Merge pull request #79380 from MicrosoftDocs/master

Merge master to live 2:31 AM

Author: American-Dipper

articles/active-directory/privileged-identity-management/media/azure-ad-pim-approval-workflow/image021.png

@@ -11,54 +11,60 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: pim
-ms.date: 02/14/2017
+ms.date: 06/10/2019
 ms.author: rolyon
 ms.custom: pim
 
 ms.collection: M365-identity-device-management
 ---
 # View audit history for Azure AD roles in PIM
-You can use the Azure Active Directory (Azure AD) Privileged Identity Management (PIM) audit history to see all the user assignments and activations within a given time period for all privileged roles. If you want to see the full audit history of activity in your tenant, including administrator, end user, and synchronization activity, you can use the [Azure Active Directory access and usage reports.](../reports-monitoring/overview-reports.md)
 
-## Navigate to audit history
-From the [Azure portal](https://portal.azure.com) dashboard, select the **Azure AD Privileged Identity Management** app. From there, access the audit history by clicking **Manage privileged roles** > **Audit history** in the PIM dashboard.
+You can use the Azure Active Directory (Azure AD) Privileged Identity Management (PIM) audit history to see all the role assignments and activations within the past 30 days for all privileged roles. If you want to see the full audit history of activity in your directory, including administrator, end user, and synchronization activity, you can use the [Azure Active Directory security and activity reports](../reports-monitoring/overview-reports.md).
 
-![Audit history](media/azure-ad-pim-approval-workflow/image021.png)
+## View audit history
 
-> [!NOTE]
-> You can sort the data by Action, and look for “Activation Approved”
+Follow these steps to view the audit history for Azure AD roles.
 
+1. Sign in to [Azure portal](https://portal.azure.com/) with a user that is a member of the [Privileged Role Administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role.
 
-## Audit history graph
-You can use the audit history to view the total activations, max activations per day, and average activations per day in a line graph.  You can also filter the data by role if there is more than one role in the audit history.
+1. Open **Azure AD Privileged Identity Management**.
 
-Use the **time**, **action**, and **role** buttons to sort the history.
+1. Click **Azure AD roles**.
 
-## Audit history list
-The columns in the audit history list are:
+1. Click **Directory roles audit history**.
 
-* **Requestor** - the user who requested the role activation or change.  If the value is "Azure System", check the Azure audit history for more information.
-* **User** - the user who is activating or assigned to a role.
-* **Role** - the role assigned or activated by the user.
-* **Action** - the actions taken by the requestor. This can include assignment, unassignment, activation, or deactivation.
-* **Time** - when the action occurred.
-* **Reasoning** - if any text was entered into the reason field during activation, it will show up here.
-* **Expiration** - only relevant for activation of roles.
+    Depending on your audit history, a column chart is displayed along with the total activations, max activations per day, and average activations per day.
+
+    ![Directory roles audit history](media/pim-how-to-use-audit-log/directory-roles-audit-history.png)
+
+    At the bottom of the page, a table is displayed with information about each action in the available audit history. The columns have the following meanings:
+
+    | Column | Description |
+    | --- | --- |
+    | Time | When the action occurred. |
+    | Requestor | User who requested the role activation or change. If the value is **Azure System**, check the Azure audit history for more information. |
+    | Action | Actions taken by the requestor. Actions can include Assign, Unassign, Activate, Deactivate, or AddedOutsidePIM. |
+    | Member | User who is activating or assigned to a role. |
+    | Role | Role assigned or activated by the user. |
+    | Reasoning | Text that was entered into the reason field during activation. |
+    | Expiration | When an activated role expires. Applies only to eligible role assignments. |
+
+1. To sort the audit history, click the **Time**, **Action**, and **Role** buttons.
 
 ## Filter audit history
-You can filter the information that shows up in the audit history by clicking the **Filter** button.  The **Update chart parameters blade** will appear.
 
-After you set the filters, click **Update** to filter the data in the history.  If the data doesn't appear right away, refresh the page.
+1. At the top of the audit history page, click the **Filter** button.
+
+    The **Update chart parameters** pane appears.
+
+1. In **Time range**, select a time range.
 
-### Change the date range
-Use the **Today**, **Past Week**, **Past Month**, or **Custom** buttons to change the time range of the audit history.
+1. In **Roles**, add checkmarks for the roles you want to view.
 
