fixing conflicts

Author: Trevor Bye

.openpublishing.redirection.json

@@ -23,6 +23,7 @@ This article shows you how to enable sign-in for an ADFS user account by using [
 
 - Complete the steps in [Get started with custom policies in Azure Active Directory B2C](active-directory-b2c-get-started-custom.md).
 - Make sure that you have access to a certificate .pfx file with a private key. You can generate your own signed certificate and upload it to Azure AD B2C. Azure AD B2C uses this certificate to sign the SAML request sent to your SAML identity provider.
+- In order for Azure to accept the .pfx file password, the password must be encrypted with the TripleDES-SHA1 option in Windows Certificate Store Export utility as opposed to AES256-SHA256.
 
 ## Create a policy key
 

articles/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.md

@@ -40,7 +40,7 @@ The **B2C** category in audit logs contains the following types of activities:
 > For user object CRUD activities, refer to the **Core Directory** category.
 
 ## Example activity
-The example below shows the data captured when a user signs in with an external identity provider:
+The example below shows the data captured when a user signs in with an external identity provider:  
     ![Example of Audit Log Activity Details page in Azure portal](./media/active-directory-b2c-reference-audit-logs/audit-logs-example.png)
 
 The activity details panel contains the following relevant information:

articles/active-directory-b2c/active-directory-b2c-reference-audit-logs.md

@@ -42,7 +42,7 @@
     href: plan-conditional-access.md
   - name: Best practices
     href: best-practices.md
-  - name: Common policy templates
+  - name: Common Conditional Access policies
     items: 
     - name: Require MFA for administrators
       href: howto-conditional-access-policy-admin-mfa.md

articles/active-directory/conditional-access/TOC.yml

@@ -9,19 +9,16 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/08/2019
+ms.date: 08/20/2019
 ms.author: ajburnle
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---
 
 # Azure Active Directory deployment plans
-Looking for end-to-end guidance about how to deploy some of Azure Active Directory (Azure AD) capabilities? The following deployment plans walk through the business value, planning considerations, design, and operational procedures needed to successfully roll a few of the more common Azure AD capabilities. 
-
-Within the documents you will find e-mail templates, system architecture diagrams, common test cases, and more. 
-
-We'd love your feedback on the documents. Take this short [survey](https://aka.ms/deploymentplanfeedback) about how the documents worked for you. 
+Looking for end-to-end guidance on deploying Azure Active Directory (Azure AD) capabilities? Azure AD deployment plans walk you through the business value, planning considerations, and operational procedures needed to successfully deploy common Azure AD capabilities.
 
+From any of the plan pages, use your browser’s Print to PDF capability to create an up-to-date offline version of the documentation.
 ## Include the right stakeholders
 
 When beginning your deployment planning for a new capability, it’s important to include key stakeholders across your organization. We recommend that you identify and document the person or people who fulfill each of the following roles, and work with them to determine their involvement in the project.  
@@ -46,23 +43,43 @@ Roles might include the following
 - **C**ontributor to project plan and outcome 
 
