Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into gdpStorSimpleFix

Author: priestlg

.openpublishing.redirection.json

@@ -450,6 +450,16 @@
       "redirect_url": "https://docs.microsoft.com/previous-versions/azure/batch-ai/overview-what-happened-batch-ai",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/azure-arc/servers/quickstart-onboard-portal.md",
+      "redirect_url": "/azure/azure-arc/servers/onboard-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-arc/servers/quickstart-onboard-powershell.md",
+      "redirect_url": "/azure/azure-arc/servers/onboard-service-principal",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/batch-ai/quickstart-create-cluster-cli.md",
       "redirect_url": "https://docs.microsoft.com/previous-versions/azure/batch-ai/quickstart-create-cluster-cli",
@@ -35410,6 +35420,16 @@
       "redirect_url": "/azure/iot-accelerators/iot-accelerators-device-simulation-advanced-device",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/conditional-access/technical-reference.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-conditions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/conditions.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-conditions",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/active-directory/develop/active-directory-v2-devquickstarts-angular-dotnet.md",
       "redirect_url": "/azure/active-directory/develop/GuidedSetups/active-directory-javascriptspa",

articles/active-directory/conditional-access/TOC.yml

@@ -19,20 +19,30 @@
     href: concept-conditional-access-policy-common.md
   - name: Conditional Access policy components
     href: concept-conditional-access-policies.md
-  - name: Cloud apps and actions
-    href: concept-conditional-access-cloud-apps.md
-  - name: Conditions
-    href: conditions.md
-  - name: Location conditions
-    href: location-condition.md
-  - name: Controls
-    href: controls.md
+  - name: Assignments
+    items: 
+     - name: Users and groups
+       href: concept-conditional-access-users-groups.md
+     - name: Cloud apps or actions
+       href: concept-conditional-access-cloud-apps.md
+     - name: Conditions
+       href: concept-conditional-access-conditions.md
+  - name: Access controls
+    items: 
+     - name: Grant
+       href: concept-conditional-access-grant.md
+     - name: Session
+       href: concept-conditional-access-session.md
   - name: Report-only mode
     href: concept-conditional-access-report-only.md
   - name: Service dependencies
     href: service-dependencies.md
+  - name: Location conditions
+    href: location-condition.md
   - name: What if tool
     href: what-if-tool.md
+  - name: Controls
+    href: controls.md
   - name: Classic policy migrations
     href: policy-migration.md
   - name: Baseline protection policies
@@ -84,10 +94,6 @@
     items:
     - name: Troubleshoot using the What If tool 
       href: troubleshoot-conditional-access-what-if.md
-- name: Reference
-  items:
-  - name: Technical reference
-    href: technical-reference.md
 - name: Resources
   items:
   - name: Azure feedback forum

articles/active-directory/conditional-access/app-based-conditional-access.md

@@ -35,15 +35,15 @@ In the Conditional Access terminology, these client apps are known as **approved
 
 ![Conditional Access](./media/app-based-conditional-access/05.png)
 
-For a list of approved client apps, see [approved client app requirement](technical-reference.md#approved-client-app-requirement).
+For a list of approved client apps, see [approved client app requirement](concept-conditional-access-grant.md).
 
 You can combine app-based Conditional Access policies with other policies such as [device-based Conditional Access policies](require-managed-devices.md) to provide flexibility in how to protect data for both personal and corporate devices.
 
 ## Before you begin
 
 This topic assumes that you are familiar with:
 
-- The [approved client app requirement](technical-reference.md#approved-client-app-requirement) technical reference.
+- The [approved client app requirement](concept-conditional-access-grant.md).
 - The basic concepts of [Conditional Access in Azure Active Directory](overview.md).
 - How to [configure a Conditional Access policy](app-based-mfa.md).
 - The [migration of Conditional Access policies](best-practices.md#policy-migration).

articles/active-directory/conditional-access/app-protection-based-conditional-access.md

@@ -35,7 +35,7 @@ In the Conditional Access terminology, these client apps are known to be policy
 
 ![Conditional Access](./media/app-protection-based-conditional-access/05.png)
 
-For a list of policy-protected client apps, see [App protection policy requirement](technical-reference.md#approved-client-app-requirement).
+For a list of policy-protected client apps, see [App protection policy requirement](concept-conditional-access-grant.md).
 
 You can combine app-protection-based Conditional Access policies with other policies, such as [device-based Conditional Access policies](require-managed-devices.md). This way, you can provide flexibility in how to protect data for both personal and corporate devices.
 
@@ -54,8 +54,8 @@ Similar to compliance that's reported by Intune for iOS and Android for a manage
 
 This article assumes that you're familiar with:
 
-- The [app protection policy requirement](technical-reference.md#app-protection-policy-requirement) technical reference.
-- The [approved client app requirement](technical-reference.md#approved-client-app-requirement) technical reference.
+- The [app protection policy requirement](concept-conditional-access-grant.md).
+- The [approved client app requirement](concept-conditional-access-grant.md).
 - The basic concepts of [Conditional Access in Azure Active Directory](overview.md).
 - How to [configure a Conditional Access policy](app-based-mfa.md).
 

articles/active-directory/conditional-access/app-sign-in-risk.md

@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 ---
 # Quickstart: Block access when a session risk is detected with Azure Active Directory Conditional Access  
 
-To keep your environment protected, you might want to block suspicious users from sign-in. [Azure Active Directory (Azure AD) Identity Protection](../active-directory-identityprotection.md) analyzes each sign-in and calculates the likelihood that a sign-in attempt was not performed by the legitimate owner of a user account. The likelihood (low, medium, high) is indicated in form of a calculated value called [sign-in risk levels](conditions.md#sign-in-risk). By setting the sign-in risk condition, you can configure a Conditional Access policy to respond to specific sign-in risk levels.
+To keep your environment protected, you might want to block suspicious users from sign-in. [Azure Active Directory (Azure AD) Identity Protection](../active-directory-identityprotection.md) analyzes each sign-in and calculates the likelihood that a sign-in attempt was not performed by the legitimate owner of a user account. The likelihood (low, medium, high) is indicated in form of a calculated value called [sign-in risk levels](concept-conditional-access-conditions.md#sign-in-risk). By setting the sign-in risk condition, you can configure a Conditional Access policy to respond to specific sign-in risk levels.
 
 This quickstart shows how to configure a [Conditional Access policy](../active-directory-conditional-access-azure-portal.md) that blocks a sign-in when a configured sign-in risk level has been detected.
 

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -1,12 +1,12 @@
 ---
-title: Client apps in Conditional Access policy - Azure Active Directory
-description: 
+title: Cloud apps or actions in Conditional Access policy - Azure Active Directory
+description: What are cloud apps or actions in an Azure AD Conditional Access policy
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 01/10/2020
+ms.date: 02/11/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -15,14 +15,14 @@ ms.reviewer: calebb
 
 ms.collection: M365-identity-device-management
 ---
-# Conditional Access: Cloud apps and actions
+# Conditional Access: Cloud apps or actions
 
-Cloud apps or actions is a key part of a Conditional Access policy. Conditional Access policies allow administrators to assign controls to specific applications or actions. 
+Cloud apps or actions are a key signal in a Conditional Access policy. Conditional Access policies allow administrators to assign controls to specific applications or actions.
 
 - Administrators can choose from the list of applications that include built-in Microsoft applications and any [Azure AD integrated applications](../manage-apps/what-is-application-management.md) including gallery, non-gallery, and applications published through [Application Proxy](../manage-apps/what-is-application-proxy.md).
 - Administrators may choose to define policy not based on a cloud application but on a user action. The only supported action is Register security information (preview), allowing Conditional Access to enforce controls around the [combined security information registration experience](../authentication/howto-registration-mfa-sspr-combined.md).
 
-![Define a Conditional Access policy and specify cloud apps](./media/concept-conditional-access-cloud-apps/conditional-access-define-policy-specify-cloud-apps.png)
+![Define a Conditional Access policy and specify cloud apps](./media/concept-conditional-access-cloud-apps/conditional-access-cloud-apps-or-actions.png)
 
 ## Microsoft cloud applications
 
@@ -121,6 +121,7 @@ User actions are tasks that can be performed by a user. The only currently suppo
 
 ## Next steps
 
-- [Conditional Access policy components](concept-conditional-access-policies.md)
+- [Conditional Access: Conditions](concept-conditional-access-conditions.md)
+
+- [Conditional Access common policies](concept-conditional-access-policy-common.md)
 - [Client application dependencies](service-dependencies.md)
-- [Microsoft Intune: Require MFA for device enrollment](https://docs.microsoft.com/intune/enrollment/multi-factor-authentication)