Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: DennisLee-DennisLee

.openpublishing.redirection.json

@@ -34,7 +34,7 @@ The Network Policy and Access Services (NPS) gives organizations the ability to
 
 Typically, organizations use NPS (RADIUS) to simplify and centralize the management of VPN policies. However, many organizations also use NPS to simplify and centralize the management of RD Desktop Connection Authorization Policies (RD CAPs).
 
-Organizations can also integrate NPS with Azure MFA to enhance security and provide a high level of compliance. This helps ensure that users establish two-step verification to sign in to the Remote Desktop Gateway. For users to be granted access, they must provide their username/password combination along with information that the user has in their control. This information must be trusted and not easily duplicated, such as a cell phone number, landline number, application on a mobile device, and so on. For more information about supported authentication methods see the section [Determine which authentication methods your users can use](howto-mfa-nps-extension.md#determine-which-authentication-methods-your-users-can-use).
+Organizations can also integrate NPS with Azure MFA to enhance security and provide a high level of compliance. This helps ensure that users establish two-step verification to sign in to the Remote Desktop Gateway. For users to be granted access, they must provide their username/password combination along with information that the user has in their control. This information must be trusted and not easily duplicated, such as a cell phone number, landline number, application on a mobile device, and so on. RDG currently supports phone call and push notifications from Microsoft authenticator app methods for 2FA. For more information about supported authentication methods see the section [Determine which authentication methods your users can use](howto-mfa-nps-extension.md#determine-which-authentication-methods-your-users-can-use).
 
 Prior to the availability of the NPS extension for Azure, customers who wished to implement two-step verification for integrated NPS and Azure MFA environments had to configure and maintain a separate MFA Server in the on-premises environment as documented in [Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS](howto-mfaserver-nps-rdg.md).
 

articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md

@@ -39,7 +39,7 @@ A password change is when a user chooses a new password after proving they have
 
 A password set (sometimes called a password reset) is when an administrator replaces the password on an account with a new password, for example by using the Active Directory Users and Computers management tool. This operation requires a high level of privilege (usually Domain Admin), and the person performing the operation usually does not have knowledge of the old password. Help-desk scenarios often do this, for instance when assisting a user who has forgotten their password. You will also see password set events when a brand new user account is being created for the first time with a password.
 
-The password validation policy behaves the same regardless of whether a password change or set is being done. The Azure AD Password Protection DC Agent service does log different events to inform you whether a password change or set operation was done.  See [Azure AD Password Protection monitoring and logging](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-monitor).
+The password validation policy behaves the same regardless of whether a password change or set is being done. The Azure AD Password Protection DC Agent service does log different events to inform you whether a password change or set operation was done.  See [Azure AD Password Protection monitoring and logging](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-ban-bad-on-premises-monitor).
 
 **Q: Is it supported to install Azure AD Password Protection side by side with other password-filter-based products?**
 

articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.md

@@ -9,7 +9,7 @@ ms.topic: conceptual
 ms.date: 05/25/2017
 
 ms.author: mimart
-author: msmimart
+author: v-miegge
 manager: daveba
 ms.reviewer: sasubram
 ms.custom: "it-pro, seo-update-azuread-jan"
@@ -20,13 +20,12 @@ ms.collection: M365-identity-device-management
 
 Here are some remedies for common problems with Azure Active Directory (Azure AD) B2B collaboration.
 
-
 ## I’ve added an external user but do not see them in my Global Address Book or in the people picker
 
 In cases where external users are not populated in the list, the object might take a few minutes to replicate.
 
-## A B2B guest user is not showing up in SharePoint Online/OneDrive people picker 
- 
+## A B2B guest user is not showing up in SharePoint Online/OneDrive people picker
+
 The ability to search for existing guest users in the SharePoint Online (SPO) people picker is OFF by default to match legacy behavior.
 
 You can enable this feature by using the setting 'ShowPeoplePickerSuggestionsForGuestUsers' at the tenant and site collection level. You can set the feature using the Set-SPOTenant and Set-SPOSite cmdlets, which allow members to search all existing guest users in the directory. Changes in the tenant scope do not affect already provisioned SPO sites.
@@ -76,10 +75,20 @@ To comply with privacy laws, our APIs do not include custom messages in the emai
 
 If this scenario is important to you, you can suppress our API invitation email, and send it through the email mechanism of your choice. Consult your organization’s legal counsel to make sure any email you send this way also complies with privacy laws.
 