 - **I**nformed of project plan and outcome
- 
-## Deployment Plans
 
 
+## Deploy authentication
 
-|Scenario |Description |
-|-|-|
-|[Multi-Factor Authentication](../authentication/howto-mfa-getstarted.md)|Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using admin-approved authentication methods, Azure MFA helps safeguard your access to data and applications, while meeting the demand for a simple sign-in process.|
-|[Conditional Access](https://aka.ms/deploymentplans/ca)|With Conditional Access, you can implement automated access control decisions for who can access your cloud apps, based on conditions.|
-|[Self-service password reset](https://aka.ms/deploymentplans/sspr)|Self-service password reset helps your users reset their password, without administrator intervention, when and where they need to.|
-|[Privileged Identity Management](https://aka.ms/deploymentplans/pim)|Azure AD Privileged Identity Management (PIM) helps you manage privileged administrative roles across Azure AD, Azure resources, and other Microsoft Online Services. PIM provides solutions like just-in-time access, request approval workflows, and fully integrated access reviews so you can identify, uncover, and prevent malicious activities of privileged roles in real time.|
-|[Single sign-on](https://aka.ms/deploymentplans/sso)|Single sign-on helps you access all the apps and resources you need to do business, while signing in only once, using a single user account. After you've signed in, you can go from Microsoft Office to SalesForce, to Box without being required to authenticate (for example, type a password) a second time.|
-|[Seamless SSO](https://aka.ms/SeamlessSSODPDownload)|Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. After you turn on this feature, users won't need to type in their passwords to sign in to Azure AD, and usually, won't even need to type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.|
-|[Access Panel](https://aka.ms/AccessPanelDPDownload)|Offer your users a simple hub to discover and access all their applications. Enable them to be more productive with self-service capabilities, such as the ability to request access to new apps and groups, or manage access to these resources on behalf of others.|
-|[ADFS to Password Hash Sync](https://aka.ms/deploymentplans/adfs2phs)|With Password Hash Synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, letting Azure AD to authenticate users with no interaction with the on-premises Active Directory|
-|[ADFS to Pass Through Authentication](https://aka.ms/deploymentplans/adfs2pta)|Azure AD Pass-through Authentication helps your users sign in to both on-premises and cloud-based applications, using the same passwords. This feature provides your users a better experience - one less password to remember, and reduces IT helpdesk costs because your users are less likely to forget how to sign in. When people sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.|
-|[Azure AD Application Proxy](https://aka.ms/deploymentplans/appproxy)|Employees today want to be productive at any place, at any time, and from any device. They want to work on their own devices, whether they are tablets, phones, or laptops. And employees expect to be able to access all their applications, both SaaS apps in the cloud and corporate apps on-premises. Providing access to on-premises applications has traditionally involved virtual private networks (VPNs) or demilitarized zones (DMZs). Not only are these solutions complex and hard to make secure, but they are costly to set up and manage. There is a better way! - Azure AD Application Proxy|
-|[User provisioning](https://aka.ms/UserProvisioningDPDownload)|Azure AD helps you automate the creation, maintenance, and removal of user identities in cloud (SaaS) applications, such as Dropbox, Salesforce, ServiceNow, and more.|
-|[Workday-driven Inbound User Provisioning](https://aka.ms/WorkdayDeploymentPlan)|Workday-driven Inbound User Provisioning to Active Directory creates a foundation for ongoing identity governance and enhances the quality of business processes that rely on authoritative identity data. Using this feature, you can seamlessly manage the identity lifecycle of employees and contingent workers by configuring rules that map Joiner-Mover-Leaver processes (such as New Hire, Terminate, Transfer) to IT provisioning actions (such as Create, Enable, Disable, Delete accounts).|
-|[Reporting and Monitoring](https://aka.ms/deploymentplans/reporting)| The design of your Azure AD reporting and monitoring solution depends on your legal, security, and operational requirements as well as your existing environment and processes. This article presents the various design options and guides you to the right deployment strategy.|
+| Capability | Description|
+| -| -|
+| [Multi-Factor Authentication](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted)| Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using admin-approved authentication methods, Azure MFA helps safeguard access to your data and applications while meeting the demand for a simple sign-in process. |
+| [Conditional Access](https://aka.ms/deploymentplans/ca)| With Conditional Access, you can implement automated access control decisions for who can access your cloud apps, based on conditions. |
+| [Self-service password reset](https://aka.ms/deploymentplans/sspr)| Self-service password reset helps your users reset their passwords without administrator intervention, when and where they need to. |
+
+## Deploy application management
+
+| Capability | Description|
+| -| - |
+| [Single sign-on](https://aka.ms/deploymentplans/sso)| Single sign-on helps your users access the apps and resources they need to do business while signing in only once. After they've signed in, they can go from Microsoft Office to SalesForce to Box to internal applications without being required to enter credentials a second time. |
+| [Access panel](https://aka.ms/deploymentplans/accesspanel)| Offer your users a simple hub to discover and access all their applications. Enable them to be more productive with self-service capabilities, like requesting access to apps and groups, or managing access to resources on behalf of others. |
+
+
+## Deploy hybrid scenarios
+
+| Capability | Description|
+| -| -|
+| [ADFS to Password Hash Sync](https://aka.ms/deploymentplans/adfs2phs)| With Password Hash Synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, letting Azure AD authenticate users with no interaction with the on-premises Active Directory |
+| [ADFS to Pass Through Authentication](https://aka.ms/deploymentplans/adfs2pta)| Azure AD Pass-through Authentication helps your users sign in to both on-premises and cloud-based applications using the same passwords. This feature provides users with a better experience - one less password to remember - and reduces IT helpdesk costs because users are less likely to forget how to sign in. When people sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory. |
+| [Azure AD Application Proxy](https://aka.ms/deploymentplans/appproxy)| Employees today want to be productive at any place, at any time, and from any device. They need to access SaaS apps in the cloud and corporate apps on-premises. Azure AD Application proxy enables this robust access without costly and complex virtual private networks (VPNs) or demilitarized zones (DMZs). |
+| [Seamless SSO](https://aka.ms/SeamlessSSODPDownload)| Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. With this feature, users won't need to type in their passwords to sign in to Azure AD and usually won't need to enter their usernames. This feature provides authorized users with easy access to your cloud-based applications without needing any additional on-premises components. |
+
+## Deploy user provisioning
+
+| Capability | Description|
+| -| -|
+| [User provisioning](https://aka.ms/UserProvisioningDPDownload)| Azure AD helps you automate the creation, maintenance, and removal of user identities in cloud (SaaS) applications, such as Dropbox, Salesforce, ServiceNow, and more. |
+| [Workday-driven Inbound User Provisioning](https://aka.ms/WorkdayDeploymentPlan)| Workday-driven Inbound User Provisioning to Active Directory creates a foundation for ongoing identity governance and enhances the quality of business processes that rely on authoritative identity data. Using this feature, you can seamlessly manage the identity lifecycle of employees and contingent workers by configuring rules that map Joiner-Mover-Leaver processes (such as New Hire, Terminate, Transfer) to IT provisioning actions (such as Create, Enable, Disable) |
+
+## Deploy governance and reporting
+
+| Capability | Description|
+| -| -|
+| [Privileged Identity Management](https://aka.ms/deploymentplans/pim)| Azure AD Privileged Identity Management (PIM) helps you manage privileged administrative roles across Azure AD, Azure resources, and other Microsoft Online Services. PIM provides solutions like just-in-time access, request approval workflows, and fully integrated access reviews so you can identify, uncover, and prevent malicious activities of privileged roles in real time. |
+| [Reporting and Monitoring](https://aka.ms/deploymentplans/reporting)| The design of your Azure AD reporting and monitoring solution depends on your legal, security, and operational requirements as well as your existing environment and processes. This article presents the various design options and guides you to the right deployment strategy. |

