Merge pull request #111026 from MicrosoftDocs/master

4/10 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -533,7 +533,7 @@
     },
     {
       "source_path": "articles/site-recovery/vmware-physical-mobility-service-install-manual.md",
-      "redirect_url": "/azure/site-recovery/vmware-physical-mobility-service-overview#install-mobility-agent-through-ui",
+      "redirect_url": "/azure/site-recovery/vmware-physical-mobility-service-overview#install-the-mobility-service-using-ui",
       "redirect_document_id": false
     },
     {

articles/active-directory/manage-apps/common-scenarios.md

@@ -85,7 +85,7 @@ Identity can only be your control plane if it can connect everything across clou
 
 - [Application management](https://docs.microsoft.com/azure/active-directory/manage-apps/index)
 - [Application provisioning](https://docs.microsoft.com/azure/active-directory/app-provisioning/user-provisioning)
-- [Hybrid secure access]()
+- [Hybrid secure access](https://docs.microsoft.com/azure/active-directory/manage-apps/secure-hybrid-access)
 - [Identity governance](https://docs.microsoft.com/azure/active-directory/governance/identity-governance-overview)
 - [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview)
 - [Identity security](https://docs.microsoft.com/azure/active-directory/conditional-access/index)

articles/active-directory/saas-apps/icims-tutorial.md

@@ -27,7 +27,7 @@ In this tutorial, you'll learn how to integrate ICIMS with Azure Active Director
 * Enable your users to be automatically signed-in to ICIMS with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/what-is-single-sign-on).
+To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on).
 
 ## Prerequisites
 
@@ -147,7 +147,7 @@ When you click the ICIMS tile in the Access Panel, you should be automatically s
 
 - [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list)
 
-- [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/what-is-single-sign-on)
+- [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on)
 
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 

articles/active-directory/saas-apps/mongodb-cloud-tutorial.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 In this tutorial, you'll learn how to integrate MongoDB Cloud with Azure Active Directory (Azure AD). When you integrate MongoDB Cloud with Azure AD, you can:
 
-* Control in Azure AD who has access to MongoDB Cloud.
+* Control in Azure AD who has access to MongoDB Cloud, MongoDB Atlas, the MongoDB Community, University, and Support.
 * Enable your users to be automatically signed-in to MongoDB Cloud with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
@@ -146,11 +146,11 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure MongoDB Cloud SSO
 
-To configure single sign-on on **MongoDB Cloud** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [MongoDB Cloud support team](https://support.mongodb.com/). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **MongoDB Cloud** side, you will need the appropriate URLs copied from the Azure portal, and you need to configure the Federation Application for your MongoDB Cloud Organization. Follow the instructions in the [MongoDB Cloud Docs](https://docs.atlas.mongodb.com/security/federated-authentication/index.html). If you encounter any issues, you can contact the [MongoDB Cloud support team](https://support.mongodb.com/) for assistance.
 
 ### Create MongoDB Cloud test user
 
-In this section, a user called Britta Simon is created in MongoDB Cloud. MongoDB Cloud supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in MongoDB Cloud, a new one is created after authentication.
+In this section, a user called B.Simon is created in MongoDB Cloud. MongoDB Cloud supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in MongoDB Cloud, a new one is created after authentication.
 
 ## Test SSO 
 
@@ -166,6 +166,8 @@ When you click the MongoDB Cloud tile in the Access Panel, you should be automat
 
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 
+- [Signup for MongoDB Atlas on Azure](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/mongodb.mongodb_atlas_azure_08082019?tab=Overview)
+
 - [Try MongoDB Cloud with Azure AD](https://aad.portal.azure.com/)
 
 - [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)

articles/active-directory/saas-apps/nitro-productivity-suite-tutorial.md

@@ -34,7 +34,7 @@ To learn more about SaaS app integration with Azure AD, see [What is application
 To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Nitro Productivity Suite single sign-on (SSO) enabled subscription.
+* A Nitro Productivity Suite [Enterprise subscription](https://www.gonitro.com/pricing).
 
