Merge pull request #46739 from MicrosoftDocs/master

7/16 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -12670,6 +12670,11 @@
             "redirect_url": "./end-user/microsoft-authenticator-app-how-to",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/service-fabric/service-fabric-update-vmss-sku.md",
+            "redirect_url": "/azure/service-fabric/service-fabric-cluster-upgrade-primary-nodetype-vm",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/service-fabric/service-fabric-enable-azure-disk-encryption-linux.md",
             "redirect_url": "/azure/service-fabric/service-fabric-cluster-creation-via-portal",
@@ -23300,6 +23305,26 @@
             "redirect_url": "/azure/active-directory/authentication/howto-mfa-userdevicesettings",
             "redirect_document_id": true
         },
+        {
+            "source_path": "articles/network-watcher/network-watcher-nsg-flow-logging-cli-nodejs.md",
+            "redirect_url": "/azure/network-watcher/network-watcher-nsg-flow-logging-cli",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/network-watcher/network-watcher-packet-capture-manage-cli-nodejs.md",
+            "redirect_url": "/azure/network-watcher/network-watcher-packet-capture-manage-cli",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/network-watcher/network-watcher-security-group-view-cli-nodejs.md",
+            "redirect_url": "/azure/network-watcher/network-watcher-security-group-view-cli",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/network-watcher/network-watcher-troubleshoot-manage-cli-nodejs.md",
+            "redirect_url": "/azure/network-watcher/network-watcher-troubleshoot-manage-cli",
+            "redirect_document_id": true
+        },
         {
             "source_path": "articles/network-watcher/network-watcher-check-ip-flow-verify-cli-nodejs.md",
             "redirect_url": "/azure/network-watcher/diagnose-vm-network-traffic-filtering-problem-cli",
@@ -26279,6 +26304,11 @@
             "source_path": "articles/active-directory/active-directory-saas-access-panel-user-help.md",
             "redirect_url": "/azure/active-directory/user-help/active-directory-saas-access-panel-user-help",
             "redirect_document_id": true
-        }        
+        },
+        {
+            "source_path": "articles/hdinsight/kafka/apache-kafka-azure-functions.md",
+            "redirect_url": "/azure/hdinsight/kafka/apache-kafka-introduction",
+            "redirect_document_id": false
+        }     
     ]
 }

articles/active-directory-domain-services/active-directory-ds-suspension.md

@@ -14,56 +14,99 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 07/09/2018
+ms.date: 07/16/2018
 ms.author: ergreenl
 
 ---
 # Suspended domains
 When Azure AD Domain Services is unable to service a managed domain for a long period of time, the managed domain is put into a suspended state. This article will explain why managed domains are suspended, the length of suspension, and how to remediate a suspended domain.
 
 
-## Overview of suspended domains
+## States your managed domain can be in
 
 ![Suspended domain timeline](media\active-directory-domain-services-suspension\suspension-timeline.PNG)
 
 The preceding graphic outlines how a domain is suspended, how long it will be suspended, and ultimately, the deletion of a managed domain. The following sections detail the reasons why a domain can be suspended and how to unsuspend a managed domain.
 
+### 'Running' state
+A managed domain that is configured correctly and operating regularly is in the **Running** state.
 
-## Why are managed domains suspended?
+**What you can expect:**
+* Microsoft is able to regularly monitor the health of your managed domain.
+* Domain controllers for your managed domain are patched and updated regularly.
+* Changes from Azure Active Directory are regularly synchronized to your managed domain.
+* Regular backups are taken for your managed domain.
 
-Managed domains are suspended when they are in a state where Azure AD Domain Services is unable to manage the domain. This can be caused by a misconfiguration that blocks access to resources needed by Azure AD Domain Services, or an inactive Azure subscription. After 15 days of being unable to service a managed domain, Azure AD Domain Services will suspend the domain.
 
-The exact reasons why your domain could be suspended are listed below:
-* Having one or more of the following alerts present on your domain for 15 consecutive days:
-   * [AADDS104: Network Error](active-directory-ds-troubleshoot-nsg.md).
-* Your Azure subscription is expired or inactive
+### 'Needs Attention' state
+A managed domain is in the **Needs Attention** state, if one or more issues require an administrator to take action. The health page of your managed domain will list one or more alerts in this state. For example, if you've configured a restrictive NSG for your virtual network, Microsoft may be unable to update and monitor your managed domain. This invalid configuration results in an alert being generated and your managed domain is put in the 'Needs Attention' state.
 