articles/active-directory/fundamentals/active-directory-deployment-plans.md

@@ -110,7 +110,7 @@ For more information, see [What's new for authentication?](https://docs.microsof
 
 Azure AD customers can now set policies to manage FIDO2 security keys for their organization's users and groups. End-users can also self-register their security keys, use the keys to sign in to their Microsoft accounts on web sites while on FIDO-capable devices, as well as sign in to their Azure AD-joined Windows 10 devices.
 
-For more information, see [Enable passwordless sign in for Azure AD (preview)](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-enable) for administrator-related information, and [Set up security info to use a security key (Preview)](https://docs.microsoft.com/azure/active-directory/user-help/security-info-setup-security-key) for end-user-related information.
+For more information, see [Enable passwordless sign in for Azure AD (preview)](/azure/active-directory/authentication/concept-authentication-passwordless) for administrator-related information, and [Set up security info to use a security key (Preview)](https://docs.microsoft.com/azure/active-directory/user-help/security-info-setup-security-key) for end-user-related information.
 
 ---
 

articles/active-directory/fundamentals/whats-new.md

@@ -37,7 +37,7 @@ During installation, you can select the server to be in **staging mode**. This a
 
 You can still force an export by using the synchronization service manager.
 
-A server in staging mode continues to receive changes from Active Directory and Azure AD. It always has a copy of the latest changes and can very fast take over the responsibilities of another server. If you make configuration changes to your primary server, it is your responsibility to make the same changes to the server in staging mode.
+A server in staging mode continues to receive changes from Active Directory and Azure AD and can quickly take over the responsibilities of another server in the event of a failure. If you make configuration changes to your primary server, it is your responsibility to make the same changes to the server in staging mode.
 
 For those of you with knowledge of older sync technologies, the staging mode is different since the server has its own SQL database. This architecture allows the staging mode server to be located in a different datacenter.
 

articles/active-directory/hybrid/how-to-connect-sync-staging-server.md

@@ -98,7 +98,7 @@ The BitAnd function sets specified bits on a value.
 **Remarks:**  
 This function converts both parameters to the binary representation and sets a bit to:
 
-* 0 - if one or both of the corresponding bits in *mask* and *flag* are 0
+* 0 - if one or both of the corresponding bits in *value1* and *value2* are 0
 * 1 - if both of the corresponding bits are 1.
 
 In other words, it returns 0 in all cases except when the corresponding bits of both parameters are 1.
@@ -129,7 +129,7 @@ The CBool function returns a Boolean based on the evaluated expression
 `bool CBool(exp Expression)`
 
 **Remarks:**  
-If the expression evaluates to a nonzero value, then CBool returns True, else it returns False.
+If the expression evaluates to a non-zero value, then CBool returns True, else it returns False.
 
 **Example:**  
 `CBool([attrib1] = [attrib2])`  

articles/active-directory/hybrid/reference-connect-sync-functions-reference.md

@@ -73,3 +73,8 @@ We also run this detection for basic authentication (or legacy protocols). Becau
 **Old name:** This detection will be shown in the legacy Azure AD Identity Protection reports (Users flagged for risk, Risk events) as ‘Users with leaked credentials’
 
 This risk event type indicates user activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft’s internal and external threat intelligence sources.
+
+## Admin confirmed user compromised
+
+**Detection Type:** Offline <br>
+This detection indicates an admin has selected ‘Confirm user compromised’ in the Risky users UI or using riskyUsers API. To see which admin has confirmed this user compromised, check the user’s risk history (via UI or API).

articles/active-directory/identity-protection/risk-events-reference.md

@@ -58,7 +58,7 @@ Refer to the following list to configure managed identity for Azure Virtual Mach
 | Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet |
 | --- | --- | --- | --- | --- |
 | System assigned | Available | Available | Available | Available |
-| User assigned | Preview | Not available | Not available | Not available |
+| User assigned | Available | Not available | Not available | Not available |
 
 Refer to the following list to configure managed identity for Azure App Service (in regions where available):
 
@@ -84,7 +84,7 @@ Refer to the following list to use a managed identity with [Azure Blueprints](..
 Managed identity type |All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet |
 | --- | --- | --- | --- | --- |
 | System assigned | Available | Available | Available | Available |
-| User assigned | Preview | Not available | Not available | Not available |
+| User assigned | Available | Not available | Not available | Not available |
 
 Refer to the following list to configure managed identity for Azure Functions (in regions where available):