Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into FromPrivateRepo

Author: v-alje

.openpublishing.redirection.json

@@ -13691,7 +13691,17 @@
         },
         {
             "source_path": "articles/storage/common/storage-resource-manager-cannot-delete-storage-account-container-vhd.md",
-            "redirect_url": "/azure/storage/common/storage-monitoring-diagnosing-troubleshooting",
+            "redirect_url": "/azure/storage/blobs/storage-troubleshoot-vhds",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/virtual-machines/linux/troubleshoot-vhds.md",
+            "redirect_url": "/azure/storage/blobs/storage-troubleshoot-vhds",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/virtual-machines/windows/troubleshoot-vhds.md",
+            "redirect_url": "/azure/storage/blobs/storage-troubleshoot-vhds",
             "redirect_document_id": false
         },
         {
@@ -19104,6 +19114,111 @@
             "source_path": "articles/active-directory/develop/active-directory-v2-devquickstarts-webapp-webapi-dotnet.md",
             "redirect_url": "https://github.com/AzureADQuickStarts/AppModelv2-WebApp-WebAPI-OpenIDConnect-DotNet",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/develop/active-directory-devquickstarts-webapp-java.md",
+            "redirect_url": "https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/develop/active-directory-devquickstarts-headless-java.md",
+            "redirect_url": "https://github.com/Azure-Samples/active-directory-java-native-headless",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-overview",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-controls-overview.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-controls-overview",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-access-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-access-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-audit-accountability-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-audit-accountability-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-awareness-training-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-awareness-training-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-configuration-manager-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-configuration-management-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-contingency-planning-controls.md",
+            "redirect_url": "/azure/security/blueprints/cfedramp-iaaswa-ontingency-planning-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-identification-authentication-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-identification-authentication-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-incident-response-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-incident-response-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-maintenance-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-maintenance-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-media-protection-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-media-protection-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-personnel-security-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-personnel-security-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-physical-environmental-protection-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-physical-environmental-protection-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-planning-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-planning-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-risk-assessment-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-risk-assessment-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-security-assessment-authorization-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-security-assessment-authorization-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-system-communications-protection-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-system-communications-protection-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-system-information-integrity-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-system-information-integrity-controls",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security/blueprints/fedramp-system-services-acquisition-controls.md",
+            "redirect_url": "/azure/security/blueprints/fedramp-iaaswa-system-services-acquisition-controls",
+            "redirect_document_id": true
         }
     ]
 }

articles/active-directory-b2c/basic-age-gating.md

@@ -18,7 +18,7 @@ ms.author: davidmu
 #Using age gating in Azure AD B2C
 
 >[!IMPORTANT]
->This feature is in private preview and only accessible through a separate URL.  Do NOT use this on production directories, using these new features can result in data loss and may have unexpected changes in behavior until we go into general availability.  
+>This feature is in private preview.  Please see our [service blog](https://blogs.msdn.microsoft.com/azureadb2c/) for details as this becomes available, or contact [email protected].  Do NOT use this on production directories, using these new features can result in data loss and may have unexpected changes in behavior until we go into general availability.  
 >
 
 ##Age gating

articles/active-directory-domain-services/active-directory-ds-troubleshoot-nsg.md

@@ -26,6 +26,13 @@ This article helps you troubleshoot and resolve network-related configuration er
 
 Invalid NSG configurations are the most common cause of network errors for Azure AD Domain Services. The Network Security Group (NSG) configured for your virtual network must allow access to [specific ports](active-directory-ds-networking.md#ports-required-for-azure-ad-domain-services). If these ports are blocked, Microsoft cannot monitor or update your managed domain. Additionally, synchronization between your Azure AD directory and your managed domain is impacted. While creating your NSG, keep these ports open to avoid interruption in service.
 
+### Checking your NSG for compliance
+
+1. Navigate to the [Network security groups](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.Network%2FNetworkSecurityGroups) page in the Azure portal
+2. From the table, choose the NSG associated with the subnet in which your managed domain is enabled.
+3. Under **Settings** in the left-hand panel, click **Inbound security rules**
+4. Review the rules in place and identify which rules are blocking access to [these ports](active-directory-ds-networking.md#ports-required-for-azure-ad-domain-services).
+5. Edit the NSG to ensure compliance by either deleting the rule, adding a rule, or creating a new NSG entirely. Steps to [add a rule](#add-a-rule-to-a-network-security-group-using-the-azure-portal) or [create a new, compliant NSG](#create-a-nsg-for-azure-ad-domain-services-using-powershell) are below.
 
