Merge pull request #101502 from MicrosoftDocs/master

Merge Master to Live, 3 AM

Author: PMEds28

.openpublishing.redirection.json

@@ -39782,9 +39782,29 @@
     },
     {
       "source_path": "articles/application-insights/app-insights-troubleshoot-faq.md",
-      "redirect_url": "/azure/azure-monitor/app/troubleshoot-faq",
+      "redirect_url": "/azure/azure-monitor/faq",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/azure-monitor/app/troubleshoot-faq.md",
+      "redirect_url": "/azure/azure-monitor/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/platform/log-faq.md",
+      "redirect_url": "/azure/azure-monitor/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/insights/container-insights-faq.md",
+      "redirect_url": "/azure/azure-monitor/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-monitor/insights/vminsights-faq.md",
+      "redirect_url": "/azure/azure-monitor/faq",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/application-insights/app-insights-usage-cohorts.md",
       "redirect_url": "/azure/azure-monitor/app/usage-cohorts",
@@ -41085,6 +41105,11 @@
       "redirect_url": "/azure/hdinsight/hadoop/apache-hadoop-use-pig-ssh",
       "redirect_document_id": false
     },
+    {
+        "source_path": "articles/cognitive-services/LUIS/sdk-csharp-3x.md",
+        "redirect_url": "/azure/cognitive-services/LUIS/sdk-authoring.md",
+        "redirect_document_id": true
+      },
     {
       "source_path": "articles/cognitive-services/LUIS/luis-reference-faq.md",
       "redirect_url": "/azure/cognitive-services/LUIS/troubleshooting",

articles/active-directory/cloud-provisioning/what-is-provisioning.md

@@ -45,9 +45,7 @@ The most common scenario would be, when a new employee joins your company, they
 
 ![cloud provisioning](media/what-is-provisioning/cloud3.png)
 
-App provisioning involves the provisioning of users and roles in the applications the user needs access to.  
-
-The most common scenario would be, when a user in Azure AD is provisioned into O365 or Salesforce.
+In Azure Active Directory (Azure AD), the term **[app provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning)** refers to automatically creating user identities and roles in the cloud applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into applications like [Dropbox](https://docs.microsoft.com/azure/active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial), [Salesforce](https://docs.microsoft.com/azure/active-directory/saas-apps/salesforce-provisioning-tutorial), [ServiceNow](https://docs.microsoft.com/azure/active-directory/saas-apps/servicenow-provisioning-tutorial), and more.
 
 ## Directory provisioning
 
@@ -62,4 +60,4 @@ This has been accomplished by Azure AD Connect sync, Azure AD Connect cloud prov
 ## Next steps 
 
 - [What is Azure AD Connect cloud provisioning?](what-is-cloud-provisioning.md)
-- [Install cloud provisioning](how-to-install.md)
+- [Install cloud provisioning](how-to-install.md)

articles/active-directory/conditional-access/TOC.yml

@@ -19,6 +19,8 @@
     href: concept-conditional-access-policy-common.md
   - name: Conditional Access policy components
     href: concept-conditional-access-policies.md
+  - name: Cloud apps and actions
+    href: concept-conditional-access-cloud-apps.md
   - name: Conditions
     href: conditions.md
   - name: Location conditions

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -0,0 +1,126 @@
+---
+title: Client apps in Conditional Access policy - Azure Active Directory
+description: 
+
+services: active-directory
+ms.service: active-directory
+ms.subservice: conditional-access
+ms.topic: conceptual
+ms.date: 01/10/2020
+
+ms.author: joflore
+author: MicrosoftGuyJFlo
+manager: daveba
+ms.reviewer: calebb
+
+ms.collection: M365-identity-device-management
+---
+# Conditional Access: Cloud apps and actions
+
+Cloud apps or actions is a key part of a Conditional Access policy. Conditional Access policies allow administrators to assign controls to specific applications or actions. 
+
+- Administrators can choose from the list of applications that include built-in Microsoft applications and any [Azure AD integrated applications](../manage-apps/what-is-application-management.md) including gallery, non-gallery, and applications published through [Application Proxy](../manage-apps/what-is-application-proxy.md).
+- Administrators may choose to define policy not based on a cloud application but on a user action. The only supported action is Register security information (preview), allowing Conditional Access to enforce controls around the [combined security information registration experience](../authentication/howto-registration-mfa-sspr-combined.md).
+
+![Define a Conditional Access policy and specify cloud apps](./media/concept-conditional-access-cloud-apps/conditional-access-define-policy-specify-cloud-apps.png)
+
+## Microsoft cloud applications
+
+Many of the existing Microsoft cloud applications are included in the list of applications you can select from. 
+
+Administrators can assign a Conditional Access policy to the following cloud apps from Microsoft. Some apps like the Office 365 (preview) and Microsoft Azure Management include multiple related child apps or services. The following list is not exhaustive and is subject to change.
+
+- [Office 365 (preview)](#office-365-preview)
+- Azure Analysis Services
+- Azure DevOps
+- [Azure SQL Database and Data Warehouse](../../sql-database/sql-database-conditional-access.md)
+- Dynamics CRM Online
+- Microsoft Application Insights Analytics
+- [Microsoft Azure Information Protection](https://docs.microsoft.com/azure/information-protection/faqs#i-see-azure-information-protection-is-listed-as-an-available-cloud-app-for-conditional-accesshow-does-this-work)
+- [Microsoft Azure Management](#microsoft-azure-management)
+- Microsoft Azure Subscription Management
+- Microsoft Cloud App Security
+- Microsoft Commerce Tools Access Control Portal
+- Microsoft Commerce Tools Authentication Service
+- Microsoft Flow
+- Microsoft Forms
+- Microsoft Intune
+- [Microsoft Intune Enrollment](https://docs.microsoft.com/intune/enrollment/multi-factor-authentication)
+- Microsoft Planner
+- Microsoft PowerApps
+- Microsoft Search in Bing
+- Microsoft StaffHub
+- Microsoft Stream
+- Microsoft Teams
+- Office 365 Exchange Online
+- Office 365 SharePoint Online
+- Office 365 Yammer
+- Office Delve
+- Office Sway
+- Outlook Groups
+- Power BI Service
+- Project Online
+- Skype for Business Online
+- Virtual Private Network (VPN)
+- Windows Defender ATP
+
+### Office 365 (preview)
+
+Office 365 provides cloud-based productivity and collaboration services like Exchange, SharePoint, and Microsoft Teams. Office 365 cloud services are deeply integrated to ensure smooth and collaborative experiences. This integration can cause confusion when creating policies as some apps such as Microsoft Teams have dependencies on others such as SharePoint or Exchange.
+
+The Office 365 (preview) app makes it possible to target these services all at once. We recommend using the new Office 365 (preview) app, instead of targeting individual cloud apps. Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.
+
+Administrators can choose to exclude specific apps from policy if they wish by including the Office 365 (preview) app and excluding the specific apps of their choice in policy.
+
+Key applications that are included in the Office 365 (preview) client app:
+
+   - Microsoft Flow
+   - Microsoft Forms
+   - Microsoft Office 365 Portal
+   - Microsoft Stream
+   - Microsoft To-Do
+   - Microsoft Teams
+   - Office 365 Exchange Online
+   - Office 365 SharePoint Online
+   - Office 365 Search Service
+   - Office 365 Yammer
+   - Office Delve
+   - Office Online
+   - OneDrive
+   - PowerApps
+   - Skype for Business Online
+   - Sway
+
+### Microsoft Azure Management
+
+The Microsoft Azure Management application includes multiple underlying services. 
+
+   - Azure portal
+   - Azure Resource Manager provider
+   - Classic deployment model APIs
+   - Azure PowerShell
+   - Visual Studio subscriptions administrator portal
+   - Azure DevOps
+   - Azure Data Factory portal
+
+> [!NOTE]
+> The Microsoft Azure Management application applies to Azure PowerShell, which calls the Azure Resource Manager API. It does not apply to Azure AD PowerShell, which calls Microsoft Graph.
+
+## Other applications
+
+In addition to the Microsoft apps, administrators can add any Azure AD registered application to Conditional Access policies. These applications may include: 
+
+- Applications published through [Azure AD Application Proxy](../manage-apps/what-is-application-proxy.md)
+- [Applications added from the gallery](../manage-apps/add-application-portal.md)
+- [Custom applications not in the gallery](../manage-apps/add-non-gallery-app.md)
+- [Legacy applications published through app delivery controllers and networks](../manage-apps/secure-hybrid-access.md)
+
+## User actions
+
+User actions are tasks that can be performed by a user. The only currently supported action is **Register security information (preview)**, which allows Conditional Access policy to enforce when users who are enabled for combined registration attempt to register their security information. More information can be found in the article, [Combined security information registration (preview)](../authentication/concept-registration-mfa-sspr-combined.md).
+
+## Next steps
+
+- [Conditional Access policy components](concept-conditional-access-policies.md)
+- [Client application dependencies](service-dependencies.md)
+- [Microsoft Intune: Require MFA for device enrollment](https://docs.microsoft.com/intune/enrollment/multi-factor-authentication)