+Each alert has a set of resolution steps. Some alerts are transient and will get automatically resolved by the service. You can resolve some other alerts by following the instructions in the corresponding resolution steps for that alert. To resolve some critical alerts, you need to contact Microsoft support.
 
-## What happens when a domain is suspended?
+For more information, see [how to troubleshoot alerts on a managed domain](active-directory-ds-troubleshoot-alerts.md).
 
-When a domain is suspended, Azure AD Domain Services stops the virtual machines that service your managed domain. This means that backups are no longer taken, users are unable to sign-in to your domain, and synchronization with Azure AD is no longer performed.
+**What you can expect:**
 
-The domain will only stay in a suspension state for a maximum of 15 days. In order to ensure a timely recovery, it is recommended you address the suspension as soon as possible.
+In some instances (for example, if you have an invalid network configuration), the domain controllers for your managed domain may be unreachable. Therefore, Microsoft cannot guarantee your managed domain is monitored, patched, updated or backed-up on a regular basis in this state.
 
-## How do I know if my domain is suspended?
-The managed domain will receive an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD Domain Services Health page in the Azure portal that declares the domain suspended. In addition, the state of the domain will be labelled "Suspended".
+* Your managed domain is in an unhealthy state and ongoing health monitoring may be impacted, until the alert is resolved.
+* Domain controllers for your managed domain may not be patched or updated.
+* Changes from Azure Active Directory may not be synchronized to your managed domain.
+* Backups for your managed domain may be taken, if possible.
+* If you resolve the alerts impacting your managed domain, it may be possible to restore your managed domain to the 'Running' state.
+* Critical alerts are triggered for configuration issues where Microsoft is unable to reach your domain controllers. If such alerts are not resolved within 15 days, your managed domain will be put in the 'Suspended' state.
 
 
-## Unsuspending and restoring domains
+### 'Suspended' state
+A managed domain is put in the **Suspended** state for the following reasons:
+* One or more critical alerts have not been remediated in 15 days. This can be caused by a misconfiguration that blocks access to resources needed by Azure AD Domain Services.
+    * For example, if the managed domain has alert [AADDS104: Network Error](active-directory-ds-troubleshoot-nsg.md) unresolved for over 15 days.
+* There is a billing issue with your Azure subscription or if the Azure subscription has expired.
 
-To unsuspend a domain, the following steps are needed:
+Managed domains are suspended when Microsoft is unable to manage, monitor, patch or backup the domain on an ongoing basis.
+
+**What you can expect:**
+* Domain controllers for your managed domain are de-provisioned and are not reachable within the virtual network.
+* Secure LDAP access to the managed domain over the internet (if enabled) stops working.
+* You will see failures in authenticating to the managed domain, logging on to domain joined virtual machines, connecting over LDAP/LDAPS etc.
+* Backups for your managed domain are no longer taken.
+* You need to resolve the alert causing your managed domain to be in the 'Suspended' state and then contact support.
+* Support may be able to restore your managed domain, only if there is an existing backup that is less than 30 days old.
+
+
+### 'Deleted' state
+A managed domain that stays in the 'Suspended' state for 15 days is **Deleted**.
+
+**What you can expect:**
+* All resources and backups for the managed domain are deleted.
+* You cannot restore the managed domain and will need to create a new managed domain to use Azure AD Domain Services.
+* You will not be billed for the managed domain.
+
+
+## What happens when a managed domain is suspended?
+When a domain is suspended, Azure AD Domain Services stops and de-provisions the domain controllers for your managed domain. As a result, backups are no longer taken, users are unable to sign-in to your domain, and synchronization with Azure AD stops.
+
+The managed domain will only stay in a suspended state for a maximum of 15 days. In order to ensure a timely recovery, it is recommended you address the suspension as soon as possible.
+
+
+## How do I know if my managed domain is suspended?
+You will see an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD Domain Services Health page in the Azure portal that declares the domain suspended. In addition, the state of the domain shows "Suspended".
+
+
+## How do I restore a suspended domain?
+To restore a domain in the 'Suspended' state, complete the following steps:
 
