Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into crs-functions-sendgrid-breakingchange

Author: craigshoemaker

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/php-download-sdk.md",
+      "redirect_url": "https://github.com/Azure/azure-sdk-for-php",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-government/documentation-government-get-started-connect-with-vs.md",
       "redirect_url": "/azure/azure-government/documentation-government-welcome",

articles/active-directory/saas-apps/blink-provisioning-tutorial.md

@@ -0,0 +1,148 @@
+---
+title: 'Tutorial: Configure Blink for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Blink.
+services: active-directory
+documentationcenter: ''
+author: zchia
+writer: zchia
+manager: beatrizd
+
+ms.assetid: 9ebcbf4a-0cf9-41c3-96af-d8ab6ab11639
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 09/19/2019
+ms.author: Zhchia
+---
+
+# Tutorial: Configure Blink for automatic user provisioning
+
+The objective of this tutorial is to demonstrate the steps to be performed in Blink and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users and/or groups to Blink.
+
+> [!NOTE]
+> This tutorial describes a connector built on top of the Azure AD User Provisioning Service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
+>
+> This connector is currently in Public Preview. For more information on the general Microsoft Azure terms of use for Preview features, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* An Azure AD tenant
+* [A Blink tenant](https://joinblink.com/pricing)
+* A user account in Blink with Admin permissions.
+
+## Assigning users to Blink
+
+Azure Active Directory uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Azure AD are synchronized.
+
+Before configuring and enabling automatic user provisioning, you should decide which users and/or groups in Azure AD need access to Blink. Once decided, you can assign these users and/or groups to Blink by following the instructions here:
+* [Assign a user or group to an enterprise app](../manage-apps/assign-user-or-group-access-portal.md)
+
+## Important tips for assigning users to Blink
+
+* It is recommended that a single Azure AD user is assigned to Blink to test the automatic user provisioning configuration. Additional users and/or groups may be assigned later.
+
+* When assigning a user to Blink, you must select any valid application-specific role (if available) in the assignment dialog. Users with the **Default Access** role are excluded from provisioning.
+
+## Setup Blink for provisioning
+
+1. Log a [Support Case](https://help.joinblink.com/hc/requests/new) or email **Blink support** at [email protected] to request a SCIM token. .
+
+2.	Copy the **SCIM Authentication Token**. This value will be entered in the Secret Token field in the Provisioning tab of your Blink application in the Azure portal.
+
+## Add Blink from the gallery
+
+Before configuring Blink for automatic user provisioning with Azure AD, you need to add Blink from the Azure AD application gallery to your list of managed SaaS applications.
+
+**To add Blink from the Azure AD application gallery, perform the following steps:**
+
+1. In the **[Azure portal](https://portal.azure.com)**, in the left navigation panel, select **Azure Active Directory**.
+
+	![The Azure Active Directory button](common/select-azuread.png)
+
+2. Go to **Enterprise applications**, and then select **All applications**.
+
+	![The Enterprise applications blade](common/enterprise-applications.png)
+
+3. To add a new application, select the **New application** button at the top of the pane.
+
+	![The New application button](common/add-new-app.png)
+
+4. In the search box, enter **Blink**, select **Blink** in the results panel, and then click the **Add** button to add the application.
+
+	![Blink in the results list](common/search-new-app.png)
+
+## Configuring automatic user provisioning to Blink 
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Blink based on user and/or group assignments in Azure AD.
+
+> [!TIP]
+> You may also choose to enable SAML-based single sign-on for Blink , following the instructions provided in the [Blink Single sign-on tutorial](https://docs.microsoft.com/azure/active-directory/saas-apps/blink-tutorial). Single sign-on can be configured independently of automatic user provisioning, though these two features compliment each other
+
+### To configure automatic user provisioning for Blink in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+	![Enterprise applications blade](common/enterprise-applications.png)
+
+2. In the applications list, select **Blink**.
+
+	![The Blink link in the Applications list](common/all-applications.png)
+
+3. Select the **Provisioning** tab.
+
+	![Provisioning tab](common/provisioning.png)
+
+4. Set the **Provisioning Mode** to **Automatic**.
+
+	![Provisioning tab](common/provisioning-automatic.png)
+
+5. Under the **Admin Credentials** section, input `https://api.joinblink.com/scim` in **Tenant URL**. Input the **SCIM Authentication Token** value retrieved earlier in **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to Blink. If the connection fails, ensure your Blink account has Admin permissions and try again.
+
+	![Tenant URL + Token](common/provisioning-testconnection-tenanturltoken.png)
+
+6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
+
+	![Notification Email](common/provisioning-notification-email.png)
+
+7. Click **Save**.
+
+8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Blink**.
+
+	![Blink User Mappings](media/blink-provisioning-tutorial/User_mappings.png)
+
+9. Review the user attributes that are synchronized from Azure AD to Blink in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Blink for update operations. Select the **Save** button to commit any changes.
+
+	![Blink User Attributes](media/blink-provisioning-tutorial/User_attributes.png)
+
+10. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+
+11. To enable the Azure AD provisioning service for Blink, change the **Provisioning Status** to **On** in the **Settings** section.
+
+	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+12. Define the users that you would like to provision to Blink by choosing the desired values in **Scope** in the **Settings** section.
+
+	![Provisioning Scope](common/provisioning-scope.png)
+
+15. When you are ready to provision, click **Save**.
+
+	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Blink.
+
+For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../manage-apps/check-status-user-account-provisioning.md).
+
+## Additional resources
+
+* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
+