-When you choose the **Custom** button, you will be given a **From** date field and a **To** date field to specify a range of dates for the history.  You can either enter the dates in MM/DD/YYYY format or click on the **calendar** icon and choose the date from a calendar.
+    ![Update chart parameters pane](media/pim-how-to-use-audit-log/update-chart-parameters.png)
 
-### Change the roles included in the history
-Check or uncheck the **Role** checkbox next to each role to include or exclude it from the history.
+1. Click **Done** to view the filtered audit history.
 
-<!--Every topic should have next steps and links to the next logical set of content to keep the customer engaged-->
 ## Next steps
 
 - [View activity and audit history for Azure resource roles in PIM](azure-pim-resource-rbac.md)

articles/active-directory/privileged-identity-management/media/pim-how-to-use-audit-log/directory-roles-audit-history.png

@@ -476,9 +476,7 @@ App Service for Linux supports two runtimes for managed hosting of Java web appl
 
 ### JDK versions and maintenance
 
-Azure's supported Java Development Kit (JDK) is [Zulu](https://www.azul.com/downloads/azure-only/zulu/) provided through [Azul Systems](https://www.azul.com/).
-
-Major version updates will be provided through new runtime options in Azure App Service for Linux. Customers update to these newer versions of Java by configuring their App Service deployment and are responsible for testing and ensuring the major update meets their needs.
+Azul Zulu Enterprise builds of OpenJDK are a no-cost, multi-platform, production-ready distribution of the OpenJDK for Azure and Azure Stack backed by Microsoft and Azul Systems. They contain all the components for building and running Java SE applications. You can install the JDK from [Java JDK Installation](https://aka.ms/azure-jdks).
 
 Supported JDKs are automatically patched on a quarterly basis in January, April, July, and October of each year.
 
@@ -490,18 +488,6 @@ Patches and fixes for major security vulnerabilities will be released as soon as
 
 If a supported Java runtime will be retired, Azure developers using the affected runtime will be given a deprecation notice at least six months before the runtime is retired.
 
-### Local development
-
-Developers can download the Production Edition of Azul Zulu Enterprise JDK for local development from [Azul's download site](https://www.azul.com/downloads/azure-only/zulu/).
-
-### Development support
-
-Product support for the [Azure-supported Azul Zulu JDK](https://www.azul.com/downloads/azure-only/zulu/) is available through when developing for Azure or [Azure Stack](https://azure.microsoft.com/overview/azure-stack/) with a [qualified Azure support plan](https://azure.microsoft.com/support/plans/).
-
-### Runtime support
-
-Developers can [open an issue](/azure/azure-supportability/how-to-create-azure-support-request) with the Azul Zulu JDKs through Azure Support if they have a [qualified support plan](https://azure.microsoft.com/support/plans/).
-
 ## Next steps
 
 Visit the [Azure for Java Developers](/java/azure/) center to find Azure quickstarts, tutorials, and Java reference documentation.

articles/active-directory/privileged-identity-management/media/pim-how-to-use-audit-log/update-chart-parameters.png

