Merge pull request #88923 from MicrosoftDocs/master

Merge Master to Live, 3 AM

Author: PMEds28

articles/active-directory-domain-services/network-considerations.md

@@ -32,7 +32,7 @@ As you design the virtual network for Azure AD DS, the following considerations
     * To minimize latency, keep your core applications close to, or in the same region as, the virtual network subnet for your Azure AD DS managed domain. You can use virtual network peering or virtual private network (VPN) connections between Azure virtual networks.
 * The virtual network can't rely on DNS services other than those provided by Azure AD DS.
     * Azure AD DS provides its own DNS service. The virtual network must be configured to use these DNS service addresses. Name resolution for additional namespaces can be accomplished using conditional forwarders.
-    * You can't use custom DNS server settings to direct queries other DNS servers, including on VMs. Resources in the virtual network must use the DNS service provided by Azure AD DS.
+    * You can't use custom DNS server settings to direct queries from other DNS servers, including on VMs. Resources in the virtual network must use the DNS service provided by Azure AD DS.
 
 > [!IMPORTANT]
 > You can't move Azure AD DS to a different virtual network after you've enabled the service.

articles/active-directory/conditional-access/howto-baseline-protect-azure.md

@@ -47,7 +47,7 @@ If the CLI can open your default browser, it will do so and load a sign-in page.
 
 ## Deployment considerations
 
-Because the **Require MFA for service management** policy applies to all Azure Resource Manager users, several considerations need to be made to ensure a smooth deployment. These considerations include identifying users and service principles in Azure AD that cannot or should not perform MFA, as well as applications and clients used by your organization that do not support modern authentication.
+The **Require MFA for service management** policy applies to all Azure Resource Manager users.
 
 ## Enable the baseline policy
 
@@ -67,4 +67,4 @@ For more information, see:
 
 * [Conditional Access baseline protection policies](concept-baseline-protection.md)
 * [Five steps to securing your identity infrastructure](../../security/fundamentals/steps-secure-identity.md)
-* [What is Conditional Access in Azure Active Directory?](overview.md)
+* [What is Conditional Access in Azure Active Directory?](overview.md)

articles/active-directory/conditional-access/technical-reference.md

@@ -123,7 +123,7 @@ This setting works with all browsers. However, to satisfy a device policy, like
 | Android                | Microsoft Edge, Intune Managed Browser, Chrome  |
 | Windows Phone          | Microsoft Edge, Internet Explorer               |
 | Windows Server 2019    | Microsoft Edge, Internet Explorer, Chrome       |
-| Windows Server 2016    | Microsoft Edge, Internet Explorer               |
+| Windows Server 2016    | Internet Explorer |
 | Windows Server 2012 R2 | Internet Explorer                       |
 | Windows Server 2008 R2 | Internet Explorer                       |
 | macOS                  | Chrome, Safari                                  |

articles/active-directory/develop/msal-net-migration-ios-broker.md

@@ -33,7 +33,7 @@ This document assumes that you already have a Xamarin iOS app that is integrated
 
 ### What are brokers?
 
-Brokers are applications, provided by Microsoft, on Android and iOS ([Microsoft Authenticator](https://www.microsoft.com/account/authenticator) on iOS and Android, Intune Company Portal on Android). 
+Brokers are applications, provided by Microsoft, on Android and iOS ([Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) on iOS and Android, Intune Company Portal on Android). 
 
 They enable:
 

articles/active-directory/develop/quickstart-v2-java-webapp.md

@@ -30,10 +30,11 @@ When you've completed the guide, your application will accept sign-ins of person
 
 ![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
 
-> ## Prerequisites
-> To run this sample you will need: 
-> - Java Development Kit (JDK) 8 or greater and Maven.
->
+## Prerequisites
+
+To run this sample you will need: 
+- Java Development Kit (JDK) 8 or greater and Maven.
+
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
 > You have two options to start your quickstart application: express (Option 1), or manual (Option 2)

articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md

@@ -25,7 +25,7 @@ This page explains the app registration specifics for a web app that signs-in us
 
 To register your application, you can use:
 
-- The [web app quickstarts](#register-an-app-using-the-quickstarts) - In addition to being a great first experience with creating an application, quickstarts in the Azure portal contain a button named **Make this change for me**. You can use this button to set the properties you need, even for an existing app. You'll need to adapt the values of these properties to your own case. In particular, the web API URL for your app is probably going to be different from the proposed default, which will also impact the sign out URI.
+- The [web app quickstarts](#register-an-app-using-the-quickstarts) - In addition to being a great first experience with creating an application, quickstarts in the Azure portal contain a button named **Make this change for me**. You can use this button to set the properties you need, even for an existing app. You'll need to adapt the values of these properties to your own case. In particular, the web API URL for your app is probably going to be different from the proposed default, which will also impact the sign-out URI.
 - The Azure portal to [register your application manually](#register-an-app-using-azure-portal)
 - PowerShell and command-line tools
 

articles/active-directory/develop/scenario-web-app-sign-user-app-registration.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 05/07/2019
+ms.date: 09/17/2019
 ms.author: jmprieur
 ms.custom: aaddev, identityplatformtop40
 #Customer intent: As an application developer, I want to know how to write a web app that signs-in users using the Microsoft identity platform for developers.
@@ -29,16 +29,36 @@ Learn all you need to build a web app that signs-in users with the Microsoft ide
 
 ## Getting started
 
+# [ASP.NET Core](#tab/aspnetcore)
+
 If you want to create your first portable (ASP.NET Core) web apps that sign in users, follow this quickstart:
 
 > [!div class="nextstepaction"]
 > [Quickstart: ASP.NET Core web app that signs-in users](quickstart-v2-aspnet-core-webapp.md)
 
-If you prefer to stay with ASP.NET, try out the following tutorial:
+# [ASP.NET](#tab/aspnet)
+
+f you want to understand how to add sign in to a legacy ASP.NET web application, try out the following tutorial:
 
 > [!div class="nextstepaction"]
 > [Quickstart: ASP.NET web app that signs-in users](quickstart-v2-aspnet-webapp.md)
 
+# [Java](#tab/java)
+
+If you're a Java developer, try out the following quickstart:
+
+> [!div class="nextstepaction"]
+> [Quickstart: Add sign-in with Microsoft to a Java web app](quickstart-v2-java-webapp.md)
+
+# [Python](#tab/python)
+
+if you develop with Python, try out:
+
+> [!div class="nextstepaction"]
+> [Quickstart: Add sign-in with Microsoft to a Python web app](quickstart-v2-python-webapp.md)
+
+---
+
 ## Overview
 
 You add authentication to your web app, so that it can sign in users. Adding authentication enables your web app to access limited profile information, and, for instance customize the experience you offer to its users. Web apps authenticate a user in a web browser. In this scenario, the web application directs the user’s browser to sign them in to Azure AD. Azure AD returns a sign-in response through the user’s browser, which contains claims about the user in a security token. Signing-in users leverage the [Open ID Connect](./v2-protocols-oidc.md) standard protocol itself simplified by the use of middleware [libraries](scenario-web-app-sign-user-app-configuration.md#libraries-used-to-protect-web-apps).
@@ -48,7 +68,7 @@ You add authentication to your web app, so that it can sign in users. Adding aut
 As a second phase you can also enable your application to call Web APIs on behalf of the signed-in user. This next phase is a different scenario, which you'll find in [Web App calls Web APIs](scenario-web-app-call-api-overview.md)
 
 > [!NOTE]
-> Adding sign-in to a web app is about protecting the web app, and validating a user token, which is what  **middleware** libraries do. This scenario does not require yet the Microsoft Authentication Libraries (MSAL), which are about acquiring a token to call protected APIs. The authentication libraries will only be introduced in the follow-up scenario when the web app needs to call web APIs.
+> Adding sign-in to a web app is about protecting the web app, and validating a user token, which is what  **middleware** libraries do. In the case of .NET, this scenario does not require yet the Microsoft Authentication Libraries (MSAL), which are about acquiring a token to call protected APIs. The authentication libraries will only be introduced in the follow-up scenario when the web app needs to call web APIs.
 
 ## Specifics
 

articles/active-directory/develop/scenario-web-app-sign-user-overview.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 05/07/2019
+ms.date: 09/17/2019
 ms.author: jmprieur
 ms.custom: aaddev 
 #Customer intent: As an application developer, I want to know how to write a web app that signs-in users using the Microsoft identity platform for developers.
@@ -34,12 +34,16 @@ Once your web app signs-in users, it can call web APIs on behalf of the signed-i
 > [!div class="nextstepaction"]
 > [Web app that calls web APIs](scenario-web-app-call-api-overview.md)
 
-### Deep dive - web app tutorial
+### Deep dive - ASP.NET Core web app tutorial
 
-Learn about other ways of sign-in users with the ASP.NET Core tutorial: [ms-identity-aspnetcore-webapp-tutorial](https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial). This is a progressive tutorial with production ready code for a web app including how to add sign in.
+Learn about other ways of sign-in users with the ASP.NET Core tutorial: [ms-identity-aspnetcore-webapp-tutorial](https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial). This sample is a progressive tutorial with production ready code for a web app including how to add sign in with accounts in:
 
-<!--- Removed the diagram as it's already shown in the above link to GitHub
+- your organization,
+- multiple organizations,
+- work or school accounts or personal Microsoft account,
+- with [Azure AD B2C](https://aka.ms/aadb2c),
+- or in national clouds.
 
-![Tutorial overview](media/scenarios/aspnetcore-webapp-tutorial.svg)
+### Sample code - Java web app
 
---->
+Learn more about the Java web app from the sample on GitHub: [A Java Web application that signs in users with the Microsoft identity platform and calls Microsoft Graph](https://github.com/Azure-Samples/ms-identity-java-webapp)