articles/active-directory/saas-apps/media/blink-provisioning-tutorial/user_attributes.png

@@ -1476,6 +1476,8 @@
         href: atlassian-cloud-provisioning-tutorial.md
       - name: BitaBIZ
         href: bitabiz-provisioning-tutorial.md
+      - name: Blink
+        href: blink-provisioning-tutorial.md
       - name: BlueJeans
         href: bluejeans-provisioning-tutorial.md
       - name: Bonusly

articles/active-directory/saas-apps/media/blink-provisioning-tutorial/user_mappings.png

@@ -84,14 +84,11 @@ When you verify ownership of the domain name, Azure AD removes the domain name f
 ### Support for external admin takeover
 External admin takeover is supported by the following online services:
 
-- Power BI
 - Azure Rights Management
 - Exchange Online
 
 The supported service plans include:
 
-- Power BI Free
-- Power BI Pro
 - PowerApps Free
 - PowerFlow Free
 - RMS for individuals
@@ -110,10 +107,6 @@ The key and templates are not moved over when the unmanaged tenant is in a diffe
 
 Although RMS for individuals is designed to support Azure AD authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates were not moved over, that content is not accessible after the domain takeover.
 
-#### More information about Power BI
-
-When you perform an external takeover, Power BI content that was created before the takeover is placed in a [Power BI Archived Workspace](/power-bi/service-admin-power-bi-archived-workspace). You must manually migrate any content that you want to use in the new tenant.
-
 ### Azure AD PowerShell cmdlets for the ForceTakeover option
 You can see these cmdlets used in [PowerShell example](#powershell-example).
 

articles/active-directory/saas-apps/toc.yml

@@ -31,7 +31,7 @@ Application gateway supports SSL/TLS termination at the gateway, after which tra
 
 ## Autoscaling
 
-Application Gateway or WAF deployments under Standard_v2 or WAF_v2 SKU support autoscaling and can scale up or down based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning. For more information about the Application Gateway standard_v2 and WAF_v2  features, see [Autoscaling v2 SKU](application-gateway-autoscaling-zone-redundant.md).
+Application Gateway or WAF deployments under Standard_v2 or WAF_v2 SKU support autoscaling and can scale up or down based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning. For more information about the Application Gateway Standard_v2 and WAF_v2  features, see [Autoscaling v2 SKU](application-gateway-autoscaling-zone-redundant.md).
 
 ## Zone redundancy
 
@@ -43,11 +43,11 @@ The application gateway VIP on Standard_v2 or WAF_v2 SKU supports static VIP typ
 
 ## Web application firewall
 
-Web application firewall (WAF) is a feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities. WAF is based on rules from the [OWASP (Open Web Application Security Project) core rule sets](https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project) 3.0 or 2.2.9. 
+Web application firewall (WAF) is a feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities. WAF is based on rules from the [OWASP (Open Web Application Security Project) core rule sets](https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project) 3.1 (WAF_v2 only), 3.0, and 2.2.9. 
 
 Web applications are increasingly targets of malicious attacks that exploit common known vulnerabilities. Common among these exploits are SQL injection attacks, cross site scripting attacks to name a few. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators against threats or intrusions. A WAF solution can also react to a security threat faster by patching a known vulnerability at a central location versus securing each of individual web applications. Existing application gateways can be converted to a web application firewall enabled application gateway easily.
 
-For more information, see [Web application firewall (WAF) in Application Gateway](https://docs.microsoft.com/azure/application-gateway/waf-overview)).
+For more information, see [Web application firewall (WAF) in Application Gateway](https://docs.microsoft.com/azure/application-gateway/waf-overview).
 
 ## URL-based routing
 
@@ -60,7 +60,7 @@ For more information, see [URL-based routing with Application Gateway](https://d
 
 ## Multiple-site hosting
 
-Multiple-site hosting enables you to configure more than one web site on the same application gateway instance. This feature allows you to configure a more efficient topology for your deployments by adding up to 100 web sites to one application gateway. Each web site can be directed to its own pool. For example, application gateway can serve traffic for `contoso.com` and `fabrikam.com` from two server pools called ContosoServerPool and FabrikamServerPool.
+Multiple-site hosting enables you to configure more than one web site on the same application gateway instance. This feature allows you to configure a more efficient topology for your deployments by adding up to 100 web sites to one Application Gateway, or 40 for WAF (for optimal performance). Each web site can be directed to its own pool. For example, application gateway can serve traffic for `contoso.com` and `fabrikam.com` from two server pools called ContosoServerPool and FabrikamServerPool.
 