 1. Navigate to the [Azure AD Domain Services page](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.AAD%2FdomainServices) on the Azure portal
 2. Click on the domain you wish to unsuspend
 3. On the left-hand navigation, click **Health**
-4. Click on the suspension alert (The Alert ID will be either AADDS503 or AADDS504, depending on the cause of suspension).
-5. Click on the resolution link provided in the alert and follow the steps to resolving your suspension.
+4. Click on the alert. The alert ID will be either AADDS503 or AADDS504, depending on the cause of suspension.
+5. Click on the resolution link provided in the alert and follow the steps to resolve the alert.
 
-Your domain can only be restored from the date of last backup. The date of your last backup is displayed on the Health page of your managed domain. Any changes since the last backup will not be restored upon unsuspension. In addition, Azure AD Domain Services can only store backups for up to 30 days. If the latest backup is more than 30 days old, the backup must be deleted and Azure AD Domain Services will be unable to restore from a backup.
+Your domain can only be restored to the date of last backup. The date of your last backup is displayed on the Health page of your managed domain. Any changes that occurred after the last backup will not be restored. Backups for a managed domain are stored for up to 30 days. Backups older than 30 days are deleted.
 
-## Deleting domains
 
-If the domain is suspended for more than 15 days, Azure AD Domain Services deletes the managed domain due to inactivity and the inability to service the domain. You will no longer be billed for Azure AD Domain Services. To restore your managed domain, you will need to recreate it.
+## Deleting domains
+If the domain is suspended for more than 15 days, Azure AD Domain Services deletes the managed domain due to inactivity and the inability to service the domain. You will no longer be billed for Azure AD Domain Services. At this point, you cannot restore your managed domain and need to recreate it.
 
 
 ## Next steps
@@ -72,5 +115,4 @@ If the domain is suspended for more than 15 days, Azure AD Domain Services delet
 - [Contact the product team](active-directory-ds-contact-us.md)
 
 ## Contact Us
-
 Contact the Azure Active Directory Domain Services product team to [share feedback or for support](active-directory-ds-contact-us.md).

articles/active-directory/active-directory-conditional-access-app-sign-in-risk.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 07/03/2018
+ms.date: 07/16/2018
 ms.author: markvi
 ms.reviewer: calebb
 #Customer intent: As an IT admin, I want to configure a policy to handle suspicious sign-ins, so that they can be automatically handled.
@@ -70,7 +70,7 @@ This section shows how to create the required conditional access policy. In your
 | Grant | Block access |
 
 
-![Create policy](./media/active-directory-conditional-access-app-sign-in-risk/115.png)
+![Create policy](./media/active-directory-conditional-access-app-sign-in-risk/130.png)
 
 
 
@@ -123,6 +123,26 @@ This section shows how to create the required conditional access policy. In your
 
     b. Click **Done**.
 
+10. Click **Conditions**. 
+
+    ![Access controls](./media/active-directory-conditional-access-app-sign-in-risk/19.png)
+
+11. On the **Conditions** page:
+
+    ![Sign-in risk level](./media/active-directory-conditional-access-app-sign-in-risk/21.png)
+
+    a. Click **Sign-in risk**.
+ 
+    b. As **Configure**, click **Yes**.
+
+    c. As sign-in risk level, select **Medium**.
+
+    d. Click **Select**.
+
+    e. On the **Conditions** page, click **Done**.
+
+
+
 10. In the **Access controls** section, click **Grant**.
 
     ![Access controls](./media/active-directory-conditional-access-app-sign-in-risk/10.png)

articles/active-directory/b2b/licensing-guidance.md

@@ -63,7 +63,7 @@ A B2B guest user is one that is invited from a partner organization to work with
 
 ## Next steps
 
-See the following articles articles on Azure AD B2B collaboration:
+See the following articles on Azure AD B2B collaboration:
 
 * [What is Azure AD B2B collaboration?](what-is-b2b.md)
 * [Azure Active Directory B2B collaboration frequently asked questions (FAQ)](faq.md)

articles/active-directory/connect/active-directory-aadconnect-feature-automatic-upgrade.md

@@ -13,13 +13,13 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 07/13/2017
+ms.date: 06/16/2018
 ms.component: hybrid
 ms.author: billmath
 
 ---
 # Azure AD Connect: Automatic upgrade
-This feature was introduced with build 1.1.105.0 (released February 2016).
+This feature was introduced with build [1.1.105.0 (released February 2016)](active-directory-aadconnect-version-history.md#111050).  This feature was updated in [build 1.1.561](active-directory-aadconnect-version-history.md#115610) and now supports additional scenarios that were previously not supported.
 
