.com, others) and work and school accounts from any Azure Active Directory (Azure AD) instance.  (See [How the sample works](#how-the-sample-works) for an illustration.)
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
 > You have two options to start your quickstart application:
@@ -61,26 +57,33 @@ In this quickstart, you'll enable an ASP.NET web app to sign in personal account
 
 #### Step 2: Download your project
 
-[Download the Visual Studio 2019 solution](https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-DotNet/archive/master.zip)
+> [!div renderon="docs"]
+> [Download the Visual Studio 2019 solution](https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-DotNet/archive/master.zip)
 
-#### Step 3: Configure your Visual Studio project
+> [!div renderon="portal"]
+> Run the project using Visual Studio 2019.
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
+
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 3: Your app is configured and ready to run
+> We have configured your project with values of your app's properties. 
+
+> [!div renderon="docs"]
+> #### Step 3: Run your Visual Studio project
 
 1. Extract the zip file to a local folder closer to the root folder - for example, **C:\Azure-Samples**
 1. Open the solution in Visual Studio (AppModelv2-WebApp-OpenIDConnect-DotNet.sln)
 1. Depending on the version of Visual Studio, you might need to right click on the project `AppModelv2-WebApp-OpenIDConnect-DotNet` and **Restore NuGet packages**
 1. Open the Package Manager Console (View -> Other Windows -> Package Manager Console) and run `Update-Package Microsoft.CodeDom.Providers.DotNetCompilerPlatform -r`
-1. Edit **Web.config** and replace the parameters `ClientId` and `Tenant` with:
-
-    ```xml
-    <add key="ClientId" value="Enter_the_Application_Id_here" />
-    <add key="Tenant" value="Enter_the_Tenant_Info_Here" />
-    ```
-> [!div class="sxs-lookup" renderon="portal"]
-> > [!NOTE]
-> > This quickstart supports Enter_the_Supported_Account_Info_Here.	
 
 > [!div renderon="docs"]
-> Where:
+> 5. Edit **Web.config** and replace the parameters `ClientId` and `Tenant` with:
+>    ```xml
+>    <add key="ClientId" value="Enter_the_Application_Id_here" />
+>    <add key="Tenant" value="Enter_the_Tenant_Info_Here" />
+>    ```
+>    Where:
 > - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
 > - `Enter_the_Tenant_Info_Here` - is one of the options below:
 >   - If your application supports **My organization only**, replace this value with the **Tenant Id** or **Tenant name** (for example, contoso.onmicrosoft.com)
@@ -91,10 +94,17 @@ In this quickstart, you'll enable an ASP.NET web app to sign in personal account
 > > - To find the values of *Application ID*, *Directory (tenant) ID*, and *Supported account types*, go to the **Overview** page
 > > - Ensure the value for `redirectUri` in the **Web.config** corresponds with the **Redirect URI** defined for the App Registration in Azure AD (if not, navigate to the **Authentication** menu for the App Registration and update the **REDIRECT URI** to match)
 
+> [!div class="sxs-lookup" renderon="portal"]
+> > [!NOTE]
+> > Enter_the_Supported_Account_Info_Here
+
 ## More information
 
 This section gives an overview of the code required to sign-in users. This overview can be useful to understand how the code works, main arguments, and also if you want to add sign-in to an existing ASP.NET application.
 
+### How the sample works
+![Shows how the sample app generated by this quickstart works](media/quickstart-v2-aspnet-webapp/aspnetwebapp-intro.svg)
+
 ### OWIN middleware NuGet packages
 
 You can set up the authentication pipeline with cookie-based authentication using OpenID Connect in ASP.NET with OWIN Middleware packages. You can install these packages by running the following commands in Visual Studio's **Package Manager Console**:

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -18,16 +18,13 @@ ms.custom: aaddev, scenarios:getting-started, languages:Java
 
 In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API.
 
-When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.
-
-![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
+When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory. (See [How the sample works](#how-the-sample-works) for an illustration.)
 
 ## Prerequisites
 
 To run this sample you will need:
 
 - [Java Development Kit (JDK)](https://openjdk.java.net/) 8 or greater, and [Maven](https://maven.apache.org/).
-- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/).
 