 ## Scenario description
 
@@ -75,43 +75,59 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. In the [Azure portal](https://portal.azure.com/), on the **Nitro Productivity Suite** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **SAML Signing Certificate** section:
+
+    a. Find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+
+	![The Certificate download link](common/certificatebase64.png)
+    
+1. On the **Set up Nitro Productivity Suite** section:
+
+    a. Click the copy icon beside **Login URL**
+    
+    ![Copy configuration URLs](common/copy-configuration-urls.png)
+    
+1. In the [Nitro Admin portal](https://admin.gonitro.com/), on the **Enterprise Settings** page find the **Single Sign-On** section and click the **Setup SAML SSO** button.
+
+	a. Paste the **Login URL** from the step above into the **Sign In URL** field.
+	
+	a. Upload the **Certificate (Base64)** from the earlier step above in the **X509 Signing Certificate** field.
+	
+	a. Click **Submit**
+	
+	a. Click **Enable Single Sign-On**
+
+
+1. Return to the [Azure portal](https://portal.azure.com/), on the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
 
-    a. In the **Identifier** text box, type a URL using the following pattern:
+    a. In the **Identifier** text box, copy and paste the **SAML Entity ID** field from the [Nitro Admin portal](https://admin.gonitro.com/). It should have the following pattern:
     `urn:auth0:gonitro-prod:<ENVIRONMENT>`
 
-    b. In the **Reply URL** text box, type a URL using the following pattern:
+    b. In the **Reply URL** text box, copy and paste the **ACS URL** field from the [Nitro Admin portal](https://admin.gonitro.com/). It should have the following pattern:
     `https://gonitro-prod.eu.auth0.com/login/callback?connection=<ENVIRONMENT>`
 
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
     In the **Sign-on URL** text box, type the URL:
     `https://sso.gonitro.com/login`
 
-	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Nitro Productivity Suite Client support team](https://www.gonitro.com/support) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+1. Click Save.
 
 1. Nitro Productivity Suite application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
 	![image](common/default-attributes.png)
 
-1. In addition to above, Nitro Productivity Suite application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+1. In addition, the Nitro Productivity Suite application expects a few more attributes to be passed back in the SAML response, as shown in the following table. These attributes are prepopulated, but you can review them per your requirements.
 
 	| Name  |  Source Attribute|
-	| ---------------| --------------- | --------- |
+	| ---------------| --------------- |
 	| employeeNumber |  user.objectid |
 
-1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
-
-	![The Certificate download link](common/certificatebase64.png)
-
-1. On the **Set up Nitro Productivity Suite** section, copy the appropriate URL(s) based on your requirement.
 
-	![Copy configuration URLs](common/copy-configuration-urls.png)
 ### Create an Azure AD test user
 
 In this section, you'll create a test user in the Azure portal called B.Simon.

articles/active-directory/saas-apps/opsgenie-tutorial.md

@@ -26,7 +26,7 @@ In this tutorial, you'll learn how to integrate OpsGenie with Azure Active Direc
 * Enable your users to be automatically signed-in to OpsGenie with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/what-is-single-sign-on).
+To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on).
 
 ## Prerequisites
 
@@ -192,7 +192,7 @@ When you click the OpsGenie tile in the Access Panel, you should be automaticall
 
 - [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list)
 
-- [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/what-is-single-sign-on)
+- [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on)
 
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 

articles/aks/use-multiple-node-pools.md

@@ -9,7 +9,7 @@ ms.date: 04/08/2020
 
 # Create and manage multiple node pools for a cluster in Azure Kubernetes Service (AKS)
 
-In Azure Kubernetes Service (AKS), nodes of the same configuration are grouped together into *node pools*. These node pools contain the underlying VMs that run your applications. The initial number of nodes and their size (SKU) is defined when you create an AKS cluster, which creates a *default node pool*. To support applications that have different compute or storage demands, you can create additional node pools. For example, use these additional node pools to provide GPUs for compute-intensive applications, or access to high-performance SSD storage.
+In Azure Kubernetes Service (AKS), nodes of the same configuration are grouped together into *node pools*. These node pools contain the underlying VMs that run your applications. The initial number of nodes and their size (SKU) is defined when you create an AKS cluster, which creates a [system node pool][use-system-pool]. To support applications that have different compute or storage demands, you can create additional *user node pools*. System node pools serve the primary purpose of hosting critical system pods such as CoreDNS and tunnelfront. User node pools serve the primary purpose of hosting your application pods. However, application pods can be scheduled on system node pools if you wish to only have one pool in your AKS cluster. User node pools are where you place your application-specific pods. For example, use these additional user node pools to provide GPUs for compute-intensive applications, or access to high-performance SSD storage.
 