+## You receive an “AADSTS65005” error when you try to log in to an Azure resource
+
+A user who has a guest account cannot log on, and is receiving the following error message:
+
+    AADSTS65005: Using application 'AppName' is currently not supported for your organization contoso.com because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of contoso.com before the application AppName can be provisioned.
+
+The user has an Azure user account and is a viral tenant who has been abandoned or unmanaged. Additionally, there are no global or company administrators in the tenant.
+
+To resolve this problem, you must take over the abandoned tenant. Refer to  [Take over an unmanaged directory as administrator in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/domains-admin-takeover). You must also access the internet-facing DNS for the domain suffix in question in order to provide direct evidence that you are in control of the namespace. After the tenant is returned to a managed state, please discuss with the customer whether leaving the users and verified domain name is the best option for their organization.
+
 ## A guest user with a just-in-time or "viral" tenant is unable to reset their password
 
 If the identity tenant is a just-in-time (JIT) or viral tenant (meaning it's a separate, unmanaged Azure tenant), only the guest user can reset their password. Sometimes an organization will [take over management of viral tenants](https://docs.microsoft.com/azure/active-directory/users-groups-roles/domains-admin-takeover) that are created when employees use their work email addresses to sign up for services. After the organization takes over a viral tenant, only an administrator in that organization can reset the user's password or enable SSPR. If necessary, as the inviting organization, you can remove the guest user account from your directory and resend an invitation.
 
 ## Next steps
 
-- [Get support for B2B collaboration](get-support.md)
+[Get support for B2B collaboration](get-support.md)

articles/active-directory/b2b/troubleshoot.md

@@ -105,7 +105,7 @@ For every sign-in, Azure Active Directory evaluates all policies and ensures tha
 
 ### Does conditional access work with Exchange ActiveSync?
 
-Yes, you can use Exchange ActiveSync in a conditional access policy with some [limitations](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditional-access-for-exo-and-spo#exchange-activesync). 
+Yes, you can use Exchange ActiveSync in a conditional access policy with some [limitations](https://docs.microsoft.com/azure/active-directory/conditional-access/conditional-access-for-exo-and-spo#exchange-activesync). 
 
 ### How should you configure conditional access with Office 365 apps?
 

articles/active-directory/conditional-access/best-practices.md

@@ -138,4 +138,4 @@ If you block legacy authentication using the other clients condition, you can al
 
 - If you are not familiar with configuring conditional access policies yet, see [require MFA for specific apps with Azure Active Directory conditional access](app-based-mfa.md) for an example.
 
-- For more information about modern authentication support, see [How modern authentication works for Office 2013 and Office 2016 client apps](https://docs.microsoft.com/en-us/office365/enterprise/modern-auth-for-office-2013-and-2016) 
+- For more information about modern authentication support, see [How modern authentication works for Office 2013 and Office 2016 client apps](https://docs.microsoft.com/office365/enterprise/modern-auth-for-office-2013-and-2016) 

articles/active-directory/conditional-access/block-legacy-authentication.md

@@ -54,10 +54,7 @@ A named location has the following components:
 - **Countries/Regions** - This option enables you to select one or more country or region to define a named location.
 - **Include unknown areas** - Some IP addresses are not mapped to a specific country. This option allows you to choose if these IP addresses should be included in the named location. Use this setting when the policy using the named location should apply to unknown locations.
 
-The number of named locations you can configure is constrained by the size of the related object in Azure AD. You can configure locations based on of the following limitations:
-
-- One named location with up to 1200 IP ranges.
-- A maximum of 90 named locations with one IP range assigned to each of them.
+The number of named locations you can configure is constrained by the size of the related object in Azure AD. Organizations can configure up to 90 lamed locations, each configured with up to 12000 IP ranges.
 
