Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-synapse-current

Author: v-alje

.openpublishing.redirection.json

@@ -39856,6 +39856,11 @@
       "redirect_url": "/azure/dev-spaces/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/dev-spaces/how-to/helm-3.md",
+      "redirect_url": "/azure/dev-spaces/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/monitoring/monitoring-overview.md",
       "redirect_url": "/azure/azure-monitor/overview",
@@ -48505,6 +48510,11 @@
       "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/python-receipts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/form-recognizer/quickstarts/dotnet-sdk.md",
+      "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/client-library?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Upload-Images.md",
       "redirect_url": "/azure/cognitive-services/content-moderator",
@@ -52499,6 +52509,11 @@
       "redirect_url": "/azure/batch/batch-apis-tools",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/batch/batch-integration-policies.md",
+      "redirect_url": "/azure/batch/policy-samples",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/troubleshooting/troubleshoot-vm-unresponsive-group-policy-local-users.md",
       "redirect_url": "/azure/virtual-machines/troubleshooting/unresponsive-vm-apply-group-policy",

articles/active-directory-b2c/configure-tokens.md

@@ -50,7 +50,7 @@ You can configure the token lifetime on any user flow.
 
 ## Next steps
 
-Learn more about how to [use access tokens](access-tokens.md).
+Learn more about how to [request access tokens](access-tokens.md).
 
 
 

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -744,6 +744,17 @@ TLS 1.2 Cipher Suites minimum bar:
 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 
+### IP Ranges
+The Azure AD Provisionong service currently operates under the following IP ranges. 
+
+13.86.239.205; 52.188.178.195; 13.86.61.156; 40.67.254.206; 51.105.237.71; 20.44.38.166; 40.81.88.68; 52.184.94.250;
+20.43.180.59; 20.193.16.105; 20.40.167.232; 13.86.3.57; 52.188.72.113; 13.88.140.233; 52.142.121.156; 51.124.0.213;
+40.81.92.36; 20.44.39.175; 20.189.114.130; 20.44.193.163; 20.193.23.17; 20.40.173.237; 13.86.138.128; 52.142.29.23;
+13.86.2.238; 40.127.246.167; 51.136.72.4; 20.44.39.244; 40.81.92.186; 20.189.114.131; 20.44.193.210; 20.193.2.21; 20.40.174.46;
+13.86.219.18; 40.71.13.10; 20.44.16.38; 13.89.174.16; 13.69.66.182; 13.69.229.118; 104.211.147.176; 40.78.195.176;
+13.67.9.240; 13.75.38.48; 13.70.73.48; 13.77.52.176;
+
+
 
 ## Step 3: Build a SCIM endpoint
 

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -106,7 +106,7 @@ Note: For users who have [Password hash synchronization (PHS)](https://docs.micr
 
 You can help users register quickly by deploying SSPR alongside another popular application or service in the organization. This action will generate a large volume of sign-ins and will drive registration.
 
-Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. YOU can use this data post deployment to show the value SSPR is bringing to the organization.
+Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. You can use this data post deployment to show the value SSPR is bringing to the organization.
 
 #### Enable combined registration for SSPR and MFA
 
@@ -344,4 +344,4 @@ Audit logs for registration and password reset are available for 30 days. If sec
 
 * [Consider implementing Azure AD password protection](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad)
 
-* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)
+* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)

articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md

@@ -96,6 +96,19 @@ You can also investigate the sign-ins of a specific user by searching for sign-i
 
 ## Troubleshooting
 
+### Why are queries failing due to a permissions error?
+
+In order to access the workbook, you need the proper Azure AD permissions as well as Log Analytics workspace permissions. To test whether you have the proper workspace permissions by running a sample log analytics query:
+
+1. Sign in to the **Azure portal**.
+1. Browse to **Azure Active Directory** > **Logs**.
+1. Type `SigninLogs` into the query box and select **Run**.
+1. If the query does not return any results, your workspace may not have been configured correctly. 
+
+![Troubleshoot failing queries](./media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png)
+
+For more information about how to stream Azure AD sign-in logs to a Log Analytics workspace, see the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
+
 ### Why is the workbook taking a long time to load?  
 