 ## Overview
 Making sure your Azure AD Connect installation is always up to date has never been easier with the **automatic upgrade** feature. This feature is enabled by default for express installations and DirSync upgrades. When a new version is released, your installation is automatically upgraded.

articles/active-directory/manage-apps/plan-an-application-integration.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 06/27/2018
+ms.date: 07/16/2018
 ms.author: barbkess
 ms.reviewer: asteen
 
@@ -59,7 +59,7 @@ Maybe you don't have the answers to all of these questions up front but that's o
 ## Application integration with Azure AD
 ### Finding unsanctioned cloud applications with Cloud Discovery
 As mentioned above, there may be applications that haven't been managed by your organization until now.  As part of the inventory process, it is possible to find unsanctioned cloud applications. See
-[Set up Cloud Discovery](/cloud-app-security/set-up-cloud-discovery.md).
+[Set up Cloud Discovery](/cloud-app-security/set-up-cloud-discovery).
 
 ### Authentication Types
 Each of your applications may have different authentication requirements. With Azure AD, signing certificates can be used with applications that use SAML 2.0, WS-Federation, or OpenID Connect Protocols as well as Password Single Sign On. For more information about application authentication types for use with Azure AD see [Managing Certificates for Federated Single Sign-On in Azure Active Directory](manage-certificates-for-federated-single-sign-on.md) and [Password based single sign on](what-is-single-sign-on.md).

articles/active-directory/manage-apps/what-is-single-sign-on.md

@@ -12,7 +12,7 @@ ms.component: app-mgmt
 ms.workload: identity
 ms.component: users-groups-roles
 ms.topic: article
-ms.date: 06/27/2018
+ms.date: 07/16/2018
 ms.author: barbkess
 ms.reviewer: asmalser
 ms.custom: it-pro
@@ -42,8 +42,7 @@ When users sign in to an application, they go through an authentication process
 Azure AD supports three different ways to sign in to applications:
 
 * **Federated single sign-on** enables applications to redirect to Azure AD for user authentication instead of prompting for its own password. Federated single sign-on is supported for applications that support protocols such as SAML 2.0, WS-Federation, or OpenID Connect, and is the richest mode of single sign-on.
-* **Password-based single sign-on** enables secure application password storage and replay using a web browser extension or mobile app. Password-based single sign-on uses the existing 
-*  process provided by the application, but enables an administrator to manage the passwords and does not require the user to know the password.
+* **Password-based single sign-on** enables secure application password storage and replay using a web browser extension or mobile app. Password-based single sign-on uses the existing process provided by the application, but enables an administrator to manage the passwords and does not require the user to know the password.
 * **Existing single sign-on** enables Azure AD to leverage any existing single sign-on that has been set up for the application, but enables these applications to be linked to the Office 365 or Azure AD access panel portals, and also enables additional reporting in Azure AD when the applications are launched there.
 
 Once a user has authenticated with an application, they also need to have an account record provisioned at the application that tells the application where the permissions and level of access are inside the application. The provisioning of this account record can either occur automatically, or it can occur manually by an administrator before the user is provided single sign-on access.
@@ -191,7 +190,7 @@ These links use the same access control mechanisms as the access panel and Offic
 ## Related articles
 * [Article Index for Application Management in Azure Active Directory](../active-directory-apps-index.md)
 * [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](../saas-apps/tutorial-list.md)
-* [Set up Cloud Discovery](/cloud-app/security/set-up-cloud-discovery)
+* [Set up Cloud Discovery](/cloud-app-security/set-up-cloud-discovery)
 * [Introduction to Managing Access to Apps](what-is-access-management.md)
 * [Comparing Capabilities for Managing External Identities in Azure AD](../active-directory-b2b-compare-b2c.md)