articles/active-directory/conditional-access/media/concept-conditional-access-cloud-apps/conditional-access-define-policy-specify-cloud-apps.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/27/2019
+ms.date: 01/16/2020
 ms.author: ryanwi
 ms.reviewer: hirsin
 ms.custom: aaddev, identityplatformtop40
@@ -78,7 +78,7 @@ This list shows the claims that are in most id_tokens by default (except where n
 |`rh` | Opaque String |An internal claim used by Azure to revalidate tokens. Should be ignored. |
 |`sub` | String, a GUID | The principal about which the token asserts information, such as the user of an app. This value is immutable and cannot be reassigned or reused. The subject is a pairwise identifier - it is unique to a particular application ID. If a single user signs into two different apps using two different client IDs, those apps will receive two different values for the subject claim. This may or may not be wanted depending on your architecture and privacy requirements. |
 |`tid` | String, a GUID | A GUID that represents the Azure AD tenant that the user is from. For work and school accounts, the GUID is the immutable tenant ID of the organization that the user belongs to. For personal accounts, the value is `9188040d-6c67-4c5b-b112-36a304b66dad`. The `profile` scope is required to receive this claim. |
-|`unique_name` | String | Provides a human readable value that identifies the subject of the token. This value isn't guaranteed to be unique within a tenant and should be used only for display purposes. Only issued in v1.0 `id_tokens`. |
+|`unique_name` | String | Provides a human readable value that identifies the subject of the token. This value is unique at any given point in time, but as emails and other identifiers can be reused, this value can reappear on other accounts, and should therefore be used only for display purposes. Only issued in v1.0 `id_tokens`. |
 |`uti` | Opaque String | An internal claim used by Azure to revalidate tokens. Should be ignored. |
 |`ver` | String, either 1.0 or 2.0 | Indicates the version of the id_token. |
 

articles/active-directory/develop/id-tokens.md

@@ -155,6 +155,9 @@ If some of your domain-joined devices are Windows downlevel devices, you must:
 - Configure the local intranet settings for device registration
 - Install Microsoft Workplace Join for Windows downlevel computers
 
+> [!NOTE]
+> Windows 7 support ended on January 14, 2020. For more information, [Support for Windows 7 has ended](https://support.microsoft.com/en-us/help/4057281/windows-7-support-ended-on-january-14-2020).
+
 ### Configure the local intranet settings for device registration
 
 To successfully complete hybrid Azure AD join of your Windows downlevel devices and to avoid certificate prompts when devices authenticate to Azure AD, you can push a policy to your domain-joined devices to add the following URLs to the local intranet zone in Internet Explorer:

articles/active-directory/devices/hybrid-azuread-join-federated-domains.md

@@ -133,6 +133,9 @@ If some of your domain-joined devices are Windows downlevel devices, you must:
 - Configure seamless SSO
 - Install Microsoft Workplace Join for Windows downlevel computers
 
+> [!NOTE]
+> Windows 7 support ended on January 14, 2020. For more information, [Support for Windows 7 has ended](https://support.microsoft.com/en-us/help/4057281/windows-7-support-ended-on-january-14-2020).
+
 ### Configure the local intranet settings for device registration
 
 To successfully complete hybrid Azure AD join of your Windows downlevel devices and to avoid certificate prompts when devices authenticate to Azure AD, you can push a policy to your domain-joined devices to add the following URLs to the local intranet zone in Internet Explorer:

articles/active-directory/devices/hybrid-azuread-join-managed-domains.md

@@ -61,7 +61,7 @@ For devices running the Windows desktop operating system, supported version are
 ### Windows down-level devices
 
 - Windows 8.1
-- Windows 7. For support information on Windows 7, see [Support for Windows 7 is ending](https://www.microsoft.com/microsoft-365/windows/end-of-windows-7-support).
+- Windows 7 support ended on January 14, 2020. For more information, see [Support for Windows 7 has ended](https://support.microsoft.com/en-us/help/4057281/windows-7-support-ended-on-january-14-2020).
 - Windows Server 2012 R2
 - Windows Server 2012
 - Windows Server 2008 R2. For support information on Windows Server 2008 and 2008 R2, see [Prepare for Windows Server 2008 end of support](https://www.microsoft.com/cloud-platform/windows-server-2008).