 ## Sample NSG
 The following table depicts a sample NSG that would keep your managed domain secure while allowing Microsoft to monitor, manage, and update information.
@@ -45,7 +52,7 @@ If you do not want to use PowerShell, you can manually add single rules to NSGs
 5. Verify your rule has been created by locating it in the rules table.
 
 
-## Create an NSG for Azure AD Domain Services using PowerShell
+## Create a NSG for Azure AD Domain Services using PowerShell
 This NSG is configured to allow inbound traffic to the ports required by Azure AD Domain Services, while denying any other unwanted inbound access.
 
 **Pre-requisite: Install and configure Azure PowerShell**

articles/active-directory/TOC.md

@@ -53,6 +53,7 @@
 #### [Invitation email](active-directory-b2b-invitation-email.md)
 #### [Invitation redemption](active-directory-b2b-redemption-experience.md)
 #### [Add B2B users without an invitation](active-directory-b2b-add-user-without-invite.md)
+#### [Allow or block invitations](active-directory-b2b-allow-deny-list.md)
 #### [Conditional access for B2B](active-directory-b2b-mfa-instructions.md)
 #### [B2B sharing policies](active-directory-b2b-delegate-invitations.md)
 #### [Add a B2B user to a role](active-directory-b2b-add-guest-to-role.md)

articles/active-directory/active-directory-application-proxy-tableau.md

@@ -12,7 +12,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 04/26/2018
+ms.date: 05/02/2018
 ms.author: markvi
 ms.reviewer: harshja
 ms.custom: it-pro
@@ -28,7 +28,7 @@ Azure Active Directory Application Proxy and Tableau have partnered to ensure yo
 
 The scenario in this article assumes that you have:
 
-- [Tableau](https://onlinehelp.tableau.com/current/server/en-us/proxy.htm#reverse-proxy-server) configured. 
+- [Tableau](https://onlinehelp.tableau.com/current/server/en-us/proxy.htm#azure) configured. 
 
 - An [Application Proxy connector](active-directory-application-proxy-enable.md) installed. 
 

articles/active-directory/active-directory-enterprise-app-role-management.md

@@ -117,7 +117,7 @@ If your application expects custom roles to be passed in SAML response, you need
             "origin": "ServicePrincipal",
             "value": "Administrator"
         }
-    ],
+    ]
 	}
 	```
 	> [!Note]

articles/active-directory/active-directory-reporting-activity-sign-ins-errors.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: get-started-article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 05/01/2018
+ms.date: 05/02/2018
 ms.author: markvi
 ms.reviewer: dhanyahk
 
@@ -71,14 +71,15 @@ The following section provides you with a complete overview of all possible erro
 |50097|Device is not authenticated.|
 |50105|The signed in user is not assigned to a role for this application.|
 |50125|Sign-in was interrupted due to a password reset or password registration entry|
-|50126|Invalid username or password or Invalid on-premises username or password.|
+|50126|Invalid username or password or Invalid on-premise username or password.|
 |50127|User needs to install a broker app to gain access to this content.|
 |50129|Device is not Workplace joined - Workplace join is required to register the device.|
 |50131|Used in various conditional access errors. E.g Bad Windows device state, request blocked due to suspicious activity, access policy and security policy decisions.|
 |50133|Session is invalid due to expiration or recent password change.|
 |50140|User prompted for consent to keep them signed-in on the device|
 |50144|User's Active Directory password has expired.|
 |53000|Conditional Access policy requires a compliant device, and the device is not compliant.|
+|53003|Access has been blocked due to conditional access policies.|
 |65001|Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.|
 |65005|The application required resource access list does not contain applications discoverable by the resource or The client application has requested access to resource which was not specified in its required resource access list or Graph service returned bad request or resource not found.|
 |70001|The application named X was not found in the tenant named Y. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.|
@@ -103,7 +104,6 @@ The following section provides you with a complete overview of all possible erro
 |90014|Used in various cases when an expected field is not present in the credential.|
 |90093|Graph returned with forbidden error code for the request.|
 |90094|Admin consent is needed.|
-
 ## Next steps
 
 For more details, see the [Sign-in activity reports in the Azure Active Directory portal](active-directory-reporting-activity-sign-ins.md).