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
@@ -69,7 +66,7 @@ To run this sample you will need:
 >
 > For the code sample for this quickstart to work, you need to:
 >
-> 1. Add reply URLs as `https://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/me`.
+> 1. Add reply URLs as `https://localhost:8080/msal4jsample/secure/aad` and `https://localhost:8080/msal4jsample/graph/me`.
 > 1. Create a Client Secret.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
 > > [Make these changes for me]()
@@ -78,46 +75,65 @@ To run this sample you will need:
 > > ![Already configured](media/quickstart-v2-aspnet-webapp/green-check.png) Your application is configured with these attributes.
 
 #### Step 2: Download the code sample
+> [!div renderon="docs"]
+> [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
 
- [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
-
-#### Step 3: Configure the code sample
-
- 1. Extract the zip file to a local folder.
- 1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
- 1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
-
-    ```file
-    aad.clientId=Enter_the_Application_Id_here
-    aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/
-    aad.secretKey=Enter_the_Client_Secret_Here
-    aad.redirectUriSignin=https://localhost:8080/msal4jsample/secure/aad
-    aad.redirectUriGraph=https://localhost:8080/msal4jsample/graph/me
-    aad.msGraphEndpointHost="https://graph.microsoft.com/"
-    ```
-
-    > [!div renderon="docs"]
-    > Where:
-    >
-    > - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
-    > - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
-    > - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
-
- 1. To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
-
-   ```
-   Example:
-   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+> [!div class="sxs-lookup" renderon="portal"]
+> Download the project and extract the zip file to a local folder closer to the root folder - for example, **C:\Azure-Samples**
+> 
+> To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
+>
+>  ```
+>   Example:
+>   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+>
+>   server.ssl.key-store-type=PKCS12  
+>   server.ssl.key-store=classpath:keystore.p12  
+>   server.ssl.key-store-password=password  
+>   server.ssl.key-alias=testCert
+>   ```
+>   Put the generated keystore file in the "resources" folder.
+   
+> [!div renderon="portal" id="autoupdate" class="nextstepaction"]
+> [Download the code sample]()
 
-   server.ssl.key-store-type=PKCS12  
-   server.ssl.key-store=classpath:keystore.p12  
-   server.ssl.key-store-password=password  
-   server.ssl.key-alias=testCert
-   ```
+> [!div renderon="docs"]
+> #### Step 3: Configure the code sample
+> 1. Extract the zip file to a local folder.
+> 1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
+> 1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
+>
+>    ```file
+>    aad.clientId=Enter_the_Application_Id_here
+>    aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/
+>    aad.secretKey=Enter_the_Client_Secret_Here
+>    aad.redirectUriSignin=https://localhost:8080/msal4jsample/secure/aad
+>    aad.redirectUriGraph=https://localhost:8080/msal4jsample/graph/me
+>    aad.msGraphEndpointHost="https://graph.microsoft.com/"
+>    ```
+> Where:
+>
+> - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
+> - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
+> - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
+> 1. To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
+>
+>  ```
+>   Example:
+>   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+>
+>   server.ssl.key-store-type=PKCS12  
+>   server.ssl.key-store=classpath:keystore.p12  
+>   server.ssl.key-store-password=password  
+>   server.ssl.key-alias=testCert
+>   ```
+>   Put the generated keystore file in the "resources" folder.
 
-   Put the generated keystore file in the "resources" folder.
 
-#### Step 4: Run the code sample
+> [!div class="sxs-lookup" renderon="portal"]
+> #### Step 3: Run the code sample
+> [!div renderon="docs"]
+> #### Step 4: Run the code sample
 
 To run the project, you can either:
 
@@ -133,11 +149,16 @@ If you are running the web application from an IDE, click on run, then navigate
     - *Sign Out*: Signs the current user out of the application and redirects them to the home page.
     - *Show User Info*: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request containing the token, which returns basic information about the signed-in user.
 
+
+   
 > [!IMPORTANT]
 > This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see [Certificate credentials for application authentication](https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials).
 
 ## More information
 
+### How the sample works
+![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
+
 ### Getting MSAL
 
 MSAL for Java (MSAL4J) is the Java library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.