 > [!NOTE]
 > This feature enables higher control over how to create and manage multiple node pools. As a result, separate commands are required for  create/update/delete. Previously cluster operations through `az aks create` or `az aks update` used the managedCluster API and were the only option to change your control plane and a single node pool. This feature exposes a separate operation set for agent pools through the agentPool API and require use of the `az aks nodepool` command set to execute operations on an individual node pool.
@@ -25,7 +25,8 @@ You need the Azure CLI version 2.2.0 or later installed and configured. Run `az
 The following limitations apply when you create and manage AKS clusters that support multiple node pools:
 
 * See [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions].
-* You can't delete the system node pool, by default the first node pool.
+* You can delete system node pools, provided you have another system node pool to take its place in the AKS cluster.
+* System pools must contain at least one node, and user node pools may contain zero or more nodes.
 * The AKS cluster must use the Standard SKU load balancer to use multiple node pools, the feature is not supported with Basic SKU load balancers.
 * The AKS cluster must use virtual machine scale sets for the nodes.
 * The name of a node pool may only contain lowercase alphanumeric characters and must begin with a lowercase letter. For Linux node pools the length must be between 1 and 12 characters, for Windows node pools the length must be between 1 and 6 characters.
@@ -34,6 +35,9 @@ The following limitations apply when you create and manage AKS clusters that sup
 
 ## Create an AKS cluster
 
+> [!Important]
+> If you run a single system node pool for your AKS cluster in a production environment, we recommend you use at least three nodes for the node pool.
+
 To get started, create an AKS cluster with a single node pool. The following example uses the [az group create][az-group-create] command to create a resource group named *myResourceGroup* in the *eastus* region. An AKS cluster named *myAKSCluster* is then created using the [az aks create][az-aks-create] command. A *--kubernetes-version* of *1.15.7* is used to show how to update a node pool in a following step. You can specify any [supported Kubernetes version][supported-versions].
 
 > [!NOTE]
@@ -749,6 +753,8 @@ az group delete --name myResourceGroup --yes --no-wait
 
 ## Next steps
 
+Learn more about [system node pools][use-system-pool].
+
 In this article, you learned how to create and manage multiple node pools in an AKS cluster. For more information about how to control pods across node pools, see [Best practices for advanced scheduler features in AKS][operator-best-practices-advanced-scheduler].
 
 To create and use Windows Server container node pools, see [Create a Windows Server container in AKS][aks-windows].
@@ -784,3 +790,4 @@ To create and use Windows Server container node pools, see [Create a Windows Ser
 [tag-limitation]: ../azure-resource-manager/resource-group-using-tags.md
 [taints-tolerations]: operator-best-practices-advanced-scheduler.md#provide-dedicated-nodes-using-taints-and-tolerations
 [vm-sizes]: ../virtual-machines/linux/sizes.md
+[use-system-pool]: use-system-pools.md

articles/aks/use-system-pools.md

@@ -9,7 +9,10 @@ ms.date: 04/06/2020
 
 # Manage system node pools in Azure Kubernetes Service (AKS)
 
-In Azure Kubernetes Service (AKS), nodes of the same configuration are grouped together into *node pools*. Node pools contain the underlying VMs that run your applications. System node pools and user node pools are two different node pool modes for your AKS clusters. System node pools host essential system services such as CoreDNS. User node pools are where you place your application-specific pods. Every AKS cluster must contain at least one system node pool with at least one node. If you run a single system node pool for your AKS cluster, we recommend you use at least three nodes for the node pool. 
+In Azure Kubernetes Service (AKS), nodes of the same configuration are grouped together into *node pools*. Node pools contain the underlying VMs that run your applications. System node pools and user node pools are two different node pool modes for your AKS clusters. System node pools serve the primary purpose of hosting critical system pods such as CoreDNS and tunnelfront. User node pools serve the primary purpose of hosting your application pods. However, application pods can be scheduled on system node pools if you wish to only have one pool in your AKS cluster. Every AKS cluster must contain at least one system node pool with at least one node. 
+
+> [!Important]
+> If you run a single system node pool for your AKS cluster in a production environment, we recommend you use at least three nodes for the node pool.
 
 ## Before you begin
 

articles/aks/virtual-nodes-portal.md

@@ -62,7 +62,7 @@ Virtual Nodes functionality is heavily dependent on ACI's feature set. The follo
 * [Host aliases](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
 * [Arguments](../container-instances/container-instances-exec.md#restrictions) for exec in ACI
 * [DaemonSets](concepts-clusters-workloads.md#statefulsets-and-daemonsets) will not deploy pods to the virtual node
-* [Windows Server nodes (currently in preview in AKS)](windows-container-cli.md) are not supported alongside virtual nodes. You can use virtual nodes to schedule Windows Server containers without the need for Windows Server nodes in an AKS cluster.
+* Virtual nodes support scheduling Linux pods. You can manually install the open source [Virtual Kubelet ACI](https://github.com/virtual-kubelet/azure-aci) provider to schedule Windows Server containers to ACI. 
 
 ## Sign in to Azure