 Requests for `http://contoso.com` are routed to ContosoServerPool, and `http://fabrikam.com` are routed to FabrikamServerPool.
 
@@ -104,6 +104,8 @@ For more information, see [Azure Application Gateway Ingress Controller](https:/
 
 Connection draining helps you achieve graceful removal of backend pool members during planned service updates. This setting is enabled via the backend http setting and can be applied to all members of a backend pool during rule creation. Once enabled, Application Gateway ensures all de-registering instances of a backend pool do not receive any new request while allowing existing requests to complete within a configured time limit. This applies to both backend instances that are explicitly removed from the backend pool by an API call, and backend instances that are reported as unhealthy as determined by the health probes.
 
+For more information, see the Connection Draining section of [Application Gateway Configuration Overview](https://docs.microsoft.com/azure/application-gateway/configuration-overview#connection-draining).
+
 ## Custom error pages
 
 Application Gateway allows you to create custom error pages instead of displaying default error pages. You can use your own branding and layout using a custom error page.
@@ -124,13 +126,13 @@ For more information, see [Rewrite HTTP headers](rewrite-http-headers.md).
 
 ## Sizing
 
-Application Gateway Standard_v2 and WAF_v2 SKU can be configured for autoscaling or fixed size deployments. These SKUs don't offer different instance sizes.
+Application Gateway Standard_v2 and WAF_v2 SKU can be configured for autoscaling or fixed size deployments. These SKUs don't offer different instance sizes. For more information on v2 performance and pricing, see [Autoscaling v2 SKU](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#pricing).
 
 The Application Gateway Standard and WAF SKU is currently offered in three sizes: **Small**, **Medium**, and **Large**. Small instance sizes are intended for development and testing scenarios.
 
 For a complete list of application gateway limits, see [Application Gateway service limits](../azure-subscription-service-limits.md?toc=%2fazure%2fapplication-gateway%2ftoc.json#application-gateway-limits).
 
-The following table shows an average performance throughput for each application gateway instance with SSL offload enabled:
+The following table shows an average performance throughput for each application gateway v1 instance with SSL offload enabled:
 
 | Average back-end page response size | Small | Medium | Large |
 | --- | --- | --- | --- |

articles/active-directory/users-groups-roles/domains-admin-takeover.md

@@ -187,7 +187,7 @@ These endpoint differences must be taken into account when you connect to storag
     ```
 
 #### PHP
-1. Download the [Azure Storage SDK for PHP](../php-download-sdk.md).
+1. Download the [Azure Storage SDK for PHP](https://github.com/Azure/azure-sdk-for-php).
 2. The code below accesses Azure Table Storage using the Azure Storage API.
    In the `connectionString` variable, you'll notice that there's a `TableEndpoint` parameter. 
    Depending on which service you're using, you must define the parameter and set it to the endpoint for that service:

articles/application-gateway/overview.md

@@ -10,7 +10,7 @@ ms.service: application-insights
 ms.workload: tbd
 ms.tgt_pltfrm: ibiza
 ms.topic: conceptual
-ms.date: 06/19/2019
+ms.date: 09/19/2019
 ms.reviewer: sdash
 ms.author: lagayhar
 ---
@@ -41,10 +41,9 @@ This article will help you to troubleshoot common issues that may occur when usi
 
 ## Intermittent test failure with a protocol violation error
 
-|Symptom/error message| Possible causes|
-|----|---------|
-protocol violation CR must be followed by LF | This occurs when malformed headers are detected. Specifically, some headers might not be using CRLF to indicate end of line, which violates the HTTP specification and therefore will fail validation at the .NET WebRequest level.
- || This can also be caused by load balancers or CDNs.
+|Symptom/error message| Possible causes| Possible Resolutions |
+|----|---------|-----|
+|The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF | This occurs when malformed headers are detected. Specifically, some headers might not be using CRLF to indicate the end of line, which violates the HTTP specification. Application Insights enforces this HTTP specification and fails responses with malformed headers.| a. Contact web site host provider / CDN provider to fix the faulty servers. <br> b. In case the failed requests are resources (e.g. style files, images, scripts), you may consider disabling the parsing of dependent requests. Keep in mind, if you do this you will lose the ability to monitor the availability of those files).
 
 > [!NOTE]
 > The URL may not fail on browsers that have a relaxed validation of HTTP headers. See this blog post for a detailed explanation of this issue: http://mehdi.me/a-tale-of-debugging-the-linkedin-api-net-and-http-protocol-violations/