 Conditional access policy applies to IPv4 and IPv6 traffic. Currently named locations do not allow IPv6 ranges to be configured. This limitation causes the following situations:
 

articles/active-directory/conditional-access/location-condition.md

@@ -14,20 +14,14 @@
     - name: Configure an application
       items:
       - name: Register an app
-        href: quickstart-v1-add-azure-ad-app.md
-      - name: Update an app
-        href: quickstart-v1-update-azure-ad-app.md
-      - name: Remove an app
-        href: quickstart-v1-remove-azure-ad-app.md
-      - name: Register an app (Preview)
         href: quickstart-register-app.md
-      - name: Configure app to access web APIs (Preview)
+      - name: Configure app to access web APIs
         href: quickstart-configure-app-access-web-apis.md
-      - name: Configure app to expose web APIs (Preview)
+      - name: Configure app to expose web APIs
         href: quickstart-configure-app-expose-web-apis.md
-      - name: Modify accounts supported by an app (Preview)
+      - name: Modify accounts supported by an app
         href: quickstart-modify-supported-accounts.md
-      - name: Remove an app (Preview)
+      - name: Remove an app
         href: quickstart-remove-app.md
     - name: Single-page apps
       items:
@@ -243,20 +237,14 @@
     - name: Configure an application
       items:
       - name: Register an app
-        href: quickstart-v2-register-an-app.md
-      - name: Update an app
-        href: quickstart-v1-update-azure-ad-app.md
-      - name: Remove an app
-        href: quickstart-v1-remove-azure-ad-app.md
-      - name: Register an app (Preview)
         href: quickstart-register-app.md
-      - name: Configure app to access web APIs (Preview)
+      - name: Configure app to access web APIs
         href: quickstart-configure-app-access-web-apis.md
-      - name: Configure app to expose web APIs (Preview)
+      - name: Configure app to expose web APIs
         href: quickstart-configure-app-expose-web-apis.md
-      - name: Modify accounts supported by an app (Preview)
+      - name: Modify accounts supported by an app
         href: quickstart-modify-supported-accounts.md
-      - name: Remove an app (Preview)
+      - name: Remove an app
         href: quickstart-remove-app.md
     - name: Single-page apps
       items:

articles/active-directory/develop/TOC.yml

@@ -42,7 +42,7 @@ The Azure Active Directory Authentication Library (ADAL) v1.0 enables applicatio
 | .NET Client, Windows Store, Windows Phone 8.1 |ADAL .NET v2 |[NuGet](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/2.28.4) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/releases/tag/v2.28.4) | [Desktop app](https://github.com/AzureADQuickStarts/NativeClient-DotNet/releases/tag/v2.X) | |
 | JavaScript |ADAL.js |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[Single-page app](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi) | |
 | iOS, macOS |ADAL |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc/releases) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc) |[iOS app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-ios) | [Reference](http://cocoadocs.org/docsets/ADAL/2.5.1/)|
-| Android |ADAL |[The Central Repository](http://search.maven.org/remotecontent?filepath=com/microsoft/aad/adal/) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-android) |[Android app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-android) | [JavaDocs](https://javadoc.io/doc/com.microsoft.aad/adal/)|
+| Android |ADAL |[The Central Repository](https://search.maven.org/remotecontent?filepath=com/microsoft/aad/adal/) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-android) |[Android app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-android) | [JavaDocs](https://javadoc.io/doc/com.microsoft.aad/adal/)|
 | Node.js |ADAL |[npm](https://www.npmjs.com/package/adal-node) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-nodejs) | [Node.js web app](https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect)|[Reference](https://docs.microsoft.com/javascript/api/adal-node/?view=azure-node-latest) |
 | Java |ADAL4J |[Maven](https://search.maven.org/#search%7Cga%7C1%7Ca%3Aadal4j%20g%3Acom.microsoft.azure) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-java) |[Java web app](https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect) |[Reference](https://javadoc.io/doc/com.microsoft.azure/adal4j) |
 | Python |ADAL |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-python) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-python) |[Python web app](https://github.com/Azure-Samples/active-directory-python-webapp-graphapi) |[Reference](https://adal-python.readthedocs.io/) |

articles/active-directory/develop/active-directory-authentication-libraries.md

@@ -47,7 +47,7 @@ Every app that wants to accept both personal and work or school accounts must be
 * A **Redirect URI** or **Package Identifier** that can be used to direct responses back to your app
 * A few other scenario-specific values.
 
-For more details, learn how to [register an app](quickstart-v2-register-an-app.md).
+For more details, learn how to [register an app](quickstart-register-app.md).
 
 ## Endpoints