@@ -0,0 +1,148 @@
+---
+title: Azure Monitor - Azure Application Insights override default SDK endpoints | Microsoft Docs
+description: Modify default Azure Application Insights SDK endpoints for regions like Azure Government.
+services: application-insights
+author: mrbullwinkle
+manager: carmonm
+ms.assetid: 3b722e47-38bd-4667-9ba4-65b7006c074c
+ms.service: application-insights
+ms.workload: tbd
+ms.tgt_pltfrm: ibiza
+ms.topic: conceptual
+ms.date: 06/10/2019
+ms.author: mbullwin
+---
+
+ # Application Insights overriding default endpoints
+
+To send data from Application Insights to certain regions, you'll need to override the default endpoint addresses. Each SDK requires slightly different modifications, all of which are described in this article. These changes require adjusting the sample code and replacing the placeholder values for `QuickPulse_Endpoint_Address`, `TelemetryChannel_Endpoint_Address`, and `Profile_Query_Endpoint_address` with the actual endpoint addresses for your specific region. The end of this article contains links to the endpoint addresses for regions where this configuration is required.
+
+## SDK code changes
+
+### .NET with applicationinsights.config
+
+```xml
+<ApplicationInsights>
+  ...
+  <TelemetryModules>
+    <Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.QuickPulse.QuickPulseTelemetryModule, Microsoft.AI.PerfCounterCollector">
+      <QuickPulseServiceEndpoint>Custom_QuickPulse_Endpoint_Address</QuickPulseServiceEndpoint>
+    </Add>
+  </TelemetryModules>
+    ...
+  <TelemetryChannel>
+     <EndpointAddress>TelemetryChannel_Endpoint_Address</EndpointAddress>
+  </TelemetryChannel>
+  ...
+  <ApplicationIdProvider Type="Microsoft.ApplicationInsights.Extensibility.Implementation.ApplicationId.ApplicationInsightsApplicationIdProvider, Microsoft.ApplicationInsights">
+    <ProfileQueryEndpoint>Profile_Query_Endpoint_address</ProfileQueryEndpoint>
+  </ApplicationIdProvider>
+  ...
+</ApplicationInsights>
+```
+
+### .NET Core
+
+Modify the appsettings.json file in your project as follows to adjust the main endpoint:
+
+```json
+"ApplicationInsights": {
+    "InstrumentationKey": "instrumentationkey",
+    "TelemetryChannel": {
+      "EndpointAddress": "TelemetryChannel_Endpoint_Address"
+    }
+  }
+```
+
+The values for Live Metrics and the Profile Query Endpoint can only be set via code. To override the default values for all endpoint values via code, make the following changes in the `ConfigureServices` method of the `Startup.cs` file:
+
+```csharp
+using Microsoft.ApplicationInsights.Extensibility.Implementation.ApplicationId;
+using Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.QuickPulse; //place at top of Startup.cs file
+
+   services.ConfigureTelemetryModule<QuickPulseTelemetryModule>((module, o) => module.QuickPulseServiceEndpoint="QuickPulse_Endpoint_Address");
+
+   services.AddSingleton(new ApplicationInsightsApplicationIdProvider() { ProfileQueryEndpoint = "Profile_Query_Endpoint_address" });
+
+   services.AddSingleton<ITelemetryChannel>(new ServerTelemetryChannel() { EndpointAddress = "TelemetryChannel_Endpoint_Address" });
+
+    //place in ConfigureServices method. If present, place this prior to   services.AddApplicationInsightsTelemetry("instrumentation key");
+```
+
+### Java
+
+Modify the applicationinsights.xml file to change the default endpoint address.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings">
+  <InstrumentationKey>ffffeeee-dddd-cccc-bbbb-aaaa99998888</InstrumentationKey>
+  <TelemetryModules>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebRequestTrackingTelemetryModule"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebSessionTrackingTelemetryModule"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebUserTrackingTelemetryModule"/>
+  </TelemetryModules>
+  <TelemetryInitializers>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationIdTelemetryInitializer"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationNameTelemetryInitializer"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebSessionTelemetryInitializer"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserTelemetryInitializer"/>
+    <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserAgentTelemetryInitializer"/>
+  </TelemetryInitializers>
+  <!--Add the following Channel value to modify the Endpoint address-->
+  <Channel type="com.microsoft.applicationinsights.channel.concrete.inprocess.InProcessTelemetryChannel">
+  <EndpointAddress>TelemetryChannel_Endpoint_Address</EndpointAddress>
+  </Channel>
+</ApplicationInsights>
+```
+
+### Spring Boot
+
+Modify the `application.properties` file and add:
+
+```yaml
+azure.application-insights.channel.in-process.endpoint-address= TelemetryChannel_Endpoint_Address
+```
+
+### Node.js
+
+```javascript
+var appInsights = require("applicationinsights");
+appInsights.setup('INSTRUMENTATION_KEY');
+appInsights.defaultClient.config.endpointUrl = "TelemetryChannel_Endpoint_Address"; // ingestion
+appInsights.defaultClient.config.profileQueryEndpoint = "Profile_Query_Endpoint_address"; // appid/profile lookup
+appInsights.defaultClient.config.quickPulseHost = "QuickPulse_Endpoint_Address"; //live metrics
+appInsights.Configuration.start();
+```
+
+The endpoints can also be configured through environment variables:
+
+```
+Instrumentation Key: “APPINSIGHTS_INSTRUMENTATIONKEY”
+Profile Endpoint: “Profile_Query_Endpoint_address”
+Live Metrics Endpoint: "QuickPulse_Endpoint_Address"
+```
+
+### JavaScript
+
+```javascript
+<script type="text/javascript">
+var sdkInstance="appInsightsSDK";window[sdkInstance]="appInsights";var aiName=window[sdkInstance],aisdk=window[aiName]||function(e){function n(e){i[e]=function(){var n=arguments;i.queue.push(function(){i[e].apply(i,n)})}}var i={config:e};i.initialize=!0;var a=document,t=window;setTimeout(function(){var n=a.createElement("script");n.src=e.url||"https://az416426.vo.msecnd.net/next/ai.2.min.js",a.getElementsByTagName("script")[0].parentNode.appendChild(n)});try{i.cookie=a.cookie}catch(e){}i.queue=[],i.version=2;for(var r=["Event","PageView","Exception","Trace","DependencyData","Metric","PageViewPerformance"];r.length;)n("track"+r.pop());n("startTrackPage"),n("stopTrackPage");var o="Track"+r[0];if(n("start"+o),n("stop"+o),!(!0===e.disableExceptionTracking||e.extensionConfig&&e.extensionConfig.ApplicationInsightsAnalytics&&!0===e.extensionConfig.ApplicationInsightsAnalytics.disableExceptionTracking)){n("_"+(r="onerror"));var s=t[r];t[r]=function(e,n,a,t,o){var c=s&&s(e,n,a,t,o);return!0!==c&&i["_"+r]({message:e,url:n,lineNumber:a,columnNumber:t,error:o}),c},e.autoExceptionInstrumented=!0}return i}
+(
+	{
+	instrumentationKey:"INSTRUMENTATION_KEY",
+	endpointUrl: "TelemetryChannel_Endpoint_Address"
+  }
+);
+window[aiName]=aisdk,aisdk.queue&&0===aisdk.queue.length&&aisdk.trackPageView({});
+</script>
+
+```
+
+## Regions that require endpoint modification
+
+Currently the only region that requires endpoint modifications is [Azure Government](https://docs.microsoft.com/azure/azure-government/documentation-government-services-monitoringandmanagement#application-insights).
+
+## Next step
+
+- To learn more about the custom modifications for Azure Government, consult the detailed guidance for [Azure monitoring and management](https://docs.microsoft.com/azure/azure-government/documentation-government-services-monitoringandmanagement#application-insights).

