Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-landing-openshift

Author: rolyon

articles/active-directory/develop/reference-app-manifest.md

@@ -27,7 +27,7 @@ Most IT administrators are familiar with Active Directory Domain Services concep
 |Provisioning: users | Organizations create internal users manually or use an in-house or automated provisioning system, such as the Microsoft Identity Manager, to integrate with an HR system.|Existing AD organizations use [Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-sync-whatis) to sync identities to the cloud.</br> Azure AD adds support to automatically create users from [cloud HR systems](https://docs.microsoft.com/azure/active-directory/saas-apps/workday-tutorial). </br>Azure AD can provision identities in [SCIM enabled](https://docs.microsoft.com/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups) SaaS apps to automatically provide apps with the necessary details to allow access for users. |
 |Provisioning: external identities| Organizations create external users manually as regular users in a dedicated external AD forest, resulting in administration overhead to manage the lifecycle of external identities (guest users)| Azure AD provides a special class of identity to support external identities. [Azure AD B2B](https://docs.microsoft.com/azure/active-directory/b2b/) will manage the link to the external user identity to make sure they are valid. |
 | Entitlement management and groups| Administrators make users members of groups. App and resource owners then give groups access to apps or resources.| [Groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) are also available in Azure AD and administrators can also use groups to grant permissions to resources. In Azure AD, administrators can assign membership to groups manually or use a query to dynamically include users to a group. </br> Administrators can use [Entitlement management](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-overview) in Azure AD to give users access to a collection of apps and resources using workflows and, if necessary, time-based criteria. |
-| Admin management|Organizations will use a combination of domains, organizational units, and groups in AD to delegate administrative rights to manage the directory and resources it controls.| Azure AD provides [built-in roles](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal) with its role-based access control (RBAC) system, as well as, the ability to [create custom roles](https://docs.microsoft.com/azure/active-directory/users-groups-roles/roles-custom-overview) to delegate privileged access to the identity system and the apps and resources it controls. </br>Managing  roles can be enhanced with [Privileged Identity Management (PIM)](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure) to provide just-in-time, time-restricted, or workflow-based access to privileged roles. |
+| Admin management|Organizations will use a combination of domains, organizational units, and groups in AD to delegate administrative rights to manage the directory and resources it controls.| Azure AD provides [built-in roles](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal) with its role-based access control (RBAC) system, with limited support for [creating custom roles](https://docs.microsoft.com/azure/active-directory/users-groups-roles/roles-custom-overview) to delegate privileged access to the identity system, the apps, and resources it controls.</br>Managing  roles can be enhanced with [Privileged Identity Management (PIM)](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure) to provide just-in-time, time-restricted, or workflow-based access to privileged roles. |
 | Credential management| Credentials in Active Directory is based on passwords, certificate authentication, and smartcard authentication. Passwords are managed using password policies that are based on password length, expiry, and complexity.|Azure AD uses intelligent [password protection](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad) for cloud and on-premises. Protection includes smart lockout plus blocking common and custom password phrases and substitutions. </br>Azure AD significantly boosts security [through Multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks) and [passwordless](https://docs.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless) technologies, like FIDO2. </br>Azure AD reduces support costs by providing users a [self-service password reset](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-howitworks) system. |
 | **Apps**|||
 | Infrastructure apps|Active Directory forms the basis for many infrastructure on-premises components, for example, DNS, DHCP, IPSec, WiFi, NPS, and VPN access|In a new cloud world, Azure AD, is the new control plane for accessing apps versus relying on networking controls. When users authenticate[, Conditional access (CA)](https://docs.microsoft.com/azure/active-directory/conditional-access/overview), will control which users, will have access to which apps under required conditions.|

articles/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad.md

@@ -104,7 +104,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 	| First Name | user.givenname |
 	| Last Name | user.surname |
 	| Email | user.mail |
-	| Username | user.userprinicipalname |
+	| Username | user.userprincipalname |
 	| StudentID | < Student ID > |
 
 	> [!NOTE]

articles/active-directory/saas-apps/awardspring-tutorial.md

@@ -102,7 +102,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	b. From the **Transformation** list, select **ExtractMailPrefix()**.
 
-	c. From the **Parameter 1** list, select **user.userprinicipalname**.
+	c. From the **Parameter 1** list, select **user.userprincipalname**.
 
 	d. Click **Save**.
 

articles/active-directory/saas-apps/kronos-tutorial.md

@@ -170,7 +170,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	1. In the **Transformation** list, select **ExtractMailPrefix()**.
 
-	1. In the **Parameter 1** list, select **user.userprinicipalname**.
+	1. In the **Parameter 1** list, select **user.userprincipalname**.
 
 	1. Select **Save**.
 

articles/active-directory/saas-apps/sap-fiori-tutorial.md

@@ -175,7 +175,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	b. From the **Transformation** list, select **ExtractMailPrefix()**.
 
-	c. From the **Parameter 1** list, select **user.userprinicipalname**.
+	c. From the **Parameter 1** list, select **user.userprincipalname**.
 
 	d. Click **Save**.
 

articles/active-directory/saas-apps/sap-netweaver-tutorial.md

@@ -5,9 +5,9 @@ author: hrasheed-msft
 ms.author: hrasheed
 ms.reviewer: jasonh
 ms.service: hdinsight
-ms.custom: hdinsightactive
 ms.topic: conceptual
-ms.date: 10/16/2019
+ms.custom: hdinsightactive
+ms.date: 03/04/2020
 ---
 
 # Connect HDInsight to your on-premises network
@@ -23,12 +23,12 @@ Learn how to connect HDInsight to your on-premises network by using Azure Virtua
 
 To allow HDInsight and resources in the joined network to communicate by name, you must perform the following actions:
 
-* Create Azure Virtual Network.
-* Create a custom DNS server in the Azure Virtual Network.
-* Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
-* Configure forwarding between the custom DNS server and your on-premises DNS server.
+1. Create Azure Virtual Network.
+1. Create a custom DNS server in the Azure Virtual Network.
+1. Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
+1. Configure forwarding between the custom DNS server and your on-premises DNS server.
 
-This configuration enables the following behavior:
+These configurations enable the following behavior:
 
 * Requests for fully qualified domain names that have the DNS suffix __for the virtual network__ are forwarded to the custom DNS server. The custom DNS server then forwards these requests to the Azure Recursive Resolver, which returns the IP address.
 * All other requests are forwarded to the on-premises DNS server. Even requests for public internet resources such as microsoft.com are forwarded to the on-premises DNS server for name resolution.
@@ -60,11 +60,13 @@ These steps use the [Azure portal](https://portal.azure.com) to create an Azure
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
-2. From the left menu, navigate to **+ Create a resource** > **Compute** > **Ubuntu Server 18.04 LTS**.
+1. From the top menu, select **+ Create a resource**.
 
-    ![Create an Ubuntu virtual machine](./media/connect-on-premises-network/create-ubuntu-virtual-machine.png)
+    ![Create an Ubuntu virtual machine](./media/connect-on-premises-network/azure-portal-create-resource.png)
 
-3. From the __Basics__ tab, enter the following information:  
+1. Select **Compute** > **Virtual machine** to go to the **Create a virtual machine** page.
+
+1. From the __Basics__ tab, enter the following information:  
 
     | Field | Value |
     | --- | --- |
@@ -118,35 +120,35 @@ Once the virtual machine has been created, you'll receive a **Deployment succeed
 2. To install Bind, use the following commands from the SSH session:
 
     ```bash
-	sudo apt-get update -y
-	sudo apt-get install bind9 -y
+    sudo apt-get update -y
+    sudo apt-get install bind9 -y
     ```
 
 3. To configure Bind to forward name resolution requests to your on premises DNS server, use the following text as the contents of the `/etc/bind/named.conf.options` file:
 
-		acl goodclients {
-			10.0.0.0/16; # Replace with the IP address range of the virtual network
-			10.1.0.0/16; # Replace with the IP address range of the on-premises network
-			localhost;
-			localnets;
-		};
+        acl goodclients {
+            10.0.0.0/16; # Replace with the IP address range of the virtual network
+            10.1.0.0/16; # Replace with the IP address range of the on-premises network
+            localhost;
+            localnets;
+        };
 
-		options {
-				directory "/var/cache/bind";
+        options {
+                directory "/var/cache/bind";
 
-				recursion yes;
+                recursion yes;
 
-				allow-query { goodclients; };
+                allow-query { goodclients; };
 
-				forwarders {
-				192.168.0.1; # Replace with the IP address of the on-premises DNS server
-				};
+                forwarders {
+                192.168.0.1; # Replace with the IP address of the on-premises DNS server
+                };
 
-				dnssec-validation auto;
+                dnssec-validation auto;
 
-				auth-nxdomain no;    # conform to RFC1035
-				listen-on { any; };
-		};
+                auth-nxdomain no;    # conform to RFC1035
+                listen-on { any; };
+        };
 
     > [!IMPORTANT]  
     > Replace the values in the `goodclients` section with the IP address range of the virtual network and on-premises network. This section defines the addresses that this DNS server accepts requests from.
@@ -173,15 +175,15 @@ Once the virtual machine has been created, you'll receive a **Deployment succeed
     dnsproxy.icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net
     ```
 
-    The `icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net` text is the __DNS suffix__ for this virtual network. Save this value, as it is used later.
+    The `icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net` text is the __DNS suffix__ for this virtual network. Save this value, as it's used later.
 
