Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ds-qsrt1721106

Author: davidsmatlak

articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md

@@ -36,7 +36,7 @@ Conditional Access policies are powerful tools, we recommend excluding the follo
 
 ## Create a Conditional Access policy
 
-The following steps will help create a Conditional Access policy to require those assigned administrative roles to perform multi-factor authentication.
+The following steps will help create a Conditional Access policy to require those with access to the [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management) app to perform multi-factor authentication.
 
 1. Sign in to the **Azure portal** as a global administrator, security administrator, or Conditional Access administrator.
 1. Browse to **Azure Active Directory** > **Security** > **Conditional Access**.

articles/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications.md

@@ -21,7 +21,7 @@ When you [add a gallery app](add-gallery-app.md) or a [non-gallery web app](add-
 > [!NOTE]
 > Adding a gallery app? Find step-by-step setup instructions in the [list of SaaS app tutorials](../saas-apps/tutorial-list.md)
 
-To configure SAML single sign-on for a non-gallery application without writing code, you need to have a subscription along with an Azure AD Premium license and the application must support SAML 2.0. For more information about Azure AD versions, visit [Azure AD pricing](https://azure.microsoft.com/pricing/details/active-directory/).
+To configure SAML single sign-on for a non-gallery application without writing code, you need to have an Azure AD subscription and the application must support SAML 2.0. For more information about Azure AD versions, visit [Azure AD pricing](https://azure.microsoft.com/pricing/details/active-directory/).
 
 ## Before you begin
 

articles/active-directory/users-groups-roles/roles-create-custom.md

@@ -135,6 +135,9 @@ $roleAssignment = New-AzureADMSRoleAssignment -ResourceScope $resourceScope -Rol
    }
     ```
 
+  > [!Note]
+  > The "templateId": "GUID" is an optional parameter being sent in the body depending on requirement. If you have a requirement for creating multiple different custom role with common parameters , it is best to create a template and define a templateId . You can generate a templateId beforehand using the powershell cmdlet (New-Guid).Guid . 
+
 1. Create the role assignment.
 
     HTTP request to create a custom role definition.
@@ -155,6 +158,7 @@ $roleAssignment = New-AzureADMSRoleAssignment -ResourceScope $resourceScope -Rol
    }
     ```
 
+
 ## Assign a custom role scoped to a resource
 
 Like built-in roles, custom roles are assigned by default at the default organization-wide scope to grant access permissions over all app registrations in your organization. But unlike built-in roles, custom roles can also be assigned at the scope of a single Azure AD resource. This allows you to give the user the permission to update credentials and basic properties of a single app without having to create a second custom role.

articles/azure-arc/kubernetes/use-gitops-connected-cluster.md

@@ -27,7 +27,7 @@ This getting started guide will walk you through applying a set of configuration
 
 ## Create a configuration
 
-- Example repository: <https://github.com/slack/cluster-config>
+- Example repository: <https://github.com/Azure/arc-k8s-demo>
 
 The example repository is structured around the persona of a cluster operator who would like to provision a few namespaces, deploy a common workload, and provide some team-specific configuration. Using this repository creates the following resources on your cluster:
 

articles/batch/TOC.yml

@@ -91,6 +91,12 @@
       href: batch-aad-auth-management.md
     - name: Securely access Key Vault with Batch
       href: credential-access-key-vault.md
+
+    - name: Using certificates with Batch
+      href: batch-certificates.md
+  - name: Using application packages
+    href: batch-application-packages.md
+
   - name: Copy files and applications to pool nodes
     items: 
     - name: Copying applications and data to pool nodes

articles/batch/batch-certificates.md

@@ -0,0 +1,41 @@
+---
+title: Using certificates - Azure Batch
+description: Use certificates to enable authentication of applications
+services: batch
+documentationcenter: .net
+author: LauraBrenner
+manager: evansma
+editor: ''
+
+ms.assetid: 63d9d4f1-8521-4bbb-b95a-c4cad73692d3
+ms.service: batch
+ms.topic: article
+ms.tgt_pltfrm: 
+ms.workload: big-compute
+ms.date: 02/17/2020
+ms.author: labrenne
+ms.custom: seodec18
+
+---
+# Using certificates with Batch
+
+Currently the main reason to use certificates with Batch is if you have applications running in Pools that need to authenticate with an endpoint. 
+
+If you don't already have a certificate, you can create a self-signed certificate using the
+`makecert` command-line tool.
+
+## Upload certificates manually through the Azure portal
+
+1. From the Batch account you want to upload a certificate to, select **Certificates** and then select **Add**. 
+
+2. Upload the certificate with a .pfx or .cer extension. 
+
+Once uploaded, the certificate is added to a list of certificates, and you can verify the thumbprint.
+
+Now when you create a Batch pool, you can navigate to Certificates within the pool and assign the certificate you uploaded to that pool.
+
+## Next steps
+
+Batch has a certificate API, [AZ batch certificate create](https://docs.microsoft.com/cli/azure/batch/certificate?view=azure-cli-latest#az-batch-certificate-create)
+
+For information on using Key Vault, see [Securely access Key Vault with Batch](credential-access-key-vault.md).

articles/batch/media/certificates/certificate1.png

@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: New policy assignment with templates"
 description: In this quickstart, you use a Resource Manager template to create a policy assignment to identify non-compliant resources.
-ms.date: 03/16/2020
+ms.date: 05/21/2020
 ms.topic: quickstart
 ms.custom: subject-armqs
 ---
@@ -29,7 +29,7 @@ _Audit VMs that do not use managed disks_. For a partial list of available built
 
 The template used in this quickstart is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/).
 
-:::code language="json" source="~/quickstart-templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/azuredeploy.json" range="1-36" highlight="26-34":::
+:::code language="json" source="~/quickstart-templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/azuredeploy.json" range="1-30" highlight="20-28":::
 
 The resource defined in the template is:
 

articles/governance/policy/assign-policy-template.md

@@ -34,6 +34,20 @@ lightComponent.Destroy();
 lightComponent = null;
 ```
 
+```cpp
+// create a point light component
+ApiHandle<AzureSession> session = GetCurrentlyConnectedSession();
+
+ApiHandle<PointLightComponent> lightComponent = session->Actions()->CreateComponent(ObjectType::PointLightComponent, ownerEntity)->as<PointLightComponent>();
+
+// ...
+
+// destroy the component
+lightComponent->Destroy();
+lightComponent = nullptr;
+```
+
+
 A component is attached to an entity at creation time. It cannot be moved to another entity afterwards. Components are explicitly deleted with `Component.Destroy()` or automatically when the component's owner entity is destroyed.
 
 Only one instance of each component type may be added to an entity at a time.

articles/remote-rendering/concepts/components.md

@@ -36,6 +36,13 @@ CutPlaneComponent cutplane = (CutPlaneComponent)entity.FindComponentOfType(Objec
 CutPlaneComponent cutplane = entity.FindComponentOfType<CutPlaneComponent>();
 ```
 
+```cpp
+ApiHandle<CutPlaneComponent> cutplane = entity->FindComponentOfType(ObjectType::CutPlaneComponent)->as<CutPlaneComponent>();
+
+// or alternatively:
+ApiHandle<CutPlaneComponent> cutplane = *entity->FindComponentOfType<CutPlaneComponent>();
+```
+
 ### Querying transforms
 
 Transform queries are synchronous calls on the object. It is important to note that transforms queried through the API are local space transforms, relative to the object's parent. Exceptions are root objects, for which local space and world space are identical.
@@ -49,6 +56,13 @@ Double3 translation = entity.Position;
 Quaternion rotation = entity.Rotation;
 ```
 
+```cpp
+// local space transform of the entity
+Double3 translation = *entity->Position();
+Quaternion rotation = *entity->Rotation();
+```
+
+
 ### Querying spatial bounds
 
 Bounds queries are asynchronous calls that operate on a full object hierarchy, using one entity as a root. See the dedicated chapter about [object bounds](object-bounds.md).
@@ -74,6 +88,21 @@ metaDataQuery.Completed += (MetadataQueryAsync query) =>
 };
 ```
 
+```cpp
+ApiHandle<MetadataQueryAsync> metaDataQuery = *entity->QueryMetaDataAsync();
+metaDataQuery->Completed([](const ApiHandle<MetadataQueryAsync>& query)
+    {
+        if (query->IsRanToCompletion())
+        {
+            ApiHandle<ObjectMetaData> metaData = *query->Result();
+            ApiHandle<ObjectMetaDataEntry> entry = *metaData->GetMetadataByName("MyInt64Value");
+            int64_t intValue = *entry->AsInt64();
+
+            // ...
+        }
+    });
+```
+
 The query will succeed even if the object does not hold any metadata.
 
 ## Next steps