 Depending on the time range selected and the size of your tenant, the workbook may be evaluating an extraordinarily large number of sign-in events. For large tenants, the volume of sign-ins may exceed the query capacity of Log Analytics. Try shortening the time range to 4 hours to see if the workbook loads.  

articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md

@@ -50,7 +50,7 @@ The following steps will help create a Conditional Access policy to require All
    1. Select **Done**.
 1. Under **Cloud apps or actions** > **Include**, select **All cloud apps**.
    1. Under **Exclude**, select any applications that do not require multi-factor authentication.
-1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**, and select **Done**.
+1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**. Under **Select the client apps this policy will apply to** leave all defaults selected and select **Done**.
 1. Under **Access controls** > **Grant**, select **Grant access**, **Require multi-factor authentication**, and select **Select**.
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create to enable your policy.

articles/active-directory/conditional-access/media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png

@@ -81,7 +81,6 @@ These claims are always included in v1.0 Azure AD tokens, but not included in v2
 | `pwd_exp`     | Password Expiration Time        | The datetime at which the password expires. |       |
 | `pwd_url`     | Change Password URL             | A URL that the user can visit to change their password.   |   |
 | `in_corp`     | Inside Corporate Network        | Signals if the client is logging in from the corporate network. If they're not, the claim isn't included.   |  Based off of the [trusted IPs](../authentication/howto-mfa-mfasettings.md#trusted-ips) settings in MFA.    |
-| `nickname`    | Nickname                        | An additional name for the user. The nickname is separate from first or last name. Requires the `profile` scope.|
 | `family_name` | Last Name                       | Provides the last name, surname, or family name of the user as defined in the user object. <br>"family_name":"Miller" | Supported in MSA and Azure AD. Requires the `profile` scope.   |
 | `given_name`  | First name                      | Provides the first or "given" name of the user, as set on the user object.<br>"given_name": "Frank"                   | Supported in MSA and Azure AD .  Requires the `profile` scope. |
 | `upn`         | User Principal Name | An identifer for the user that can be used with the username_hint parameter.  Not a durable identifier for the user and should not be used to key data. | See [additional properties](#additional-properties-of-optional-claims) below for configuration of the claim. Requires the `profile` scope.|

articles/active-directory/develop/active-directory-optional-claims.md

@@ -39,7 +39,7 @@ Body
 {
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"194ae4cb-b126-40b2-bd5b-6091b380977d",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 }
 ```
 
@@ -63,7 +63,7 @@ Body
 {
     "principalId":" 2142743c-a5b3-4983-8486-4532ccba12869",
     "roleDefinitionId":"194ae4cb-b126-40b2-bd5b-6091b380977d",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 }
 ```
 
@@ -90,7 +90,7 @@ Body
 {
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"194ae4cb-b126-40b2-bd5b-6091b380977d",
-    "resourceScopes":["/ab2e1023-bddc-4038-9ac1-ad4843e7e539"]
+    "resourceScopes":"/ab2e1023-bddc-4038-9ac1-ad4843e7e539"
 }
 ```
 
@@ -136,13 +136,13 @@ HTTP/1.1 200 OK
     "id":"mhxJMipY4UanIzy2yE-r7JIiSDKQoTVJrLE9etXyrY0-1"
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"10dae51f-b6af-4016-8d66-8c2a99b929b3",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 } ,
 {
     "id":"CtRxNqwabEKgwaOCHr2CGJIiSDKQoTVJrLE9etXyrY0-1"
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"3671d40a-1aac-426c-a0c1-a3821ebd8218",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 }
 ```
 
@@ -162,7 +162,7 @@ HTTP/1.1 200 OK
     "id":"CtRxNqwabEKgwaOCHr2CGJIiSDKQoTVJrLE9etXyrY0-1"
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"3671d40a-1aac-426c-a0c1-a3821ebd8218",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 }
 ```
 
@@ -182,7 +182,7 @@ HTTP/1.1 200 OK
     "id":"mhxJMipY4UanIzy2yE-r7JIiSDKQoTVJrLE9etXyrY0-1",
     "principalId":"ab2e1023-bddc-4038-9ac1-ad4843e7e539",
     "roleDefinitionId":"10dae51f-b6af-4016-8d66-8c2a99b929b3",
-    "resourceScopes":["/"]
+    "resourceScopes":"/"
 }
 ```
 

articles/active-directory/users-groups-roles/roles-assign-graph.md

@@ -145,8 +145,8 @@ The following FQDN / application rules are required for AKS clusters that have t
 | FQDN                                    | Port      | Use      |
 |-----------------------------------------|-----------|----------|
 | cloudflare.docker.com | HTTPS:443 | This address is used to pull linux alpine and other Azure Dev Spaces images |
-| gcr.io | HTTP:443 | This address is used to pull helm/tiller images |
-| storage.googleapis.com | HTTP:443 | This address is used to pull helm/tiller images |
+| gcr.io | HTTPS:443 | This address is used to pull helm/tiller images |
+| storage.googleapis.com | HTTPS:443 | This address is used to pull helm/tiller images |
 | azds-\<guid\>.\<location\>.azds.io | HTTPS:443 | To communicate with Azure Dev Spaces backend services for your controller. The exact FQDN can be found in the "dataplaneFqdn" in %USERPROFILE%\.azds\settings.json |
 
 ## Required addresses and ports for AKS clusters with Azure Policy (in public preview) enabled