articles/active-directory/privileged-identity-management/pim-how-to-use-audit-log.md

@@ -10,7 +10,7 @@ ms.service: application-insights
 ms.workload: tbd
 ms.tgt_pltfrm: ibiza
 ms.topic: conceptual
-ms.date: 05/21/2019
+ms.date: 05/31/2019
 ms.author: mbullwin
 ---
 # IP addresses used by Application Insights and Log Analytics

articles/app-service/containers/configure-language-java.md

@@ -992,6 +992,8 @@
       href: app/nuget.md 
     - name: Platform support
       href: app/platforms.md
+    - name: Endpoint overrides
+      href: app/custom-endpoints.md
   - name: Application Insights data model
     items:
     - name: Overview

articles/azure-monitor/app/custom-endpoints.md

@@ -668,7 +668,7 @@ Result as below:
 +--------------------+-------+
 |2019-04-16T00:00:00Z|  false|
 +--------------------+-------+
-
+```
 
 That's it! Using Azure Databricks, you have successfully streamed data into Azure Event Hubs, consumed the stream data using the Event Hubs connector, and then run anomaly detection on streaming data in near real time.
 Although in this tutorial, the granularity is hourly, you can always change the granularity to meet your need. 

articles/azure-monitor/app/ip-addresses.md

@@ -18,6 +18,7 @@ The Speech SDK's **Compressed Audio Input Stream** API provides a way to stream
 
 > [!IMPORTANT]
 > Streaming compressed audio is only supported for C++, C#, and Java on Linux (Ubuntu 16.04, Ubuntu 18.04, Debian 9).
+> Speech SDK version 1.4.0 or higher is required.
 
 For wav/PCM see the mainline speech documentation.  Outside of wav/PCM, the following codec compressed input formats are supported: