Skip to content

Commit e111ad1

Browse files
committed
Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into christiankuhtz/patch-304
2 parents 15f43be + 2b05291 commit e111ad1

File tree

106 files changed

+1251
-1105
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

106 files changed

+1251
-1105
lines changed

.openpublishing.redirection.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29740,6 +29740,26 @@
2974029740
"redirect_url": "/azure/sentinel/fusion",
2974129741
"redirect_document_id": false
2974229742
},
29743+
{
29744+
"source_path": "articles/security-center/security-center-virtual-machine.md",
29745+
"redirect_url": "/azure/security-center/security-center-intro",
29746+
"redirect_document_id": false
29747+
},
29748+
{
29749+
"source_path": "articles/security-center/security-center-install-endpoint-protection.md",
29750+
"redirect_url": "/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions-",
29751+
"redirect_document_id": false
29752+
},
29753+
{
29754+
"source_path": "articles/security-center/security-center-linux-virtual-machine.md",
29755+
"redirect_url": "/azure/security-center/security-center-intro",
29756+
"redirect_document_id": false
29757+
},
29758+
{
29759+
"source_path": "articles/security-center/security-center-container-recommendations.md",
29760+
"redirect_url": "/azure/security-center/container-security",
29761+
"redirect_document_id": false
29762+
},
2974329763
{
2974429764
"source_path": "articles/security-center/security-center-ata-integration.md",
2974529765
"redirect_url": "/azure/security-center/security-center-partner-integration",
@@ -42410,6 +42430,11 @@
4241042430
"redirect_url": "/azure/azure-monitor/log-query/vminsights-overview",
4241142431
"redirect_document_id": false
4241242432
},
42433+
{
42434+
"source_path": "articles/azure-monitor/platform/diagnostic-settings-legacy.md",
42435+
"redirect_url": "/azure/azure-monitor/platform/activity-log-collect",
42436+
"redirect_document_id": false
42437+
},
4241342438
{
4241442439
"source_path": "articles/machine-learning/service/how-to-automated-ml.md",
4241542440
"redirect_url": "/azure/machine-learning/service/concept-automated-ml",
@@ -50445,6 +50470,10 @@
5044550470
{
5044650471
"source_path": "articles/cognitive-services/speech-service/how-to-custom-speech-test-data.md",
5044750472
"redirect_url": "/azure/cognitive-services/speech-service/how-to-custom-speech-test-and-train"
50473+
},
50474+
{
50475+
"source_path": "articles/sql-database/sql-database-paas-index.yml",
50476+
"redirect_url": "/azure/sql-database/sql-database-technical-overview"
5044850477
}
5044950478
]
5045050479
}

articles/active-directory-b2c/TOC.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -404,7 +404,7 @@
404404
href: error-codes.md
405405
- name: Extensions app
406406
href: extensions-app.md
407-
- name: Identity Experience Framework release notes
407+
- name: IEF release notes
408408
href: custom-policy-developer-notes.md
409409
- name: Microsoft Graph API operations
410410
href: microsoft-graph-operations.md

articles/active-directory-b2c/custom-policy-developer-notes.md

Lines changed: 64 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: celestedg
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: conceptual
12-
ms.date: 02/12/2020
12+
ms.date: 03/30/2020
1313
ms.author: mimart
1414
ms.subservice: B2C
1515
---
@@ -55,85 +55,102 @@ Developers consuming the custom policy feature set should adhere to the followin
5555

5656
Custom policy/Identity Experience Framework capabilities are under constant and rapid development. The following table is an index of features and component availability.
5757

58-
### Identity Providers, Tokens, Protocols
58+
59+
### Protocols and authorization flows
5960

6061
| Feature | Development | Preview | GA | Notes |
6162
|-------- | :-----------: | :-------: | :--: | ----- |
62-
| IDP-OpenIDConnect | | | X | For example, Google+. |
63-
| IDP-OAUTH2 | | | X | For example, Facebook. |
64-
| IDP-OAUTH1 (twitter) | | X | | For example, Twitter. |
65-
| IDP-OAUTH1 (ex-twitter) | | | | Not supported |
66-
| IDP-SAML | | | X | For example, Salesforce, ADFS. |
67-
| IDP-WSFED | X | | | |
68-
| Relying Party OAUTH1 | | | | Not supported. |
69-
| Relying Party OAUTH2 | | | X | |
70-
| Relying Party OIDC | | | X | |
71-
| Relying Party SAML | |X | | |
72-
| Relying Party WSFED | X | | | |
73-
| REST API with basic and certificate auth | | | X | For example, Azure Logic Apps. |
74-
75-
### Component Support
63+
| [OAuth2 authorization code](authorization-code-flow.md) | | | X | |
64+
| OAuth2 authorization code with PKCE | | | X | Mobile applications only |
65+
| [OAuth2 implicit flow](implicit-flow-single-page-application.md) | | | X | |
66+
| [OAuth2 resource owner password credentials](ropc-custom.md) | | X | | |
67+
| [OIDC Connect](openid-connect.md) | | | X | |
68+
| [SAML2](connect-with-saml-service-providers.md) | |X | | POST and Redirect bindings. |
69+
| OAuth1 | | | | Not supported. |
70+
| WSFED | X | | | |
71+
72+
### Identify providers federation
73+
74+
| Feature | Development | Preview | GA | Notes |
75+
|-------- | :-----------: | :-------: | :--: | ----- |
76+
| [OpenID Connect](openid-connect-technical-profile.md) | | | X | For example, Google+. |
77+
| [OAuth2](oauth2-technical-profile.md) | | | X | For example, Facebook. |
78+
| [OAuth1](oauth1-technical-profile.md) | | X | | For example, Twitter. |
79+
| [SAML2](saml-technical-profile.md) | | | X | For example, Salesforce, ADFS. |
80+
| WSFED| X | | | |
81+
82+
83+
### REST API integration
84+
85+
| Feature | Development | Preview | GA | Notes |
86+
|-------- | :-----------: | :-------: | :--: | ----- |
87+
| [REST API with basic auth](secure-rest-api.md#http-basic-authentication) | | | X | |
88+
| [REST API with client certificate auth](secure-rest-api.md#https-client-certificate-authentication) | | | X | |
89+
| [REST API with OAuth2 bearer auth](secure-rest-api.md#oauth2-bearer-authentication) | | X | | |
90+
91+
### Component support
7692

7793
| Feature | Development | Preview | GA | Notes |
7894
| ------- | :-----------: | :-------: | :--: | ----- |
79-
| Azure Multi Factor Authentication | | | X | |
80-
| Azure Active Directory as local directory | | | X | |
81-
| Azure Email subsystem for email verification | | | X | |
82-
| Multi-language support| | | X | |
83-
| Predicate Validations | | | X | For example, password complexity. |
84-
| Using third party email service providers | |X | | |
95+
| [Phone factor authentication](phone-factor-technical-profile.md) | | | X | |
96+
| [Azure MFA authentication](multi-factor-auth-technical-profile.md) | | X | | |
97+
| [One-time password](one-time-password-technical-profile.md) | | X | | |
98+
| [Azure Active Directory](active-directory-technical-profile.md) as local directory | | | X | |
99+
| Azure email subsystem for email verification | | | X | |
100+
| [Third party email service providers](custom-email.md) | |X | | |
101+
| [Multi-language support](localization.md)| | | X | |
102+
| [Predicate validations](predicates.md) | | | X | For example, password complexity. |
103+
| [Display controls](display-controls.md) | |X | | |
85104

86-
### Content Definition
105+
106+
### Page layout versions
87107

88108
| Feature | Development | Preview | GA | Notes |
89109
| ------- | :-----------: | :-------: | :--: | ----- |
90-
| Error page, api.error | | | X | |
91-
| IDP selection page, api.idpselections | | | X | |
92-
| IDP selection for signup, api.idpselections.signup | | | X | |
93-
| Forgot Password, api.localaccountpasswordreset | | | X | |
94-
| Local Account Sign-in, api.localaccountsignin | | | X | |
95-
| Local Account Sign-up, api.localaccountsignup | | | X | |
96-
| MFA page, api.phonefactor | | | X | |
97-
| Self-asserted social account sign-up, api.selfasserted | | | X | |
98-
| Self-asserted profile update, api.selfasserted.profileupdate | | | X | |
99-
| Unified signup or sign-in page, api.signuporsignin, with parameter "disableSignup" | | | X | |
100-
| JavaScript / Page layout | | X | | |
110+
| [2.0.0](page-layout.md#200) | | X | | |
111+
| [1.2.0](page-layout.md#120) | | X | | |
112+
| [1.1.0](page-layout.md#110) | | | X | |
113+
| [1.0.0](page-layout.md#100) | | | X | |
114+
| [JavaScript support](javascript-samples.md) | | X | | |
101115

102116
### App-IEF integration
103117

104118
| Feature | Development | Preview | GA | Notes |
105119
| ------- | :-----------: | :-------: | :--: | ----- |
106-
| Query string parameter domain_hint | | | X | Available as claim, can be passed to IDP. |
107-
| Query string parameter login_hint | | | X | Available as claim, can be passed to IDP. |
108-
| Insert JSON into UserJourney via client_assertion | X | | | Will be deprecated. |
109-
| Insert JSON into UserJourney as id_token_hint | | X | | Go-forward approach to pass JSON. |
110-
| Pass IDP TOKEN to the application | | X | | For example, from Facebook to app. |
120+
| Query string parameter `domain_hint` | | | X | Available as claim, can be passed to IDP. |
121+
| Query string parameter `login_hint` | | | X | Available as claim, can be passed to IDP. |
122+
| Insert JSON into user journey via `client_assertion` | X | | | Will be deprecated. |
123+
| Insert JSON into user journey as `id_token_hint` | | X | | Go-forward approach to pass JSON. |
124+
| [Pass identity provider token to the application](idp-pass-through-custom.md) | | X | | For example, from Facebook to app. |
111125

112126
### Session Management
113127

114128
| Feature | Development | Preview | GA | Notes |
115129
| ------- | :-----------: | :-------: | :--: | ----- |
116-
| SSO Session Provider | | | X | |
117-
| External Login Session Provider | | | X | |
118-
| SAML SSO Session Provider | | | X | |
119-
| Default SSO Session Provider | | | X | |
130+
| [Default SSO session provider](custom-policy-reference-sso.md#defaultssosessionprovider) | | | X | |
131+
| [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) | | | X | |
132+
| [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) | | | X | |
133+
120134

121135
### Security
122136

123137
| Feature | Development | Preview | GA | Notes |
124138
|-------- | :-----------: | :-------: | :--: | ----- |
125139
| Policy Keys- Generate, Manual, Upload | | | X | |
126140
| Policy Keys- RSA/Cert, Secrets | | | X | |
127-
| Policy upload | | | X | |
141+
128142

129143
### Developer interface
130144

131145
| Feature | Development | Preview | GA | Notes |
132146
| ------- | :-----------: | :-------: | :--: | ----- |
133147
| Azure Portal-IEF UX | | | X | |
134-
| Application Insights UserJourney Logs | | X | | Used for troubleshooting during development. |
135-
| Application Insights Event Logs (via orchestration steps) | | X | | Used to monitor user flows in production. |
148+
| Policy upload | | | X | |
149+
| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | | X | | Used for troubleshooting during development. |
150+
| [Application Insights event logs](application-insights-technical-profile.md) | | X | | Used to monitor user flows in production. |
151+
136152

137153
## Next steps
138154

139-
Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).
155+
- Check the [Microsoft Graph operations available for Azure AD B2C](microsoft-graph-operations.md)
156+
- Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).

articles/active-directory/saas-apps/netskope-cloud-security-tutorial.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
8080
1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
8181

8282
a. In the **Identifier** text box, type a URL using the following pattern:
83-
`Netskope_<OrgKey>`
83+
`<OrgKey>`
8484

8585
b. In the **Reply URL** text box, type a URL using the following pattern:
8686
`https://<tenant_host_name>/saml/acs`
@@ -231,4 +231,4 @@ When you click the Netskope Administrator Console tile in the Access Panel, you
231231

232232
- [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
233233

234-
- [Try Netskope Administrator Console with Azure AD](https://aad.portal.azure.com/)
234+
- [Try Netskope Administrator Console with Azure AD](https://aad.portal.azure.com/)
186 KB
Loading

articles/aks/private-clusters.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,18 @@ As mentioned, VNet peering is one way to access your private cluster. To use VNe
7777
8. Select **Add**, add the virtual network of the VM, and then create the peering.
7878
9. Go to the virtual network where you have the VM, select **Peerings**, select the AKS virtual network, and then create the peering. If the address ranges on the AKS virtual network and the VM's virtual network clash, peering fails. For more information, see [Virtual network peering][virtual-network-peering].
7979

80+
## Hub and spoke with custom DNS
81+
82+
[Hub and spoke architectures](https://docs.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) are commonly used to deploy networks in Azure. In many of these deployments, DNS settings in the spoke VNets are configured to reference a central DNS forwarder to allow for on-premises and Azure-based DNS resolution. When deploying an AKS cluster into such a networking environment, there are some special considerations that must be taken into account.
83+
84+
![Private cluster hub and spoke](media/private-clusters/aks-private-hub-spoke.png)
85+
86+
1. By default, when a private cluster is provisioned, a private endpoint (1) and a private DNS zone (2) are created in the cluster managed resource group. The cluster uses an A record in the private zone to resolve the IP of the private endpoint for communication to the API server.
87+
88+
2. The private DNS zone is linked only to the VNet that the cluster nodes are attached to (3). This means that the private endpoint can only be resolved by hosts in that linked VNet. In scenarios where no custom DNS is configured on the VNet (default), this works without issue as hosts point at 168.63.129.16 for DNS which can resolve records in the private DNS zone due to the link.
89+
90+
3. In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using Azure Policy or other event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions).
91+
8092
## Dependencies
8193

8294
* The Private Link service is supported on Standard Azure Load Balancer only. Basic Azure Load Balancer isn't supported.

0 commit comments

Comments
 (0)