 5. To configure Bind to resolve DNS names for resources within the virtual network, use the following text as the contents of the `/etc/bind/named.conf.local` file:
 
         // Replace the following with the DNS suffix for your virtual network
-		zone "icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net" {
-			type forward;
-			forwarders {168.63.129.16;}; # The Azure recursive resolver
-		};
+        zone "icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net" {
+            type forward;
+            forwarders {168.63.129.16;}; # The Azure recursive resolver
+        };
 
     > [!IMPORTANT]  
     > You must replace the `icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net` with the DNS suffix you retrieved earlier.
@@ -250,9 +252,9 @@ A conditional forward only forwards requests for a specific DNS suffix. In this
 The following text is an example of a conditional forwarder configuration for the **Bind** DNS software:
 
     zone "icb0d0thtw0ebifqt0g1jycdxd.ex.internal.cloudapp.net" {
-		type forward;
-		forwarders {10.0.0.4;}; # The custom DNS server's internal IP address
-	};
+        type forward;
+        forwarders {10.0.0.4;}; # The custom DNS server's internal IP address
+    };
 
 For information on using DNS on **Windows Server 2016**, see the [Add-DnsServerConditionalForwarderZone](https://technet.microsoft.com/itpro/powershell/windows/dnsserver/add-dnsserverconditionalforwarderzone) documentation...
 
@@ -301,25 +303,25 @@ To directly connect to HDInsight through the virtual network, use the following
 
 1. To discover the internal fully qualified domain names of the HDInsight cluster nodes, use one of the following methods:
 
-	```powershell
-	$resourceGroupName = "The resource group that contains the virtual network used with HDInsight"
-
-	$clusterNICs = Get-AzNetworkInterface -ResourceGroupName $resourceGroupName | where-object {$_.Name -like "*node*"}
-
-	$nodes = @()
-	foreach($nic in $clusterNICs) {
-		$node = new-object System.Object
-		$node | add-member -MemberType NoteProperty -name "Type" -value $nic.Name.Split('-')[1]
-		$node | add-member -MemberType NoteProperty -name "InternalIP" -value $nic.IpConfigurations.PrivateIpAddress
-		$node | add-member -MemberType NoteProperty -name "InternalFQDN" -value $nic.DnsSettings.InternalFqdn
-		$nodes += $node
-	}
-	$nodes | sort-object Type
-	```
-
-	```azurecli
-	az network nic list --resource-group <resourcegroupname> --output table --query "[?contains(name,'node')].{NICname:name,InternalIP:ipConfigurations[0].privateIpAddress,InternalFQDN:dnsSettings.internalFqdn}"
-	```
+    ```powershell
+    $resourceGroupName = "The resource group that contains the virtual network used with HDInsight"
+
+    $clusterNICs = Get-AzNetworkInterface -ResourceGroupName $resourceGroupName | where-object {$_.Name -like "*node*"}
+
+    $nodes = @()
+    foreach($nic in $clusterNICs) {
+        $node = new-object System.Object
+        $node | add-member -MemberType NoteProperty -name "Type" -value $nic.Name.Split('-')[1]
+        $node | add-member -MemberType NoteProperty -name "InternalIP" -value $nic.IpConfigurations.PrivateIpAddress
+        $node | add-member -MemberType NoteProperty -name "InternalFQDN" -value $nic.DnsSettings.InternalFqdn
+        $nodes += $node
+    }
+    $nodes | sort-object Type
+    ```
+
+    ```azurecli
+    az network nic list --resource-group <resourcegroupname> --output table --query "[?contains(name,'node')].{NICname:name,InternalIP:ipConfigurations[0].privateIpAddress,InternalFQDN:dnsSettings.internalFqdn}"
+    ```
 
 2. To determine the port that a service is available on, see the [Ports used by Apache Hadoop services on HDInsight](./hdinsight-hadoop-port-settings-for-services.md) document.
 

articles/hdinsight/connect-on-premises-network.md

@@ -54,7 +54,7 @@ cluster.
 * When you want to isolate different parts of the storage for reasons of security, or to simplify
 administration.
 
-For a 48-node cluster, we recommend 4 to 8 storage accounts. Although there may already be sufficient total storage, each storage account provides additional networking bandwidth for the compute nodes. When you have multiple storage accounts, use a random name for each storage account, without a prefix. The purpose of random naming is reducing the chance of storage bottlenecks (throttling) or common-mode failures across all accounts. For better performance, use only one container per storage account.
+For better performance, use only one container per storage account.
 
 ## Choose a cluster type