Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into us1679050bc

Author: TimShererWithAquent

.openpublishing.redirection.json

@@ -33097,47 +33097,47 @@
     },
     {
       "source_path": "articles/cognitive-services/Bing-Image-Search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/Bing-Image-Search/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Autosuggest/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-autosuggest/get-suggested-search-terms",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Custom-Search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/Bing-Custom-Search/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Entities-Search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-entities-search/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/bing-local-business-search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-local-business-search/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-News-Search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-news-search/search-the-web",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Spell-Check/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-spell-check/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Video-Search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-video-search/overview",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/bing-visual-search/index.yml",
-      "redirect_url": "/azure/cognitive-services/Bing-Web-Search",
+      "redirect_url": "/azure/cognitive-services/bing-visual-search/overview",
       "redirect_document_id": false
     },
     {
@@ -50271,6 +50271,11 @@
         "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-best-practices",
         "redirect_document_id": true
     },
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-best-practices-development.md",
+      "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-best-practices-development",
+      "redirect_document_id": true
+    },
     {
         "source_path": "articles/sql-data-warehouse/sql-data-warehouse-concept-recommendations.md",
         "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-concept-recommendations",
@@ -50384,6 +50389,16 @@
       "redirect_url": "/azure/active-directory/hybrid/choose-ad-authn",
 	  "redirect_document_id": true
     },
+	{
+	  "source_path": "articles/azure-monitor/app/opencensus-go.md",
+      "redirect_url": "/azure/azure-monitor/overview",
+      "redirect_document_id": false
+	},
+	{
+	  "source_path": "articles/azure-monitor/app/opencensus-local-forwarder.md",
+      "redirect_url": "/azure/azure-monitor/overview",
+      "redirect_document_id": false
+	},
     {
       "source_path": "articles/cognitive-services/Speech-Service/quickstart-voice-assistant-csharp-uwp.md",
       "redirect_url": "/azure/cognitive-services/speech-service/quickstarts/voice-assistants?pivots=programming-language-csharp&tabs=uwp"

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -27,8 +27,8 @@ If you encounter errors with the NPS extension for Azure Multi-Factor Authentica
 | **CLIENT_CERT_INSTALL_ERROR** | There may be an issue with how the client certificate was installed or associated with your tenant. Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert problems. |
 | **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and ADAL token problems. |
 | **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure MFA. Verify that your firewalls are open bidirectionally for traffic to and from https://adnotifications.windowsazure.com |
-| **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  https://adnotifications.windowsazure.com and https://login.microsoftonline.com/. If those sites don't load, troubleshoot connectivity on that server. |
-| **NPS Extension for Azure MFA:** <br> NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from https://adnotifications.windowsazure.com and https://login.microsoftonline.com using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
+| **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com/`. If those sites don't load, troubleshoot connectivity on that server. |
+| **NPS Extension for Azure MFA:** <br> NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com` using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
 | **REGISTRY_CONFIG_ERROR** | A key is missing in the registry for the application, which may be because the [PowerShell script](howto-mfa-nps-extension.md#install-the-nps-extension) wasn't run after installation. The error message should include the missing key. Make sure you have the key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa. |
 | **REQUEST_FORMAT_ERROR** <br> Radius Request missing mandatory Radius userName\Identifier attribute.Verify that NPS is receiving RADIUS requests | This error usually reflects an installation issue. The NPS extension must be installed in NPS servers that can receive RADIUS requests. NPS servers that are installed as dependencies for services like RDG and RRAS don't receive radius requests. NPS Extension does not work when installed over such installations and errors out since it cannot read the details from the authentication request. |
 | **REQUEST_MISSING_CODE** | Make sure that the password encryption protocol between the NPS and NAS servers supports the secondary authentication method that you're using. **PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, one-way text message, mobile app notification, and mobile app verification code. **CHAPV2** and **EAP** support phone call and mobile app notification. |

articles/active-directory/conditional-access/TOC.yml

@@ -58,22 +58,24 @@
     href: best-practices.md
   - name: Common Conditional Access policies
     items: 
+    - name: Block legacy authentication
+      href: howto-conditional-access-policy-block-legacy.md
     - name: Require MFA for administrators
       href: howto-conditional-access-policy-admin-mfa.md
     - name: Require MFA for Azure management
       href: howto-conditional-access-policy-azure-management.md
     - name: Require MFA for all users
       href: howto-conditional-access-policy-all-users-mfa.md
-    - name: Block legacy authentication
-      href: howto-conditional-access-policy-block-legacy.md
     - name: Risk-based Conditional Access
       href: howto-conditional-access-policy-risk.md
-    - name: Require trusted location for MFA registration
+    - name: Secure security info registration
       href: howto-conditional-access-policy-registration.md
     - name: Block access by location
       href: howto-conditional-access-policy-location.md
     - name: Require compliant devices
       href: howto-conditional-access-policy-compliant-device.md
+    - name: Block access
+      href: howto-conditional-access-policy-block-access.md
   - name: Block legacy authentication
     href: block-legacy-authentication.md
   - name: Require approved client apps

articles/active-directory/conditional-access/best-practices.md

@@ -24,7 +24,7 @@ With [Azure Active Directory (Azure AD) Conditional Access](../active-directory-
 
 This article assumes that you are familiar with the concepts and the terminology outlined in [What is Conditional Access in Azure Active Directory?](../active-directory-conditional-access-azure-portal.md)
 
-## What’s required to make a policy work?
+## What's required to make a policy work?
 
 When you create a new policy, there are no users, groups, apps, or access controls selected.
 
@@ -95,7 +95,7 @@ Because Office 365 apps are interconnected, we recommend assigning commonly used
 
 Common interconnected applications include Microsoft Flow, Microsoft Planner, Microsoft Teams, Office 365 Exchange Online, Office 365 SharePoint Online, and Office 365 Yammer.
 
-It is important for policies that require user interactions, like multi-factor authentication, when access is controlled at the beginning of a session or task. If you don’t, users won’t be able to complete some tasks within an app. For example, if you require multi-factor authentication on unmanaged devices to access SharePoint but not to email, users working in their email won’t be able to attach SharePoint files to a message. More information can be found in the article, [What are service dependencies in Azure Active Directory Conditional Access?](service-dependencies.md).
+It is important for policies that require user interactions, like multi-factor authentication, when access is controlled at the beginning of a session or task. If you don't, users won't be able to complete some tasks within an app. For example, if you require multi-factor authentication on unmanaged devices to access SharePoint but not to email, users working in their email won't be able to attach SharePoint files to a message. More information can be found in the article, [What are service dependencies in Azure Active Directory Conditional Access?](service-dependencies.md).
 
 ## What you should avoid doing
 

articles/active-directory/conditional-access/block-legacy-authentication.md

@@ -6,19 +6,30 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 03/20/2020
+ms.date: 03/25/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
 manager: daveba
-ms.reviewer: calebb
+ms.reviewer: calebb, dawoo
 
 ms.collection: M365-identity-device-management
 ---
 # How to: Block legacy authentication to Azure AD with Conditional Access   
 
 To give your users easy access to your cloud apps, Azure Active Directory (Azure AD) supports a broad variety of authentication protocols including legacy authentication. However, legacy protocols don't support multi-factor authentication (MFA). MFA is in many environments a common requirement to address identity theft. 
 
+Alex Weinert, Director of Identity Security at Microsoft, in his March 12, 2020 blog post [New tools to block legacy authentication in your organization](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#) emphasizes why organizations should block legacy authentication and what additional tools Microsoft provides to accomplish this task:
+
+> For MFA to be effective, you also need to block legacy authentication. This is because legacy authentication protocols like POP, SMTP, IMAP, and MAPI can't enforce MFA, making them preferred entry points for adversaries attacking your organization...
+> 
+>...The numbers on legacy authentication from an analysis of Azure Active Directory (Azure AD) traffic are stark:
+> 
+> - More than 99 percent of password spray attacks use legacy authentication protocols
+> - More than 97 percent of credential stuffing attacks use legacy authentication
+> - Azure AD accounts in organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled
+>
+
 If your environment is ready to block legacy authentication to improve your tenant's protection, you can accomplish this goal with Conditional Access. This article explains how you can configure Conditional Access policies that block legacy authentication for your tenant.
 
 ## Prerequisites

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/25/2020
+ms.date: 03/25/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -27,7 +27,7 @@ For example, when accessing a sensitive application an administrator may factor
 
 ## Sign-in risk
 
-For customers with access to [Identity Protection](../identity-protection/overview-identity-protection.md), sign-in risk can be evaluated as part of a Conditional Access policy. Sign-in risk represents the probability that a given authentication request isn’t authorized by the identity owner. More information about sign-in risk can be found in the articles, [What is risk](../identity-protection/concept-identity-protection-risks.md#sign-in-risk) and [How To: Configure and enable risk policies](../identity-protection/howto-identity-protection-configure-risk-policies.md).
+For customers with access to [Identity Protection](../identity-protection/overview-identity-protection.md), sign-in risk can be evaluated as part of a Conditional Access policy. Sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner. More information about sign-in risk can be found in the articles, [What is risk](../identity-protection/concept-identity-protection-risks.md#sign-in-risk) and [How To: Configure and enable risk policies](../identity-protection/howto-identity-protection-configure-risk-policies.md).
 
 ## Device platforms
 

articles/active-directory/conditional-access/concept-conditional-access-policies.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/11/2020
+ms.date: 03/25/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo

articles/active-directory/conditional-access/concept-conditional-access-policy-common.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/11/2020
+ms.date: 03/25/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -30,18 +30,23 @@ More information about emergency access accounts and why they are important can
 
 ## Typical policies deployed by organizations
 
+* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)\*
 * [Require MFA for administrators](howto-conditional-access-policy-admin-mfa.md)\*
 * [Require MFA for Azure management](howto-conditional-access-policy-azure-management.md)\*
 * [Require MFA for all users](howto-conditional-access-policy-all-users-mfa.md)\*
-* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)\*
+
+\* These four policies when configured together, would mimic functionality enabled by [security defaults](../fundamentals/concept-fundamentals-security-defaults.md).
+
+## Additional policies
+
 * [Risk-based Conditional Access (Requires Azure AD Premium P2)](howto-conditional-access-policy-risk.md)
 * [Require trusted location for MFA registration](howto-conditional-access-policy-registration.md)
 * [Block access by location](howto-conditional-access-policy-location.md)
 * [Require compliant device](howto-conditional-access-policy-compliant-device.md)
-
-\* These four policies when configured together, would mimic functionality enabled by [security defaults](../fundamentals/concept-fundamentals-security-defaults.md).
+* [Block access except specific apps](howto-conditional-access-policy-block-access.md)
 
 ## Next steps
 
 - [Simulate sign in behavior using the Conditional Access What If tool.](troubleshoot-conditional-access-what-if.md)
+
 - [Use report-only mode for Conditional Access to determine the impact of new policy decisions.](concept-conditional-access-report-only.md)

articles/active-directory/conditional-access/concept-conditional-access-report-only.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/11/2020
+ms.date: 03/25/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo